Seven Diabetes Patients Die Due to Undisclosed Bug in Abbott's Glucose Monitors
Source: Hacker News
I wrote last month about my diabetes diagnosis this year and my difficult choice to wear a proprietary device (called a CGM) on my arm 24/7 to continuously monitor my glucose levels. Like my friend and colleague, Karen M. Sandler—who previously made a much higher‑stakes choice to receive a proprietary implanted defibrillator to keep her safe given her genetic heart condition—I reluctantly chose to attach proprietary hardware and software to my body.
The device itself is quite proprietary, but fortunately the FOSS community has reverse‑engineered its activation and data‑collection protocols, creating an Android application that does a better job than the manufacturers’ proprietary ones1.
Here in the USA we strangely use capitalism as the centre of our health‑care system. Two major for‑profit competing brands of CGM are available here. My diabetes specialist prefers the (ironically named) Freestyle Libre Plus from Abbott. I (also rather strangely) bring a prescription for electronics to a pharmacy every month. On 2025‑12‑03 that pharmacy sent me an alarming text message (shown below).
Abbott Killed Seven Patients
After reading that text I found the USA FDA announcement. My spouse cross‑referenced the lot numbers while I read them off from all my Freestyle boxes2. I had indeed recently worn an impacted device!
Only because my diabetes is at an early stage was I relatively safe. The FDA reports that Freestyle injured over 700 people and killed seven people with this bug. Specifically, the bug caused the device to falsely report an extremely low glucose level. Advanced‑stage diabetics use low‑reading information to decide whether they may have taken too much insulin. The usual remedy is to eat something sugary to raise blood glucose. This should be done only with great care, as a false low reading can harm—and even kill—the patient (who eats a high‑sugar item while glucose in the blood is, in fact, not low).
Proprietary software in medical devices harming patients is not new. In 1985 the Therac‑25 killed three people. In 2020, hundreds of patients who relied on a financially troubled tech startup found their ocular implants suddenly unsupported. Some patients went blind as the devices powered down without updates3. There are many more examples, but rereading these horrific stories is more than I can take right now when I think of fellow diabetes sufferers who were “killed by code” recently.
Would FOSS Have Saved Patients’ Lives?
It is hubris for activists to guarantee that harm would have been prevented if Freestyle had publicly released the hardware specifications and the complete, corresponding source code (CCS). FOSS isn’t immune to bugs—even dangerous ones. However, since the Enlightenment we have learned that the scientific method depends on public disclosure of data and wide‑reaching peer review of past work. FOSS (plus a publicly disclosed hardware design) would allow the millions of hardware and software engineers to peer‑review the integrity, security, and safety of the devices to which patients entrust their lives. We achieve the promise of humanity when we each entrust our safety and health to our entire community—not merely a single for‑profit entity.
We also will probably never know whether this issue was in hardware or software. The bug disclosure is incredibly vague, and it remains unclear how much investigation (if any) was done by government regulators. As a public‑policy and public‑health matter, the public deserves to know the technical details (software and hardware) of both the functioning device and the failed devices. NGOs should be permitted to perform their own investigations and confirmations of public safety.
What’s Next?
Given that the hardware, software, and medical for‑profit industries refuse to put the rights, safety, and security of patients first, wrongful‑death lawsuits are typically the only way to hold these companies accountable. Yet there are very few people who have not agreed to Abbott’s toxic terms of their proprietary companion application—I guesstimate that fewer than 1 % of Freestyle‑using patients have used Juggluco from the very start (and thus never agreed to Abbott’s terms). This is significant because Abbott includes a comprehensive one‑way indemnity for themselves in the terms. I hope a class‑action suit begins soon, but I worry that many have already signed this indemnity, which may make the road to justice bumpier.
Finally, if anyone out there does tear‑downs of extremely tiny electronic devices, I would be thrilled to find a volunteer who would like to see if we can either extract software components from the device or reverse‑engineer the hardware. I have saved and sanitized all of my prior CGMs and would gladly send one to anyone who wants to try taking it apart. (Contact SFC or contact me on the Fediverse (via Mastodon) if you’re available to do this work.)
For my part, I look forward (after the Vizio trial) to sending some patches to Juggluco and also getting Juggluco available in F‑Droid. Our best option in the face of these powerful medical‑device companies curtailing our rights is to invest our volunteer time into the edges where FOSS has resiliently worked around the constant roadblocks erected by bad actors.
[Juggluco FOSS Continuous Glucose Monitor Diabetes](/g/blog/2025/nov/06/juggluco-foss-continuous-glucose-montior-diabetes/) – the GPL‑v3’d Juggluco in more detail.
In a fascinating turn of events, at least one of my past monitors (of which I fortuitously saved all the boxes with the lot/serial number on them) is listed in [the FDA’s spreadsheet](https://www.fda.gov/media/189900/download?attachment) as a recalled lot, yet the serial number is listed as “safe to use” on [Abbott’s webform](https://www.freestylecheck.com/us-en/product-lookup.html) 🤔 … I’m left wondering how I can trust Abbott to write reliable software stuck into my arm if they can’t even write a web form that cross‑references serial numbers to lots correctly 😬.
[[permalink]](https://sfconservancy.org/blog/2025/dec/23/seven-abbott-freestyle-libre-cgm-patients-dead/)