Case Study: Tidepool (nonprofit diabetes mHealth app) achieves rapid, FDA- and HIPAA-compliant mobile security and Bluetooth LE protection with NowSecure Workstation

NowSecure Workstation toolkit speeds security testing of the complex app and will validate safe and secure communications over Bluetooth LE

Tidepool is a nonprofit that builds open-source diabetes management software, including the Tidepool Loop iOS app that links to insulin pumps and continuous glucose monitors via Bluetooth Low Energy and is currently under FDA review. Because the app handles sensitive health data and controls insulin dosing, Tidepool faced a critical challenge to meet HIPAA and FDA security/privacy requirements and to protect patients from potentially life‑threatening cyberattacks.

To address this, Tidepool adopted NowSecure Workstation, an automated mobile app penetration‑testing toolkit that supports BLE testing, biometrics, MFA and complex IoT workflows. The solution cut deep security assessments from roughly two weeks to hours, produced consistent, repeatable results with customizable, compliance‑oriented reports, sped remediation for developers, and improved QA confidence—helping Tidepool demonstrate the security and privacy controls needed for regulatory review and patient safety.

Tidepool

Ben Derr

Security Engineer