Patient safety should be the primary concern in implantable medical devices (IMD). The growing threat of security attacks on networkable IMDs is an obvious risk to patient safety, because it can involve injury or death to the patient. In the case of insulin pumps, vulnerabilities are well-documented and security frameworks have been recommended. In addition, several government bodies have issued multiple advisories about security threats to IMDs. Furthermore, there is an ISO standards initiative to promote secure design for insulin pumps and associated devices. However, device manufacturers look to the U.S. Food and Drug Administration (FDA) for guidance during the pre-market approval process, and no standards are being enforced. To date, a convincing cost/benefit analysis of the security issues has remained elusive. Structuration theory has been used as a lens to understand the organizational process and the consequences of their choices.