Bet They Didn’t Think Of This

The risk from life-saving medical devices is growing, and so is the paranoia involving them.


While chatting with a source at Infineon, I had another one of those “things that scare me moments.” One really doesn’t know just how lax the security around medical devices is! As another source told me, even with HIPPA and HITECH there are no federal regulations to fill in the gaps dealing with sensitive information collected and transmitted by telehealth apps and software.

Nor are there any FTC rules or regulation that set detailed requirements for data privacy or security, protection for telehealth devices not covered by HIPAA. This is left to the vendor’s discretion. Oh boy…of course, pressured by the potential of getting sued if my gall bladder cat scan shows up on the internet somewhere, the industry has implemented a basic security layer, like minimally secure Bluetooth for wireless, but all the solutions are proprietary and industry vendor managed. hmmm…just how much security does one think is really in effect?

During one of these conversations, an interesting point came up. While a hacker may be focused on figuring out how to hijack my insulin pump, he would have little impetus to do anything more than try to compromise the system the pump is connected to. At best, he would send me a virus to rattle my system (since most of these devices are connected to your computer). At worst, he would steal my identity.

But my source brought up an interesting point. What if I were some big wig, say on the board of a high-tech cutting-edge tech company, or maybe a politician, or even involved in national security? Well, say the guy was paid, by a competitor or enemy of the state, to off me, thereby getting my company’s competitive product to market first? Or if there is one vote that will pass or fail legislation, and that one vote is now gone? Or a mission fails because the individual with a special skill set is missing?

Way out there? Probably, but I wasn’t the one that came up with the topic. It was someone intimately involved in the medical industry. And it doesn’t have to be an insulin pump. It can be a pacemaker just as easily.

So…anyone out there have an insulin pump or pacemaker connected to the Internet? How are you safeguarding your life?