While in Japan last week, one of my lectures focused on emerging privacy and security issues. I highlighted the fact that increasingly sophisticated malware can breach every defense we put in place and that our best strategy is early detection when prevention fails.
Such an approach works well when the risk for damage is minimal. But what happens when the malware infects a medical device such as a smart pump or pacemaker? The risk of harm is far more dire than data integrity and includes physical harm up to an including death.
Sound far fetched?
This article illustrates that many of the command and control systems used in medical devices have inadequate security protections.
Hacks and malware aren’t cool, so my cool technology of the week is a plea to the medical device industry – you need to engineer new devices with hardware level safeguards that impose sanity checks on the commands being given. Use encryption to protect all data transmissions and data at rest. Set limits on the minimum and maximum amounts of insulin that should ever be injected into the patient. Assume that hackers will penetrate and take control of the device.
We need your innovation now and that will be very cool.
In addition to his CIO role at BIDMC, Dr. Halamka blogs at GeekDoctor.blogspot.com.