Published with Permission by:
Lint, James R., “New Medical Technology and Data Privacy”, In Cyber Defense, 18 Jan. 2017, Web, http://incyberdefense.com/news/new-medical-technology-data-privacy/
As we grow older, we should be thankful for the growth of medical technology. New devices on the market expand healthcare providers’ capability to treat patients. These new products range from insulin pumps and home safety equipment to blood pressure rings.
Airbags for Humans
At the CES show in 2017, ActiveProtective debuted an innovative belt with built-in airbags that deploy when the belt detects that the wearer is falling. The concept is similar to a car airbag by providing protection before impact and preventing injury. This airbag product is especially useful for hip replacement patients.
However, there might be data privacy issues with this product later. The company plans to increase the belt’s communication ability as time goes on. In the future, the belt may include the option to send information via email to doctors or other caregivers using a Wi-Fi/Bluetooth system or cellular phone.
Should Other Fall Devices Communicate Private Data?
All medical device users face the conundrum of deciding whether privacy or immediate treatment of an injury is more important. For instance, many fall monitoring devices on the market immediately communicate to other people when the wearer falls. Other monitoring devices, such as Life Alert, require the patient to press a button and call for help. Both types of monitoring devices are helpful, but again there are privacy concerns.
Often, a patient’s primary focus is on immediate treatment and health recovery. The patient would rather call an ambulance than worry about privacy invasions from patient data these devices might transmit.
While these monitoring devices may only send alert information regarding someone’s fall-related injuries, this information may not be encrypted. This lack of security becomes a worrisome issue if a thief is scanning radio waves or wardriving in order to find Wi-Fi networks.
With the alert message sent from someone’s home, a criminal may intercept the message and attempt a home invasion before first responders can arrive. Both versions of an alert compromised in transmission could invite someone to empty your home of valuables.
Cybersecurity Experts Are Critical for Solving Privacy Issues
It will be up to cyber defenders to think of these privacy issues and provide solutions. The problems are not easy. There needs to be a way to securely transmit private health information without the fear of a garbled message and without using encryption that renders an emergency message unreadable by the patient’s family or friends.
If radio transmissions are used to communicate health data, a device’s ability to transmit information could be limited due to the use of powerful encryption in hand-held radios. However, a patient in pain would be more interested in making contact with first responders than about risks to data security.
Inside a hospital, it’s easier to control data signals and encryption due to HIPAA regulations. However, people who are at home with chronic medical problems will need more careful monitoring. The criticality of quality medical information given to medical personnel will become an issue of data protection as the field of medical equipment continues to evolve.
Do Medical Devices Have Potential for Security Attacks?
After Vice President Dick Cheney received a pacemaker, he and the U.S. Secret Service worried about the potential for assassination via a hacked pacemaker. There have not been any reports of assassination by medical device…yet.
Security researchers have explored a few specific devices to improve multiple devices that communicate medical information.
New medical devices are being developed regularly. Over time, confidence in health monitoring technology will increase in importance. So with today’s advances in technology, it’s a better time to be a patient than ever before.
About the Author
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”