Securing our health(care)

Last updated: 19 March 2014

How secure is your health? The information you provide your doctors with, your treatments, medical histories, scans and other bits of quite personal data your medical advisors have access to all needs to be protected and it mostly is thanks to encryption and other security measures. But what about the medical devices you use? As we increasingly rely on wireless technology and the rise of machine-to-machine communications, just how resilient are these to interference and attack?

At the recent Black Hat security conference in the US, several science fiction-esque examples were laid out, as reported by Darlene Storm, demonstrating just how reliant we are on technology to maintain our health. From pacemakers, defibrillators to insulin pumps, any wireless medical device or machine-to-machine communication could potentially be eavesdropped on and interfered with for any number of reasons, from assassination attempts, to sabotage, to acquiring private information for financial gain or competitive advantage to many other reasons.

To be fair, these conspiracy theories have been around for some time. However, the bad news, according to Dr. Dale Nordenberg of Medical Device and EHR Innovation, Safety, and Security Consortium (MDISS) fame is that, even with data security features, medical devices are prone to malicious attacks…

But let’s take a step back from these ‘far-fetched’ assassination stories. Is there really a risk? Our view is that there definitely is. Any device managed wirelessly without encryption is at risk of interference and malicious hacking. The good news is that we don’t need to wait for major new innovations in the security space to deliver a greater level of protection. This security already exists, in other industries. Whether it’s been deployed for mobile payments, Government passports and documentation or your travel card passes, strong, sophisticated security is available for deployment against the risk of any of these potential attacks.

So, instead of reinventing the wheel to create a new technology to secure medical devices, why not use the same (proven and trusted) blueprint? We’re already working to apply our existing security technologies to new industries, whether supplying personalized and secure e-health cards to a major German insurance provider, using secure wireless machine-to-machine communications for remote monitoring of utility meters or patients at home, tracking high value items or stolen vehicles and for connecting the electric vehicle charging infrastructure of the coming decade.

Ultimately, the security is available; it just needs to be adapted to provide adequate (and sophisticated enough) protection for new and emerging technologies and uses of technology. The sooner we adopt existing proven and trusted solutions for these new technologies, the sooner we can put these conspiracy theories to bed.