Return of the Guru

Attacks on Implanted Medical Devices Could be a Problem for Insurers

Ara Trembly
Insurance Experts' Forum, July 18, 2011

When we think of criminals and mischief-makers cracking into our computer systems, our primary concern, quite correctly, is the loss of valuable and confidential data associated with our insurance business.  Now, however, it seems the danger could be more personal—at least for the millions around the world who have implantable medical devices. 

According to a recent posting on ScienceDaily, such medical devices, from pacemakers and defibrillators to brain stimulators and drug pumps, are implanted in 300,000 people worldwide every year (in addition to the millions already implanted). Most such devices have wireless connections, so that doctors can monitor patients' vital signs or revise treatment programs. But recent research has shown that this leaves the devices vulnerable to attack.   

The posting describes a worst-case scenario in which an attacker could kill a victim by instructing an implantable device to deliver lethal doses of medication or electricity.  While we could see that happening in a Robert Ludlum novel, however, it’s probably not the kind of thing that keeps life or health insurers up at night.  On the other hand, suppose such an intervention were used to help keep a patient “sicker”—perhaps extending benefits for an individual who was otherwise recovering well? 

While this is still in the speculative stage, we would do well to consider the relative lack of security for such devices, since their abuse or even misuse could have insurance implications.  Wireless communication is well known to be poorly secured, and while we may be willing to take that risk to do call things on our iPhones, it’s a different story when one’s health or life may be on the line. 

As I have said many times before, computer communication and data storage are relatively fragile enterprises.  Putting aside the Ludlum-style political assassination scenario, it still seems very risky to implant devices that can apparently be easily hacked into.  Whatever the purposes of the attacker, one thing is clear, this kind of danger is far too personal and sinister to be ignored—or written off as a cost of doing business. 

Is there a solution?  It seems there is, but the key question is when or if the solution will be implemented. According to ScienceDaily, researchers are looking at a new system for preventing such attacks. The system would use a second transmitter to jam unauthorized signals in an implant's operating frequency, permitting only authorized users to communicate with it. Because the jamming transmitter, rather than the implant, would handle encryption and authentication, the system would work even with existing implants.  The researchers envision that the jamming transmitter (a shield) would be small enough to wear as a necklace or a watch, says the posting.  

Perhaps the other rub here is how health insurers will treat such devices in terms of compensating insureds.  As the technology moves ahead, the industry needs to consider how it will respond. 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

 

 

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

IT Spending is Healthy, But Where's the Money Going?

IT leaders expect more money for cloud, virtualization and mobile — but no staff increases.

To Quantify or Not — That is the Question with Modernization

Making the quantitative case is a long-practiced ritual in many insurance organizations.

3 Reasons DevOps Matters

Every insurer needs to compete on products and information turned around in light-speed fashion.

Coordinate Coverages to Manage Social Media Exposures

The bottom line is that no one policy will cover all the exposures in the social media realm.

The Internet of Things: Helping Insurers Make Better-Informed Decisions about Risk

The IoT is a major game changer for the insurance industry, and will likely affect every part of the insurance value chain. After all, insurance is data-driven, and that’s exactly what the IoT can deliver—relevant, actionable, real-time data that can provide an accurate picture of what is being—or may be—insured.

Software-Defined Everything

What does it take to virtualize all the key components in your data center?

Advertisement

Advertisement