Return of the Guru

Attacks on Implanted Medical Devices Could be a Problem for Insurers

Ara Trembly
Insurance Experts' Forum, July 18, 2011

When we think of criminals and mischief-makers cracking into our computer systems, our primary concern, quite correctly, is the loss of valuable and confidential data associated with our insurance business.  Now, however, it seems the danger could be more personal—at least for the millions around the world who have implantable medical devices. 

According to a recent posting on ScienceDaily, such medical devices, from pacemakers and defibrillators to brain stimulators and drug pumps, are implanted in 300,000 people worldwide every year (in addition to the millions already implanted). Most such devices have wireless connections, so that doctors can monitor patients' vital signs or revise treatment programs. But recent research has shown that this leaves the devices vulnerable to attack.   

The posting describes a worst-case scenario in which an attacker could kill a victim by instructing an implantable device to deliver lethal doses of medication or electricity.  While we could see that happening in a Robert Ludlum novel, however, it’s probably not the kind of thing that keeps life or health insurers up at night.  On the other hand, suppose such an intervention were used to help keep a patient “sicker”—perhaps extending benefits for an individual who was otherwise recovering well? 

While this is still in the speculative stage, we would do well to consider the relative lack of security for such devices, since their abuse or even misuse could have insurance implications.  Wireless communication is well known to be poorly secured, and while we may be willing to take that risk to do call things on our iPhones, it’s a different story when one’s health or life may be on the line. 

As I have said many times before, computer communication and data storage are relatively fragile enterprises.  Putting aside the Ludlum-style political assassination scenario, it still seems very risky to implant devices that can apparently be easily hacked into.  Whatever the purposes of the attacker, one thing is clear, this kind of danger is far too personal and sinister to be ignored—or written off as a cost of doing business. 

Is there a solution?  It seems there is, but the key question is when or if the solution will be implemented. According to ScienceDaily, researchers are looking at a new system for preventing such attacks. The system would use a second transmitter to jam unauthorized signals in an implant's operating frequency, permitting only authorized users to communicate with it. Because the jamming transmitter, rather than the implant, would handle encryption and authentication, the system would work even with existing implants.  The researchers envision that the jamming transmitter (a shield) would be small enough to wear as a necklace or a watch, says the posting.  

Perhaps the other rub here is how health insurers will treat such devices in terms of compensating insureds.  As the technology moves ahead, the industry needs to consider how it will respond. 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

 

 

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

For Halloween: The Tricks to Get Innovation Treats

There are specific actions that can help prepare a corporate environment for magic.

Is the Long March to IFRS Convergence Over?

Once a given, the adoption of a single set of accounting standards for the insurance industry is on hold.

So You Plan to Buy a Core System … Now What?

There are many questions for carriers to consider even before the implementation process begins.

What It Takes to Have a Tech-Savvy Workplace

The tools and technologies to build the next workplace are available, but not common yet in corporate settings.

Avoiding the Bermuda Triangle of Data

Handled poorly, questions around data ownership, data quality and data security can sidetrack big data conversations and alienate business stakeholders.

A Prototype of the Successful Innovation Leader

Celent research reveals the prototype for the successful senior innovation leader.