Attacks on Implanted Medical Devices Could be a Problem for Insurers

When we think of criminals and mischief-makers cracking into our computer systems, our primary concern, quite correctly, is the loss of valuable and confidential data associated with our insurance business.  Now, however, it seems the danger could be more personal—at least for the millions around the world who have implantable medical devices. 

According to a recent posting on ScienceDaily, such medical devices, from pacemakers and defibrillators to brain stimulators and drug pumps, are implanted in 300,000 people worldwide every year (in addition to the millions already implanted). Most such devices have wireless connections, so that doctors can monitor patients' vital signs or revise treatment programs. But recent research has shown that this leaves the devices vulnerable to attack.   

The posting describes a worst-case scenario in which an attacker could kill a victim by instructing an implantable device to deliver lethal doses of medication or electricity.  While we could see that happening in a Robert Ludlum novel, however, it’s probably not the kind of thing that keeps life or health insurers up at night.  On the other hand, suppose such an intervention were used to help keep a patient “sicker”—perhaps extending benefits for an individual who was otherwise recovering well? 

While this is still in the speculative stage, we would do well to consider the relative lack of security for such devices, since their abuse or even misuse could have insurance implications.  Wireless communication is well known to be poorly secured, and while we may be willing to take that risk to do call things on our iPhones, it’s a different story when one’s health or life may be on the line. 

As I have said many times before, computer communication and data storage are relatively fragile enterprises.  Putting aside the Ludlum-style political assassination scenario, it still seems very risky to implant devices that can apparently be easily hacked into.  Whatever the purposes of the attacker, one thing is clear, this kind of danger is far too personal and sinister to be ignored—or written off as a cost of doing business. 

Is there a solution?  It seems there is, but the key question is when or if the solution will be implemented. According to ScienceDaily, researchers are looking at a new system for preventing such attacks. The system would use a second transmitter to jam unauthorized signals in an implant's operating frequency, permitting only authorized users to communicate with it. Because the jamming transmitter, rather than the implant, would handle encryption and authentication, the system would work even with existing implants.  The researchers envision that the jamming transmitter (a shield) would be small enough to wear as a necklace or a watch, says the posting.  

Perhaps the other rub here is how health insurers will treat such devices in terms of compensating insureds.  As the technology moves ahead, the industry needs to consider how it will respond. 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.