Implantable Devices Threats & Opportunities
Although we think of implantables as a recent technology powered by advances in medtech, pacemakers – the earliest of their kind – have been around since the late 50’s. Since their introduction and commercialization, we have seen many new devices and technologies pop up in a bid to save and improve the lives of millions. Incentivized by the global demographic trends of aging populations and increasing lifespans, these devices have disrupted the way humanity approaches medical conditions that were previously considered unmanageable. Not only have implantables made these conditions less life-threatening — they’ve also vastly improved the quality of life for patients and medical staff alike.
From implantable cardioverter defibrillators and insulin pumps to hip implants and interocular lenses, implantables require sophisticated infrastructure and a reliable ecosystem of hardware, software and related services to function as intended. The implementation interdependencies of the ecosystem are key for its effectiveness and for patient safety – all parts must be reliably installed and connected. On top of this, an impenetrable secure layer is an overarching concern for all parties involved – when compromised, its potential to impact the overall integrity and availability of the system is too great.
Opportunities for implantables
Microtechnologies, innovative materials, and microfabrication have made it possible for innovative implants to evolve and become more effective and less problematic for patients. This has led to wider availability thanks to mass fabrication, smaller device size, and lower costs. Microfabrication has also made it easier to integrate circuit technology, thanks to techniques such as micromachining and photolithography.
Up until recently, the effectiveness of some implantables (e.g. brain)
was rather limited due to a range of issues including biocompatibility and
inflammation as a result of foreign body insertion. Microfabrication technology
can solve most of these challenges, thus significantly expanding the horizon
for implantable tech and opening up new applications.
Threats to the proliferation of implantables
Aside from hardware malfunctions which are difficult to anticipate, new research has showed that connected implantables, such as insulin pumps can be disabled remotely, preventing them from delivering the vital substance to its intended recipients. In a benevolent attempt to expose vulnerabilities, security researchers were able to to highjack a pacemaker system, directly infecting the implanted device with malware. They achieved this by managing to gain access to the software used for programming the pacemaker, which can be done in a manner undetectable by doctors or system administrators. Once access is gained, treatment can be either intentionally stopped or its dosage increased– which would be harmful to the patient either way. As the tech saying goes, if it can be accessed, it can be hacked, and this certainly pertains to implantables, the correct functioning of which often depends on remote connectivity and oversight. In addition to presenting a major security threat, these scenarios highlight the ethical repercussions for medtech providers who manufacture and service these devices. They must take care of the correct functioning of the device as much as of its impenetrability.
The road ahead
Manufacturers of implantables admit that the devices they produce pose
a low risk to patient safety, which, in their view, is acceptable in light of
the life-saving benefits they deliver. They also often deflect responsibility
for security flaws, urging patients, medical and IT teams to be extra vigilant
when connecting devices to non-secure networks, where breaches are more likely
Still, protecting the entire ecosystem around implantables must be a
top priority and a responsibility of all parties involved. Performing detailed
and holistic appraisals of the existing security protocols on a regular basis
is of utmost importance as threats evolve and safeguards become dated. That is
the only way system administrators can ensure ecosystem vulnerabilities will
not impact patient safety.