Privacy

From the Internet of Things to the Internet of Bodies

“The line between human and machine is blurring—and creating new concerns about consumer safety and privacy rights,” says Mary Lee, a mathematician for the RAND Corporation. The Internet of Things (IoT) has seen us connecting everything from cars to toasters to light switches to the Internet. New medical devices now connect our bodies to the Internet as well—creating the “Internet of Bodies (IoB).”

Econsultancy gives examples of 10 uses of the IoT in healthcare, including insulin monitoring and delivery, activity trackers, connected inhalers, ingestible sensors, connected contact lenses and others. The IoB does not always require expensive and complex equipment, though. With a free app and a $99 piece of hardware, anyone can use their smart phone to do an electrocardiogram (EKG) whenever they wish and send the results to their cardiologist.

Information gathered by devices attached to or implanted in humans is increasingly being sought by law enforcement. Data from an Ohio man’s pacemaker was used by prosecutors to bring a case of arson against him. A cardiologist reviewed the data and testified that his account of his activities around the time of the fire was unlikely to be true.

Implanted devices not only monitor the functioning of a body, they may also control it. Having your phone hacked could be annoying and expensive. Having your pacemaker hacked could be fatal. When then-Vice President Dick Cheney had an implanted heart defibrillator replaced in 2007, his doctor chose to have the device’s WiFi capability deactivated. “It seemed to me to be a bad idea for the vice president of the United States to have a device that maybe somebody … might be able to get into, hack into,” Dr. Jonathan Reiner said.

Hospitals have increasingly become targets of ransomware attacks whereby hackers are able to infiltrate their systems. That infiltration may come through a backdoor, such as an unsecure medical device. Wired.com reports that U.S. hospitals average 10 to 15 connected devices per bed, and a large hospital may have more than 5,000 beds. Hacking into just one of those devices could give criminals access to the hospital’s records as well as large numbers of connected devices.

In 2012 the U.S. Government Accountability Office (GAO), prodded by Congress, took the Food and Drug Administration (FDA) to task for ignoring the possibility that medical devices are susceptible to malware, unauthorized access and denial of service. A report by the Office of Inspector General in October 2018 found that the FDA’s plans and processes were still “deficient for addressing medical device cybersecurity compromises.” The FDA responded that it had implemented many of the suggestions made during the audit and would “continue working to implement the recommendations contained in the report.”