Embodied vulnerabilities – Why I am hacking my own heart
Marie Moe, SINTEF
Gradually we are all becoming more and more dependent on connected technology. We will be able to live longer with an increased quality of life due to medical devices and sensors integrated into our bodies, and connected to the cloud. However, our dependence on technology grows faster than our ability to secure it, and a security failure of a medical device may cause patient harm and have fatal consequences. Medical errors are often associated with human errors, but patient safety is also threatened by security failures of medical devices. Loss of availability or integrity of patient data may indirectly cause patient harm, due to wrong diagnosis or treatment decisions based on incorrect data. However, there are no good statistics on the number of deaths caused by medical device security failures. Medical devices are collecting personal data on a big scale without any transparency on how the data is collected and how the information security and privacy of patient information is ensured by the medical device manufacturers. Additionally, patients are in many cases deprived from access to their own data generated by sensors and devices implanted in their body. The medical devices appear as “black boxes” with little information about their data collection capabilities and implementation of security and privacy features. Dr. Marie Moe is a security researcher living with a vulnerable medical implant, a pacemaker that generates every single beat of her heart. She started a hacking project investigating the cyber security of her personal critical infrastructure, and tells her story to create awareness and to inspire others to do more research on the security of connected medical implants.