Last May, USA Today reported on the Jacobs family getting implanted with computer chips containing their medical record information.
The chips were implanted in the hope they could ultimately be used to provide emergency room staffers and physicians immediate medical data.
The newspaper reported that Jeff and Leslie Jacobs of Boca Raton, Florida, along with their 14-year old son Derek, had the tiny chips implanted in their arms. Each chip is about the size of a grain of rice, and insertion takes about a minute under local anesthesia. The chip implanted into the Jacobs is similar to a chip for pets, which is used to identify them if they are lost.
While the chips used by the Jacobs family now contain only phone numbers and information about previous medications, future versions are expected to eventually include more detailed patient information. Ultimately, the chip could contain a person's entire medical case history from their birth to current times. Such data would be particularly valuable for those who suffer from Alzheimer's disease or for others who have difficulty providing medical information on their own.
Part of the conundrum medical practitioners face, be it in the emergency room, pediatric ward or any place where information needs to be obtained quickly and accurately, is that quick and accurate information is often impossible given the nature of things. In the emergency room, patients and their guardians (if present) are often not in any shape to provide accurate information. With that, the ability for the medical staff to quickly upload a patient's case history is a huge benefit, one that can ultimately save many lives.
Even in those situations where the atmosphere is not as tense as in an emergency room, patients, especially the elderly, are notorious for providing incorrect medical information. Unfortunately, slight changes can have huge medical repercussions.
In addition, technology can often prevent mistakes that would be made by medical staff. Accidental mistakes by medical staff is a problem that costs many lives per year. For more information see the groundbreaking book on this topic, To Err Is Human: Building a Safer Health System (National Academy Press; ISBN: 0309068371). Also noteworthy is Human Error in Medicine by Marilyn Sue Bogner (Lawrence Erlbaum Assoc. ISBN: 0805813861).
By having instant access to a patient's medical history at the site of an emergency or in the hospital, medical personnel can avoid mistakes, save patients' lives and reduce malpractice lawsuits with accurate information. And if there is anything that compels healthcare organizations, it is the threat of malpractice. While there are no hard and fast numbers on how quickly bedside data will be available in the coming years, most professionals in healthcare IT agree that it will be significant.
Yet with all the potential benefits that such a chip brings, one thing is significantly missing in the discussion - the security of the chip. The chip currently has no security built into it. One would not buy a car without locks, or a house without a deadbolt, so why use a microprocessor storing personal medical information without security?
Today's climate of heightened alert demands technology that is secure - be it the physical security of a medical facility or the information security of its information assets. Just as physical edifices need strong and effective security, so do their digital counterparts. The fact that the new data chip has no security is particularly worrisome.
Imagine the chip being used in an emergency room situation, and picture the havoc that would ensue if a malicious attacker had previously modified the patient's medical information. Such a scenario is not difficult to imagine. In the early days of the PC industry, hackers penetrated the network of a U.S. hospital and altered patient records. The action spurred some of the first cybercrime legislation in the United States.
Such manipulation to medical records would not require any significant computer programming expertise. Something as subtle as a single bit-switch in data fields such as blood type or penicillin allergy could be life threatening. And such a bit-switch is easy to do in a piece of hardware with no security.
Moreover, the data chip is not the only technology health care organizations are rolling out without security functionality. Many facilities are using wireless networks (WLANs), unaware of the inherent security risks involved.
Wireless has huge benefits. No longer must a physical cable be run at significant expense to each network host. With wireless technology, impromptu meetings can be set up just about anywhere, from conference rooms, airplanes, hotel rooms and more. Yet the greatest weakness of wireless networks is their lack of security. The main wireless protocol in use, of course, is 802.11 and its security is implemented in the wired equivalent privacy (WEP). Unfortunately, WEP has been proven to be effectively useless.
There is an inescapable feeling of security déjà vu. It is late 2002 and companies are making the same mistakes over and over. They rush complex products to market and only think about security after the fact. Information security professionals would never tolerate Boeing or Pfizer making their products in such a fashion, and they should not tolerate it when technology companies make products without considering the security implications.
The benefits of the medical data chip are clear - speed and accuracy of patient information. But no one is considering the dark side of what could happen if this data is used illicitly, which we know will occur at some point. The scenario of hackers creating a black market for medical information is a real threat. Adversaries could also obtain medical information either through a data chip from a patient or wirelessly at a hospital, and later use it to blackmail a person. Worst-case scenarios are endless.
As an information security professional, I have my reservations about the medical data chip. I doubt the Jacobs family has thought about the security risks of their chip implantations. It also seems as if its manufacturer has not thought much about security either - or even if the devices are compliant with legislation such as the HIPAA in the U.S.
It is incumbent on the information security community to voice its concerns about new technologies being brought to market without security considerations or solutions. And it would behoove security consultants to understand these dangers more thoroughly and communicate solutions to these types of manufacturers early in the product design process.
Ben Rothke, CISSP, is a senior security architect with QinetiQ Trusted Information Management, Inc. He can be reached at [email protected].