In 2011, Jay Radcliff, a security researcher with Type-1 diabetes, made an astonishing discovery that left everyone a bit scared. At a cybersecurity conference, Jay demonstrated how he could hack his insulin pump. This was much more than an experiment on a personal level; it was a wake-up call for all of the medical and technology industries. Radclif’s experiment proved just how easy it is for people and hackers to manipulate unsecured medical devices and deliver a lethal dose of insulin. This is a call for robust cybersecurity measures to safeguard the technology humans are integrating into their bodies.
Biohacking is a phenomenon where doctors and other medical professionals use technology to hack or tweak the performance of the parts of your body and enhance the physical and cognitive abilities of humans. These biohacking tools can range from something as simple as a wearable watch or ring to more complex RFID chips or other electronic devices to be integrated with our bodies. One prominent example of this is Neil Harbisson. He is a colourblind artist who has implanted an antenna in his skull, which allows him to “listen to colours” rather than see them. This highlights the potential benefits of biohacking equipment and the need to safeguard them. The founder and CEO of SpaceX, Elon Musk, also shared his views and said, “As we merge with machines and integrate more advanced technology into our bodies, the potential for cyber threats grows exponentially. It’s imperative to secure these innovations against malicious attacks.”
Implanted medical devices like pacemakers, insulin pumps, and neurostimulators are critical for the patient’s overall physical and cognitive health. However, these devices are often connected to an external system for monitoring and tweaking purposes, making them an excellent choice for hackers. Moreover, the security measures used by these external systems are almost nonexistent. A firm example is when the FDA had to call back 465,000 peacemakers in 2017 because of security reasons. The FDA said that the devices had vulnerabilities that could allow hackers to gain access, alter their pacing, or deplete their battery faster. According to a report by Grand View Research, the global market for wearable medical devices is projected to reach $46.6 billion by 2025, driven by advancements in sensor technology and the rising prevalence of chronic diseases.
This threat to security is not only limited to implants but also to wearables. Today, around 70 million wearables are shipped every year. Wearable techs like smartwatches and fitness bands collect vast amounts of data from their users, such as their location, health metrics, sleep time, and daily activities. Although this data is very important and useful in biohacking, it can also present itself as a lucrative target for hackers. According to a study by Kaspersky, 50% of wearable devices have potential vulnerabilities, including unencrypted data and weak authentication protocols, which hackers can exploit to gain access to your wearable. This number was also backed by a report by Symantec.
Today, many companies deal with cutting-edge biohacking devices. One such company is Dangerous Things, a Seattle-based company that deals in RFID and NFC implants. Despite its approach to making humans modified, the company emphasises the security implications of these devices and other implantable technology. In 2017, the FDA issued a safety communication regarding cybersecurity vulnerabilities in St. Jude Medical’s implantable cardiac devices. The devices were susceptible to hacking, potentially leading to rapid battery depletion or inappropriate pacing. For this reason, St. Jude Medical released a software update to patch the vulnerabilities, highlighting the need for continuous monitoring and updating of medical device software in order to steer clear of any malicious activities.
A Ponemon Institute report stated that 67% of medical device manufacturers and 56% of healthcare delivery organisations believe that their medical devices can be attacked in the next 12 months.
The aforementioned example signifies the importance of continuous monitoring of these implants to ensure that they are not affected by malware or attacked by hackers. A 2022 report by the Ponemon Institute stated that 62% of medical implant manufacturers and 51% of healthcare delivery organisations around the world reported cyberattacks on their devices. So this is not a distant future, but something that is happening in our day-to-day lives. This is why continuous oversight is important. Computer Science Professor at Johns Hopkins University, Avi Ruben, also emphasised the need for constant monitoring and said, “As we become more integrated with technology through biohacking, the need for robust cybersecurity measures becomes more critical to protect our health and privacy.”
Another way to secure these implants is by taking a “security by design” approach to the manufacturing of these devices. Manufacturers have to design their devices while incorporating robust cybersecurity measures like encryption and authentication mechanisms. According to a survey by Accenture, 73% of healthcare executives believe that incorporating security into the device’s structure is paramount to keeping it safe from any cyber-attacks. Governments are doing their best to safeguard the technology. However, we still have a long way to go before ensuring the utmost security.