Envisioning a future where humans are vulnerable to e-viruses from their implantable medical devices and diagnostics.

Dinesh Peter, Nandini Diwakar, and Avijit Dutta

Here’s a strange tale: While wrapping up his post-lunch meeting, Ted starts feeling severe abdominal cramps accompanied by prolonged bouts of shivering. Having no recollection of doing or eating anything unusual recently, and unable to explain his symptoms, Ted drives to the nearest hospital to get examined before his symptoms become more serious.

“Ted Lewis,” Dr. Lisa calls out as he waits for his turn at the ER. In the examination room, Ted explains his condition to Dr. Lisa. She checks his vitals and orders a blood test and an ultrasound examination. During the ultrasound, simethicone is administered because intestinal gas is causing visual obstructions. After running the recommended tests, Dr. Lisa reviews the results to find abnormally high levels of Amylase and Lipase. Dr. Lisa asks Ted if he is on any medication. Ted says he is, and adds, “I have a gastrochip implant to alleviate my digestive and bloating symptoms.” Dr. Lisa says, “We need to check the gastrochip. Let’s go to the micro-chipology unit where our biomedical engineer Randy Davis will take care of you. Most likely, you are infected with an e-virus. Lately, we have been seeing quite a few patients with similar symptoms. Engineer Randy will provide the e-antidote.”

An electronic virus and healthcare treatment from a biomedical engineer rather than a doctor—weird idea, isn’t it?

Welcome to the future and what may become the new paradigm in healthcare.

Humans may potentially be affected by a computer virus that elicits a physiological response similar to that of a biological virus. This is an imaginable evolution, judging from the rapid pace of innovation in the area of wireless/remote-controlled implantable medical devices and diagnostic wearables.

Understanding Medical Implants

Mechanical and electromechanical implantable devices have been around for a while now. Recently, rapid improvements in materials science and wireless technology have facilitated miniaturization of devices and the ability to control them remotely with devices as common as phones. This has led to a new category of medical devices that holds the promise of improving quality of life for millions of patients.

At a broad level, there are two categories of implants:

Most of these devices have a software component that enables remote control. But as with any software component, these medical devices are also vulnerable to unauthorized usage, inadequate authentication and access control, unsecured communication channels, weak audit mechanisms, attack by malicious code, and data corruption. In essence, these devices could be infected by a broad category of computer viruses as we know them today, and what we classify as e-viruses for the future. We envision these devices interfacing with human tissue and eliciting biological responses, and in such scenarios, the repercussions of an e-virus attack could be quite severe. Today, these devices operate in silos. However, we believe the devices of future may be interconnected and in such cases, e-viruses might even spread from one human to another, thereby spreading the “disease.”

As futuristic as it may seem, consider that more than five years ago, BBC reported that Mark Gasson, a researcher at University of Reading in the United Kingdom, had voluntarily infected a chip implanted in his arm with malicious code! Prof. Rafael Capurro of the Steinbeis-Transfer-Institute of Information Ethics in Germany told the BBC that there are pros and cons to the advancements in implanted devices, since it has the potential to deliver better care but also to hurt patients.

Tackling e-viruses—What the Future Holds

Thinking about the future, it seems one way to detect e-viruses in the body would be to start with the elicited biological responses. Caregivers could use the process of elimination to reach differential diagnosis. The biological response may vary from mild or moderate symptoms to life threatening illness, permanent damage, and/or death. To address these issues, hospitals, healthcare providers, and subsequently the entire healthcare ecosystem will evolve as well. Hospitals will shift from being traditional healthcare dispensing systems to integrated ones where, in addition to traditional clinical divisions (such as oncology, cardiology, orthopedics, etc.), an Implantable Diagnostics Division for these devices will function to fix device issues. Though device malfunctions fall under the purview of the engineering division, adverse biological reactions due to implant failure will require implant biomedical engineers to work closely with physicians.

It may take a while for these types of implants to become mainstream. Nevertheless, we envision such a future based on the emerging trends in the medical device industry and the in-roads made by technology companies into the healthcare domain. We also believe that people may willingly get these implants for the diagnostic and possibly corrective benefits.

We think there is a good chance that this imagined future materializes. Skeptics may argue that strong regulatory and compliance requirements for device security will prevent such vulnerabilities. But at present, compliance regulations mandate mechanical and electrical safety tests for medical implants only. Security compliance tests are not held to the highest standards of accountability one would expect. In 2011, Jerome Radcliffe, a network security expert, explained at a Black Hat conference how his insulin pump could be manipulated by a hacker. Furthermore, a 2012 PLoS One article by Daniel B. Kramer highlighted that our recall system does not appropriately identify device malfunctions associated with security breaches.

Research is underway to develop robust security mechanisms that identify malfunctions in external devices without altering the implant itself. Cryptographic techniques are being incorporated to enhance authentication protocols and to protect communication over wireless channels. This would prevent pairing of the implant with external devices, but nevertheless would still allow communication with outsiders.

In addition to ongoing research, we recommend the creation of a forum where security breach-related incidents and e-viruses in implants could be reported and tracked. Regulatory bodies should support this endeavor to assess, resolve, and thereby standardize guidelines for development, delivery, configuration, and monitoring of wireless implantable medical devices.

Despite regulatory changes and advancements in security, when technology enables seamless integration of the device and human body, we think the healthcare ecosystem will evolve to tackle the threat posed by e-viruses with e-antidotes.

Dinesh Peter is a business consultant in the Life Sciences Practice at Infosys and can be reached at [email protected].

Nandini Diwakar, BDS is principal business consultant in the Life Sciences Practice at Infosys and can be reached at [email protected].

Avijit Dutta is senior principal business consultant in the Life Sciences Practice at Infosys and can be reached at [email protected].

[Image courtesy of DAVID CASTILLO DOMINICI/FREEDIGITALPHOTOS.NET]