05 Feb 2018

Connected media devices: Security nightmare, or AI opportunity?

CWJ reports from the Healthcare SIG’s Medical Device Security event on 12 September 2017.

The potential benefits of connected medical devices are well understood. But whenever there is a network and personal data, there is a security risk. The risk is worse in devices such as pacemakers on which lives may depend. The stakes are particularly high in this area, and that’s why the Healthcare SIG’s latest event was so interesting.

Held at St Catharine’s College in Cambridge, the event began with a welcome from Peter Ferguson, Director of Healthcare Technologies at ARM, sponsors of the event. Peter is also a Healthcare SIG champion, and he foresaw a future in which connected devices move off the wrist to “more sensible” places to gather data from “the brain, eyes and breath”.

We next heard from Hugo Vincent, Principal Research Engineer at ARM. Hugo pointed out that there was some comment regarding “movie-plot threats” when Dick Cheney had the wireless in his pacemaker disabled in 2008. But then in 2013 the FDA issued a warning notice: “The agency has recently become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations.”

Hope is not a strategy and it is not legally recognised.

The lesson, according to Hugo, is that long deployments add to the security challenge in medical devices, and this is why AI solutions will be needed in medical device security. Security technology which learns will be much more capable of dealing with changing threats. Hugo also committed a CW sacrilege by suggesting that an always-on wireless connection might not always be a desirable thing.

Jon Hill, Business Development Director of InVMA, discussed the increasing difficulties of effective security caused when projects involve many different organisations and technologies.

Andrew Tsonchev, Director of Cyber Analysis at Darktrace, then explained how his company uses machine learning and networking data to secure devices about which little can be known. Networks often include many different architectures, from video cameras to outsourced clouds, and securing everything can range from expensive to impossible. Instead, Darktrace’s AIs learn to distinguish between “self” and “not self” activity on the network, using “pattern of life” (a phrase also employed in military intelligence) to tell when new and potentially dangerous activity is taking place.

Next was Michelle Ellerbeck, NHS Trust Information Governance Lead, with an informative talk on the EU General Data Protection Regulations (GDPR) which will be coming into force in the UK next year – despite Brexit.

Caroline Rivett, Director Risk Consulting at KPMG, was the final speaker. She advocated a risk-analysis-based approach to security, allowing the most severe vulnerabilities to be dealt with as resources become available. Naming no names, Caroline suggested that the priority given to security varies significantly among healthcare device manufacturers.

The panel discussion which followed offered many insights, not least among them the possibility of healthcare providers being sued for failure to gather personal data. Dr Peter Jarritt of the NHS National Institute for Health Research also pointed out that rights to erase personal data under the new GDPR could seriously compromise the new data sets, as could other problems. He noted that many readings from medical sensors are almost useless if you don’t know exactly what model and software version was used – or even, as with blood pressure, which individual machine.

Lewis Page

Editor, Cambridge Wireless Journal

Lewis Page

Lewis Page has been a technology journalist and writer for over a decade. Before becoming editor of CWJ he was the editor of (in)famous tech tabloid website The Register. He has also written for the Guardian, the Telegraph, Prospect magazine and many others. He has a degree in engineering from Cambridge University.

Continue the conversation on Twitter. Follow us on @cwjpress and use hashtags #cwjournal and #healthcare

This article was originally published in the CW Journal: Volume One, Issue Two.

If you would like to receive a free copy of the CW Journal, please submit your details here. The CW Journal Editorial Board welcomes comment from those of you who would like to submit an article - simply email your synopsis to the team.

^{Pg 16}

Return to listing

23 Apr 2025

Mpirical and CW Partner to Future-Proof Telecoms Skills

Cambridge Wireless (CW) and Mpirical are excited to announce a strategic partnership that combines CW’s global network of over 1,000 technology leaders with Mpirical’s two decades of expertise in interactive telecoms training.

CW News

17 Apr 2025

CW’s Distinguished Lecture on Wi-Fi 7 – Insights and Implications

CW News

More News