Medical technologies such as electronic devices implanted or injected into the human body are the next growth area for hackers pursuing money or control of individual people. With nanotechnology implants already being used for some medical treatments, advances in their application could pose as great a cybersecurity threat as what faces the Internet of Things, experts say.
Security professionals have begun to confront the problem of biomechanical hacking. Two years ago, health care giant Johnson & Johnson warned that one type of its insulin pumps could be hacked. The company encouraged users to avoid employing the device’s remote-control feature and to program the pump to limit its maximum dose. And last year, the U.S. Food and Drug Administration ordered the recall of nearly half a million pacemakers over hacking fears. A firmware update was needed to patch security holes in the devices.
But these threats are relatively simple compared with the potential for malicious cyber activity within the human body. New biomechanical technologies coming into use are far more sophisticated, and far more vulnerable, than single-function devices such as pacemakers and insulin pumps. Medicine sits on the cusp of introducing nanosystems into the human body that could revolutionize treatment and recovery, according to health journals. These particles, which measure 10-9 microns, or 1 nanometer, will be able to perform a variety of functions, either singularly or in groups. But, as electronic devices, they could be hacked by outsiders.
These innovative nanoparticles are not being introduced with sufficient security, says Gregory Carpenter, a certified information security manager (CISM) and a self-described cyber imagineer. A former military intelligence and cyber expert with the U.S. Army and the National Security Agency, Carpenter has written several books and articles on technology and the cybersecurity threat. “[Biomechanical] security is probably the last thing to be put in place at a very high level,” he charges. “There is rudimentary security in several different deployments of that technology in some universities in the United States. But I would say the same level of security is not acknowledged as necessary in different places around the world because [advanced nanomedicine] is only in the research phase right now.
“As new nanoparticles come out, you’ll see autonomous processors in nanoparticles, which will be in contact with a client—a laptop, desktop computer or tablet that is going to be run by a server. So, there’s always a link, and if you can hack it, you can own it,” he declares.