The following is a personal post by Daniel Lewis, Executive Chair and Founder of Awen Collective.
In early 2010, at an NHS Hospital in England, I had an Implantable Cardiac Monitor (ICM) installed just under my skin on my chest. The device simply listened to my heart rhythms, recorded anything that it considered to be anomalous, and wirelessly allowed me to trigger it to record if I felt abnormal. I would then go back to the hospital to allow them to download the data, also wirelessly. The device was inside me for about 4 years in total. I have Familial Dilated Cardiomyopathy, a genetic heart condition which means that my left ventricle is larger than the average persons, and the reason for the device being implanted was because the doctors wanted a close long-term look at my heart anomalies. I should add at this point, I am fine, I am looked after very well by the NHS in the UK and, generally, the condition does not affect my day-to-day operations.
At about the same time as this device was inside me, I started my doctoral research in Artificial Intelligence (applied to physical security). I think that the combination of me researching AI and the knowledge of me having implanted technology meant I naturally stumbled across topics like “quantified self,” “transhumanism” and “biohacking” - all of which came with their own subcultures, beliefs and practices. I dabbled a little, but never went as far as biohacking / body hacking. I was mostly interested in transhumanism and the relationship between AI and humanity.
In 2015 I moved from researching AI applied to physical security, into researching cyber security and digital forensics as a Senior Researcher at the University of South Wales. Thoughts were beginning to arise within me of “what if someone cyber attacked my heart monitoring device?” - unfortunately I didn’t have the device in there any more, and so it remained mere speculation. However, it became clear to me that there are a lot of digitally-enhanced devices used within the health sector and many of which are networked, or even internet connected.
The problem remains to this day; these medical devices have a risk of cyber attack. The potential reasons for cyber attack are many and include stealing personal data, creating societal disruption and more. It does not take much to realise that someone who relies on a connected device (such as a pacemaker, or a smart infusion pump) could seriously affect their safety through a cyber vulnerability.
In fact, many studies have been done on cyber vulnerabilities within the medical sector, and our vulnerability databases also contain many devices used within healthcare and pharmaceuticals.
At this juncture I want to highlight that I believe that this should not prevent us from developing and using smart technologies. Technology gives us all kinds of benefits, it optimises our lives, and much of the medical technology out there at the moment is just plain brilliant.
It is just that I sincerely believe that every digital technology - whether that is medical technology, Industry 4.0, smart cities tech or the various other techs out there (e.g. FinTech, InsurTech, RegTech, AgriTech etc etc etc) - should not only be built with a good value proposition which meets particular needs, but it should be built well with security and safety by design. Security built-in from the very beginning, is always better than security as an after-thought.
At Awen Collective we understand the problems out there. We understand the resistances that some have to cyber security, and we understand that cyber security hasn’t always been at the forefront of minds when developing systems. We are not here to force you to do things you don’t want to do, but we might recommend that you begin thinking about things and do so in a way that works for you. Budget is absolutely key for any organisation, and so we have, for example, built our Dot system in a way which minimises disruption to production, and minimises the impact on budget.