Silicon Valley Law Group Blog
Healthtech devices are increasingly common. People are wearing sensor devices that monitor fitness metrics. They can count steps and distance walked or run, calories burned, elevation changes, and heart rate. In the future, people may swallow sensor devices that can monitor or transmit video of the digestive system, may have sensor devices in their bloodstream monitoring the level of a medication, or may ingest smart pills that detect diseases. An organization can also embed devices in a patient, such as a catheter for an insulin pump, a pacemaker, or microchips placed under the skin.
With all of these devices, various security vulnerabilities may be present. Hackers can exploit vulnerabilities to take control of them or otherwise tamper with them. Devices that communicate with systems outside the body entail the risk of interception or interruption. Moreover, once systems collect data from devices on or in the body, the systems are potential targets for attack.
To mitigate these risks, the device manufacturers should design their products with security features in mind. They should thoroughly test the device during the design phase to determine if vulnerabilities pose risks to users. They should have an independent third party test the device to check for vulnerabilities and seek any available security certifications for the device. Finally, the vendor hosting the applications and data needs to secure the data and the systems collecting the data. It should use transmission security procedures and technology to secure the communications with the device, encrypt the collected data, and manage access to the infrastructure supporting the devices.