In general, electronic devices are not secure. People do not understand and can not wade through user agreements, commonly more than 5000 words and more than 18 pages to read, presented always at the wrong time, when one can’t wait to activate a device or a service, and one is already tired of the nonsense overwhelming his every day life from work, media, propaganda and so forth.
Medical personal information may now be accessed by medical devices.
Medical devices include fitbits, smartphone apps, retinal implants, wireless blood pressure machines, genome tests (23 & Me, Illumina), TSA body scans, collection of data from your activities, gait, sleep pattern, eye motions – all of which may be combined with health data from other medical devices.Electronic health data can be bought and sold.
Google bought Fitbit and now owns all their data, plus the electronic health record company Ascension, serving 150 hospitals in 20 states. Google publishes research diagnosing mental health issues, including Alzheimer, from walking data and 5 days of walking data can uniquely identify you.Collected by most medical devices:
name,
date of birth,
physical address,
DOB,
email address,
date and location of data collection,
phone/fax number,
medical chart identifier,
physician/hospital,
medical insurance carrier,
SSN,
IP address,
unique identifier of medical device,
serial number,
software version,
data communication path or tower ID.Medical devices are well-known for having security flaws, legal cases and reported incidents of violations have not slowed down but increased. Separate from this is the fact the health data is also shared and sold, somehow while also complying with HIPPA laws. “Anonymized” data is a fantasy.
(Your phone collects your walking data, even if you turn it off. If you turn it off, you just don’t see it).
Correlating massive amounts of data allows anonymization to be undone.
“The proliferation of sensor-studded cellphones could lead to a wealth of data with socially useful applications — in urban planning, epidemiology, operations research and emergency preparedness, among other things. Of course, before being released to researchers, the data would have to be stripped of identifying information. But how hard could it be to protect the identity of one unnamed cellphone user in a data set of hundreds of thousands or even millions?According to a paper appearing this week in Scientific Reports, harder than you might think. Researchers at MIT and the Université Catholique de Louvain, in Belgium, analyzed data on 1.5 million cellphone users in a small European country over a span of 15 months and found that just four points of reference, with fairly low spatial and temporal resolution, was enough to uniquely identify 95 percent of them.
…all you would need to do is place him or her within a couple of hundred yards of a cellphone transmitter, sometime over the course of an hour, four times in one year. A few Twitter posts would probably provide all the information you needed, if they contained specific information about the person’s whereabouts…
..In the data set that the researchers analyzed, the location of a cellphone was inferred solely from that of the cell tower it was connected to, and the time of the connection was given as falling within a one-hour interval. Each cellphone had a unique, randomly generated identifying number, so that its movement could be traced over time. But there was no information connecting that number to the phone’s owner.
The researchers randomly selected a representative sampling from the set of 1.5 million cellphone traces and, for each trace, began choosing points at random. For 95 percent of the traces, just four randomly selected points was enough to distinguish them from all other traces in the database. In the worst case, 11 measurements were necessary…”
Medical Device Communication
Collection of medical data from devices: sensors, transceivers, power supply, analog-to-digital converter, processor unit (memory, management procedure—coordinate data flow).Communication Frequencies available
Industrial Scientific Medical Band ISM (173.433.868.915, 2400-2500, 5000+,Mhz), wireless, bluetooth (2.4 GHz band), Zigbee, Usage <1W low-powerm NFC (13.56 Mhz – 100-400 kbits/sec) transmits upon request using querying device.Ex. Wireless Temperature Sensing Device
Low cost and noninvasive medical patch that continuously monitors temperature and sends alerts to phone when temperature reaches set limit.—
The EEF, back in 2016, filed a case with the FDA on the general gross insecurity due to over-interpretation (i.e. misuse) of the Digital Millennium Copyright Act (DMCA), specifically Sec.1201, which prohibits tampering with “effective means of access control” which restrict copyrighted words. Using this, security researchers who disclosed security flaws in any systems covered by the DMCA were sued by large content providers who argued that sharing research that required circumvention of the digital lock violated the DMCA. Systems with digital locks became a no-go zone for security research, so security flaws would not brought to light and fixed.
Then everything got a digital lock – light-bulbs, doorbells, cars…medical devices. Security researchers stayed away, and security flaws remained. The digital lock is also (mis)used to fix device parameters, which generates physician and medical worker fees to adjust parameters (ex:CPAP) for patients and creating a lucrative business model…