Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: FDA Approves Use of Chip in Patients ? HIPAA woes?
From: Jesse Valentin <jessevalentin () yahoo com>
Date: Fri, 15 Oct 2004 07:22:58 -0700 (PDT)

This is a very interesting viewpoint. I guess I am little weary about using this type of technology. If a scanner 
malfunctions, if you pass by a magnet - will it erase the data?, etc.
 
I was reading an article today in SC magazine called - "A life threatening security problem?" (October 2004) where the 
issue of a major security predicament is facing many hospitals today. The article mentions the following: "The problem 
[...] is the use of off-the-shelf operating systems, such as MS windows, within medical devices. [...] using Windows 
allows the devices to talk to a hospital's network [...] but at the same time, also become just as vulnerable as any 
commercial computers whenever hackers are about".
 
The article goes on to mention the fact that an innacurate reading could be produced in an MRI scan, etc if malware 
affected the hospital's network and as a result any databases or devices connected to it. Just illustrates a need to 
ensure that health care facilities have tight security to minimize the issue of tampering of data in order to prevent 
mis-diagnosis, etc.
 
Its interesting that many healthcare facilities are aware of the problem but have not truly mobilized as of yet to fix 
this issue. The article mentions: "The nation's hospitals, Microsoft, and even the FDA are all rapidly searching for a 
solution..." 
 
Not very comforting. I can just see it now... Symantec announces the release of 
W32.youvebeenmisdiagnosedwithAIDS.worm.... :-)

Simon Richter <Simon.Richter () hogyros de> wrote:
Hi,

It is just a rapid way of identifying people which is not a bad thing in 
some circumstances. Some catagories of patient carry alert bracelets to 
inform any medical practitioners that they have certain severe reactions 
or specific medical conditions.

I would immediately accept a chip that does not contain my name, but
only neccessary medical details and would use encryption to only hand
out certain details to medical staff. This will still mean that
diabetics need their bracelets, as the people who need to call an
ambulance do not have access to a scanner, but it will definitely help
in treating comatose patients found on the side of the road.

The technical implementation will, however, be difficult (what to do
about leaked private keys that will give access to the chip, for
example).

I wonder whether it would be possible to form a collective opinion on
that matter, since it is something that is likely to happen and
definitely needs to be pushed into the right direction.

Simon

-- 
GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4


ATTACHMENT part 2 application/pgp-signature name=signature.asc

                
---------------------------------
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault