Monday, March 23, 2015

How I Met Your Founder: Kevin Fu Meets Earl Bakken of Medtronic


Earl Bakken and Kevin Fu discussing
blended medicine, January 2015
I recently had the pleasure of speaking about medical device security at the University of Hawaii at Manoa, touring the unique patient facilities of the North Hawaii Community Hospital, and meeting with Earl Bakken at his home on the Big Island. Earl co-founded Medtronic and is most widely known for inventing the first external, battery-operated, transistorized, wearable artificial pacemaker in 1957. At 91-years-young, Earl continues to keep a busy schedule!

I have to admit, nine years ago I would not have predicted that I'd be having a private lunch conversation about blended medicine with Earl in his home. Back in 2006, I became intensively preoccupied with understanding and improving the security and privacy of implantable medical devices. It took a couple years, but after a rejection, one of our first papers on medical device security was eventually published at the IEEE Symposium on Security and Privacy in 2008. Needless to say, there was initially some mutual mistrust between various parties. Here's this academic from the ivory tower warning of security problems from the future! It's only natural to be suspicious.

Fast forward to 2015, and you'll find that many major medical device manufacturers understand the importance of cybersecurity, but are still working on their solutions under the spirit of NIST and AAMI security and risk frameworks. There are growing pains. That's why each May, top engineers from the medical device industry and healthcare providers descend on Ann Arbor for interdisciplinary group problem solving at the Archimedes Workshop on Medical Device Security.

I've got quite the tome of notes from my discussion with Earl, so I'll be updating this blog entry with stories as I get a break from teaching a large undergraduate class this semester. Stay tuned for the next photo and story!

North Hawaii Community Hospital



The radiologists hang loose at North Hawaii Community Hospital,
and have a funny sense of humor.

Monday, December 1, 2014

Gary McGraw asks who is in charge of medical device security


Gary McGraw, CTO of Cigital, recently served on a federal advisory committee panel to discuss medical device security. Gary shared his thoughts and recommendations here.

Thursday, October 30, 2014

Hot Topic: Ebola, Technology, and Science

Is your IR camera giving you accurate
temperature readings to diagnose Ebola??
Maybe, maybe not.  Re-calibration and angle
causes a 9 degree difference on this IR camera.


This post diverges from medical device security for a moment to address some technical issues related to persons asymptomatic of Ebola. I happen to carry an infrared camera wherever I go. My lab uses it in research, and to leave secret thermal handprint messages on walls (they last about 5 minutes at my office).  I'd like to demonstrate why one should take with a grain of salt the accuracy of temperature readings from infrared imaging to diagnose Ebola.

Reports claim that nurse Kaci Hickox registered an elevated temperature on an infrared scan, but then showed negative for fever with an oral thermometer.  This is not surprising, given that infrared cameras are prone to inaccurate results for all sorts of reasons ranging from reflected light, improper or poorly trained use, calibration, thermal changes on the surface of the sensor, or the condition of the subject.  (Did you just hear a dirty joke and blush?  Or were you upset by an overzealous agent?)   Different IR cameras have different sensitivities, and liquid-cooled sensors will have different properties as well. So I surmise that an IR camera used by an airport security guard will have a higher probability of detecting dirty jokes with low false positives than detecting Ebola with low false positives. Thermal cameras are just tools, but one must choose the right tool for diagnosis. Try taking an IR photo of a row of recently used toilets if you want to feel especially squeamish in exercising the least recently used principle.

Don't trust the digital readings from an infrared camera unless you are trained on its measurement and experimental error.  The absolute numbers are meaningless on their own. Watch MIT Prof. Walter Lewin's physics lecture on measurement error for certainty on this subject.

"Any measurement that you make without the knowledge of its uncertainty is completely meaningless." -Professor Walter Lewin, MIT