So, I call this putting on the Robin Cook hat.
And, you know, thinking about how bad things could happen to patients in a hospital
or with medical devices, that's what Robin Cook does in his novels, does well.
So, we can think of, say, a blood glucose meter, glucometer.
Well, it is theoretically possible, but probably very unlikely,
that someone could directly affect the electronics
of the glucometer to produce incorrect reading.
It may be possible to influence the way that the only back up-- It is, typically,
one has to enter data about the test strips that are used in a glucometer.
There are different batches of test strips,
and one has to enter that data into the glucometer in order to obtain an accurate reading.
Might be possible for someone to modify the data on a test strip,
and that would not necessarily be an electronic hack,
but that would be a hack to the system,
and that would produce erroneous blood glucose values.
Now, let's say that data is displayed on the device,
and the patient reads it or a family member reads it or a nurse reads it,
and makes a decision about how much insulin to give.
That's one way that data might be used.
But another way it might be used is it's sent into the electronic medical record
or may be sent into another system.
Or, we are starting to see for several years people have working on
closed-loop control systems that could automatically measure blood glucose
and adjust insulin infusion.
So the more that the longer the data pathway
from the point of measurement into other systems of informed decision support,
and the more they become semi-autonomous or autonomous,
one could foresee that there are more points of vulnerability to modify the data.
So, in theory, if someone could spoof the blood glucose value,
and let's say that it's much higher than it actually is,
then potentially a person, a nurse or a family member,
or an automated system, automated artificial pancreas for example,
could overdose the patient on insulin.
So, you have to think through these different scenarios
and then think about the points of vulnerability.
Like, as with security in general, all the vulnerabilities are not necessarily electronic,
although for the purpose of this discussion we're focusing on them.
