Biotech health care innovations meet security challenges

Biotech health care innovations meet security challenges

The level and speed of innovations taking place in the biotech industry are baffling. On the one hand, it makes us hopeful we can quickly reduce the number of illnesses and their consequences through technological advancement—saving thousands of lives. On the other, concerns about the application of Internet-connected technology leave us wondering: at what cost?

Where does the mix of technology and medicine lead us? Advancements in genetic therapy have reshaped cancer treatment as we know it. Yet, other applications, such as automating medicine intake by measuring biometrics, may introduce whole other problem sets the medical and security world haven’t solved for.

Knowing that every human body is unique and may react in another way to the same procedure, it seems prudent to draw the line at a certain amount of automation. But how do we determine where to draw the line? Is it smart to leave that decision to the big pharmaceuticals? Let’s have a look at the developments in biotech that require bigger picture thinking from the security and privacy perspectives.

Developments in the health care industry

Some of the most promising health care developments in late stages of refining or even already in use are techniques where sensors are attached to or inserted into the patient’s body. The sensors are designed to transmit data about certain bodily conditions back to healthcare personnel.

One such technology is inserted directly into patients’ medication via chip. These “smart pills” send biometric data from within the blood stream. When the patient ingests the pill, the chip will be detected by a patch on her stomach the moment it is digested. If the patch doesn’t receive the appropriate signal, it alerts the patient’s doctor.

A big step forward for the future of smart pills will be the automation and timely administering of medicine; something currently in development. These smart pills are being designed to make patients life’s easier by embedding a tracking system in the pill that trigger the release of the drug in a timely manner, so you can’t forget.

Smart pills could also be programmed to release the medication when certain circumstances are met. A system similar to this already exists for diabetes. Insulin pumps for type 1 diabetics are in use that release insulin when a low blood sugar is detected, basically by mimicking the way the pancreas would behave for healthy people.

Diagnostic biotech

Existing bio-sensors are internal measurement devices that broadcast body metrics like blood pressure, pulse, oxygen saturation, blood sugar, etc. These bio-sensors and sensors measuring the presence of other substances in the blood can be used to finetune the administration of drugs. But what if anybody else can receive these transmissions?

The feasibility of multiplex biosensors for bloodstream infection diagnosis has been under investigation for a few years and is another development that could lead to transmissions concerning our health from inside our body to a “smart” device.

Pharmaceutical companies have already released digital smart pills containing computer chips. The first digital cancer pill, which was released in early 2019, contains a chip and capsules filled with capecitabine, a cancer chemotherapy that patients need to take several times a day.

Other biotech innovations

The human genome has been almost fully mapped and we are rapidly finetuning the ability to read the map. But what does this prospect bode for the future of the information that can be extracted from the DNA samples we provided for various different reasons?  Will donating blood or participating in a DNA test now result in a privacy nightmare later on? Will the risk we take now grow on us as science finds out more about the information stored in our DNA.

DNA diseases

With greater understanding of our genetics comes greater capacity for their manipulation. And gene editing currently stands as one of the most exciting, and worrying, areas within the biotech industry.

Another worrying advancement is the use of artificial intelligence (AI) to make the development of new drugs faster and cheaper. AI particularly can be used to reduce the amount of trial and error needed to design a drug candidate once a promising disease target had been identified. It can also be used to investigate and find unexpected use cases for drugs that fail in clinical trials. Promising changes, for sure. But what might AI miss that the human mind would catch? And how much would morality come into play if machines are conducting all of the testing?

Remote control of artificial limbs and animals

The advancement of modern prosthetics has gone hand in hand with the upcharge in rapid developments in the biotech health care sector.

In a combination of robotics and neuro-engineering scientists are working on a new robotic hand that could be a life-changing device for amputees. The goal is to read and transmit intended finger movement read from the muscular activity on the amputee’s stump for individual finger control of the prosthetic hand.

In the military field sharks and other animals have been given brain implants that makes them remotely controllable. These sharks could for example be used to find enemy submarines.

Communication protocols in biotech

The smart pill, produced and patented by Proteus and called Abilify MyCite, sends a simple pulse from the pill to the patch as soon as the pill gets absorbed by stomach acid. No problem there, but then the patch sends data like the time the pill was taken and the dosage to a smartphone app over Bluetooth. The data is stored in the cloud where the patient’s doctor and up to four other people chosen by the patient, can access the information. The patient can revoke their access at any time.

In 2017 the FDA stated it was planning to hire more staff with “deep understanding” of software development in relation to medical devices, and engage with entrepreneurs on new guidelines, because it expected to get more approval requests for digital pills. This was after the approval of Abilify MyCite, which is a typical symptom of legislation running after technical innovations without ever truly catching up.

In 2018 hackers demonstrated they could install malware on an implanted pacemaker after they had discovered bugs Medtronic‘s software delivery network, a platform that doesn’t communicate directly with pacemakers, but rather brings updates to supporting equipment like home monitors and pacemaker programmers, which health care professionals use to tune implanted pacemakers.

Bluetooth and medical devices

Bluetooth is ideal for the short-range, continuous wireless connection, that we use for streaming audio and data. The most commonly used Bluetooth protocols in medical equipment are Bluetooth Low Energy (BLE) and Bluetooth Classic

BLE is a Bluetooth protocol that was launched in 2010, it was designed to achieve goals of low power consumption and latency while accommodating the widest possible interoperable range of devices. The downside is that it can behave differently depending on smartphone platforms. This is because the device advertises on a schedule for smartphone response. When the smartphone responds, a handshake (bonding) is made, facilitating a confirmed transfer of the data packet to the smartphone before closing the connection. This saves energy, but it’s also responsible for unpredictable data transfer speed.

BLE also does not require paring between the sender and receiver and it can send authenticated unencrypted data. We understand the benefits of saving energy:

  • Devices can stay longer in the body without having to be replaced
  • Batteries can be smaller, so easier to insert and less obtrusive

But depending on the nature and particularly the sensitivity of the transmitted data, other considerations might come into play. Unfortunately BLE devices have also been found to be impacted by SweynTooth vulnerabilities.


Developers of medical devices who intend to use Bluetooth as the technology to connect devices with each other and with Wi-Fi should consider carefully which Bluetooth protocol is right for their system. To do this, it is important to have a clear understanding of the needs for the system and the available options.

Medical devices should be easily updatable for those circumstances where new vulnerabilities are found and patches or other important updates need to be applied.

Maybe the healthcare industry should even consider designing a new protocol similar to Bluetooth. Combining the Low Energy properties with some extra security measures might pay off in the long run.

Cloud solutions that are used to store sensitive personal and medical data deserve to be held against a high security standard.

We recommend only giving up your DNA samples to trusted organizations and only for reasons of utmost importance like your health.

Machines are not without fault or as smart as we might think. Blind trust in machines when it comes to healthcare can end in a catastrophy. There is an area where personal attention does a lot more good than the fully automated application of medicine can ever do.

Stay safe, and stay healthy!


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.