Medical implants and hospital systems are still infosec dumpster-fires

Originally published at:

So, I have to wonder if it’s even possible to get funding to build anything new these days without some sort of massive data collection scheme being included. A pacemaker might need to keep some internal logs regarding heart rate, voltages etc., but there’s no reason to have that data locked away from the user and certainly no reason to keep it for more than a few days at a time. To me this seems like a legislative solution would be required to offset the tendency to want to monetize one’s heart rate data (in conjunction with a “required” app that keeps a log of GPS locations), but I’m not convinced that the current political landscape would be a fantastic place to find such a solution. Activists in the audience, advice?


Look up how data protection laws came into effect in Europe from the 70s on, then wonder if similar events are likely in your country.

Makes me wonder if there isn’t room for a small biotech firm that makes implants that aren’t doing such shady shit, and advertise as such.


This topic was automatically closed after 5 days. New replies are no longer allowed.