Between November and December of 2019, I fainted 7 times, was hospitalised 3 times, and had to be resuscitated twice. Doctors are trained to diagnose medical issues, not issues with devices. And so, even though I had an ICD/Pacemaker inserted over a decade before, it still took 3 different cardiologists before I found one that was willing to listen and explore the possibility that it was my device that was the issue. Being a forensicator saved my life.
Answer: Medical Device Forensics.
An emerging field, Medical Device Forensics is comprised of three disciplines:
- Medical Device Engineering
- Digital Forensics
- Medical Forensics
These three disciplines allowed me to gather and analyse data from a variety of sources to, ultimately, determine the cause of my health issues.
Medical Device Engineering
The first line of action was to debug the device to determine if it was working. My device passed all of its self-tests. The device was responsive and able to be programmed. However, the device did show that there was no usage and a lead (an insulated wire placed inside one of the heart’s chambers that is connected to the pulse generator) was faulty. Technically, the device itself was functioning. But considering the number of times I fainted and needed to be resuscitated there was definitely something wrong.
Digital Forensics
Overall, the device was seen to be functional, but I knew there was something wrong. I needed to find an alternate data source so I could acquire, preserve, examine, and analyse data to convince my doctors that it wasn’t working.
Enter: my Apple iWatch. I wore it every day, including the days I fainted and was resuscitated. I was able to download data from the time period in question with the Apple Health app as a .XML file to reconstruct a timeline. I used parsehealth.py to parse the Apple Health data into a delimited txt file. Finally, I used trusty Excel to perform forensics and analytics on the data.
What did the data tell me?
Medical Forensics
To complete the triangle of Medical Device Forensics, we needed clinical data to determine a timeline and understand how my heart was functioning. To test my heart, I underwent the tilt table test. During the test I had irregular heart rates and even passed out. If my ICD/Pacemaker had been working properly, that would not have happened.
Findings
With the findings from all three disciplines, my doctors were finally convinced it was an issue with my device and had my ICD/Pacemaker and leads replaced in January 2020.
You’re liking thinking, “Lucky timing getting your device replaced right before COVID-19 hit!” And you would be right. But I’m telling my story because as COVID-19 has forced healthcare professionals to treat their patients through telehealth and monitor their patients remotely, security of medical devices has become even more critical.
Medical devices are manufactured with treatment in mind, not security. Even if they are secure now, devices are manufactured to live in patients for decades and will inevitably become vulnerable. We should build the capacity to do forensics on medical devices for the future. Security and forensics should be taught to developers and should be incorporated in the manufacturing of devices. We need more people doing the research to get medical device forensics where we want it to be.
.PNG "DFIR_ICON_(1).PNG"){kind=icon}
