The congressional testimony by Mark Zuckerberg, CEO/founder of Facebook this week has left many in deep reflection. The data leak and the implicated political influence by a foreign country on the US politics woke many Americans (and perhaps the world) up. Fifteen years ago, when everyone in college just signed up for Facebook and excited about the phrase “social media”, few could imagine these dark days like this week. Few they were, but not none. The growth of the internet and mega-startups like Google, Twitter, and Facebook outpaced our ability to forecast, reflect, and protect against potential downside of technical revolutions. Therefore, as the city of San Francisco is getting ready for one of the largest cybersecurity conference RSA 2018 next week, it is a good opportunity to remind everyone again that in the realm of healthcare 3D printing, cybersecurity vulnerabilities are innumerable and need to be addressed now, or it will be an expensive lesson for all.

A lot more expensive than bitcoins.

There are several reasons 3D printing is favored as the enabling technologies in Industry 4.0:

· Complexity for free

· Mass customization

· Decentralization of the manufacturing and distribution process

These characteristics are also perfect for manufacturing the next-generation medical devices and hopefully providing a more personalized, on-demand healthcare services at lower costs.

Nonetheless, these very benefits also pose additional cybersecurity vulnerabilities throughout the product lifecycle. From design, manufacturing, to distribution. A lot more than traditional manufactured medical devices.

· Design stage: First of all, it is not hard to imagine that stealing design is made a lot simpler when the entire product is digitally manufactured. There is no need for reverse engineering no matter how complex the product is. In fact, there is evidence that some design can be copied simply based on the vibration of a 3D printer at work. [1] Second, tampering critical component of a design via cyber attack is now possible. [1,2] A tampered hip implant design surely will result in a patients’ suffering and lawsuits but tampered implantable electronic devices like cardiac pacemaker will have more grave consequences.

· Manufacturing stage: Recently NYU researchers have shown that not all defects can be detected using current quality control techniques. [1] Intentional or unintentional design data corruption may result in such defects bypassing conventional quality control that can pose serious health risks. The same group of researchers also shown that simply changing the orientation of extrusion head will result in a structure with entirely different mechanical properties. [1]

· Decentralized manufacturing and distribution: One of the major benefits of digital manufacturing is that the same digital blueprints can be transmitted via the internet/cloud into any 3D printer located anywhere in the world. Such decentralized manufacturing ability allows for an entirely different supply chain, including solving the transportation problem, cost saving due to efficient inventory and storage. In healthcare, one eventual goal for many is to be able to produce personalized medical devices on-demand with this decentralized system. However, every step along the chain will put the device manufacturer at risk of losing proprietary design to defective end products. Things can be even more complicated if patients’ data is breached and used in a malicious way. For example, it is not too hard to imagine losing sensitive biometrics data or tampered electronic implantable device to a military personnel can pose national security risk no less than our current concern around the presidential election.

Similar to 3D Printing, the FDA also issued its recommendations in cybersecurity surrounding ANY medical devices [3,4]:

“1) Medical device manufacturers and health care facilities should take steps to ensure appropriate safeguards. Manufacturers are responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity. They are responsible for putting appropriate mitigations in place to address patient safety risks and ensure proper device performance.

2) Hospitals and healthcare facilities should evaluate their network security and protect their hospital systems.”

Currently, there are a few 3D printing cybersecurity startups, namely 3DP SecurityIdentify 3D, however, no company so far focuses on developing dedicated cybersecurity solution for 3D printed medical devices or 3D printing software. (Oh yeah, please PM me if you are starting one.)

So, this loops back to bitcoins. Bitcoins are considered speculative, i.e. it can be worth nothing or a lot tomorrow. However, what is valuable to all is the knowledge that blockchain, the underpinning technology behind bitcoin has successfully withstood cyber-attacks for more than 9 years. [5]

Between a bitcoin and another “coin” with the encrypted design of a 3D printed medical-device, which one will you pick?

References:

1. https://www.designnews.com/3d-printing/3d-printing-has-urgent-need-cybersecurity/42281071756489

2. https://bdtechtalks.com/2017/07/05/the-cybersecurity-risks-of-3d-printing/

3. https://www.mddionline.com/why-cybersecurity-must-be-part-medical-device-architecture

4. https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm

5. https://www.forbes.com/sites/omribarzilay/2017/08/21/3-ways-blockchain-is-revolutionizing-cybersecurity/#14619d452334