Physiological Information Leakage: A New Frontier in Health Information Security

Information security has become an important concern in healthcare systems, owing to the increasing prevalence of medical devices and the growing use of wearable and mobile computing platforms for health and lifestyle monitoring. The previous work in the area of health information security has largely focused on attacks on the wireless communication channel of medical devices, or on health data stored in online databases. In this paper, we pursue an entirely different angle to health information security, motivated by the insight that the human body itself is a rich source (acoustic, visual, and electromagnetic) of data. We propose a new class of information security attacks that exploit physiological information leakage, i.e., various forms of information that naturally leak from the human body, to compromise privacy. As an example, we demonstrate attacks that exploit acoustic leakage from the heart and lungs. The medical devices deployed within or on our bodies also add to natural sources of physiological information leakage, thereby increasing opportunities for attackers. Unlike previous attacks on medical devices, which target the wireless communication to/from them, we propose privacy attacks that exploit information leaked by the very operation of these devices. As an example, we demonstrate how the acoustic leakage from an insulin pump can reveal important information about its operation, such as the duration and dosage of insulin injection. Moreover, we show how an adversary can estimate blood pressure (BP) by capturing and processing the electromagnetic radiation of an ambulatory BP monitoring device.