Entries Tagged "medicine"

Page 7 of 9

"Nut Allergy" Fear and Overreaction

Good article:

Professor Nicolas Christakis, a professor of medical sociology at Harvard Medical School, told the BMJ there was “a gross over-reaction to the magnitude of the threat” posed by food allergies, and particularly nut allergies.

In the US, serious allergic reactions to foods cause just 2,000 of more than 30 million hospitalisations a year and comparatively few deaths—150 a year from all food allergies combined.

In the UK there are around 10 deaths each year from food allergies.

Professor Christakis said the issue was not whether nut allergies existed or whether they could occasionally be serious. Nor was the issue whether reasonable preventative steps should be made for the few children who had documented serious allergies, he argued.

“The issue is what accounts for the extreme responses to nut allergies.”

He said the number of US schools declaring themselves to be entirely “nut free”—banning staples like peanut butter, homemade baked goods and any foods without detailed ingredient labels—was rising, despite clear evidence that such restrictions were unnecessary.

“School entrances have signs admonishing visitors to wash their hands before entry to avoid [nut] contamination.”

He said these responses were extreme and had many of the hallmarks of mass psychogenic illness (MPI), previously known as epidemic hysteria.

Sound familiar?

Posted on December 19, 2008 at 6:56 AMView Comments

UK National Risk Register

The UK has made public its previously classified National Risk Register.

The National Risk Register is intended to capture the range of emergencies that might have a major impact on all, or significant parts of, the UK. It provides a national picture of the risks we face, and is designed to complement Community Risk Registers, already produced and published locally by emergency planners. The driver for this work is the Civil Contingencies Act 2004, which also defines what we mean by emergencies, and what responsibilities are placed on emergency responders in order to prepare for them. Further information about the Act can be found on the UK Resilience website.

Seems like the greatest threat to national security is a flu pandemic.

Posted on August 13, 2008 at 11:05 AMView Comments

Fever Screening at Airports

I’ve seen the IR screening guns at several airports, primarily in Asia. The idea is to keep out people with Bird Flu, or whatever the current fever scare is. This essay explains why it won’t work:

The bottom line is that this kind of remote fever sensing had poor positive predictive value, meaning that the proportion of people correctly identified as having fever was low, ranging from 10% to 16%. Thus there were a lot of false positives. Negative predictive value, the proportion of people classified by the IR device as not having fever who in fact did not have fever was high (97% to 99%), so not many people with fevers will be missed with the IR device. Predictive values depend not only on the accuracy of the device but also how prevalent fever is in the screened population. In the early days of a pandemic, fever prevalence will be very low, leading to low positive predictive value. The false positives produced at airport security would make the days of only taking off your shoes look good.

The idea of airport fever screening to keep a pandemic out has a lot of psychological appeal. Unfortunately its benefits are also only psychological: pandemic preparedness theater. There’s no magic bullet for warding off a pandemic. The best way to prepare for a pandemic or any other health threat is to have a robust and resilient public health infrastructure.

Lots more science in the essay.

Posted on June 26, 2008 at 6:58 AMView Comments

Hacking Medical Devices

Okay, so this could be big news:

But a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.

They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal—if the device had been in a person. In this case, the researcher were hacking into a device in a laboratory.

The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic, the device’s maker, had embedded in the implant as a way to let doctors monitor and adjust it without surgery.

There’s only a little bit of hyperbole in the New York Times article. The research is being conducted by the Medical Device Security Center, with researchers from Beth Israel Deaconess Medical Center, Harvard Medical School, the University of Massachusetts Amherst, and the University of Washington. They have two published papers:

This is from the FAQ for the second paper (an ICD is a implantable cardiac defibrillator):

As part of our research we evaluated the security and privacy properties of a common ICD. We investigate whether a malicious party could create his or her own equipment capable of wirelessly communicating with this ICD.

Using our own equipment (an antenna, radio hardware, and a PC), we found that someone could violate the privacy of patient information and medical telemetry. The ICD wirelessly transmits patient information and telemetry without observable encryption. The adversary’s computer could intercept wireless signals from the ICD and learn information including: the patient’s name, the patient’s medical history, the patient’s date of birth, and so on.

Using our own equipment (an antenna, radio hardware, and a PC), we found that someone could also turn off or modify therapy settings stored on the ICD. Such a person could render the ICD incapable of responding to dangerous cardiac events. A malicious person could also make the ICD deliver a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia.

Of course, we all know how this happened. It’s a story we’ve seen a zillion times before: the designers didn’t think about security, so the design wasn’t secure.

The researchers are making it very clear that this doesn’t mean people shouldn’t get pacemakers and ICDs. Again, from the FAQ:

We strongly believe that nothing in our report should deter patients from receiving these devices if recommended by their physician. The implantable cardiac defibrillator is a proven, life-saving technology. We believe that the risk to patients is low and that patients should not be alarmed. We do not know of a single case where an IMD patient has ever been harmed by a malicious security attack. To carry out the attacks we discuss in our paper would require: malicious intent, technical sophistication, and the ability to place electronic equipment close to the patient. Our goal in performing this study is to improve the security, privacy, safety, and effectiveness of future IMDs.

For all our experiments our antenna, radio hardware, and PC were near the ICD. Our experiments were conducted in a computer laboratory and utilized simulated patient data. We did not experiment with extending the distance between the antenna and the ICD.

I agree with this answer. The risks are there, but the benefits of these devices are much greater. The point of this research isn’t to help people hack into pacemakers and commit murder, but to enable medical device companies to design better implantable equipment in the future. I think it’s great work.

Of course, that will only happen if the medical device companies don’t react like idiots:

Medtronic, the industry leader in cardiac regulating implants, said Tuesday that it welcomed the chance to look at security issues with doctors, regulators and researchers, adding that it had never encountered illegal or unauthorized hacking of its devices that have telemetry, or wireless control, capabilities.

“To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide,” a Medtronic spokesman, Robert Clark, said. Mr. Clark added that newer implants with longer transmission ranges than Maximo also had enhanced security.

[…]

St. Jude Medical, the third major defibrillator company, said it used “proprietary techniques” to protect the security of its implants and had not heard of any unauthorized or illegal manipulation of them.

Just because you have no knowledge of something happening does not mean it’s not a risk.

Another article.

The general moral here: more and more, computer technology is becoming intimately embedded into our lives. And with each new application comes new security risks. And we have to take those risks seriously.

Posted on March 12, 2008 at 10:39 AMView Comments

Foreign Hackers Stealing American Health Care Records

What in the world is going on here?

Foreign hackers, primarily from Russia and China, are increasingly seeking to steal Americans’ health care records, according to a Department of Homeland Security analyst.

Mark Walker, who works in DHS’ Critical Infrastructure Protection Division, told a workshop audience at the National Institute of Standards and Technology that the hackers’ primary motive seems to be espionage.

Espionage? Um, how?

Walker said the hackers are seeking to exfiltrate health care data. “We don’t know why,” he added. “We want to know why.” At the same time, he said, it’s clear that “medical information can be used against us from a national security standpoint.”

How? It’s not at all clear to me.

Any health problems among the nation’s leaders would be of interest to potential enemies, he said.

This just has to be another joke.

EDITED TO ADD (3/13): More Posted on February 20, 2008 at 12:30 PMView Comments

Fear Is Unhealthy

The New York Times writes about a plausible connection between fear and heart disease:

Which is more of a threat to your health: Al Qaeda or the Department of Homeland Security?

An intriguing new study suggests the answer is not so clear-cut. Although it’s impossible to calculate the pain that terrorist attacks inflict on victims and society, when statisticians look at cold numbers, they have variously estimated the chances of the average person dying in America at the hands of international terrorists to be comparable to the risk of dying from eating peanuts, being struck by an asteroid or drowning in a toilet.

But worrying about terrorism could be taking a toll on the hearts of millions of Americans. The evidence, published last week in the Archives of General Psychiatry, comes from researchers who began tracking the health of a representative sample of more than 2,700 Americans before September 2001. After the attacks of Sept. 11, the scientists monitored people’s fears of terrorism over the next several years and found that the most fearful people were three to five times more likely than the rest to receive diagnoses of new cardiovascular ailments.

[…]

After controlling for various factors (age, obesity, smoking, other ailments and stressful life events), the researchers found that the people who were acutely stressed after the 9/11 attacks and continued to worry about terrorism—about 6 percent of the sample—were at least three times more likely than the others in the study to be given diagnoses of new heart problems.

If you extrapolate that percentage to the adult population of America, it works out to more than 10 million people. No one knows what fraction of them might consequently die of a stroke or heart attack—plenty of other factors affect heart disease—but if it were merely 0.0003 percent, that would be higher than the 9/11 death toll.

Of course, statistics of any sort, even when the numbers are rock solid, don’t mean much to people when they’re assessing threats. Risk researchers have found that even when people know the numbers, they’re less worried about death tolls than about how the deaths occur. They have good reasons—called “rival rationalities”?—for fearing catastrophes that kill large numbers at once because these events affect the whole community and damage the social fabric.

It doesn’t surprise me that fear of terrorism is more harmful than actual terrorism. That’s the whole point of terrorism: an amplification of fear through the mass media.

Refuse to be terrorized:

The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing up planes, trains, markets or buses is not the goal; those are just tactics. The real targets of terrorism are the rest of us: the billions of us who are not killed but are terrorized because of the killing. The real point of terrorism is not the act itself, but our reaction to the act.

And we’re doing exactly what the terrorists want.

[…]

The surest defense against terrorism is to refuse to be terrorized. Our job is to recognize that terrorism is just one of the risks we face, and not a particularly common one at that. And our job is to fight those politicians who use fear as an excuse to take away our liberties and promote security theater that wastes money and doesn’t make us any safer.

Posted on January 17, 2008 at 7:35 AMView Comments

Airport Security Study

Surprising nobody, a new study concludes that airport security isn’t helping:

A team at the Harvard School of Public Health could not find any studies showing whether the time-consuming process of X-raying carry-on luggage prevents hijackings or attacks.

They also found no evidence to suggest that making passengers take off their shoes and confiscating small items prevented any incidents.

[…]

The researchers said it would be interesting to apply medical standards to airport security. Screening programs for illnesses like cancer are usually not broadly instituted unless they have been shown to work.

Note the defense by the TSA:

“Even without clear evidence of the accuracy of testing, the Transportation Security Administration defended its measures by reporting that more than 13 million prohibited items were intercepted in one year,” the researchers added. “Most of these illegal items were lighters.”

This is where the TSA has it completely backwards. The goal isn’t to confiscate prohibited items. The goal is to prevent terrorism on airplanes. When the TSA confiscates millions of lighters from innocent people, that’s a security failure. The TSA is reacting to non-threats. The TSA is reacting to false alarms. Now you can argue that this level of failures is necessary to make people safer, but it’s certainly not evidence that people are safer.

For example, does anyone think that the TSA’s vigilance regarding pies is anything other than a joke?

Here’s the actual paper from the British Medical Journal:

Of course, we are not proposing that money spent on unconfirmed but politically comforting efforts to identify and seize water bottles and skin moisturisers should be diverted to research on cancer or malaria vaccines. But what would the National Screening Committee recommend on airport screening? Like mammography in the 1980s, or prostate specific antigen testing and computer tomography for detecting lung cancer more recently, we would like to open airport security screening to public and academic debate. Rigorously evaluating the current system is just the first step to building a future airport security programme that is more user friendly and cost effective, and that ultimately protects passengers from realistic threats.

I talked about airport security at length with Kip Hawley, the head of the TSA, here.

Posted on December 27, 2007 at 6:28 AMView Comments

1 5 6 7 8 9

Sidebar photo of Bruce Schneier by Joe MacInnis.