Security Review: Skinware

By kfm at 3:17 pm on November 19, 2008Comments Off on Security Review: Skinware

Summary:

This security review is about a technology named Skinware (I learned about this at Grace Hopper; web searches were unable to uncover any real literature – I think it has been sold and, most likely, renamed). Skinware was developed at HP Labs as an alternative drug delivery mechanism.

The basic idea behind Skinware is to facilitate reliable and accurate medication using a programmable chip, some teensy micro-needles, thermal plastic, and some glue that attaches Skinware to you. As a patent, I would wear the Skinware patch (it’s about 1/8” thick) on my body – usually somewhere on my chest, between the shoulder and collarbone. There is a teensy programmable chip in the center of the patch, and this chip controls wires that heat up thermal plastic that is located below reservoirs that contain medications. As the plastic heats up, it expands and pushes the medicine out of the reservoir and into some micro-needles that deliver the meds into your epidermis (the plastic won’t shrink upon cooling). These micro-needles are so small they don’t even go deep enough into your skin to hit any nerves, so this should be a pain-free device.

Skinware is designed to address issues of people who forget (or skip) doses, unintentionally take the wrong dose, or who mix different medications. The chip can be set to release meds in smaller, more continuous doses throughout the day, and can be set to release multiple medications (from different reservoirs) at various times to avoid negative interactions. By being pain-free, people who don’t like needles would presumably not have the same problems with Skinware medications as they may have otherwise. The talk I heard even suggested using bio-feedback approach to medicine delivery, in which a monitoring device would be planted somewhere on your body (e.g. to measure blood sugar in diabetics) and when needed could communicate with the Skinware via bluetooth to instruct it to deliver medications.

Stakeholders:

Since this is a technology designed to make it more likely, easier, and less painful for patients to medicate themselves, an obvious stakeholder in Skinware is the patents themselves.

Other stakeholders include doctors and pharmacies; the idealized method of use for Skinware was that the doctor writes a prescription, which the patient takes to the pharmacy where the Skinware is programmed and the reservoirs are filled. Obviously, having the training for pharmacists and the technology to work with Skinware is crucial under this plan.

Stakeholders for Skinware also include HP Labs (or whatever medical devices company the technology was sold to), since there is intellectual property that they would like to protect and a profit to be made in medical devices. Indirect stakeholders also include the manufacturers of drugs, software, and hardware technology used in Skinware.

Assets and goals:

The drug itself is an asset, and protecting it is a goal, as with most medicines that require a prescription. In this context, protecting it means writing un-hackable software to ensure that the drugs are delivered as the doctor intended.

Another asset is patient privacy, and how to prevent eavesdropping (assuming the existence of biofeedback via bluetooth) is a goal. This could inform other people within range what types of medication the patent is taking, which could have negative consequences for the patient (depending on the medication), or even cause a threat in the sense that people may want to steal the patent’s Skinware for any drugs remaining inside.

Adversaries and threats:

On adversary is drug dealers/abusers. Assume a drug dealer has a way of obtaining Skinware presumably via some nefarious deed full of some desirable drug. Their goal would be to hack the Skinware to (maybe) deliver all of a particular drug at a single time – delivering a tremendous high, or causing overdose.

Another (not really) adversary would be the novice pharmacist, who could unintentionally misprogram someone’s Skinware. The threat here is that a well-meaning pharmacy worker writes buggy code, and a law-abiding patient ends up with the wrong medications at the wrong times, or in wrong doses.

Weaknesses:

One of the first weaknesses I can think of is its use of heat to release the drugs. Depending on how the technology works, I could imagine applying a hot iron to the back side of your Skinware to force it to release drugs at a particular time.

Another weakness has to do with using biofeedback and bluetooth devices to communicate with the Skinware. Imagine multiple patients with Skinware all in the same room,
where all Skinware is listening to a single patient’s biofeedback. This would be problematic if the biofeedback instructs “Release more of medication A,” and other patents, who may or may not have medication A loaded (or is installed :-P) into their Skinware, end up with a software crash, or if the Skinware guesses and releases medication A’ as a substitute when it isn’t needed.

Defenses:

One thing that could be done to defend against certain types of drug abuse or improper drug interaction would be to have explicit hardware switches that prevent drug release of all the drugs at a single time, or of two particular drugs in unison. If this is possible, then it would prevent the first weakness listed above.

A defense against the bluetooth confusion that involves crossed signals would be to enforce a system that requires authentication before acting on a particular message from a biofeedback device, and using encryption to ensure that eavesdroppers do not have access to the messages being sent.
Risks:

There are several risks that I forsee for this technology, including unintended drug overdoses or drug interactions due to incorrectly programmed or malfunctioning devices. In the unfortunate circumstance that someone does have a bad interaction or overdose, it might be much harder to diagnose what went wrong; in the case of physical pills or injections, the patient or patient’s caregivers can usually tell if too
many pills were taken or if an injection was administered improperly. One reason to use Skinware is that it is supposed to be easy and painless. However, by taking control away from the patient and requiring trust in the pharmacist, the patient is now at risk of mistakes made by the pharmacist, and the pharmacist is at risk of increased liability. In addition, patients may forget to change their Skinware on the appropriate schedule or accidentally wear multiple Skinware patches at one time. Of these problems, the former (forgetting) seems more likely to occur among busy people, while the latter (multi-patch mistakes) seems more likely to occur among the elderly. Both of these problems are also present using pills, but the ease of use may make it easier to forget, since people won’t be thinking about it, and the elderly may have
difficulty understanding how the patches work.

As mentioned earlier in this review, there are privacy risks and “hack-ability” issues associated with communicating via bluetooth, but those issues could be resolved before that component of this product hits the market; if it ever does.

As far as drug abuse issues are concerned, I think that it is unlikely that Skinware will become an attractive target for abuse. While it may not be totally resistant to attacks, it is likely more difficult to obtain Skinware patches, and even if they are obtained, there may not be enough medication inside to make the payoff worth the effort.

Conclusions:

Skinware is designed to improve health care by providing easy to use, pain-free medication delivery in a manner that can be much healthier for the patient. Not only can Skinware accommodate timed releases and smaller, more frequent doses, but it can time these doses in a way that prevents drug mixing and that does not inconvenience the patient.

Alternatively, most risks involved with using Skinware seem somewhat minor. Although pharmacies and doctors will require more training, and patients could be likely to forget or otherwise unintentionally misuse their Skinware, this can happen just as easily with current medications. The drug abuse risk here seems very low or minor when compared to pills or injections (although I’m not at all informed about these things).

The one caveat I have regarding Skinware is the use of bluetooth technology to provide biofeedback or other information about when and how to release medication. Before this component of the technology is released, much care should be taken to ensure the privacy and safety of the patient at all times. Ultimately, I conclude that the benefits of Skinware outweigh the risks, and it would be interesting to see this technology hit the markets and succeed.

Filed under: MiscellaneousComments Off on Security Review: Skinware

Comments are closed.