I recently got diagnosed with a condition (sleep apnea) which means I need to use a machine (CPAP) to have a proper sleep, probably for the rest of my life. The doctor wanted me use the device for a few months, and bring the “report” generated by the device to monitor my progress and discuss further treatment.
Sure, a report generated by the machine, it can’t be that complicated? - I thought - Access local server like a printer and download files - I guessed. However, as I consulted to the device distributors in my area… their sales pitch (disregarding the actual medical functions) were:
A) The machine is constantly connected via wi-fi or cellular to manufacturer('s server), and user only has to login to download the report file. User can also install an app for that. How convenient. /s
B) The machine has an SD card slot to which data is copied, but user have to bring its contents to the authorized distributor so they can convert them into a report file. You can send them by email. Wow. /s
Either choices seem like a nightmare to me.
Option A means it’s constantly phoning home. Who knows when it will be hacked? Of course the distributor will happily enter all my private info into the system without any fucking care. Of course they’ll redirect all inquiries to legal department. Of course the goddamn MBA suits were thinking “with this cloud shit we can have medical records for doctors and user data for sales! two birds with one stone baby!” while snorting cocaine up their buttholes.
Option B seems a little better, except that if I were to believe the poor salesman (who’s probably being paid to repeat whatever the training manual said) the contents must be in a proprietary/binary format which needs a specific program to convert it into a pdf or docx file for all I know.
I’m not even mad at this point. At the point of sounding like a cringe gamer youtube channel, I NEVER ASKED FOR THIS. I didn’t choose to have a condition that needs a machine to properly function in society, and for all I know of cybersecurity trends and willful negligence by both private and public institutions worldwide, this will end up badly. I bet healthcare-insurance companies in the US are already salivating at the trove of data.
Anyone on a similar situation like mine? I always felt healthcare institutions were always lagging heavily behind latest tech trends, but this is something that I am now facing personally, too.
Speaking of which, does anyone have more info on the specific situation I am facing? The manufacturers offering Option A is ResMed, while Option B are BMC or Yuwell. I’m about to go for Option B which means “lesser quality” chinese brands, but at least it’s not phoning home. Problem is the “SD card to report” part.
I have and use a resimed that does the phone home option. Once my doctor got what he needed I put it in airplane mode.
Distributor used the stats while I was reporting to call me and tell me I need new filters or other parts. I lol’d and bought them online for way cheaper. They stopped trying even before the doctor got all the data he needed.
Also, AFAICT it’s only data out, so I’m not worried about some exploit being delivered to the machine.
Final thought: I work in med tech. We have better security than credit agencies because we get fined more if we screw up. Personal data leaks are so common no one even cares anymore, but leaking someone’s medical info will shut a company down. You are likely safe, but ultimately never as safe as a “dumb” machine would be except they just don’t exist anymore.
Actual final thought: you will be amazed at how much better you feel every morning after actually sleeping instead of the dirty pseudo sleep you’re currently getting.
Thank you. I asked some acquaintances in health industry and received similar answers.
I thought it was data out only too, but at my sleep apnea orientation was told (and I double checked that they really meant it) that they could also tweak settings remotely. ResMed. Always possible that they had misunderstood something too, of course.