A Corporation Saved My Life. Now It Watches My Every Move

A wireless pacemaker saved my life, but also got me wondering how easy it would be for hackers or commercial profiteers to 'break into' my heart. I traveled to the medical tech firm's HQ and got less than reassuring answers



The only piece of art to be seen in the spacious office of Dr. Robert Kowal, chief medical officer of the cardiac rhythm and heart failure division of Medtronic, is a reproduction of René Magritte’s “La Clairvoyance.” In the 1936 self-portrait, the artist is depicted painting a bird in flight, its wings spread wide, while he looks at a shiny egg lying on a table by his side. The work, which addresses, among other themes, the disparity between sensual perception and human imagination, has been the subject of numerous interpretations. “This painting tells me that you got to be able to see what things can grow into. I put this on my wall as a reminder,” Kowal muses.

And also that nature is a mysterious and wonderful thing and some things are not apparent to the naked human eye.

Kowal: “Yes, absolutely.”

Our conversation is being held at the conclusion of my eight-hour visit to the medical device company’s operational headquarters, in Fridley, a leafy suburb of Minneapolis, Minnesota. Kowal, a specialist in heart rhythm disorders, with over 20 years of experience in American hospitals (he arrived at Medtronics last year), has an office that overlooks a forest stretching to the horizon. You can even sight wild geese or huge turkeys out there. Kowal invited me to visit last February, after reading an article I published in The Atlantic relating what happened to me when I woke up one morning and discovered, at the age of 33, that I needed a pacemaker. The one prescribed for me was made by Medtronic.

In that piece, I was unsparing in my criticism of the corporation, one of the world’s largest and most profitable in the field of medical instrumentation. With revenues in the billions, activity in about 140 countries – including Israel, where just last week Medtronic announced its purchase of Mazor Robotics for $1.64 billion – and with more than 50,000 patents, Medtronic, established in Minneapolis in the 1950s, had morphed from a small company to a vast technological conglomerate.

The company has seven divisions, one of which, Kowal’s, specializes in advanced pacemakers, which are capable of connecting via wireless or Bluetooth technology to applications in mobile devices, and can collect medical information from millions of patients without their needing to visit a clinic. Between 1993 and 2009, Medtronic pacemakers were implanted in more than three million Americans, and a wide variety of other devices manufactured by the company were inserted in diabetics, stroke victims and individuals affected by neurological problems. A recent company brochure claims that in 2015, “we alleviated pain, restored health and extended life for more than 62 million people.”

In contrast to Google, Amazon or Apple – which this month launched a new smart watch equipped with an electrocardiograph sensor that alerts the wearer to heart rhythm disorders – Medtronic is not a household name. That’s surprising, given that the company has more than 90,000 employees. (By comparison, Facebook reported having 25,000 employees in 2017, and Google 88,000.)

In an attempt to cut costs after the 2008 financial crisis, which seriously affected the price of Medtronic stock, in 2014 the company transferred its corporate headquarters to Ireland, which functions as a controversial tax haven for a host of American mega-companies, while the sprawling operational center remains in Minneapolis. Since then, the company has continued to expand apace and to release new products. And its share price has risen by more than 50 percent.

From that perspective, my visit last May to the Medtronic bastion provides a rare glimpse into the innards of American corporate culture, which is based here on the systematic denial of any tension or contradiction between the need to save and improve patients’ lives, and the commitment to shareholders and the profit line. In-depth interviews with eight company staff members show that, while Medtronic’s technological achievements (among them Micra, the smallest pacemaker in history) exceed all imagination, its senior personnel find it difficult to conceive of a world without health services whose goal is to reduce costs and maximize profits.

In parallel, the visit is like leaping forward a decade or two in a time machine. In well-equipped labs, engineers conduct tests on miniature instruments that will be implanted in the heart via the leg – rather than the chest – to prevent cardiac events. And the miniaturized Micra, for example, is implanted via a minimally invasive approach, directly into the right ventricle of the heart, and does not require the use of leads (wires).

Nonstop monitoring

Medtronic’s present is, therefore, the medical future of us all: a future in which a combination of nanotechnology, biometric sensors, internet connectivity and precision calculation capabilities will transform the human body into a machine that can be monitored nonstop. Every biological dimension – breathing, perspiration, pulse, blood pressure – will be capable of being measured, stored and compared with billions of other pieces of data.

The result will be the ability to improve and save the lives of millions, but also, in a more dystopian scenario, to expose patients to dangers of hacking or surveillance. What’s already clear is that the patients themselves know very little, if anything, about the devices implanted in them, and that attempts to obtain the information their body produces frequently encounter a thick stone wall. Even when the information is accessible, the fusion of medical jargon and endless lists of numbers obviates the ability to decipher the data. Although the revolution of the Internet of Medical Things (IoMT), which turned me and millions of other patients into unwilling cyborgs, saved our lives – it comes with a price tag about which most patients and their families are ignorant.

Now, with Apple becoming the first technology giant to receive approval from the U.S. Food and Drug Administration to market a watch, the Apple Watch Series 4, as a medical device capable of diagnosing cardiac-rhythm disorders, the questions that came up during my visit are more urgent than ever. In a world where the number of medical implants is rising exponentially, a world replete with smart web-connected devices, who will watch over the watchdogs? Who will guarantee the patients and recipients that their information is properly encrypted and will not be sold – either today or a decade from now – to third parties such as insurance companies or pharmaceutical firms? Given that smart watches, such as Apple’s, are equipped with location services, is the information they incessantly monitor liable to be used to keep us under surveillance or be used against us in court (as has already happened)?

Does the transition to remote monitoring herald a broad medical revolution in which algorithms – and not physicians – will track and diagnose us, and eventually try to solve health problems? Is there any guarantee that hackers won’t be able to endanger the lives of millions of patients who are dependent on wireless medical implants? In fact, the latter has already been proved possible.

Courtesy of Medtronic

Last month, a pair of information-security researchers reported they had succeeded in hacking insulin pumps and pacemakers produced by Medtronic. According to a story in the Guardian, the two turned off the insulin pump remotely, by hacking into the software used by the physician to monitor the device after its implant into a patient, and replacing it with a malicious program. The two demonstrated their “achievement” at a cyber conference in Las Vegas in August, telling the audience that they had informed the manufacturer of the vulnerability more than a year and a half earlier, but that Medtronic had not taken action to fix it.

In response, Medtronic noted that it had “independently assessed” the potential vulnerabilities highlighted by the researchers, Billy Rios and Jonathan Butts, and was “not aware of any additional vulnerabilities they have identified at this time.”

“Medtronic places product safety above all considerations,” a company spokesman told the Guardian. “All devices carry some associated risk and, like the regulators, we continuously strive to balance the risks against the benefits our devices provide.”

According to the paper, Medtronic said it did not intend to repair the breaches that had been found, but would instead recommend that physicians and users of the devices exercise greater caution with the networks to which the instruments are connected.

No photos

“I have no idea where the GPS is taking me,” the driver who picked me up at my motel, about half an hour from Medtronic’s offices, mumbled. In contrast to some high-tech giants that built their headquarters in urban centers, Medtronic is ensconced in an isolated, even wild setting. Though thousands of people work at its headquarters, public transportation from downtown Minneapolis is nonexistent.

The occasional visitor who enters the spacious and handsome lobby first encounters a white wall with the inscription “Further, Together” written in huge silver letters. If one wants to document the visit, this is the only place to do so: Photography is prohibited elsewhere, for fear of industrial espionage. Indeed, during my visit, staffers kept an eye on me to ensure that I didn’t pull out my cell phone. Not far away is a server farm for storing the sensitive medical information that Medtronic’s cloud services gather daily.

I meet the cyber-security experts in a large conference room. Tara Larson, a systems engineer who’s in charge of patient-information security, joined Medtronic 11 years ago, after a long career in American intelligence agencies. Paul Krause, a biomedical engineer who’s been with the company for two decades, directs the team of people focusing on cybersecurity and on the connectivity between pacemakers and the information storage system. Known as CareLink, the proprietary system enables Medtronic to monitor more than a million clients. Not surprisingly, the conversation with them paints an optimistic picture regarding patients’ privacy.

“For us, an increasing part of how we keep our patients healthy,” explains Krause, “is how we enable doctors to monitor their devices and their disease state. So we have CareLink, which allows our patients to monitor and send their data to their doctors.

Bloomberg

“I do see us as a piece of the ‘Internet of Things,’” he continues, “but there are some unique things about our devices because this [a pacemaker] is a medical device that goes under somebody’s skin, in his chest, and it has to last 10 or 15 years. The communication it engages in is different, for example, from a thermostat that you can control from your smart device. Those devices communicate back and forth in real time, while our designs connect very infrequently – maybe every six months or so, and only when the patient picks up the monitor and sends a transmission. The implant then communicates with a home monitor, which then communicates to CareLink.”

Larson stresses that, “In the traditional Internet of Things, these devices are always on and they are always listening. We can’t do that [i.e., transmit data 24/7] because our top priority is the battery life of the device. Take the Advisa [Medtronic’s second-generation pacemaker], for example: The battery is about half the size of your iPhone’s battery, but it lasts 10 or 15 years. ... It is really a system that designed to keep you in communication with your doctor every few months.”

Assuming I can hack that transmission, wouldn’t I be able to get access to patients’ social security numbers and other sensitive information?

Larson: “That’s a common misconception. The device has a serial number [to identify it], with which it connects to the monitor. The monitor is programmed with the patient’s name – just initial and family name – and the clinic that the transmission is sent to. There is no other identifying information.”

Over and above privacy, more morbid concerns arise. Last August, the FDA issued a recall for about half-a-million pacemakers manufactured by one of Medtronic’s competitors, the health care company Abbott Laboratories, due to a security breach. Users of the pacemakers in dozens of countries, including Israel, were urged to visit their clinic for a software update. In another case, in 2008, University of Michigan researchers demonstrated that they could successfully hack a pacemaker and alter its activity in a manner liable, in a real-life situation, to put the recipient at mortal risk. Three years ago, the FDA was compelled to remove from the market hundreds of thousands of insulin pumps with network connectivity, made by the Illinois firm Hospira, when a security expert named Billy Rios – one of the two people who also showed last month how they could hack a Medtronic pacemaker – succeeded in breaching them remotely and revising their settings. As Rios proved, a hacker would be capable, at least in theory, of directing an infusion pump to inject a lethal dose of insulin or other medications. It was the first time in history that the FDA removed a product from the shelves because of a security breach.

How does Medtronic guarantee the safety of its products?

Larson says the firm follows a “‘secure-for-life’ program and process. What that means is that, as we learn of things like vulnerabilities discovered by cyber security experts, we bring them back into our lab and into our designs to make sure we are mitigating them effectively. We looked at the Abbott [pacemaker’s] vulnerabilities and made sure they didn’t apply to our products. We had a different design and so such a scenario is less likely to happen with our products.”

Contrary to the rosy picture painted by Larson, a recent report by the Heart Rhythm Society – a non-profit organization working with both professionals and patients in the field of arrhythmia – warns of the serious dangers entailed in security breaches in cardiological instruments.

“Cybersecurity vulnerabilities of cardiac implantable electronic devices (CIEDs) are no longer hypothetical,” the report, the first of its kind, points out. “While no incident of a cybersecurity breach of a CIED implanted in a patient has been reported, and no patient is known to have been harmed to date by the exploitation of a vulnerability, the potential for such a scenario does exist.”

The society, whose international membership includes thousands of cardiologists, cites a number of risks, including remote ransomware attacks against hospitals or private individuals, or modifications to a device that could slow it down or terminate its activity. For example, the report’s authors recall that in May 2017, hackers used a program called WannaCry to commandeer some 200,000 computers in 150 countries – some belonging to individuals, some to organizations that included hospitals. Exploiting a security breach in older versions of Microsoft Windows, the hackers encrypted users’ private data, and demanded payment for its release.

If I were to tell you that I prefer to have a “stupid” analog pacemaker, what would your response be?

According to Krause, “It’s a decision to be made between you and your physician. I believe physicians do encourage [use of wireless, cloud-connected devices] because there is evidence that the technology allows for better patient care, but from Medtronic’s perspective, it’s optional. Wireless capability is not required for your pacemaker to keep you healthy, although without it, you would need more office visits to do a checkup.”

In fact, refusing implantation of an internet-connected device is not really an option these days. According to Lior Jankelson, an Israeli-born and trained electrophysiologist and physician who directs the heart rhythm disorders program at NYU Langone Hospital in Manhattan, “today, every pacemaker is cloud-connected. Even if you were to specifically ask for a non-wireless pacemaker, I doubt the hospital would be able to track one down.”

Beyond the fact that most medical implants manufactured today are equipped with wireless-connectivity features, a patient who has to make rapid, life-and-death decisions is not likely to have the time or resources to conduct a comprehensive market survey and examine the long-term implications of each device.

In a 2016 article in Wired, a Norwegian cybersecurity expert named Marie Moe wrote how she had been appalled to discover that her pacemaker could be connected to the web. Moe didn’t name the manufacturer of her pacemaker, but she reported that a bug was discovered in it that, as she wrote, “caused the actual settings of my device to differ from those displayed on the screen at the hospital that the pacemaker technician was seeing.” The bug wasn’t discovered for a few months, during which time she suffered from exhaustion, shortness of breath and migraines.

During the two years since she wrote that article, Moe has been trying, together with patients and information-security experts from the open-source software movement, to press medical device companies to allow every patient in whom a device is inserted full access to its code and to the components of its software and hardware.

In a recent article in the magazine Modern Healthcare, technology reporter Rachel Arndt warned that problems of information security in medical devices are liable to “wreak havoc on health systems.” One preventive measure she suggests is to compel companies such as Medtronic to publish a detailed list of all the components of the software and hardware in every device that possesses network connectivity.

Although a bill introduced in 2014 in the U.S. would have required manufacturers to supply government agencies with complete lists of the software components of new products, it languished in Congress. Instead, according to Arndt, “the FDA recommends that manufacturers take cybersecurity into account when designing devices and continue to do so after the devices have been introduced.” In reply to my question about that, Krause says that, “we’re fully collaborating with the FDA on this issue.”

All rights reserved

My profile is a far cry from that of former U.S. Vice President Dick Cheney, the poster-child of pacemaker patients. While Cheney is a man in his late 70s who has endured five heart attacks, I am a woman in her early 30s whose pulse suddenly plummeted to 20 beats per minute. In fact, however, increasing numbers of children, youths and young adults are requiring pacemakers.

The Facebook group “Young Pacemaker Patients and Supporters” has more than 2,000 members in the United States under the age of 50. Like me, every few weeks or months via a home monitor connected to the internet, they send a comprehensive report of their device’s activity since the previous check-up directly to the clinic where they’re being treated. The procedure is brilliantly simple: The monitor, about the size of a large television remote control, is plugged into the electric socket next to my bed. On a date prescribed by my cardiologist, I pick up the monitor from its base, hold it against my chest – above the scar from the implant surgery – and press a button.

Bloomberg

The entire process, which takes less than five minutes, is simple, painless, and allows me to be checked without visiting the doctor or even getting out of bed. Some Medtronic cardiologic units send the information automatically, without the need for the user to rely on an external device. In my case, after the monitor finishes updating the information and transmits it to the clinic, a doctor on duty reviews it. If there’s a problem, he calls me. Even if there is no call, the hospital charges more than $200 for every transmission (and analysis) of information via the monitor – a significant amount for Americans without health insurance, especially when they are being asked to report three or four times a year.

Far less easy is the process required of a patient who wants to gain access to the sensitive personal information their pacemaker monitors. My attempt to obtain my own data ran into bureaucratic walls. When I called my clinic, I was asked to sign several forms, after which I was supposed to receive the information by mail. Half a year later, I was still waiting for it. But miraculously, after I told senior figures in Medtronic about that, a thick envelope arrived containing dozens of pages covered with graphs and statistics. Comprehensive, perhaps, but the meaning of all that information would be incomprehensible to anyone without medical training. Two phrases appear at the top of each page: “Confidential Patient Information” and “Copyright © 2001-2018 Medtronic, Inc.” I was also surprised to discover that the report contains data such as “Average monthly physical activity” – meaning that my pacemaker blabs to Medtronic about how many hours a day I spend as a couch potato.

Extensive information of this kind about patients could be of great interest to third parties such as insurance firms and advertisers. The new Apple Watch, for example, can warn about an irregular pulse, and according to electrophysiologist Jankelson, is capable of tracking falls. A person with a tendency to fall or who is subject to arrhythmia may be part of a higher risk group, and this is information that insurance companies would be eager to pay for. Still,” he warns, “we do not have enough regulatory barriers to ensure that this information is – and will never be – misused.”

Medtronic’s Robert Kowal declares unequivocally that his company does not sell patient data to anyone else. “Our only source of revenue comes from selling the product – not the data,” he emphasizes.

Any other use of such information, Kowal continues, must be for internal use and intended only for the benefit of patients. For example, the company will use patients’s data to compare different products and improve them. Kowal: “We can take non-identifiable data out of CareLink and other sources and ask questions. If you take 10,000 people with two different kinds of Cardiac Resynchronization Therapy devices and try to compare them, we might gain some knowledge of what actually happens in real-world situations. Those are the kind of things we’re looking for.”

But even if my medical information isn’t sold to other companies, it is liable to get into the hands of the police or the courts.

Incriminating a patient

In July 2017, for example, an Ohio judge ruled that the information collected from a defendant’s pacemaker could be subpoenaed and used as evidence in court, and even incriminate him. Ross Compton, 59, was suspected of arson when his house in Middletown, Ohio, went up in flames. In his defense he stated that he woke up in the middle of the night, discovered a fire raging on the first floor, managed to collect a few belongings and jumped out of a window to save his life. Investigators were suspicious of his account and obtained a search warrant to obtain the data recorded by his pacemaker during the event. A cardiologist who examined the findings determined with a high level of certainty that Compton’s version was improbable. The pacemaker data showed, for instance, that he had been awake at the time he claimed to have been asleep. In other words, the information that was collected by the pacemaker incriminated its recipient.

Compton’s lawyer argued that admission of such evidence constituted a grave infringement of his client’s privacy. The prosecution countered by claiming that there’s no difference between collecting blood samples from a suspect and extracting information from his pacemaker. The judge accepted the prosecution’s position and thereby set a far-reaching precedent. (The case is still in litigation.)

Data from smart watches, such as Fitbit or Apple Watch, can also be used as evidence in court. In 2014, a Canadian court set a precedent when it permitted use of information collected via a Fitbit activity tracker as evidence. The information proved that a user of one of the company’s products suffered long-term physical damage following an accident and was entitled to monetary compensation. To supply proof, the plaintiff offered to provide before and after data from her device to an information-monitoring company to demonstrate how her condition had deteriorated after the accident.

Though these scenarios might sound like they’re taken from episodes of “Black Mirror,” they join increasing numbers of legal cases in which use is made of information gleaned from smart devices – even when those devices aren’t in direct contact with our bodies. For example, last year an Arkansas court allowed prosecutors to subpoena records from an Amazon Echo smart speaker in their attempt to try a murder suspect.

To my question, both Larson and Krause admitted that they read the Ohio judgment with some trepidation. Nonetheless, according to Larson, “That was a one-off case and there was no data about the patient – it was about trying to determine whether he had been running or not. It was just one case, in which they saw that his heart rate stayed stable while he was claiming to have run out of a burning house.”

Krause noted that at present, pacemakers, in contrast to smart watches, are not equipped with GPS, which would allow remote tracking of their location. “Generally, we don’t really use any location data. Even if we wanted to, there’s a battery constraint. We don’t have power in our battery to run GPS for 10 years.”

Even if there’s still a question as to whether the Compton case is exceptional, or whether it’s established a legal precedent that will make it possible to incriminate other patients with medical implants, public discourse regarding issues of privacy and tracking in the world of medical devices is still in its infancy. The contradictory guidelines and the absence of regulation prompted the Heart Rhythm Society to recommend that physicians conduct meaningful conversations with their patients, and take software updates or information-security risks as seriously as they treat medications or periodic follow-ups in the clinic.

But neither I nor dozens of pacemaker recipients in the U.S. and Israel with whom I spoke had the benefit of a conversation about the possibilities of being tracked or hacked before having a device implanted in us. Most cardiologists, neurologists and electrophysiologists – including those who insert such devices every day – are not experts on these issues. The lethal combination of patent registration, proprietary design and intellectual property forge a world in which the medical device companies market complex, groundbreaking instruments whose practical operation implications are understood by few.

Such ethical and legal questions, which have occupied the pharmaceutical and health industries for decades, are about to become even more convoluted. In his new book, “Twenty-one Lessons for the 21st Century,” Israeli historian Yuval Noah Harari raises disturbing issues regarding the future that companies like Medtronic are enthusiastically promoting: “The most important medical decisions in our lives rely not on our feelings of illness or wellness, or even on the informed predictions of our doctor, but on the calculations of computers that understand our bodies much better than we do,” he writes. “Within a few decades, Big Data algorithms informed by a constant stream of biometric data could monitor our health 24/7. They might be able to detect the very beginning of influenza, cancer or Alzheimer’s disease, long before we feel anything is wrong with us. They could then recommend appropriate treatments, diets and daily regimens, custom-built for our unique physique, DNA and personality.”

For Harari, such a scenario is dystopian. He warns that in 2050, we will all be fitted with sensors that scan our body non-stop in search of “something wrong.” Thus, “diseases may be diagnosed and treated long before they lead to pain or disability. As a result, you will always find yourself suffering from some ‘medical condition’ and following this or that algorithmic recommendation. If you refuse, perhaps your medical insurance will become invalid, or your boss will fire you – why should they pay the price of your obstinacy?”

For his part, Jankelson explains that some elements of Harari’s vision have already been realized. “All the medical devices we currently implant in the United States are remotely connected,” he stresses. “Because it is known that there are algorithms that can decode ECG tests more quickly and more efficiently than doctors, there are programs that automatically analyze the information patients send via their monitors. At this stage, the technology is entering the field of medical analysis, but in the near future it will also give recommendations as to what to do.”

Jankelson, who implants hundreds of pacemakers annually, adds that, despite the clear and proven advantages of remote monitoring, this business model has some risks: “Medical technology is becoming so complicated that doctors themselves are growing ever-more dependent on technicians – who, in turn, depend on medical device companies and software updates.”

Once this business model has become the raison d’etre of the Medical Internet of Things, tech companies can be counted on to use it to maximize profits. For example, the demand to send information via the monitor on a quarterly basis generates huge profits for hospitals, even though it hasn’t been proven definitively that remote data collection produces better results than periodic visits to a clinic.

Naturally, Medtronic prefers that patients trust it with the data their body produces. I raised the issue of information access during lunch which, in addition to Kowal, was attended by Leo Rapallini – the senior engineer who was responsible for the design of my pacemaker and who developed, among other products, the revolutionary Micra transcatheter pacing system – as well as Jenny Ramseth, Medtronic’s director of customor experience, who is developing the second generation of applications for monitoring information from connected devices.

When I asked if they could imagine a future in which algorithms and apps will completely replace physicians, Kowal offered a qualified response.

“I think that is definitely a concern, as health systems are trying to cover more patients with the same resources or less,” he explains. “Right now, as a physician, you have to look at any piece of information that comes through. If you can weed out all the normal stuff, then you can increase the amount of time for people who really need you attention – and that’s the goal. To develop an ‘exception-based approach.’ Nothing should and can replace the patient-provider interface. But right now physicians are deluged with information, and the key is to understand how you get the information that is meaningful and has an impact on your patients.”

As is typical of Americans, everyone was sociable, articulate and friendly, until I insisted on spoiling the atmosphere somewhat by asking about the corporate culture of which Medtronic is a part. I wondered whether they had ever encountered tension between the need to satisfy shareholders and their commitment to patients’ health and privacy. An oppressive silence descended on the room, as my hosts redirected their gazes onto the delectable-looking lemon tarts on the table in front of them.

Finally, Rapallini volunteered to share his thoughts.

“I like engineering,” he said. “I’m good at it, and Medtronic is one of the best places for me to do it. I’ve been here for almost 20 years, and overall I agree with the mission and the direction of the company – of building good products and trying to help people. Ultimately I think there is a good culture. Profits is one component of the discussion – but not the only one. When tough decisions need to be made, there are processes to make sure we always keep the benefit of the patient as our top priority. This is why we have a medical director. We ask, ‘What would you do as a physician?’ So personally I think there is a reasonable balance, but I can understand that different people have different feelings.”

For her part, Jenny Ramseth said that, “I learned that because we’re profitable we’re able to do so much more. And one of my most rewarding experiences here is the ability to do a project in Ghana or Kenya, and building a solution that is meant to serve the underserved. Because we’re profitable, we’re able to send teams to places in need.”

Kowal nodded as he listened to his colleagues, and added: “Essentially, as a physician, you’re for-profit. We’re making a living of it, and it’s a volume-based thing, at least under current conditions. Even a not-for-profit hospital has to deal with margins and fundraising. If the dialogue here is over profit, the dialogue there is about margins and triple-A bond ratings. There’s not much difference in the amount of discussion in one place or the other. [Similarly,] there are really no not-for-profit medical device companies. What I do feel here is that the drive to fulfill the mission for patients is extremely strong, and we make decisions on certain items that we know will never make a profit because we are a company that can make them. But you have got to pay the bills to be able to fund the next generation of products. I haven’t felt uncomfortable in any way by the kind of choices that we’re making.”

Modest beginnings

The same declaration of intent was articulated by Earl Bakken, the American electrical engineer and entrepreneur who established Medtronic. The idea for a pacemaker whose energy source is a chargeable battery – rather than a direct hookup to electricity – came to him on October 31, 1957. That’s when a lengthy blackout caused by a storm paralyzed Minneapolis, and a young man whose external pacemaker was connected directly to an electric socket died overnight. The patient’s physician, Walter Lillehei, hoping to prevent similar tragedies in the future, asked Bakken to develop a battery-operated pacemaker. About a month later, he came up with just such a device, thereby setting the treatment of heart-rhythm disorders on a new course.

However, turning the technological breakthrough into a business landed Bakken in debt, and Medtronic was on the brink of bankruptcy just a few years after its founding. The need to cut costs and maximize profits promoted Bakken to write a document titled the “Medtronic Mission,” which to this day constitutes the company’s bible. The manifesto, which has six clauses, opens with the declaration that the company’s purpose is, “To contribute to human welfare by application of biomedical engineering in the research, design, manufacture, and sale of instruments or appliances that alleviate pain, restore health, and extend life.” The fourth clause, however, declares that one of the company’s aims is “to make a fair profit on current operations to meet our obligations, sustain our growth, and reach our goals.”

Bloomberg

Like many other corporations – among them Google, which recently deleted the slogan “Do no evil” from its official declaration of intentions – Medtronic’s manifesto tries to have it both ways. Instead of recognizing that tension is likely to arise between the capitalist imperative to expand, grow and maximize profits, and the sincere and estimable desire to improve human life, Bakken chose to include both aims in his founding document.

In the intervening decades, the company could be said to have fluctuated between these two poles: It manufactures groundbreaking medical devices that significantly improve the quality of life of millions of human beings, and in the same breath chooses to transfer its corporate headquarters to a tax haven on the other side of the ocean, and to spend vast sums on bolstering ties with physicians or on experiments with animals in China in order to avoid lawsuits by American animal rights groups. Often, the attempt to reduce costs has ended in lawsuits. In 2015, for example, Medtronic paid out $4.41 million as part of a settlement with the U.S. Justice Department for selling products made in Malaysia and China to the U.S. Army, when federal regulations required such products to be made domestically or in certain approved countries.

The move to Ireland was an attempt to maximize profits, as was the decision to outsource manufacturing to China and Malaysia. In fact, according to the packaging, my pacemaker was manufactured in Malaysia. These are recent examples that show that thinking about stock value and minimizing costs played a part.

Says Rapallini: “We are a global company serving hundreds of thousands of patients around the world. There are a lot of different reasons to manufacture something outside the U.S. One example is that because of the recent hurricane in Puerto Rico [where the company has a plant], it was really important for Medtronic to have additional facilities in Singapore and Switzerland to be able to supply pacemakers. I do appreciate that some of these choices sometimes seem only for-profit or self-serving, but looking from the inside, I can say that these decisions are based on a number of different reasons behind them. Profit is one of the variables that is considered – but not the only one.”

Whether we like it or not, Medtronic, Apple and other conglomerates are part of a medical-technological revolution whose implications we are far from understanding. The Magritte painting that adorns the wall of Kowal’s office explores the hypnotic ability to arrive at a reality beyond the perceptible by unlocking the imagination. The French surrealists, Magritte among them, believed that the unconscious and the world of dreams can offer us a rare glimpse into the reality that eludes our senses. The belief in omnipotent algorithms is not significantly different. The advocates of a “Medical Internet of Things” will maintain that minuscule wireless devices with internet connectivity are capable of “showing” us our body anew through incessant scientific monitoring.

Thus, what to the human eye appears to be an egg will be revealed, thanks to the algorithm, as a bird with outspread wings – in the case of pregnancy – or as the Angel of Death, in the case of a malignant tumor. The question is, who will possess the tools and the ability to distinguish between the two, and who will get to observe, study, and monetize the paintings our body creates without our knowledge?

skip all comments

Comments

Sign in to join the conversation.

Required field
Required field

By adding a comment, I agree to this site’s Terms of use

  1. 1