4 min readJust now

–

Author: Berend Watchus Independent non profit AI & Cyber sec researcher. Trendwatcher. [Publication for OSINT Team, online magazine]

Jan 21, 2026

Press enter or click to view image in full size

https://arxiv.org/abs/2601.12593<<

Forensic Blind Spot Exposed: Medical Devices Were Missing from Crime Scenes — Until Now

New Training Reveals Critical Gap: Investigators Didn’t Know Connected Medical Devices Could Be Murder Weapons

The Wake-Up Call

When UK forensic specialists walked into a simulated crime scene, they spotted the hidden AirTag in the victim’s shoe. They identified the stalkerware on the phone. They flagged the smart home hub as suspicious.

But more than half of them completely missed the insulin pump attached to the body — the actual murder weapon.

Even worse? The ones who did see it didn’t think it could be hacked.

What This Study Actually Did

UCL researchers didn’t just write another theoretical paper about medical device vulnerabilities. They built something nobody had done before:

1. Created New Training Frameworks They developed “hazard-integrated threat models” specifically designed to teach cybersecurity professionals and forensic investigators how medical devices can be exploited in domestic violence situations.

2. Tested Real Practitioners They ran 21 forensic professionals, police officers, and security specialists through a live crime scene simulation to identify what training gaps actually exist in the field.

3. Updated Security Standards They’re now integrating their findings into cybersecurity frameworks, digital forensics curricula, and evidence collection protocols — because the current standards don’t include medical devices at all.

The Problem Nobody Knew Existed

Before this research:

• Cybersecurity frameworks focused on hackers attacking hospitals
• Digital forensics training covered phones, computers, smart home devices
• Medical device security worried about external threats
• Nobody was connecting the dots between medical devices and domestic abuse

The reality they uncovered:

• Abusers don’t need hacking skills — they already have the passwords
• Medical devices broadcast Bluetooth signals that enable tracking
• Insulin pumps, hearing aids, and pacemakers can be manipulated remotely
• Forensic teams weren’t trained to recognize these devices as evidence

What the Training Simulation Revealed

Device Recognition Rates by Forensic Professionals:

• 71% spotted the AirTag tracker (hidden in shoe)
• 57% identified the insulin pump (on body)
• 48% noticed the glucose sensors (implanted)
• Only 33% knew what the glucose sensors actually were

But here’s the critical failure: Even when practitioners identified medical devices, they didn’t consider them exploitable. Women’s health tech (fertility trackers, reproductive monitors) received the lowest suspicion rates of all devices in the scene.

One participant summarized it perfectly: “I have knowledge of tech abuse, but not medical device tech abuse until today.”

Why Forensic Teams Missed It

The research identified specific knowledge gaps:

What they knew:

• Stalking apps and phone spyware
• Hidden cameras and audio bugs
• Smart home manipulation (thermostats, locks)
• GPS trackers like AirTags

What they didn’t know:

• Medical devices connect via Bluetooth and can be tracked
• Insulin pumps can be remotely controlled to overdose victims
• Hearing aids broadcast signals that enable proximity detection
• Implanted devices contain evidence logs
• Patient programmer apps are attack vectors

As one forensic specialist admitted: “Tech on the body and medical devices are more niche — less likely to ID them on sight.”

What’s Being Fixed Now

This research is actively changing how professionals are trained:

New Training Modules

• IoMT device identification — what medical devices look like, where they’re located on the body
• BLE artifact recognition — understanding Bluetooth broadcasts as forensic evidence
• Digital triage protocols — when to seize medical devices from crime scenes
• Evidence preservation — how to handle cloud-connected medical ecosystems

Updated Security Frameworks

• UI-bound adversary models — recognizing that abusers have legitimate access
• Hazard-integrated threat modeling — mapping cyberattacks to physical injuries (blindness, organ damage, death)
• Multi-vector attack scenarios — combining surveillance + manipulation
• Medical device forensic standards — protocols that didn’t exist before

Practical Changes

• Frontline officers getting IoMT recognition training
• Digital forensics curricula adding medical device modules
• Safeguarding teams learning about “Medjacking” in IPV contexts
• Healthcare providers being warned about device exploitation risks

The Real-World Impact

This isn’t theoretical. The study references:

• Documented UK case: woman delivered insulin overdose to partner via connected pump
• Historic “insulin murders” where devices were removed before investigators arrived
• Elder abuse cases involving caregiver manipulation of medical devices
• Child abuse scenarios with parent-controlled therapeutic devices

Before this research: These crimes went undetected because investigators didn’t know to look for medical device tampering.

After this research: Forensic teams now have frameworks, training, and protocols to identify these attacks.

Why This Matters Beyond Forensics

20% of the population experiences intimate partner violence in their lifetime.

The aging population means more people depend on connected medical devices every year.

Current security standards were built for external hackers, not intimate partners who already have the passwords.

This research bridges three fields that weren’t talking to each other:

1. Medical device cybersecurity (focused on hackers)
2. Tech-facilitated abuse research (ignored medical devices)
3. Digital forensics (didn’t recognize IoMT as evidence)

The Bottom Line

UCL’s research didn’t just identify a problem — it’s actively training professionals and updating security frameworks to fix a blind spot that was getting people killed.

Forensic specialists now know: if there’s a body and a medical device, that device is potential evidence. It might be the weapon. And it definitely needs to be seized, imaged, and analyzed.

The frameworks exist now. The training is being deployed. The standards are being updated.