Print This Post

An Achy, Breaky Heart and Hackers, Too

Implantable cardiac medical devices, such as defibrillators and pacemakers, often come equipped for quick and easy wireless transmission of a patient’s vital signs and they’re a very convenient way to check the device itself to make sure it’s working properly. A recent study suggests they’re an invitation to hackers, too.

Quick to point out that there’s never been an incident involving hacking of an implanted medical device, researchers at the University of Washington, the University of Massachusetts in Amherst, and Harvard Medical School put the theory to test. The results of their test will soon be published and will be presented at the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy on May 19 in Oakland, California.

With today’s implant technologies, information can only be transmitted a few feet, posing minimal, if any, risk of outside interception. Citing the Bionic Woman of the 1970s as an example, the researchers remind us that today’s dream of technological miracles becomes tomorrow’s realities. And it’s no real stretch of the imagination to expect the transmission range on implanted devices to grow as technologies improve.

The research team used just one model of implantable device and a common software radio for their study. They were able to intercept data from the device, which was not implanted in anyone, to retrieve personal data such as diagnosis, medical ID number, date of birth, and the hypothetical patient’s name. They were also able to tap into the hypothetical patient’s electrocardiac rhythms, heart rate, and other cardiac data.

Once the implantable device had been hacked, they launched a few trial attacks. They remotely turned off the device, rendering it useless to the patient, and they altered its settings to the extent that might cause deadly arrhythmia.

The good news is that they also developed some mechanisms designed for deterrence and prevention of interception from outside sources. The deterrent and prevention procedures include a notification system, an authentication process, and a vibrating warning alert.

The researchers did not use actual humans in the study and their research was limited to just one make and model of implantable device. The researchers, all possessing a very high level of technical expertise, will not disclose full details of their methodology when they publish or present it so their experiments cannot be repeated by others. They will, however, work with manufacturers to improve current standards of security and privacy for these life-saving devices. They suggest no one currently using an implanted device has any need to worry, nor should they make any changes to their current plan of treatment.

Source: University of Washington

• Eat Your Veggies to Avoid the Flu
• Advertising to Consumers Does Not Increase Drug Sales
• Parents’ Looks Influence Children’s Choice of Mates
• NTP Report on Bisphenol A
• Measles Vaccine Cleared of Autism Charges
• Dieting’s Easier With High-Protein Breakfast
• Estrogen Spares Women’s Hearts, Risks Men’s