High tech healthcare: It all sounds a bit James Bond, but could someone hack into your pacemaker to kill you?
Credit: iStockphoto
WASHINGTON DC: Medical devices such as pacemakers are vulnerable to attacks by hackers, who could gain access to a patient's private details or reprogram their device and kill them.
A research team, led by computer scientists Kevin Fu of the University of Massachusetts in Amherst and Tadayoshi Kohno of the University of Washington in Seattle, was able to intercept signals sent from an implantable cardiac defibrillator (ICD).
Greater range and greater risk
"The device contained information like the patient's name, their therapy settings, their date of birth and some other information from their doctor," said Fu. "In addition, we were able to modify the settings on the device using an unauthorised machine we built. So, for instance, we could cause defibrillation shocks to not happen when they should and to happen when they shouldn't."
Modern ICDs are typically designed to receive wireless signals over a small distance, but technology is expanding the range of the devices – and creating greater potential for information to be intercepted.
However, the study stressed that there have been no reported cases of a patient with an ICD or pacemaker being targeted by hackers so far. The peer-reviewed report will be presented at the U.S. Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in Oakland, California in May.
Future considerations
"The greater concern is about what's going to happen down the line as these devices become more sophisticated, as they embrace wireless technology and connect to the Internet, as they begin to hook up with other devices," said Fu.
"In the future, there may be a defibrillator that talks to a drug pump in your body," he said. "We want to make sure that the community understands how security and privacy affect more traditional goals of safety and effectiveness as new technologies are being integrated into medical devices."
Cardiologist and team member William Maisel, of Harvard Medical School in Boston, said that a key aim of the study was "to encourage the medical device industry to think more carefully about the security and privacy of patient information, particularly as wireless communication becomes more common."
"Fortunately, there are some safeguards already in place, but device manufacturers can do better," he added.
Despite the security flaws shown up by the study, Fu stressed that the pros of being fitted with a pacemaker or ICD far outweigh the security- and privacy-related cons. "When a doctor tells a patient they need one of these devices to live a normal and healthy life, they're much better and much safer having the device than not having it," he said.
Far-fetched scenario
He also said the likelihood of would-be assassins trying to get close to someone they know has a pacemaker to manipulate the device and kill the patient was very slim. "That's a very creative idea but it's a little bit elaborate and it would be rather challenging to build a similar machine" to the one used in the study, he said.
In addition, the research team omitted details in their published paper "that prevent the findings from being used for anything other than improving patient security and privacy."
"Maybe the assassin scenario would make for a good spy novel, but there are much simpler ways to accomplish that sort of thing," Fu said.
