IMPLANTABLE CARDIOVERTER DEFIBRILLATOR WITH PACEMAKER: New research indicates that ICDs and other implantable medical devices may be susceptible to tampering when information is sent wirelessly to or from such a device. Image: Courtesy of iStockphoto
It sounds like the far-fetched plot of a sci-fi thriller: Bad guys strike down a high-ranking politician or captain of industry by hacking into and remotely tinkering with his or her pacemaker, insulin pump, implantable cardioverter defibrillator (ICD) or other medical implant. Unfortunately, new research shows such a scenario is no longer just science fiction.
Scientists from Harvard Medical School's Beth Israel Deaconess Medical Center in Boston, the University of Massachusetts Amherst and the University of Washington in Seattle say they were able to launch cyber strikes against and glean private patient data from an ICD's communication protocol while testing the device's safety and security.
The researchers tested a Maximo DR VVEDDDR (manufactured by Minneapolis-based Medtronic, Inc.), because it is a typical ICD with pacemaking (steady, periodic electrical stimulation) and defibrillation (single, large shock) functions that communicates with an external monitoring device smaller than a laptop. The monitoring device has a handheld antenna that the patient holds over his or her chest, where the ICD is implanted, to read information wirelessly. The scientists acknowledge their findings are limited to this particular ICD (available in the U.S. since 2003), but warn that it highlights potential dangers that manufacturers must address.
Surgeons routinely implant ICDs and pacemakers in patients with irregular heartbeats, generally placing them just under the skin below a patient's clavicle (collarbone) and attaching its whisker-thin wires inside the heart muscle or on its surface. An irregular heartbeat triggers the implanted device to send electrical shocks to restore a normal rhythm. Most such devices register and record such events, information that health care workers can access wirelessly via monitoring devices.
Imagine the consequences, though, if someone were to maliciously reconfigure a pacemaker remotely so that it fails to shock a speeding heart or, conversely, jolts one that is beating normally. Yet that is just what researchers caution could happen in a paper they are scheduled to present at the 2008 IEEE Symposium on Security and Privacy in Oakland, Calif., in May. In the paper, published on their Medical Device Security Center Web site, they wrote they had no trouble accessing unencrypted sensitive information in the ICD—including patient records and vital signs—and then reprogramming the settings determining when the appliance should administer electric shocks.
"Balancing security and privacy with safety and efficacy will become increasingly important as [implanted medical device] technologies evolve," the researchers wrote. They stressed that patients with ICDs, pacemakers, neurostimulators, implantable drug pumps and similar implantable medical devices (IMD) are not in imminent danger, pointing out that "no IMD patient has ever been harmed by a malicious security attack" to their knowledge. But they noted that tighter security and privacy controls are needed to prevent against potential strikes in the future.
Among the researchers' hacking arsenal: an eavesdropping antenna to pick up and read patient information; a transmitting antenna to send disruptive instructions to the ICD; an oscilloscope to visualize and record signals sent to and from the device; and a universal software radio peripheral (USRP), a device that allowed them to create a software radio on their computer.
"Our results show that wireless transmissions disclose private data," they wrote, including a patient's name, birth date, medical history and ID number as well as the treating physician's name and contact information, and the ICD model and serial number. (All of this information was created specifically for the research project—no actual patient data was used.)