Letting people into your heart now takes on a whole new meaning. U.S. researchers reported today that implanted heart defibrillators, which can jump start an arrhythmic heart back into beating normally, are vulnerable to external hacking.
During the testing phase, the research team was able to make one Medtronic device release sensitive patient information off its computer chip, and got it to fire improperly and run its battery down using inexpensive equipment, according to a Reuters report.
The team of researchers, which include computer scientists, electrical engineers and cardiologists, said that patients don't face immediate danger.
"I think patients with implantable defibrillators should not be worried by this," said Dr. William Maisel of the Beth Israel Deaconess Medical Center and Harvard Medical School said to Reuters. "I think we would be doing them a disservice if this upsets them. There has never been a documented malicious attack on someone's implantable cardiac defibrillator."
A spokesperson from Medtronic said that the devices, which had carried such telemetry for 30 years, have never experienced any reported hacking problems.
The researchers said that they contacted the U.S. Food and Drug Administration. The federal agency acknowledged that a hacker could use specially crafted software and a hand held antennae to transmit data from a defibrillator through the airwaves, but maintained that the chance of a hacker intercepting or maliciously reprogramming a defibrillator was slim.
However, the findings call into question patient privacy that is protected by HIPPA and other federal regulations, and underscore the need to ensure effective data loss prevention practices.
Defibrillators, known as ICDs, use electrical shocks to normalize a heart that has an irregular beat or is suffering from other abnormalities. The defibrillators, which can also include a pacemaker, can keep a record of heart activity, transmit information to a bedside station and alter health workers to any dangerous or unusual activity.
Experts say that the recent discovery is more relevant now than even a few years ago.
Maisel and his team of researchers reported that more than 2.6 million pacemakers and ICDs were implanted between 1990 and 2002 -- Vice President Dick Cheney being one of the recipients.
In the past few years, more than 100,000 patients in the U.S. have been implanted with new machines which were designed to expedite medical communications by sending patient information to a bedside monitor, which in turn relays the data to a doctor.
Experts say that as this kind of technology is used in more medical devices, such as pacemakers and hearing implants, patients' personal and sensitive data will face increasing risk of exposure.
The full report will be presented in May at a meeting of the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in Oakland, Calif. It's also currently available at secure-medicine.org.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
