Heart Defibrillators Vulnerable To Hacking

During the testing phase, the research team was able to make one Medtronic device release sensitive patient information off its computer chip, and got it to fire improperly and run its battery down using inexpensive equipment, according to a Reuters report.

The team of researchers, which include computer scientists, electrical engineers and cardiologists, said that patients don't face immediate danger.

"I think patients with implantable defibrillators should not be worried by this," said Dr. William Maisel of the Beth Israel Deaconess Medical Center and Harvard Medical School said to Reuters. "I think we would be doing them a disservice if this upsets them. There has never been a documented malicious attack on someone's implantable cardiac defibrillator."

A spokesperson from Medtronic said that the devices, which had carried such telemetry for 30 years, have never experienced any reported hacking problems.

Sponsored post

The researchers said that they contacted the U.S. Food and Drug Administration. The federal agency acknowledged that a hacker could use specially crafted software and a hand held antennae to transmit data from a defibrillator through the airwaves, but maintained that the chance of a hacker intercepting or maliciously reprogramming a defibrillator was slim.

However, the findings call into question patient privacy that is protected by HIPPA and other federal regulations, and underscore the need to ensure effective data loss prevention practices.

Defibrillators, known as ICDs, use electrical shocks to normalize a heart that has an irregular beat or is suffering from other abnormalities. The defibrillators, which can also include a pacemaker, can keep a record of heart activity, transmit information to a bedside station and alter health workers to any dangerous or unusual activity.

Experts say that the recent discovery is more relevant now than even a few years ago.

Maisel and his team of researchers reported that more than 2.6 million pacemakers and ICDs were implanted between 1990 and 2002 -- Vice President Dick Cheney being one of the recipients.

In the past few years, more than 100,000 patients in the U.S. have been implanted with new machines which were designed to expedite medical communications by sending patient information to a bedside monitor, which in turn relays the data to a doctor.

Experts say that as this kind of technology is used in more medical devices, such as pacemakers and hearing implants, patients' personal and sensitive data will face increasing risk of exposure.

The full report will be presented in May at a meeting of the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in Oakland, Calif. It's also currently available at secure-medicine.org.