In the early days of the Internet, spam and viruses were the as-yet unknown enemies. Now, such problems — with hackers routinely accessing supposedly private computer programs — are everyday headaches, and often migraines, bringing public and private institutions to their knees when their security systems are circumvented.
Now add one more item to the “not absolutely secure” list.
As wireless technology is increasingly integrated into medical devices for continuous patient monitoring, a group of researchers has shown that patients could be at risk if proper security measures aren’t included in device telemetry.
A study “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses,” was issued this week by the Medical Device Security Center (Washington), its researchers demonstrating the ability to hack wirelessly into an implantable cardioverter defibrillator (ICD).
The circumstances were rather specialized, however – it wasn’t done at long distance, just at 2 cm, and required the use of $30,000 in high-tech equipment and an expert lab team.
Thus, while they demonstrated the possibility of malicious or unauthorized access to wireless devices, the study doesn’t support the likelihood that this is going to be a widespread problem, at least not immediately.
And it may have sounded unnecessary alarms for patients, according to industry experts.
“If you’ve got the resources and expertise to do what they’ve done, it’s possible — and we’re not surprised on that level,” Rob Clark, senior director, state government affairs for Medtronic (Minneapolis) told Medical Device Daily.
Medtronic has a special concern for avoiding any widespread panic since it was one of its ICDs, a Maximo, that was used in the experiment.
The experimenters, he said, “demonstrated what is possible, but the probability is remote, and patients shouldn’t be concerned.”
The researchers used an antenna, radio hardware, and a PC to intercept wireless signals from the Maximo, and they suggested that similar technology could be used to access patient information, turn the device off, modify therapy settings or render it incapable of responding to dangerous cardiac events.
A malicious person could also make the implant deliver a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia.
One of the study’s authors, Kevin Fu, PhD, assistant professor, Department of Computer Science, University of Massachusetts told Medical Device Daily that the primary intention was not to sound alarms for patients with ICDs, “because patients are much better off with these devices.
“It’s more about the future, when newer devices come out,” Fu said. “We know the Internet is now plagued with viruses and spam and that wasn’t always the case. In the beginning it was relatively calm. So we feel this is a wake-up call to avoid the same kinds of problems and to insure that future devices will be safe.”
He added that the research team selected Medtronic’s Maximo ICD for the effort simply because it was available to them and it’s a commonly used device for patients.
“A fundamental challenge will be to develop methods that appropriately balance security and privacy with traditional goals such as safety and effectiveness. Our work provides a foundation for these explorations, on top of which we hope to see much subsequent innovation,” the authors wrote.
“To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide,” Clark said. “Going forward, industry is working to make sure security is built into these devices and as the wireless capabilities and the distance of telemetry extends, that security will go up accordingly.”
Clark pointed out that the implants aren’t beaming wireless signals all the time. When a physician accesses or alters an ICD program at a distance, it comes on and goes off briefly, so the chances that somebody could maliciously or even accidentally affect a pacemaker are even more remote.
“The device industry has taken strong measures to ensure the safety of patients from both a data privacy standpoint and remote device setting manipulation,” Clark said. “For example, several safeguards are built into these devices to protect the devices from normal daily interference. They include electronic filters that distinguish between natural heart beat signals and interference signals.”
The Heart Rhythm Society’s (HRS; Washington) president Bruce Lindsay, MD, also downplayed the report, saying that it had no clinical significance and that attention to it has been way overblown.
“The industry has put huge efforts into developing devices as safely as they can,” Lindsay told MDD. “These devices have a remarkable track record for safety and effectiveness. The product recalls we’ve recently had show they are not perfect, but they have had a huge impact on saving lives,” he said.
Lindsay said the study should be of interest to engineers who design these systems and it would be appropriate to include more protection in future designs, but that ICDs “were designed to save lives. They weren’t designed to resist attacks and this article draws attention to the feasibility of doing this,” Lindsay said. “It’s not likely that a team of engineers will go running down the street to hurt somebody with an ICD.”
He suggested that medical device makers should keep their eye on the primary goals: building devices that are safe and effective.
“Industry can take a look at this [report], but don’t let it draw the focus away from the industry’s fundamental mission.”
Medical Device Security Center is a partnership between self-funded researchers at Beth Israel Deaconess Medical Center, Harvard Medical School, the University of Massachusetts (Amherst), and the University of Washington.