Medical device hack theoretically possible
DEAR DOCTOR: As a fan of the TV show “Homeland,” I was skeptical when a character was assassinated by someone hacking his pacemaker. Then I read this might actually be possible. Is this really a risk?
DEAR READER: The idea that an unseen individual can take control of a medical device in someone else’s body is profoundly disturbing. And while it would be great to be able to brush it all off as the product of a TV writer’s overheated imagination, the possibility of such hacking, while remote, does exist.
A paper recently published in the Journal of the American College of Cardiology tackled this subject. The authors point out that, in a world increasingly dependent on (and connected by) online technology, it’s not only pacemakers that are vulnerable. Defibrillators, neurostimulators and implantable drug pumps, like insulin pumps, rely on the same embedded computers and software radios for their two-way communication. Their findings are that weak security features have left these devices potentially vulnerable to outside manipulation.
The Food and Drug Administration and the
Department of Homeland Security have both become involved in the issue. The FDA has published a cybersecurity update on its website and outlined the steps it is taking to protect the public. Earlier this year, DHS put out an advisory regarding potential vulnerabilities in a certain cardiac device.
Unfortunately, the only foolproof fix to reduce the risk of hacking is to ditch the wireless technology. But considering the many benefits of remote access, which facilitates software updates, allows real-time monitoring and can deliver updates to treatment protocols without the physician physically present, it’s realistic to expect that wireless tech is here to stay.
In addition to addressing the vulnerabilities in wireless medical technologies, the lead author has been careful to state, both in the paper and in subsequent media interviews, that the risk of such hacking remains theoretical. Here in the real world, for now, there have been no documented cases of implantable cardiac devices being hacked.
Elizabeth Ko, M.D., is an internist and primary care physician at UCLA Health.