Pacemakers Vulnerable to Hackers, Researchers SayMay 29, 2008 | Parker Waichman LLP
Pacemakers can be hacked - relatively easily. Now a research team that was able to hack the implantable defibrillators that keep sick hearts beating steadily are telling federal regulators that the problem needs to be addressed.
In recent years, over 100,000 patients in the US have been implanted with a defibrillator device - or pacemaker - that has helped to reduce medical visits. The device and its technology enable patient information to be sent to a bedside monitor that then sends the data to a doctor. Transmissions generally occur once daily. But researchers at the University of Massachusetts Amherst and the University of Washington have discovered that the defibrillator monitoring technology is vulnerable to hacking and—worse—reprogramming that could stop the defibrillators from providing a lifesaving shock.
The Medical Device Security Center, a collaboration of researchers from three universities, tinkered with one on a lab table, after buying $30,000 worth of commercially available equipment to assist the hacking. Researchers ran tests that deduced how a particular defibrillator worked. They used that information to alter it from less than an inch away. Potentially, they said, an attacker could disrupt heartbeats, dangerously drain a battery or even extract private medical information. Their findings were presented May 19 in Oakland, Calif., at a symposium on security and privacy being put on by IEEE, a technology association.
There have been no reports of pacemakers being hacked. But Dr. William Maisel, a Harvard cardiologist who worked with the Center, says the time to take action is now. "This is not an important risk for patients right now," said Dr. Maisel said, "We just want the industry to be thoughtful about where we as a society are going with these devices."
Last month the group discussed its findings with the Food & Drug Administration and a trade association for implanted devices.