Could Your Pacemaker Be Hacked?

Researchers Work on Preventive Measures
Could Your Pacemaker Be Hacked?
Many implantable medical devices, such as pacemakers and defibrillators, have wireless connections that enable physicians to monitor patients. But with that wireless connectivity comes the risk of a malicious attack with potentially life-threatening results. For example, consider what could happen if a hacker instructed a device to deliver a lethal dose of electricity.

That's why researchers at Massachusetts Institute of Technology and the University of Massachusetts, Amherst are attempting to develop a second transmitter called a "shield" to protect wireless communication to and from implantable devices.

The shield, perhaps worn as a necklace, would encrypt unauthorized messages coming in so that the device cannot read them. Authorized healthcare providers would be able to communicate with the shield using an encryption key to send and receive data.

So far, early experiments with the technology have been confined to the laboratory, and no tests on humans have been conducted.

Shyamnath Gollakota, a graduate student at MIT pursuing his Ph.D in electrical engineering and computer science, says the project was launched after UMass published a paper in 2008 that "explained how one can get information, like a patient's name, records, etc., from the implants. Further, it showed that it's possible to try and change information on the implants."

The shield approach appeared to be the best option for securing an implanted device that has a lifespan of about 10 years, Gollakota says. Plus, installing encryption technologies within the devices themselves could prove challenging for several reasons, including power limitations.

Implants communicate with their doctors on different frequencies. So a shield protecting one person's implant will not interfere or jam other implants that operate on other frequencies.

To deal with a scenario when a patient wearing a shield shows up unconscious in an emergency department, researchers came up with the idea of an on-off button on the device.

Assessing the Approach

Protecting implantable medical devices is an important issue, and the shield offers an innovative approach to protecting devices from unwanted and potentially harmful communications, says Dale Nordenberg, M.D., founder of the Medical Device Innovation, Safety and Security Consortium. The consortium encompasses several organizations working on best practices for protecting medical devices (see: Protecting Medical Devices).

"It has potential to promote healthcare information privacy and patient safety," Nordenberg says. But he stresses that further epidemiologic studies need to be completed to understand patient compliance behavior and overall efficacy and safety of the shield.

What's Next?

Providing wireless links to implantable medical devices has great benefits, such as reducing the time it takes for a physician to notice a clinical problem and take action, Gollakota says. But with those benefits comes the risk of a potentially fatal hacker attack.

As a result, some Boston-area physicians already have expressed interest in the research project, Gollakota says. And the researchers are approaching technology companies about further tests and development of the shield concept.

"Conducting trials with people requires jumping through a number of loops and paperwork as an academic institution," Gollakota says. "The way forward is to collaborate with medical implant companies and see if one can use their existing setup."


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.