Heart Hack Attack
Using a PC and wireless technology, it’s possible to commit a hack attack against implanted medical devices (IMDs) such as pacemakers and implanted cardiac defibrillators (ICDs). Researchers at the Medical Device Security Center found that they could not only obtain personal medical information from implanted devises using a PC, antenna and radio equipment, they "could also turn off or modify therapy settings stored on the ICD. ... A malicious person could also make the ICD deliver a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia."
The cross-disciplinary team’s research paper does not disclose information that could be used to conduct a medical hack attack and they do not know of any such attack having ever been committed. The Center’s goal is not to scare but to "improve the security, privacy, safety, and effectiveness of future IMDs."
The Center’s paper considers how "medical device security and privacy interact with and affect medical safety and treatment efficacy." The paper notes the tension between security and safety goals, such preventing medical cyber-attacks while still allowing for emergency treatment, and suggests three potential approaches for addressing these conflicting goals. The group’s research calls for broad and innovative action as it "illuminates the need for a principled and deeper investigation into prevention mechanisms, detection mechanisms, audit mechanisms, deterrents, and methods that enhance patient awareness and ensure consent. ... Such innovations will become more crucial as the technologies and capabilities of implantable medical devices continue to evolve."
The public owes a debt of gratitude to the Medical Device Security Center’ multi-disciplinary researchers for their insightful work, responsible publishing standards, and their commitment to furthering the twin goals of medical privacy and safety.
See Medical Device Security Center website