Hospital executives urged to push device manufacturers to enhance product security
Kevin Fu hopes that he’s delivered a wake-up call to medical device manufacturers and other health care officials. Fu and colleagues at the University of Massachusetts Amherst, recently hacked their way into implantable medical devices, seizing private patient information, including name, disease diagnosis, birth date and medical record number.
Worse, the researchers were able to change the demographic data and also compromise patient safety by turning off settings stored in the device, rendering them unable to respond to cardiac events. Even more alarming, commands were then uploaded instructing the device to deliver an electric shock capable of inducing ventricular fibrillation, a potentially lethal arrhythmia.
It was all an experiment, but is the first known breach of wireless implantable medical devices, such as pacemakers and defibrillators. The study was designed to show how even clinical devices are vulnerable.
“There is no cause for concern for present devices,” Fu says. “As device manufacturers begin to embrace more sophisticated computer technology, security and privacy will play a larger role.”
Results of the research were presented in March at the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy. The authors were careful to omit specific details from the paper that could be used for sinister purposes.
Still, the study raised a collective eyebrow among privacy advocates.
“People are running around with unsecured computers in their bodies,” says Pam Dixon, executive director of the World Privacy Forum. “Hospital CEOs need to push vendors harder on security. Device manufacturers need to understand that health care is not the retail sector.”
Device manufacturers also took notice. One, St. Jude Medical, maker of ICDs and pacemakers, intends to use the study as part of ongoing efforts to secure their devices, according to a company spokesperson.
The paper proposes several zero-power defenses that do not draw on device batteries. These include improving authentication from any external device attempting to communicate with an implantable unit; having the device alert patients whenever hacking is detected; and encrypting the data transmitted by the device.
The authors warn that while protecting wireless devices with a cryptographic key may provide added security, it could also inhibit emergency treatment if the key were unavailable. To view the study, go to www.secure-medicine.org.