A recent study has shown that there is a large gap in the security of implanted devices that regulate heartbeats and use wireless technology. The research done at Beth Israel Deaconess Medical Center and the University of Massachusetts shows that with some technical expertise information from the device can be retrieved. According to Dr. William H. Maisel, senior author of the report, his team was able to send commands to the device in an unauthorized fashion and reprogram settings, as well as tell the device to deliver a high-voltage shock.

At the same time, Maisel, director of the Medical Device Safety Institute at Beth Israel Deaconess said that the millions of patients with implanted cardiac devices should not be concerned because there has never been a single reported episode of this type of attack on a defibrillator, and because of the technical skill needed, the danger is extremely remote.

Maisel said that patients are better off having the defibrillator with wireless capability, which enables doctors to download data that helps to monitor heart activity and also makes it easier to send commands to the device in order to adjust it.

Obviously, the study was done on a lab bench, no a live patient. It showed two ways that implantable devices could be manipulated to cause harm. The hacker could stop them from helping a patient or tell them to disturb the rhythm of the heart - potentially inducing a fatal shock. Hackers could also draw personal patient information from the devices.

The study will be presented at a symposium on security in May. For security, the study purposely omits certain details that could help hackers, and it proposes several fixes that could prevent or deter attacks including an audible tone or vibration that could alert a patient if someone was communicating with an implanted heart device, along with proposed encryption methods that could help safeguard data.

More Industry Headlines