Could Your Pacemaker Be Hacked?

Posted Mar 12, 2008 by KJ Mullins
Those who rely on a pacemaker to regulate their heart are learning that the implant could be vulnerable to attacks by hackers. Hackers can obtain patient's private details or even reprogram the device putting a person's health at risk.
Kevin Fu of the University of Massachusetts and Tadayoshi Kohno of the University of Washington, and cardiologist William Maisel of Harvard Medical School were able in lab tests to intercept signals being sent from an implantable cardiac defibrillator.
"The device contained information like the patient's name, their therapy settings, their date of birth and some other information from their doctor," Fu told AFP.
"In addition, we were able to modify the settings on the device using an unauthorized machine we built. So, for instance, we could cause defibrillation shocks to not happen when they should and to happen when they shouldn't," he said.
The scary possibility of a hacker reprogramming a pacemaker is offset by the fact that to date there have been no reports of this type of action taking place.
The study's aim was to show the medical device industry though that they have to work on the security and safety of their devices as the industry gets more and more complicated.
Maisel said that a key aim of the study was "to encourage the medical device industry to think more carefully about the security and privacy of patient information, particularly as wireless communication becomes more common."
"Fortunately, there are some safeguards already in place, but device manufacturers can do better," the cardiologist said in a statement.
The chances that an assassin would be able to target someone with a pacemaker and use that information to kill is unlikely. Still it does have the makings of a great science fiction spy story.
The report will be presented and published at the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in Oakland, California in May.