Implanted wireless medical devices are potential security risk for patients

2 April 2008

Implanted medical devices with wireless technology have a potential risk of unauthorised access to patient data and reprogramming of the device.

Implantable medical devices such as cardiac defibrillators and pacemakers are increasingly being equipped with wireless technology to enable features such as remote patient monitoring, real-time data transfer, remote checking of the devices and saving of visits from and to healthcare professionals.

A team of researchers from three universities has demonstrated that patients’ private medical information could be extracted and their devices reprogrammed without the patients’ authorization or knowledge.

There has never been a reported case of a patient with an implantable cardiac defibrillator or pacemaker being targeted by hackers, and the researchers emphasized that the study was designed to identify and prevent future problems. Undertaking the study required a high level of technical expertise, and the published paper omits certain details in methodology that prevents the findings from being used for anything other than improving patient security and privacy.

The study was led by two computer scientists, Tadayoshi Kohno of the University of Washington and Kevin Fu of the University of Massachusetts Amherst, and cardiologist Dr William Maisel of the Beth Israel Deaconess Medical Center and Harvard Medical School. Their peer-reviewed report will be presented and published at the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in Oakland, California on May 19, 2008.

Dr Maisel, director of the Medical Device Safety Institute at Beth Israel Deaconess Medical Center in Boston, said, “One of the purposes of this research is to encourage the medical device industry to think more carefully about the security and privacy of patient information, particularly as wireless communication becomes more common. Fortunately, there are some safeguards already in place, but device manufacturers can do better.”

The team expects this issue to take on greater importance as implantable cardiac defibrillators operate wirelessly at greater distances. These devices typically receive short-range wireless signals over several feet, but new technologies are expanding that reach even farther, creating the potential for information to be intercepted en route.

“We hope our research is a wake-up call for the industry,” said Kohno, an assistant professor of computer science and engineering at the University of Washington. “In the 1970s, the Bionic Woman was a dream, but modern technology is making it a reality. People will have sophisticated computers with wireless capabilities in their bodies. Our goal is to make sure those devices are secure, private, safe and effective.”

Fu noted that the study developed several prototype defenses. “One of our primary contributions is the invention of three defence mechanisms that require no battery power, making them potentially easy to incorporate in the devices without extensive redesigning. While there has been much research that explores the biological safety of implantable medical devices, there is limited understanding about the related issues of wireless security and privacy. Understanding the security and privacy of implantable devices is essential for protecting the nation’s health and cyber infrastructure.”

The researchers’ experiments used an implantable cardiac defibrillator, a device that automatically regulates the heart beat by sending small electrical signals to the heart to stimulate the heart rate or by delivering a large shock to restore a potentially fatal heart rhythm back to normal. Millions of defibrillators have been implanted worldwide.

The model used contained computers and radios that allow healthcare practitioners to diagnose patients, read and write private medical information, and adjust the device’s therapy settings wirelessly.

In computer laboratory bench tests, the research team used an inexpensive software radio to intercept and capture signals sent from the implantable device. They were able to obtain detailed information about a hypothetical patient, including name, diagnosis, date of birth and medical ID number. Researchers could determine the make and model of the device and access real-time electrocardiogram results as well as data on the hypothetical patient’s heart rate and cardiac activity.

The team then mounted several attacks. Researchers were able to turn off the therapy settings stored in the implantable device, rendering it incapable of responding to dangerous cardiac events. Additional commands were delivered, resulting in the delivery of a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia.

Three deterrence and prevention mechanisms were developed as part of the study, including a notification device that audibly alerts patients of security sensitive events, a device that authenticates requests for access from outside devices and a vibrating device that patients can sense. All three mechanisms require no power from the battery, and one of them was evaluated for effectiveness in a substance similar to human tissue.

Because the team studied one common model of implantable cardiac defibrillator, the susceptibility of similar devices to privacy and security risks is uncertain. The researchers believe future studies are needed to assess potential risks associated with other implantable devices equipped with wireless technology.

The researchers feel strongly that nothing in their report should deter patients from receiving these devices if recommended by their physician. The implantable cardiac defibrillator is a proven, life-saving technology.

Your browser does not support inline frames or is currently configured not to display inline frames.	Your browser does not support inline frames or is currently configured not to display inline frames. Implanted wireless medical devices are potential security risk for patients 2 April 2008 Implanted medical devices with wireless technology have a potential risk of unauthorised access to patient data and reprogramming of the device. Implantable medical devices such as cardiac defibrillators and pacemakers are increasingly being equipped with wireless technology to enable features such as remote patient monitoring, real-time data transfer, remote checking of the devices and saving of visits from and to healthcare professionals. A team of researchers from three universities has demonstrated that patients’ private medical information could be extracted and their devices reprogrammed without the patients’ authorization or knowledge. There has never been a reported case of a patient with an implantable cardiac defibrillator or pacemaker being targeted by hackers, and the researchers emphasized that the study was designed to identify and prevent future problems. Undertaking the study required a high level of technical expertise, and the published paper omits certain details in methodology that prevents the findings from being used for anything other than improving patient security and privacy. The study was led by two computer scientists, Tadayoshi Kohno of the University of Washington and Kevin Fu of the University of Massachusetts Amherst, and cardiologist Dr William Maisel of the Beth Israel Deaconess Medical Center and Harvard Medical School. Their peer-reviewed report will be presented and published at the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in Oakland, California on May 19, 2008. Dr Maisel, director of the Medical Device Safety Institute at Beth Israel Deaconess Medical Center in Boston, said, “One of the purposes of this research is to encourage the medical device industry to think more carefully about the security and privacy of patient information, particularly as wireless communication becomes more common. Fortunately, there are some safeguards already in place, but device manufacturers can do better.” The team expects this issue to take on greater importance as implantable cardiac defibrillators operate wirelessly at greater distances. These devices typically receive short-range wireless signals over several feet, but new technologies are expanding that reach even farther, creating the potential for information to be intercepted en route. “We hope our research is a wake-up call for the industry,” said Kohno, an assistant professor of computer science and engineering at the University of Washington. “In the 1970s, the Bionic Woman was a dream, but modern technology is making it a reality. People will have sophisticated computers with wireless capabilities in their bodies. Our goal is to make sure those devices are secure, private, safe and effective.” Fu noted that the study developed several prototype defenses. “One of our primary contributions is the invention of three defence mechanisms that require no battery power, making them potentially easy to incorporate in the devices without extensive redesigning. While there has been much research that explores the biological safety of implantable medical devices, there is limited understanding about the related issues of wireless security and privacy. Understanding the security and privacy of implantable devices is essential for protecting the nation’s health and cyber infrastructure.” The researchers’ experiments used an implantable cardiac defibrillator, a device that automatically regulates the heart beat by sending small electrical signals to the heart to stimulate the heart rate or by delivering a large shock to restore a potentially fatal heart rhythm back to normal. Millions of defibrillators have been implanted worldwide. The model used contained computers and radios that allow healthcare practitioners to diagnose patients, read and write private medical information, and adjust the device’s therapy settings wirelessly. In computer laboratory bench tests, the research team used an inexpensive software radio to intercept and capture signals sent from the implantable device. They were able to obtain detailed information about a hypothetical patient, including name, diagnosis, date of birth and medical ID number. Researchers could determine the make and model of the device and access real-time electrocardiogram results as well as data on the hypothetical patient’s heart rate and cardiac activity. The team then mounted several attacks. Researchers were able to turn off the therapy settings stored in the implantable device, rendering it incapable of responding to dangerous cardiac events. Additional commands were delivered, resulting in the delivery of a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia. Three deterrence and prevention mechanisms were developed as part of the study, including a notification device that audibly alerts patients of security sensitive events, a device that authenticates requests for access from outside devices and a vibrating device that patients can sense. All three mechanisms require no power from the battery, and one of them was evaluated for effectiveness in a substance similar to human tissue. Because the team studied one common model of implantable cardiac defibrillator, the susceptibility of similar devices to privacy and security risks is uncertain. The researchers believe future studies are needed to assess potential risks associated with other implantable devices equipped with wireless technology. The researchers feel strongly that nothing in their report should deter patients from receiving these devices if recommended by their physician. The implantable cardiac defibrillator is a proven, life-saving technology. Your browser does not support inline frames or is currently configured not to display inline frames. To top	Your browser does not support inline frames or is currently configured not to display inline frames.