Hacking Remotely Accessible Heart Implants Possible, But Unlikely, Researchers Find

With concerns growing in the medical community about the safety of remotely accessible implants, a new research paper indicates that while they are vulnerable, those risks seem unlikely to be exploited. 

In a paper published online by the Journal of the American College of Cardiology on February 20, researchers indicate that while hacking heart implants like implantable cardioverter defibrillators is possible, and should be addressed during product testing, no enhanced monitoring or device replacements are needed at this point.

Researchers with the Electrophysiology Section Council and the University of Kansas Medical Center reviewed literature on the devices, potential vulnerabilities and cybersecurity, and talked to a number of cybersecurity and medical experts, concluding that even if a hacker was able to remotely access a heart implant, they would unlikely not be able to alter its programming.

Did You Know?

AT&T Data Breach Impacts Millions of Customers

More than 73 million customers of AT&T may have had their names, addresses, phone numbers, Social Security numbers and other information released on the dark web due to a massive AT&T data breach. Lawsuits are being pursued to obtain financial compensation.

Learn More

The paper indicates that while such intrusions should be guarded against in the future, concerns may currently be blown out of proportion. However, that doesn’t mean the medical industry should relax, the researchers warned, as the threat is likely to grow in the future.

The authors called for cybersecurity needs to be addressed during product testing to ensure that the systems are safe. They also recommended other options that might help, including the use of security firmware, software that cannot be changed and is part of the devices’ hardware; and remote monitoring.

“The possible future impact of this issue is immense,” the researchers said in an American College of Cardiology press release. “The FDA, manufacturers and professional societies like the [ACC] and Heart Rhythm Society are actively participating in larger conversations regarding overall risks, and how to best protect patients and provide the most effective care.”

Medical Device Cybersecurity Concerns

Cybersecurity threats in the medical field have been a growing concern over the last few years, as vulnerabilities to healthcare organizations’ record systems and medical devices have surfaced.

Since 2014, the U.S. Department of Homeland Security (DHS) has been actively investigating at least two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment. According to DHS, if preventative actions to strengthen the medical field’s cybersecurity issues are not taken, hackers could exploit these vulnerabilities and put patients in serious risk.

The Department of Health and Human Services (DHHS) manager, Jason Lay, has called the exposed vulnerabilities in the medical field a danger. Lay claimed the possibility of hacks to medical devices are a very real possibility, stating hackers could potentially tamper with medical devices and use them to gain access to healthcare organizations health record systems.

Additionally, in a demonstration at the RSA security conference in San Francisco in 2012, researchers were able to hack medical devices such as insulin pumps from up to 300 feet away. The demonstration further showed how hackers could remotely take control of the insulin devices, allowing them to deliver lethal doses of insulin to patients without any notification.

The FDA has been actively working on improving cybersecurity in the medical field since 2013, when the White House issued Executive Order 13636, which called on the public and private sectors to collectively strengthen the gap in cybersecurity infrastructure. Since the order, the FDA issued its first guidance in October 2014, recommending medical device manufactures to incorporate strong anti-hack programs during the design stages of device development.

The agency proposed a second guidance on January 15, 2016, outlining important steps medical device manufacturers should take to proactively plan for and to assess vulnerabilities, to keep patients safe and better protect public health.

Image Credit: |


Share Your Comments

I authorize the above comments be posted on this page*

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

More Top Stories

Johnson & Johnson Faces Medical Monitoring Lawsuit Over Future Baby Powder Cancer Risks
Johnson & Johnson Faces Medical Monitoring Lawsuit Over Future Baby Powder Cancer Risks (Posted today)

Women who used Johnson's Baby Powder around their genitals for feminine hygiene purposes now live in fear of developing ovarian cancer, according to the class action lawsuit seeking medical monitoring for future diagnoses

More Than 9,600 Join Suboxone Lawsuit Over Tooth Decay in MDL Filing
More Than 9,600 Join Suboxone Lawsuit Over Tooth Decay in MDL Filing (Posted yesterday)

A bundled complaint of about 9,600 Suboxone lawsuits were filed in federal court on Friday, ahead of the two-year anniversary of the FDA requiring tooth decay label warnings on the opioid treatment film strips, which is also a deadline for filing a civil complaint in many states.