|New findings highlight heart device vulnerabilities. Source: eFlux Media|
A team of computer security researchers reported Wednesday that they had been able to gain wireless access to a combination heart defibrillator and pacemaker, according to The New York Times.
The researchers were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal. In this case, the researchers were hacking into a device in a laboratory, the NY Times reported.
The researchers said they had also been able to collect personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic had embedded in the implant as a way to let doctors monitor and adjust the device without surgery.
The Medical Device Security Center, which is a cross-disciplinary partnership between researchers at Beth Israel Deaconess Hospital in Boston, the University of Washington in Seattle and the University of Massachusetts in Amherst conducted the research to highlight the vulnerability of the hundreds of thousands of Americans, who use implanted pacemakers or defibrillators to regulate their hearts.
The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists to interpret the data gathered from the implant’s signals, according to the NY Times.
The researchers told the NY Times that they chose Medtronic’s Maximo because they considered the device typical of many implants with wireless communications features. Device makers have begun designing them to connect to the internet, allowing doctors to monitor patients from remote locations.
The researchers said the test results suggested that too little attention was being paid to security in the growing number of medical implants being equipped with communications capabilities.
“The risks to patients now are very low, but I worry that they could increase in the future,” Tadayoshi Kohno, a lead researcher on the project from the University of Washington, told the NY Times. Kohno previously studied the vulnerability to hacking of networked computers and voting machines.