Can your cardiac device be hacked?

February 20, 2018, American College of Cardiology
Credit: CC0 Public Domain

Medical devices, including cardiovascular implantable electronic devices could be at risk for hacking. In a paper publishing online today in the Journal of the American College of Cardiology, the American College of Cardiology's Electrophysiology Council examines the potential risk to patients and outlines how to improve cybersecurity in these devices.

Cybersecurity in the medical field refers to the integration of medical devices, computer networks and software. While there have been no actual clinical reports of malicious or inadvertent hacking or malware attacks affecting cardiac devices, recent reports have discovered this possibility. Reasons for hacking include political, financial, social and personal motives. Devices can be hacked locally or remotely. The Food and Drug Administration has issued both pre-market and post-market guidance for the security of medical devices and legislative proposals related to medical device security have been advanced in the U.S. Congress.

"True cybersecurity begins at the point of designing protected software from the outset, and requires the integration of multiple stakeholders, including software experts, security experts and medical advisors," said Dhanunjaya R. Lakkireddy MD, professor of medicine at the University of Kansas Hospital, a member of the Electrophysiology Council and the corresponding author of the paper.

Medical devices have been targets of hacking for over a decade. The increasing number of using software has created the need to protect devices from intentional harmful interference on their normal functioning. Advanced between health care providers and patients' devices have created the theoretical possibility for the deactivation of features, the alteration of programming, and the delaying, interfering or interrupting of communications.

There are a number of possible clinical consequences that may result from the hacking of a cardiac device. In patients with pacemakers, concerns mostly consist of oversensing or battery depletion. For patients with implantable cardioverter-defibrillators (ICDs), it is possible for hackers to interrupt wireless communications, inhibiting the value of telemonitoring and allowing any clinically relevant events to go undetected by the system. Oversensing may inhibit pacing or result in inappropriate or life-threatening shocks. Battery depletion can lead to a device being unable to deliver therapies during life-threatening arrhythmias.

"At this time, there is no evidence that one can reprogram a cardiovascular implantable electronic device or change device settings in any form," Lakkireddy said. "The likelihood of an individual hacker successfully affecting a cardiovascular implantable electronic device or being able to target a specific patient is very low. A more likely scenario is that of a malware or ransomware attack affecting a hospital network and inhibiting communication."

The council said that cybersecurity needs should also be addressed during product testing both pre- and post-market. Because cyber vulnerabilities can emerge quickly, strong post-market processes must be in place to monitor the environment for new vulnerabilities and to respond in a timely manner. The council suggests that firmware may be useful in devices with possible vulnerabilities. Physicians who manage cardiac devices should be aware of both documented and possible cybersecurity risks. Systems should be established to communicate updates in these areas quickly and in an understandable way to the rest of the clinical team that manage with devices.

The council members said they do not feel that enhanced monitoring or elective device replacement is necessary at this time.

"Given the lack of evidence that hacking of cardiac devices is a relevant clinical problem, coupled with evidence of the benefits of remote monitoring, one should exercise caution in depriving a patient of the clear benefit of remote monitoring," Lakkireddy said.

Explore further: Paper evaluates hacking vulnerabilities in pacemaker systems

More information: Journal of the American College of Cardiology (2018). DOI: 10.1016/j.jacc.2018.01.023

Related Stories

Paper evaluates hacking vulnerabilities in pacemaker systems

May 30, 2017
(Tech Xplore)—What's wrong with pacemakers? Actually, the issue of security gets to the heart of the matter.

Abbott: New pacemaker firmware update addresses vulnerabilities

September 1, 2017
(Tech Xplore)—Regarding cybersecurity vulnerabilities identified in Abbott's (formerly St. Jude Medical's) implantable cardiac pacemakers, the US Food and Drug Administration issued a firmware update dated August 29.

New frontier for cybersecurity: your body

June 23, 2013
So far, the idea of hacking into medical devices has been limited to fiction and hacker demonstrations.

US warns of cyber attacks on medical devices

June 13, 2013
US authorities on Thursday warned makers of medical devices and hospital networks to step up efforts to guard against potential cyber attacks.

Recommended for you

New cellular pathway helps explain how inflammation leads to artery disease

June 21, 2018
Investigators have identified a new cellular pathway that may help explain how arterial inflammation develops into atherosclerosis—deposits of cholesterol, fats and other substances that create plaque, clog arteries and ...

'Smart stent' detects narrowing of arteries

June 19, 2018
For every three individuals who have had a stent implanted to keep clogged arteries open and prevent a heart attack, at least one will experience restenosis—the renewed narrowing of the artery due to plaque buildup or scarring—which ...

Marriage may protect against heart disease / stroke and associated risk of death

June 18, 2018
Marriage may protect against the development of heart disease/stroke as well as influencing who is more likely to die of it, suggests a pooled analysis of the available data, published online in the journal Heart.

Deaths from cardiac arrest are misclassified, overestimated

June 18, 2018
Forty percent of deaths attributed to cardiac arrest are not sudden or unexpected, and nearly half of the remainder are not arrhythmic—the only situation in which CPR and defibrillators are effective—according to an analysis ...

Tick-borne meat sensitivity linked to heart disease

June 15, 2018
University of Virginia School of Medicine researchers have linked sensitivity to an allergen in red meat—a sensitivity spread by tick bites—with a buildup of fatty plaque in the arteries of the heart. This buildup may ...

The molecules that energize babies' hearts

June 14, 2018
A metabolic process that provides heart muscle with energy fails to mature in newborns with thickened heart walls, according to a Japan–Canada research team.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.