« Visual Anaesthesia — by Tina Roeder | Home | What is it? »
June 04, 2008
BehindTheMedspeak: 'Can a heart be hacked?' — Episode 2: 'You bet'
When we first touched on this fascinating development in Episode 1 back on March 13, 2008, it was noted that many heart specialists were upset with the research group led by Harvard cardiologist William Maisel having gone public with its findings.
"They feared that it would needlessly worry people who had defibrillators and pacemakers or, even worse, scare off people who should get them," wrote Carrie Peyton Dahlberg in a May 17, 2008 Sacramento Bee story.
The question in the headline up top appeared over yesterday's republication of the Dahlberg's story in the Washington Post Health section.
Word travels slow to the hinterlands.
But I digress.
Long story short: Maisel's group, using off-the-shelf equipment, was able to hack pacemakers wirelessly from an inch outside the body.
"... team members... declined to comment on whether they're trying to alter the device from farther away."
Ha.
My best guess is that DARPA and the skunk works crews at the CIA, DIA and innumerable other intelligence agencies both here and abroad already have the capability to stop a pacemaker from across a room and perhaps from up to a mile away.
Look for very, very deep black ops to enable first unmanned aircraft (UAVs) and ultimately orbiting satellites to do the same thing.
Talk about no fingerprints....
Here's Dahlberg's story from the Bee.
- To make a security point, hackers tweak an implantable pacemaker
It's not something your doctors want you to worry about. Really.
Still, it's unsettling: With enough time, energy and expertise, a pacemaker can be hacked.
Implanted devices that keep ailing hearts beating steadily need better protection, the team that hacked into one is telling regulators and manufacturers.
"This is not an important risk for patients right now," said Dr. William Maisel, a Harvard cardiologist who specializes in heart rhythms. "We just want the industry to be thoughtful about where we as a society are going with these devices."
Maisel worked with computer experts from Amherst and the University of Washington to demonstrate that an implantable defibrillator could be altered remotely to deliver a dangerous shock, or withhold a potentially lifesaving one.
The group will present its findings Monday [May 19, 2008] in Oakland, at a symposium on security and privacy being put on by IEEE, a technology association.
It's a timely subject. The electronic gear that can be put inside the human body is becoming more versatile and easier to operate from afar. Pacemakers can send signals to bedside monitors that then send data to doctors. Some devices can be quickly detected and reprogrammed in an emergency room, potentially saving an unconscious patient's life.
Along with pacemakers, implanted since the 1960s to generate electrical pulses that regulate heartbeats, newer devices include defibrillators that can reset a dangerously fluttering heart, nerve stimulators for pain control and deep brain stimulators to treat some movement disorders. All are inserted surgically, but can later be reprogrammed from outside the body. That adjusting usually happens in a doctor's office or hospital.
Yet some remarkable changes are on the horizon, said Dr. Larry Wolff, a UC Davis Medical School professor who specializes in implanting defibrillators. "I believe over time we could make programming changes on the telephone," he said, although that's not possible now.
There is no known case of malicious tampering with a device inside someone's body.
The Medical Device Security Center, a collaboration of researchers from three universities, tinkered with one on a lab table, after buying $30,000 worth of commercially available equipment to assist the hacking.
Researchers ran tests that deduced how a particular defibrillator worked. They used that information to alter it from less than an inch away. Potentially, they said, an attacker could disrupt heartbeats, dangerously drain a battery, or even extract private medical information.
"We know that a doctor is capable of doing this," said Kevin Fu, a computer science professor at the University of Massachusetts, Amherst. "Experts like ourselves know how to do it. The question is, what's the lowest bar?"
While the initial work was done at very close quarters, team members doing additional studies declined to comment on whether they're trying to alter the device from farther away.
Dr. David Steinhaus, medical director for the cardiac rhythm disease branch of Medtronic, a leading implant maker, said his company's engineers are looking hard at security issues, but there's a trade-off.
"These are lifesaving devices" that must be quickly and easily accessed in emergencies, he said. "Anything I do to make it more secure, makes it less usable."
The medical security group suggests various strategies, including making implants better able to recognize unauthorized signals and capable of alerting patients to unwanted interference.
Last month the group discussed its findings with the federal Food and Drug Administration and a trade association for implanted devices.
In March, when the group posted its paper online, most doctors Maisel spoke with were "upset that we were doing this kind of work and reporting on it."
They feared it would needlessly worry people who had defibrillators and pacemakers — or even worse, scare off people who should get them.
Today, he said, he senses people coming around to what he's been saying all along: The time is now to build in better security, before even more sophisticated equipment is deployed.
Any erstwhile mystery writers out there, here's your twist: run with it.
Ricin-tipped umbrellas are so last century.
Maybe I should've trademarked or copyrighted "Heartbeat-B-Gone" when it occurred to me back in March.
Oh, well.
You do it.
Pretend you thought it up, I'll confirm it.
Bizarro World, indeed.
June 4, 2008 at 02:01 PM | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c5dea53ef00e5529e3c518833
Listed below are links to weblogs that reference BehindTheMedspeak: 'Can a heart be hacked?' — Episode 2: 'You bet':
Comments
Already in fiction: http://www.amazon.com/Rain-Fall-John-Thrillers/dp/045120915X/ref=sr_1_2?ie=UTF8&s=books&qid=1212605212&sr=8-2
Posted by: mattp9 | Jun 4, 2008 2:48:34 PM
Apparently, if there is a pacemaker, there's a way. I can only wonder at the list of world leaders sporting one that has been drawn up somewhere for the obviously nefarious reasons. The Markov story was a fascinating read. The things one learns at your blog...
Posted by: Milena Castulovich | Jun 4, 2008 2:42:29 PM
