Implanted Devices Can Be Hacked, Manufacturers ‘Can Do Better’

Implantable medical devices such as pacemakers, drug pumps and implantable cardioverter defibrillators (ICDs) face hacking risks, which can threaten patient safety and privacy, a new study finds.

These devices use embedded computers and radios, which could be used to extract private medical information or even reprogram the devices without patients’ knowledge, according to a study presented at an Institute of Electrical and Electronic Engineers Symposium.

There are some safeguards in place, “but device manufacturers can do better,” William Maisel, one of the researchers, said.

The study authors conducted several “attacks” on a common ICD model, which included pacemaker technology and communicated wirelessly with a nearby external programmer. Using an inexpensive software radio to intercept the device’s outgoing signals, researchers delivered a shock to a hypothetical patient, which could result in a lethal arrhythmia.

The researchers predict this issue will become more urgent as ICDs are able to operate wirelessly at greater distances.