Security Experts: Hackers Could Target Pacemakers

Professors say FDA should step up security measures on medical devices.

ByABC News
March 31, 2010, 7:09 PM

April 1, 2010— -- People these days may fear hackers are eyeing their home computers, their work computers or even the computers in their phones.

But computer security experts are worried about hackers who might one day go after computers in people's bodies. After all, medical devices designed to deliver medicine or help heart conditions are so high tech that experts consider them small computers with wireless capabilities that can run software.

"I think the risk to patients today is extremely low," said Dr. Tadayoshi Kohno, co-author of an article about the security of implantable devices published Wednesday in the New England Journal of Medicine.

"I would have no qualms about getting one of the devices on the market now if I needed them," Kohno said. "I think it's preparing for the unexpected [that matters]. ... The last thing we want is, in five or 10 years, to think, 'Oops we should have thought about security.'"

One such implantable device is an implantable cardioverter defibrillator, or ICD. More than 135,000 patients receive these defibrillators each year to prevent sudden heart attacks.

Doctors now can program ICDs to monitor someone's heart condition and send the right level of electrical shock to get the heart beating properly or deliver data about that person's heart rhythms to a doctor. But recently researchers have been able to demonstrate how a malicious hacker could potentially trigger the device to malfunction, delivering a dangerous shock.

What's more, people with ICDs often are public about them. Former Vice President Dick Cheney is one example of a high-profile American with a device.

Kohno and co-author Dr. William Maisel of the Cardiovascular Institute of Beth Israel Deaconess Medical Center in Boston have called for the U.S. Food and Drug administration regulate and to work with medical device manufacturers to stop potential security breaches in a variety of wireless, implantable devices such as pacemakers or insulin pumps.

The worry, according to Kohno, is of potential security leaks in an ever increasing network of wireless computers around us -- especially in devices most people don't think of as computers.

"We're seeing computers in our picture frames in our walls," Kohno said. "We're seeing computers in our cars. We are seeing computers in our bodies.

"As computers start surrounding us they start talking to each other," said Kohno, referring to wireless communication.