Could implanted medical devices be hacked?BMJ 2020; 368 doi: https://doi.org/10.1136/bmj.m102 (Published 14 January 2020) Cite this as: BMJ 2020;368:m102
- Jo Best, freelance writer
- London, UK
“Many implantable devices, probably virtually all of them, have some sort of security vulnerability or potential vulnerability, or haven't been designed with security in mind,” says Bill Aerts, executive director of the University of Michigan’s Archimedes Center for Medical Device Security. “The thing that makes them potentially vulnerable is that they have to communicate with systems outside the body.”
A growing number of electronic devices are being implanted into patients, and these are increasingly likely to include some form of wireless connectivity. The devices communicate not only with hospital systems, so clinicians can update them remotely and gather data on patients’ conditions, but also with consumer electronics such as smartphones, so patients can monitor their progress.
These connected devices could bring security hazards that put patients at risk, in theory at least. So far, despite several alerts warning of vulnerabilities in medical devices, there have been no real world attacks and no patients are known to have come to harm.
Security flaws have been found in several implantable devices that could allow their functioning to be changed—for example, increasing or decreasing the flow of insulin from an insulin pump or adjusting the pacing in a pacemaker.
The threat, though theoretical, was considered serious even back in 2013, when the former US vice president Dick Cheney had the wireless connectivity in his pacemaker turned off because of fears it could be hacked and put his life at risk.1
Last year, the US Food and Drug Administration warned users of Medtronic implantable cardioverter defibrillators that a flaw had been found in several devices2 that could have allowed an unauthorised person to access and manipulate them. A similar …