Healthcare Technology Featured Article

September 17, 2013

Could Hackers Target Implanted Medical Devices? Not with 'Heartbeat Authentication' Tech

We’re getting used to the nuisance that is malicious hacking. We’ve had databases with our personal information hacked, we’ve had our cell phones and tablets hacked, we’ve had our work networks attacked. We’ve seen attempts to hack into our home Wi-Fi networks and our video baby monitors, and not a week goes by that someone doesn’t try to hack into critical government and municipal networks that control (for example) electric grids or air traffic control.

But given that more of the world is becoming wirelessly networked, there are some truly terrifying prospects when it comes to the hacking of the most personal devices: implanted pacemakers, defibrillators or insulin pumps, for example.

Many implanted medical devices have wireless capabilities that allow healthcare professionals to monitor patients remotely. Unfortunately, this leaves them open to risk of malicious hacking: a defibrillator might be reprogrammed not to respond as it was designed to do if a cardiac patient’s heart stops.

Though it sounds like the plot of a movie with Tom Cruise or Ben Affleck, the risks are real, and the medical technology industry is looking for ways to combat it. Researchers from Rice University and the security company RSA have developed a method that would ensure that anyone attempting to reprogram an implanted device is actually physically present with the patient, according to an article in MIT Technology Review.

“Using the new method, a doctor holds a device against the patient’s body, and takes a direct reading of the heartbeat,” wrote MIT Technology Review’s David Talbot. “The device reads the patient’s heartbeat and compares it to one relayed in a wireless signal from the implant, and then confirms that the signals match. The wireless exchange of the heartbeat signal is encrypted, thwarting any attempt to hijack the communications during the exchange.”

While this might not prevent greedy Cousin Albert from sabotaging grandpa’s pacemaker in order to come into the family legacy a little sooner, it would certainly ensure that hackers in remote locations aren’t attempting to interfere with medical devices for fun.

Researchers say that authentication via heartbeat is quick…something patients with implanted medical devices require. (Imagine the doctor desperately trying to remember his or her user name or password before the patient could be helped.) It’s also relatively foolproof: because the live heartbeat and the heartbeat from the device must match precisely, it would prevent a hacker from using a recorded heartbeat (perhaps lifted from a patient’s EKG) to try and circumvent the system.

So while the idea may make for a great Hollywood plot – teams of hackers threatening to shut down all the implanted medical devices in the nation if they don’t get the secret launch codes – the fact that the problem is being addressed before disaster strikes is likely a relief for medical patients everywhere.

Edited by Alisen Downey
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]