Wearing an implantable pacemaker or cardiac defibrillator equipped with wireless technology can make life a lot simpler for heart patients. Wireless technology gives physicians the ability to perform remote device checks, freeing the patient from time-consuming and potentially costly office visits. However, according to a team of researchers from three prominent universities, such devices could also make life more complicated by exposing a patientâ€™s confidential medical information to theft or, even worse, allowing unauthorized hackers to tamper with or reprogram the devices.
Working in a laboratory environment, the team used an inexpensive software radio to capture signals sent from an implantable cardiac defibrillator. In addition to determining the make and model number of the unit, the researchers were able to gather detailed personal information about a hypothetical patient including name, date of birth, medical ID number, and diagnosis. They were also able to access real-time electrocardiogram results; turn off therapy settings stored in the device, rendering it incapable of responding to dangerous cardiac events; and even deliver a shock capable of inducing ventricular fibrillation, a potentially lethal arrhythmia.
To date there have been no known cases of a patient with an implantable cardiac defibrillator or pacemaker being targeted by hackers. The purpose of the experiment, according to the researchers, was to identify potential problems so that the industry can proactively take the necessary steps to prevent them.