As the technology that powers medical implants grows more and more complex, researchers warn that they could become a prime target for cybersecurity intrusions. A new paper published in the Journal of the American College of Cardiology focuses on the potential risk of medical implants like pacemakers to be hacked by individuals seeking to cause trouble. The study brings some good news, but also urges caution in the design of future medical devices.
At the moment, the vast majority of medical implants are “dumb,” meaning that they have limited remote connectivity and cannot be accessed or altered by a would-be hacker. However, some newer implants feature remote monitoring features that allow doctors to keep an eye on a patient’s wellbeing without requiring them to visit a clinic, and it’s features like those which could offer a gateway for bad actors wishing to do harm.
“True cybersecurity begins at the point of designing protected software from the outset, and requires the integration of multiple stakeholders, including software experts, security experts and medical advisors,” Dhanunjaya R. Lakkireddy MD, of the University of Kansas Hospital, and co-author of the paper, explains. The doctor’s urgency for forward-looking security features is shared by many in the medical community, as well as the patients themselves.
The risks of a potentially hackable medical implant are huge. Medical devices that can have their settings tweaked remotely are obviously the most serious targets, but even implants which simply relay information could be at risk of exploits that would drain their batteries, leaving patients vulnerable. However, while the theoretical dangers are many, doctors have yet to see any widespread issues pop up in real-world scenarios.
“The likelihood of an individual hacker successfully affecting a cardiovascular implantable electronic device or being able to target a specific patient is very low,” Lakkireddy notes. “A more likely scenario is that of a malware or ransomware attack affecting a hospital network and inhibiting communication.”
Looking to the future, the paper urges researchers and medical professionals to demonstrate extreme caution in the design and implementation of medical systems that could be remotely accessed. The danger may not be serious yet, but as more and more medical implants embrace wireless diagnostic and tracking features they will almost certainly become a larger target.