What once seemed to be a far-off science fiction fantasy, is increasingly, however, becoming real. For years, surgeons have been replacing human body parts with donor-supplied biological alternatives: transplanting, for example, a human heart, kidney or liver from a deceased individual and place it into a living donor. These procedures would have been unthinkable just 50 years ago, yet are now common place.
The business of replacing body parts is not new. For example, the cultural image of a pirate with a “peg-leg” and a hook for an arm have been ingrained in our collective minds for some time. Yet vast improvements in prosthetics have been made since those days of yore. In fact, today’s modern prosthetics are complicated devices. Some even contain robotic components that are linked to biosensors capable of detecting signals from the human user’s nervous and muscular systems. These signals can be relayed to the replacement prosthetic limb and, carry out the desired bio-mechanical activity. Thus today there is not just one bionic man to speak of, but many bionic men and woman who walk the earth.
As medical science progressed, entirely artificial organs have been created and implanted into human beings. Those alive in the 1980’s will recall the enormous global fanfare received by Dr. Barney Clark and his artificial heart. Dr. Clark was kept alive with the Jarvik 7 artificial heart for 112 days–a medical miracle at the time. Since then, vast improvements have been made in artificial body parts, making them smaller and more technically advanced.
While the simplicity of past prosthetic devices such as Captain Hook’s replacement hand was easily understood and thus could be fully controlled by the device’s end-user, that changed over time. As evidenced with Barney Clark’s artificial heart, the heart itself was connected to a phalanx of back-end technology which took-up most of an entire hospital room. While the artificial heart lied in Dr. Clark’s chest doing its work, it was attached to a number of external devices that physicians would visit in his hospital room to control the heart’s activities.
In the age of Moore’s law and computer miniaturization, it should come as no surprise that these devices have shrunk significantly. Now, for example, a heart’s pacemaker may be place wholly in a self-contained apparatus resting entirely within the human chest. There is no need for the constant connection to external devices, nor for the team of physicians to monitor the device at patient’s bedside. Now it is possible, for example for a heart pacemaker to work on its own, based upon a set of pre-established operating instructions. In fact, in the United States alone, hundreds of thousands of internal heart defibrillators have been implanted to regulate the damaged hearts of patients needing such assistance, including former US Vice President Dick Cheney. In the case of the Vice President, and when other well-known celebrities have these medical devices implanted in them, could they become the subject of “surgically” targeted attacks?
Unlike previous medical devices, the latest generation can be controlled automatically or remotely over the Internet. The benefits are obvious–they allow patients much greater mobility and the need for daily trips to a doctor’s office are obviated. In addition, these devices can dramatically lower health care costs, guaranteeing their wider user and acceptance moving forward.
These cost savings have lead to an increase in remote patient monitoring systems, which are proliferating beyond heart-beat regulation to other medical conditions, such as diabetic insulin pumps. While these developments will undoubtedly help patients and improve the quality of their lives, insufficient attention is being paid to the security of artificial medical devices.
While nobody worried about the 6 Million Dollar Man being hacked, the time has come to seriously consider the security protocols, or lack thereof, of today’s modern medical devices. As the story below indicates, the integration of technology into the human body has created opportunities for newer and more serious forms computer crime and hacking. In the past, a hacker might have been able to illegally enter a desktop computer system, read a targets personal data or even gain control of another person’s financial accounts. In comparison to the potential threat from Internet-based medical devices, the threats from “old-school” hacking seem mild by comparison.
As technology is increasingly integrated with the human body, what forms of next generation criminal activity will be possible? An insulin pump connected to the Internet means a patients insulin levels might be tampered with to cause diabetic coma, shock and even death. An extra, and unnecessary, jolt from a pacemaker could lead to cardiac-arrest. Most of these deaths would likely appear common in nature (given the poor pre-existing medical conditions of the victims). Even if a case were to go to the coroner’s office for review, how many public medical examiners would be capable of conducting a complex computer forensics investigation? The evidence of medical device tampering might not even be located on the body, where the coroner is accustomed to finding it, but rather might be thousands of kilometers away, across an ocean on a foreign computer server.
The rapid advances in medical technology, paired with the relative paltry consideration of security in medical devices, should be a wake-up call for those that build and implement these life-saving technologies. Given the public health issues at-stake, a closer regulatory approach should be considered as well as vigorous public discussion. Unless some steps are taken now to deal with medical device security, a whole generation of devices may be implanted which are subject to remote tampering and interference. Repairing the existing security holes would likely be more complex than downloading the latest “patch” from the manufacturer. It might mean the necessity of a second surgical procedure to remove or upgrade an insecure device.
In the near future, the need to deal with medical device security will take on a greater sense of urgency, given the coming explosion in medical nanotechnology or nanomedicine. While the development of these technologies will surely alleviate human suffering and disease, unless the important security-related issues of integrated human-machine interaction are addressed, society may be confronted with a whole new meaning of the term “heart attack.”
A Heart Device Is Found Vulnerable to Hacker Attacks
By Barnaby J. Feder
The New York Times
March 12, 2008
To the long list of objects vulnerable to attack by computer hackers, add the human heart.
The threat seems largely theoretical. But a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.
They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal — if the device had been in a person. In this case, the researcher were hacking into a device in a laboratory.
The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic, the device’s maker, had embedded in the implant as a way to let doctors monitor and adjust it without surgery.
The report, to published at www.secure-medicine.org, makes clear that the hundreds of thousands of people in this country with implanted defibrillators or pacemakers to regulate their damaged hearts — they include Vice President Dick Cheney — have no need yet to fear hackers. The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data gathered from the implant’s signals. And the device the researchers tested, a combination defibrillator and pacemaker called the Maximo, was placed within two inches of the test gear.
Defibrillators shock hearts that are beating chaotically and dangerously back into normal rhythms. Pacemakers use gentle stimulation to slow or speed up the heart. Federal regulators said no security breaches of such medical implants had ever been reported to them.
The researchers said they chose Medtronic’s Maximo because they considered the device typical of many implants with wireless communications features. Radios have been used in implants for decades to enable doctors to test them during office visits. But device makers have begun designing them to connect to the Internet, which allows doctors to monitor patients from remote locations.
The researchers said the test results suggested that too little attention was being paid to security in the growing number of medical implants being equipped with communications capabilities.
“The risks to patients now are very low, but I worry that they could increase in the future,” said Tadayoshi Kohno, a lead researcher on the project at the University of Washington, who has studied vulnerability to hacking of networked computers and voting machines.
The paper summarizing the research is called “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.” The last part refers to defensive possibilities the researchers outlined that they say would enhance security without draining an implant’s battery. They include methods for warning a patient of tampering or requiring that an incoming signal be authenticated, using energy harvested from the incoming signals.
But Mr. Kohno and Kevin Fu, who led the University of Massachusetts arm of the project, said they had not tried to test the defenses in an actual implant or to learn if anyone trying to use them might run afoul of existing patent claims.
Another participant in the project, Dr. William H. Maisel, a cardiologist who is director of the Medical Device Safety Institute at the Beth Israel Deaconess Medical Center in Boston, said that the results had been shared last month with the F.D.A., but not with Medtronic.
“We feel this is an industry-wide issue best handled by the F.D.A.,” Dr. Maisel said.
The F.D.A. had already begun stepping up scrutiny of radio devices in implants. But the agency’s focus has been primarily on whether unintentional interference from other equipment might compromise the safety or reliability of the radio-equipped medical implants. In a document published in January, the agency included security in a list of concerns about wireless technology that device makers needed to address.
Medtronic, the industry leader in cardiac regulating implants, said Tuesday that it welcomed the chance to look at security issues with doctors, regulators and researchers, adding that it had never encountered illegal or unauthorized hacking of its devices that have telemetry, or wireless control, capabilities.
“To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide,” a Medtronic spokesman, Robert Clark, said. Mr. Clark added that newer implants with longer transmission ranges than Maximo also had enhanced security.
Boston Scientific, whose Guidant division ranks second behind Medtronic, said its implants “incorporate encryption and security technologies designed to mitigate these risks.”
St. Jude Medical, the third major defibrillator company, said it used “proprietary techniques” to protect the security of its implants and had not heard of any unauthorized or illegal manipulation of them.
Dr. Maisel urged that patients not be alarmed by the discussion of security flaws. “Patients who have the devices are far better off having these devices than not having them,” he said. “If I needed a defibrillator, I’d ask for one with wireless technology.”