A common new technology for monitoring defibrillators is vulnerable to hacking and even to reprogramming that could stop the devices from delivering a lifesaving shock, according to research to be released Wednesday.
In the past couple years, more than 100,000 patients in the U.S. alone have been implanted with newer devices that reduce medical visits by sending information on a patient to a bedside monitor that then sends the data to a doctor, usually once a day.
In the model researchers studied, transmissions from the defibrillator to the bedside monitor are not encrypted, which means that someone intercepting the transmissions could retrieve such data as the patient's birth date, medical ID number and, in some cases, Social Security number.
As the technology spreads to more medical devices, including pacemakers, spinal cord stimulators and hearing implants — and as the range of the devices' radio signals increase — the researchers predict patients' data will face increasing risks.
"There will be more implanted devices and more wireless capabilities and transmissions over greater distances," said Dr. William Maisel, one of the study's authors and a Harvard-affiliated director of the Medical Device Safety Institute at Beth Israel Deaconess Medical Center in Boston.
A Food and Drug Administration spokeswoman acknowledged a hacker could use specialized software and a small antenna to intercept transmissions from a defibrillator.
But she said the chance of that happening — or of a defibrillator being maliciously reprogrammed using a technique similar to the one a doctor would use to program it — was "remote."
"The benefits clearly outweigh the risks," said FDA spokeswoman Peper Long.
Defibrillators use electrical shocks to restore a normal heart beat when they detect arrhythmia or other abnormalities.
Bruce Lindsay, an electrophysiologist at the Cleveland Clinic and president of the Heart Rhythm Society, said defibrillator transmissions are "not designed to withstand terrorist attacks."
"But I don't think the findings have any great clinical significance," Lindsay said. "To hack the system, you have to get the programmer right up against the patient's chest. It's not as if somebody could do this from down the street."
The chief defibrillator makers are Medtronic Inc., Boston Scientific Corp. and St. Jude Medical Inc. It was Medtronic's Maximo defibrillator that Maisel's team studied.
Medtronic spokesman Rob Clark said the risk of any "deliberate, malicious or unauthorized manipulation of a device is extremely low." Future versions capable of transmitting signals as far as 30 feet from a patient will incorporate stronger security, he said.
Boston Scientific said in a statement that its defibrillators "incorporate encryption and security technologies designed to mitigate these risks," including measures to prevent unauthorized reprogramming.
St. Jude said, "As the study points out, the likelihood of unauthorized or illegal manipulation of an implantable device is extremely remote, and St. Jude Medical is not aware of such an event with our devices."
"Our issues are less with the current generation of devices than with where we see the industry going with implanted medical devices," said Maisel, whose team included computer scientists from the University of Massachusetts at Amherst and the University of Washington.
Maisel and fellow author Tadayoshi Kohno — a University of Washington assistant professor who co-led a 2003 study that raised questions about the security of an electronic voting system — acknowledged that no hacking has been documented.
Their study is to be presented and published May 19 at a conference of the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy.