Cardiac medical devices could be at risk to hacking

Medical devices, including cardioverter defibrillators and pacemakers, could be at risk to hacking and potential cause life-threatening events, according to a study published online Feb. 20 in the Journal of the American College of Cardiology.

Though no known cases of malicious hacking or malware attack on cardiac devices exist, reports confirmed the possibility of such events. In this study, the American College of Cardiology (ACC)'s Electrophysiology Council examined the current risk to medical devices and outlined recommendations to improve cybersecurity.

"True cybersecurity begins at the point of designing protected software from the outset, and requires the integration of multiple stakeholders, including software experts, security experts and medical advisors," said Dhanunjaya R. Lakkireddy MD, a professor of medicine at the University of Kansas Hospital and the corresponding author.

Hacking into a patient’s cardiovascular medical device can create many problems. Patients with pacemakers are mainly concerned with the oversensing of battery depletion. Those with implantable cardioverter-defibrillators (ICDs) fear a disruption in wireless communications allowing clinical events to occur undetected.

"At this time, there is no evidence that one can reprogram a cardiovascular implantable electronic device or change device settings in any form," Lakkireddy said. "The likelihood of an individual hacker successfully affecting a cardiovascular implantable electronic device or being able to target a specific patient is very low. A more likely scenario is that of a malware or ransomware attack affecting a hospital network and inhibiting communication."

Recommendations to the improvement of cybersecurity by the council included monitoring the environment for new vulnerability to respond in an efficient manner, utilizing firmware in devices with possible vulnerabilities, raising awareness in physicians about device risk and establishing systems of communication for updates.

"Given the lack of evidence that hacking of cardiac devices is a relevant clinical problem, coupled with evidence of the benefits of remote monitoring, one should exercise caution in depriving a patient of the clear benefit of remote monitoring," Lakkireddy said.

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup