Implanted defibrillator/pacemaker susceptible to wireless hacks
The Medical Device Security Center released their report “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses” which shows that they were able to gain wireless access to an implantable cardioverter defibrillator (ICD) using a laboratory simulator. They were able to program it to shut down, deliver shocks, as well as collect patient data.
Their method involved using a Medtronic Maximo, an ICD (implantable cardiodefibrillator), released in the US in 2003. “After partially reverse-engineering the ICD’s communications protocol with an oscilloscope and a software radio, we implemented several software radio-based attacks that could compromise patient safety and patient privacy.”
The researchers then came up with possible solutions they call "zero-power security." "Zero power" refers to fact that they wouldn't drain the device's battery but would use energy from the incoming signal to power these features.
"Zero-power notification" is their strategy for a device that would alert the patient if and when their implanted medical device (IMD) was being hacked, by using either sound or vibration. They also envision using better authentication from an external device and encrypting data transmitted from the device.
Below is the wireless identification and sensing platform (WISP) prototype the researchers created to test this concept. The wires from the circuit are attached to "a piezo-element that can audibly warn a patient of security-sensitive events."
The WISP was placed in a sack of bacon and ground beef to simulate human chest tissue so that they could test their zero-power security features.
Medtronic acknowledged the report's findings but said the risk to patients was low. The company said it was gradually increasing the sophistication of devices to prevent unauthorized people from tampering with defibrillators, but said it was necessary to balance security with other factors. For example, if each defibrillator had its own password to prevent unauthorized access, a doctor might not be able to control it in an emergency situation, the company said.
It's interesting that in the same article Boston Scientific says that it uses encryption for its ICDs, and *doubts* that they can be hacked.
The WSJ Business Technology Blog cites this study from Cisco Systems where they surveyed 307 healthcare IT managers:
The survey reported that 16% of respondents had a security breach at their organization in the last six months; 24% reported a breach in the past 12 months.
This data might have a tenuous connection to the of security of IMDs, but it does suggest that security standards will need to be implemented across the entire spectrum of wireless medical devices.