|
 Medical devices have been targets of hacking attacks for over a
decade, physicians note in a paper published in the Journal of the
American College of Cardiology. The increasing popularity of devices
using software and wireless communications has created a rising risk
that hackers might reprogram devices to make them work improperly,
interrupt the relay of information needed for doctors to monitor
patients remotely, or prematurely drain the batteries, cardiologists
write.
“Most of these are theoretical risks,” said Dr. Dhanunjaya
Lakkireddy of the University of Kansas Hospital in Kansas City, the
senior author of the paper.
“There has not been a documented case of a cardiac device hacked in
a real patient,” Lakkireddy said by email. “Someone actually
blocking or altering the performance of medical devices to harm a
patient is only limited to TV series and movies at this point.”
With implanted cardiac devices, U.S. regulators have warned
manufacturers about the vulnerability of remote monitoring and the
potential for communications to be interrupted or delayed or for
cybersecurity breaches to lead to malfunctions and battery drainage,
cardiologists note.
For pacemakers that help the heart pump the right way, there’s a
concern that hacking might result in sudden irregular heart rhythm
that could be fatal.
Defibrillators that are implanted to prevent deaths from cardiac
arrest are also vulnerable to hacking and could deliver unnecessary
shocks to the heart or fail to respond with need shocks.
The only sure-fire way to reduce the risk of hacking is to use
devices that aren’t designed to permit remote software updates or
wireless communications. But patients benefit from these
technologies because the remote access can make devices work better
and allow for updates and adjustments without repeat surgery.
“The risk associated with medical complications resulting from not
using the medical device outweighs the risk of the device being
maliciously hacked,” said Ali Youssef, principal mobility architect
in information technology at the Henry Ford Health System in
Detroit.
In reality, privacy should be a bigger worry than the potential for
hackers to manipulate devices to intentionally harm patients,
Youssef, who wasn’t involved in the paper, said by email.
“The biggest threat to patients is hackers intercepting, and
modifying data going to or coming from a medical device,” Youssef
added. “If this is undetected by the cybersecurity staff, it can
have an impact on the patient record and ultimately lead to
unnecessary procedures or medication prescriptions.”
[to top of second column] |
It may never be possible to make implanted medical devices
completely impervious to hackers, and doctors should discuss this
risk with patients, said Richard Sutton of the National Heart & Lung
Institute and Imperial College London in the UK.
“The connectivity of devices has been a huge positive revolution in
the care of these patients,” Sutton, who wasn’t involved in the
paper, said by email. “To remove this now would be putting back the
clock.”
A computer virus may be a more likely threat than a malicious hacker
effort, noted Kevin Fu, a researcher in electrical engineering and
computer science at the University of Michigan in Ann Arbor.
“Although hacking cardiac implants was demonstrated a decade ago,
I’m more concerned about boring things like an old computer virus
that unintentionally shuts down global operations of remote cardiac
telemetry for hundreds of thousands of patients at once,” Fu, who
wasn’t involved in the paper, said by email.
While limiting remote interactions with implantable cardiac devices
might minimize any risk of security breaches, the lack of evidence
to date that hackers have directly harmed patients dictates that
doctors focus instead on the numerous health benefits of connected
devices, cardiologists argue in the paper.
“Like with so many rapidly evolving technologies, we haven't even
conceived many of the ultimate advantages of connected implanted
devices,” said Dr. David Armstrong of the University of Arizona
College of Medicine in Tucson.
“Certainly, the ability for a patient and his or her clinician to
monitor status continuously will yield many more opportunities to
personalize care and will also likely reduce time to treatment of
acute or chronic events,” Armstrong, who wasn’t involved in the
paper, said by email.
“There is absolutely no cause for panic,” Armstrong continued. “The
added stress from worrying about having your device medjacked likely
increases your risk for a heart attack a whole lot more than the
risk itself.”
SOURCE: http://bit.ly/2of4JRk Journal of the American College of
Cardiology, online February 20, 2018.
[© 2018 Thomson Reuters. All rights
reserved.] Copyright 2018 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
