Heart Devices Vulnerable to Hacking: Here’s How to Protect Yourself

Heart Devices Vulnerable to Hacking: Here’s How to Protect Yourself


In a recent episode of the television series “Homeland,” hack into a pacemaker to kill their target. Now, experts say that scenario isn’t as far-fetched as you might think. In fact, the U.S. Department of Homeland Security says more than 20 types of medical devices are vulnerable to tampering.

A new report in the Journal of the American College of Cardiology found that cardiac devices, like pacemakers, can be hacked and modified. The findings — by a team of researchers from the University of Kansas, the University of Washington, and the University of Chicago — indicate such tampering could have life-threatening implications for users.

Study author Dhanunjaya R. Lakkireddy, a professor of medicine at the University of Kansas, says cardiac devices are becoming more susceptible to hacking due to their increased integration with Internet-connected software and computer systems.

Someone wants to physically harm the patient can gain remote access to the person’s implanted device by using a computer with an Internet connection. The hacker could disrupt the functioning of the device or deactivate certain features. These hacks aren’t just limited to pacemakers, but could also include cardiverter defibrillators.

As many as 465,000 pacemakers made by Abbott (formerly St. Jude Medical) may be vulnerable to hacking, according to the U.S. Food and Drug Administration.

So what can you do to protect yourself?

Lakkireddy and his team suggest various steps that can be taken to prevent cybersecurity lapses. Among them: installing frequent software upgrades and educating physicians about the plausibility of attack.

In fact, Abbott issued software patch updates in the wake of reports about pacemaker vulnerabilities to secure them. The patch covers the pacemakers: Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure. More information on the firmware update is available online a the company’s Website or by contacting Abbott’s hotline at 800-722-3774.

Lakkireddy also suggests software designers consult with security experts and medical advisors during the early stages of product development.

Cybersecurity company Trend Micro tells Newsmax Health that the best defense to securing healthcare information is to ensure the proper precautions have been taken at the source of where hackers are targeting — healthcare organizations.

“Protecting healthcare information involves covering all bases of cybersecurity: guarding patient portals, proactively preparing against data loss, detecting breaches, auditing for compliance, safeguarding medical devices, securing legacy systems and watching out for all possible endpoints that may be attacked,” Trend Micro tells Newsmax Health.

Trend Micro also suggests that administrators select log-in names that don’t represent their real names in remote desktop protocols, so malicious actors can’t resort to targeting the individual to share information about their password.

“Unfortunately, the healthcare sector has evolved as a preferred target for cybercriminals. Over the past decade, more than a fourth of all breaches (26.9 percent) occurred in the healthcare industry. When the proper precautions are taken, it minimizes the likelihood of an attack,” Trend Micro tells Newsmax Health.

The FDA has issued guidelines that describe the types of security features manufacturers should install in their medical devices.

“The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information,” the FDA says in its guidelines.

The agency recommends that medical device manufacturers consider these main functions: identify, protect, detect, respond, and recover. The agency suggests limiting medical device access to authenticated users, using automatic timed methods to terminate sessions within the system, employing a layered authorization model by differentiating privileges based on the user role and providing physical locks on devices and their communication ports to minimize tampering.

To date, there have been no documented cases of cardiac medical device hacking. Researchers say that doesn’t mean there aren’t vulnerabilities or that the threat isn’t real. They say adequate preparation is necessary to minimize overall risks of hacking.

Experts also say the best thing to do, if you’re concerned about your risks, is talk to your doctor or cardiologist about your options.

For more information, check the FDA’s online safety alert about the issue.

© 2018 NewsmaxHealth. All rights reserved.