ICD ‘hacking’ being researched

It is now possible to hack implanted devices such as pacemakers to obtain patient information or even make them lethal, a study has warned.

Implanted devices are used to keep the heart beating regularly, to shock a heart that is beating chaotically, to stimulate parts of the brain or to deliver drugs. Millions are in use worldwide.

The implants are increasingly equipped with wireless technology, allowing for remote device checks and freeing patients from repeated doctor visits.

But this convenience may come with unanticipated risks, warns a team of researchers in the US.

The researchers, from three American universities, have demonstrated how to use a radio to hack a combination heart defibrillator and pacemaker, suggesting it could be possible to remotely control someone’s heart.

The team reports that it is possible to extract private medical information and reprogram the devices without a patient realising it.

They were able to reprogram the devices to shut down and to deliver jolts of electricity that would potentially be fatal had they been inside a person.

However, the researchers stressed that there had never been a reported case of a patient with an implantable cardiac defibrillator or pacemaker being targeted by hackers.

 

Their efforts cost $30,000 and the study was designed to identify and prevent future problems.

The research was led by two computer scientists - Tadayoshi Kohno of the University of Washington and Kevin Fu of the University of Massachusetts Amherst - with cardiologist Dr William Maisel of the Beth Israel Deaconess Medical Centre and Harvard Medical School.

The report, to published at www.secure-medicine.org, will be presented and published at the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in Oakland, California in May, though it omits key details to prevent abuse.

Dr Maisel said one aim of the research was “to encourage the medical device industry to think more carefully”.

“Fortunately, there are some safeguards already in place, but device manufacturers can do better,” he said.

“We hope our research is a wake-up call,” added Dr Kohno, an assistant professor of computer science and engineering at the University of Washington, who fears that this kind of hacking could soon be attempted.

“In the 1970s, the Bionic Woman was a dream, but modern technology is making it a reality. People will have sophisticated computers with wireless capabilities in their bodies. Our goal is to make sure those devices are secure, private, safe and effective.”

The team has set out three defence mechanisms that require no battery power, making them potentially easy to incorporate in the devices without extensive redesigning: a device that audibly alerts patients of security breaches, one that authenticates requests for access from outside devices and a vibrating device that patients can sense.

The researchers’ hacking experiments used an implantable cardiac defibrillator, a sophisticated device that automatically regulates the heart beat by sending small corrective electrical signals to the heart or by delivering a large shock to restore a potentially fatal heart rhythm back to normal.

The model they tested contained computers and radios that allow health care practitioners to diagnose patients, read and write private medical information, and adjust the device’s therapy settings wirelessly.

In computer laboratory bench tests, the research team used an inexpensive software radio to intercept and capture signals sent from the implantable device. They were able to obtain detailed information about a hypothetical patient, including name, diagnosis, date of birth and medical ID number.

Researchers could determine the make and model of the device and access real-time electrocardiogram results, as well as data on the hypothetical patient’s heart rate and cardiac activity.

The team then mounted attacks. They were able to turn off the therapy settings stored in the implantable device, rendering it incapable of responding to dangerous cardiac events. Additional commands were delivered, resulting in the delivery of a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia.

Bruce Lindsay, an electrophysiologist at the Cleveland Clinic and president of the Heart Rhythm Society, said defibrillator transmissions were “not designed to withstand terrorist attacks”.

“But I don’t think the findings have any great clinical significance,” he added. “To hack the system, you have to get the programmer right up against the patient’s chest. It’s not as if somebody could do this from down the street.”

Key defibrillator makers are Medtronic Inc, Boston Scientific Corp and St Jude Medical Inc. It was Medtronic’s Maximo defibrillator that Maisel’s team studied.

Medtronic spokesman Rob Clark said the risk of any “deliberate, malicious or unauthorised manipulation of a device is extremely low.”

Future versions capable of transmitting signals as far as 30 feet from a patient will incorporate stronger security, he said.

Boston Scientific said its defibrillators “incorporate encryption and security technologies designed to mitigate these risks,” including measures to prevent unauthorized reprogramming.

St Jude said: “As the study points out, the likelihood of unauthorised or illegal manipulation of an implantable device is extremely remote, and St Jude Medical is not aware of such an event with our devices.”

The Food and Drug Administration said it was working on standards to raise the security of medical devices that receive instructions over radio waves but had not finalised them.

“The chance of an ICD being reprogrammed by a computer hacker is extremely remote,” said a spokeswoman, using the abbreviation for implanted defibrillator.

Prof Tipu Aziz of Oxford University, who does brain implants, comments: “This is a very interesting report,” but adds: “It is unlikely at present that this will be a risk to my patients. It is also even more unlikely to be of interest to hackers in general and very few terrorists.”

A British spokesman for the manufacturer Medtronic adds: “There has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implanted patients worldwide.”

The Medicines and Healthcare products Regulatory Agency, the UK government agency which is responsible for ensuring that medical are acceptably safe says it will investigate: “Despite an extensive database of adverse incidents, the Agency has never received any reports of hacking associated with implantable medical devices such as pacemakers or ICDs (implantable Cardioverter defibrillators).

“Nevertheless, as part of our adverse incident investigation process this we will look into this further, in consultation with the relevant device manufacturers.”

Pre-hospital ECGs critical for heart attack patients

Lifesaving procedures to open blocked heart arteries could begin much sooner for heart attack patients if electrocardiograms (ECGs) were recorded before they arrive at the hospital and used to put treatment teams into action, according to a scientific statement in Circulation: Journal of the American Heart Association.

Each year, about 920,000 people in the U.S. have a new or recurrent heart attack, also called myocardial infarction (MI). ST-segment elevation myocardial infarction (STEMI) is a common and especially severe type of heart attack. While there are no exact statistics for STEMI, the number has been estimated between 200,000 and 400,000.

Rapid treatment to reopen the blocked artery is vital because more heart muscle dies the longer it’s deprived of blood flow.

Current criteria for evaluating quality of care includes elapsed “door-to-balloon” or “door-to-drug” time — the time span from the moment a patient enters a hospital emergency room until blocked arteries are re-opened either by angioplasty or a clot-busting drug.

However, “the clock starts ticking from the moment a person develops symptoms of a heart attack,” said Henry H. Ting, M.D., lead author of the statement and a cardiologist at the Mayo Clinic in Rochester, Minn. “The pertinent measure of system performance is from the time of first medical contact with paramedics or other emergency medical personnel to reperfusion therapy (reestablishing blood flow to the heart muscle).”

Ting and colleagues evaluated progress since STEMI guidelines were first issued by the American Heart Association and the American College of Cardiology in 2004. They were updated last year. The guidelines recommend that all emergency medical services acquire and use pre-hospital electrocardiograms to evaluate patients with suspected acute coronary syndromes.

“If pre-hospital ECGs were more widely used and integrated with systems of care, the time from first medical contact to balloon reperfusion could be reduced to less than 60 minutes,” Ting said. The recommended goal is 90 minutes or less.

Delays from the time a person has heart attack symptoms to when they receive artery-opening treatment can be divided into four time intervals: (1) symptom onset-to-EMS arrival; (2) EMS arrival-to-hospital arrival; (3) hospital arrival-to-ECG; and (4) ECG-to-reperfusion. Pre-hospital ECG programs, if effectively implemented and coordinated with comprehensive systems of care, have the potential to decrease the latter three time intervals – and eliminate the third one.

The statement presents examples of using pre-hospital ECGs, including systems of care with door-to-balloon times approaching 30 minutes or less. In these systems, pre-hospital ECGs are used to activate the cardiac catheterization laboratory while the patient is en route to the hospital, and the patient is transported directly to the cath lab (bypassing the emergency room evaluation).

Despite the recent recommendations, fewer than 10 percent of EMS systems have adopted the use of pre-hospital ECGs, and the rate has not substantially changed since the mid-1990s.

“Furthermore, even when a pre-hospital ECG is acquired, the information is often not translated into effective action to decrease delays in treatment,” Ting said. “It is a lost opportunity to improve the quality of care for STEMI patients if the information from a prehospital ECG is not used to change downstream processes of care.”

The reluctance of patients with acute coronary syndromes to call 9-1-1 is a major obstacle to realizing the full public health benefits of pre-hospital ECGs and organizing systems of care. Studies show that more than half of STEMI patients take themselves to the hospital rather than use EMS. In addition, recent studies have shown that the longest delay for STEMI patients – two hours on average – is from the time of symptom onset to hospital arrival, said Ting.

Other barriers include:

• ensuring EMS and emergency rooms have the capacity to meet demand for services;
• developing standards for education and quality assurance for EMS providers;
• improving collaboration among EMS, emergency medicine physicians and cardiologists;
• co-ordinating hospital networks to provide the ideal patient care;
• overcoming insurance reimbursement issues for prehospital care;
• studying unintended consequences from implementing pre-hospital ECG programs.

Widespread implementation of pre-hospital ECGs is being addressed by the American Heart Association’s Mission: Lifeline, a national initiative launched in 2007 to improve regional systems of care for patients with STEMI. Mission: Lifeline’s initial phase includes emergency medical services system assessment and improvement.

Co-authors are Harlan M. Krumholz, M.D.; Elizabeth H. Bradley, Ph.D.; David C. Cone, M.D.; Jeptha P. Curtis, M.D.; Barbara J. Drew, R.N., Ph.D.; John M. Field, M.D.; William J. French, M.D.; W. Brian Gibler, M.D.; David C. Goff, M.D., Ph.D.; Alice K. Jacobs, M.D.; Brahmajee K. Nallamothu, M.D.; Robert E. O’Connor, M.D.; and Jeremiah D. Schuur, M.D. Author disclosures are available on the manuscript.