A new study is warning that pacemakers and other electrical medical devices could be targeted by hackers for political, financial or personal gain.
While there have been no reports of malicious hacking or malware attacks affecting cardiac devices, research published in the Journal of the American College of Cardiology shows that is indeed a possibility — and has been for over a decade.
For better protection, the Food and Drug Administration has guidelines in place for the security of medical devices, along with several legislative proposals in Congress.
“True cybersecurity begins at the point of designing protected software from the outset, and requires the integration of multiple stakeholders, including software experts, security experts and medical advisors,” study author Professor Dhanunjaya Lakkireddy, of the University of Kansas Hospital, told news service SWNS.
Patients with pacemakers could be vulnerable when batteries are overworked or depleted, which can lead to a device being unable to deliver therapies during life-threatening attacks.
For patients with devices that pump the heart, it is possible for hackers to interrupt wireless communications.
However, Dr. Lakkireddy believes the likelihood of an individual hacker successfully affecting a cardiovascular implantable electronic device or being able to target a specific patient is very low.
“A more likely scenario is that of a malware or ransomware attack affecting a hospital network and inhibiting communication,” he said.
The hack-threat study suggests that because cyber vulnerabilities emerge quickly, developers should monitor the environment for new vulnerabilities and respond fast.
“Given the lack of evidence that hacking of cardiac devices is a relevant clinical problem, coupled with evidence of the benefits of remote monitoring, one should exercise caution in depriving a patient of the clear benefit of remote monitoring,” Dr. Lakkireddy said.