Medical Design and Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • Med Tech Resources
    • DeviceTalks Tuesdays
    • Digital Editions
    • eBooks
    • Manufacturer Search
    • Medical Device Handbook
    • MedTech 100 Index
    • Podcasts
    • Print Subscription
    • The Big 100
    • Webinars / Digital Events
    • Whitepapers
    • Video
  • 2022 Leadership in MedTech
    • 2022 Leadership Voting!
    • 2021 Winners
    • 2020 Winners
  • Women in Medtech

Hackers Gain Control of a Simulated Man’s Pacemaker

September 8, 2015 By Sam Brusco

Of all the technologies to be compromised by hacking, medical devices are definitely the scariest to think about. Sure, hacking a computer or cell phone might give intruders access to valuable personal information, but messing with a medical device puts patients at risk. And although the exact difficulty of hacking certain medical equipment is unclear, connected medical devices, especially those worn directly on the body, are always at risk for security breaches by a seasoned hacker.

Students at the University of South Alabama have taken it upon themselves to show how disastrous the effects of tampering with medical devices could be by spending a couple of hours tinkering with a medical grade human simulation implanted with a pacemaker. iStan, according to his manufacturer CAE Healthcare, is “the most advanced wireless patient simulator on the market, with internal robotics that mimic human cardiovascular, respiratory, and neurological systems.” iStan helps medical students learn procedures without the threat of killing anyone. He can sweat, cry, talk, and respond to 300 different kinds of medications and procedures – his physiological response is essentially the same as a biological human.

Here’s iStan, the robot that you can operate on freely without risk of malpractice! (Credit: CAE Healthcare)

iStan is obviously more vulnerable to an attack than someone with no connected devices because he’s a robot. But he’s likely about as hackable as a typical pacemaker, which has been shown before to be vulnerable to attacks that can deliver fatal jolts of electricity. According to a Motherboard article, that’s exactly what the students found out they were able to do. After successfully gaining access to iStan’s functions, they reasoned that his pacemaker could be vulnerable to denial of service, brute force, and security control attacks.

They could have used the simulator’s pacemaker to speed iStan’s heart rate, slow it down, and if it had a defibrillator (which most pacemakers do) they could have shocked him into cardiac arrest. The students wanted to see how easily they could manipulate the device to develop safeguards, and the university’s hospital is planning to find ways to encrypt data wirelessly transmitted between medical devices. The team of students have also published their results, which have not been peer reviewed yet.

I’m not trying to force undue anxiety on any readers out there who do have a connected pacemaker – I seriously doubt hackers (unless they were complete psychopaths) would seek out and destroy anyone wearing one. But the game changes when you consider high-profile individuals who wear these devices.

Those in the spotlight are already wary of calling attention to medical concerns like having a pacemaker because of … not wanting to appear weak, or something like that? (Though I don’t fully understand why – I would applaud the tenacity of someone willing to undergo all that stress with such a debilitating condition.)

Now that there’s a potential security threat, no celebrity or high-profile public official would dare spread the news that they’re wearing a pacemaker. Either that, or they would opt for a lower-tech “dumb” device, which raises issues of its own – it’s far more advantageous to wear a pacemaker that can be remotely monitored and collect data to personalize treatment. That’s quite the double-edged sword: a lower standard of care or a potentially fatal security threat. I have no idea what I’d do given that decision.

The student hackers didn’t test iStan with any other devices, but if a connected pacemaker is at risk surely other connected devices could be manipulated with similarly disastrous effects. A connected insulin pump might be altered to administer fatally high doses, or equally as fatal, none at all.

Further, I’m sure implantable neurostimulators are going to become connected at some point, and cybersecurity issues for those had better be completely resolved. (Though sadly, hackers’ ingenuity will inevitably increase alongside security improvements.) It’s not clear what could happen if the stimulation was increased, but I can’t imagine it would be pretty. I’m not saying mind control is going to happen, but we don’t fully understand the brain as it is. I’d rather not see a hacker experimenting with altering the electrical pulses – while a stopped heart can be revived, electrical damage to the brain likely couldn’t.

Related Articles Read More >

iRhythm stays silent on federal grand jury subpoenas
iRhythm stock soars on Street-beating Q1
A Medtronic HVAD pump opened up to show the inner workings
Medtronic investigates HVAD pump welds after patient deaths
Integer Holdings
Integer to exhibit at Heart Rhythm 2022

DeviceTalks Weekly.

May 13, 2022
Our Pre-Post-DeviceTalks Boston episode, also MedtronicTalks replay with Gastro CMO Austin Chiang
See More >

MDO Digital Edition

Digital Edition

Subscribe to Medical Design & Outsourcing. Bookmark, share and interact with the leading medical design engineering magazine today.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
DeviceTalks

DeviceTalks is a conversation among medical technology leaders. It's events, podcasts, webinars and one-on-one exchanges of ideas & insights.

DeviceTalks

New MedTech Resource

Medical Tubing

Enewsletter Subscriptions

Enewsletter Subscriptions

MassDevice

Mass Device

The Medical Device Business Journal. MassDevice is the leading medical device news business journal telling the stories of the devices that save lives.

Visit Website
MDO ad
Medical Design and Outsourcing
  • MassDevice
  • DeviceTalks
  • MedTech 100 Index
  • Medical Tubing + Extrusion
  • Drug Delivery Business News
  • Drug Discovery & Development
  • Pharmaceutical Processing World
  • R&D World
  • About Us/Contact
  • Advertise With Us
  • Subscribe to Print Magazine
  • Subscribe to E-newsletter
  • Attend our Monthly Webinars
  • Listen to our Weekly Podcasts
  • Join our DeviceTalks Tuesdays Discussion

Copyright © 2022 WTWH Media, LLC. All Rights Reserved. Site Map | Privacy Policy | RSS

Search Medical Design & Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • Med Tech Resources
    • DeviceTalks Tuesdays
    • Digital Editions
    • eBooks
    • Manufacturer Search
    • Medical Device Handbook
    • MedTech 100 Index
    • Podcasts
    • Print Subscription
    • The Big 100
    • Webinars / Digital Events
    • Whitepapers
    • Video
  • 2022 Leadership in MedTech
    • 2022 Leadership Voting!
    • 2021 Winners
    • 2020 Winners
  • Women in Medtech