Hacking pacemakers is good TV, but is it for real?

Worry less about bad people hacking pacemakers and other cardiac devices. Worry more about them disrupting hospitals’ communications networks.

That’s the major message out of the American College of Cardiology’s Electrophysiology Council, which published an article about cardiac devices earlier this month in the Journal of the American College of Cardiology. 

The idea that hackers might target people’s implantable cardiac devices was popularized in a 2012 episode of the Showtime drama Homeland, in which terrorists hacked a fictional vice president’s pacemaker and killed him. Word eventually got out that former Vice President Dick Cheney had the wireless communications shut off on a defibrillator that implanted in him in 2007 during his final years in office.

During 2016, St. Jude Medical, now part of Abbott, experienced a public relations crisis when short-selling research outfit Muddy Waters claimed the company’s implantable cardiac devices had cybersecurity vulnerabilities. U.S. FDA in January 2017 issued a safety communication over the potential problems, with St. Jude automatically issuing a patch for its implantable cardiac devices and the Merlin@home transmitter. Months after it acquired St. Jude, Abbott issued further upgrades.

The American College of Cardiology’s Electrophysiology Council acknowledges that there are cyber vulnerabilities for pacemakers and ICDs with remote communications. Pacemakers, for example, are susceptible to hacking that causes oversensing or battery depletion. When it comes to ICDs, hackers could interrupt wireless communications.

However, there is no evidence that it is possible to reprogram a cardiovascular implantable electronic device or change device settings, said Dr. Dhanunjaya Lakkireddy, professor of medicine at the University of Kansas Hospital, a member of the Electrophysiology Council and the corresponding author of the paper.

“The likelihood of an individual hacker successfully affecting a cardiovascular implantable electronic device or being able to target a specific patient is very low. A more likely scenario is that of a malware or ransomware attack affecting a hospital network and inhibiting communication,” Lakkireddy said in a news release.

Lakkireddy had even more colorful words for theheart.org | Medscape Cardiology: “The hypothetical scenario of a rogue hacker getting into someone’s device, turning off the pacemaker, or turning off the defibrillator capability, I think is just the soap-opera take on it. Other than that, I don’t think there’s any real substance to it.”

Electrophysiology Council members do not think enhanced monitoring or elective device replacement is presently necessary.

“Given the lack of evidence that hacking of cardiac devices is a relevant clinical problem, coupled with evidence of the benefits of remote monitoring, one should exercise caution in depriving a patient of the clear benefit of remote monitoring,” Lakkireddy said in the news release.

 

 

 

 

From the Hospital Bed to the Finish Line Heidi Dohse was diagnosed with a rare arrhythmia in 1982 and has been 100% pacemaker dependent for over 30 years. With the help of wearable devices, she has been able to pursue her dream to become a competitive cyclist. You can hear her story and more when you register for DeviceTalks Boston, October 8-10. REGISTER NOW Use code FINISHLINE to save an additional 10%.