Hacking into medical devices

Written December, 2012

Pacemaker

The US Government Accountability Office has released a report claiming that implanted medical devices, such as pacemakers, are susceptible to hackers.

Many medical devices are programmed to allow doctors easy access in case reprogramming is necessary in an emergency, so security has never been top priority in their design. While we don’t yet have evidence of a hacker breaching the security of a medical device with malicious intent, we do know that it’s possible, and over the last few months, government and health care agencies have been discussing the best ways to protect patients.

Barnaby Jack, a hacker and director of embedded device security at IOActive Inc., demonstrated the vulnerability of a pacemaker by breaching the security of the wireless device from his laptop and reprogramming it to deliver an 830-volt shock. However, mere days before he was scheduled to make a presentation at the Black Hat Conference in Las Vegas on Aug. 1, 2013 showing how he was able to remotely shock the pacemaker, he was found dead in his apartment.

Anyone who watched season 2 of the show Homeland saw the fictional vice president William Walden assassinated after his pacemaker was hacked and heart shocked. But did you know the former VP Dick Cheney had the wireless signal in his own pacemaker disabled for fear of hackers before the Homeland episode was even aired?

Reports and general info: 

Hacking

FDA Should Expand Its Consideration of Information Security for Certain Types of Devices  (US GAO)

Medical Devices Vulnerable to Hacking Need Oversight (Bloomberg)

Networked Medical Device Cybersecurity and Patient Safety: Perspectives of Health Care Information Security Executives(Deloitte)

Medical Devices Vulnerable to Hackers, New Report Says (Live Science)

Alert: Medical Devices Hard-Coded Passwords (Department of Homeland Security)

How Vulnerable Are Medical Devices to Hackers? (The Economist)

Board Urges Feds to Prevent Medical Device Hacking (Wired)

The Strange Tale of Barnaby Jack

Pacemaker Hack Can Deliver Deadly 830-volt Jolt (Computer World)

A virus that reprograms your pacemaker to deliver an electric shock (iO9)

Programmer Barnaby Jack Dies A Week Before Showing Off Heart-Attack Hack That Can Kill A Man From 30 Feet Away (The Raw Story, via Reuters)

Pacemaker Hack Legend Barnaby Jack Dies Just Before Black Hat Revelations (The Register)

Hacker Barnaby Jack’s Cause of Death Could Remain Unknown For Months (The Guardian)

Silence On Hacker Barnaby Jack’s Death Continues As Authorities, Friends Stonewall Press (IB Times)

Barnaby Jack Conspiracy Theories Flood Reddit, Twitter Following Death Of Celebrated ATM Hacker (IB Times)

RIP Barnaby Jack: The hacker who wanted to save your life (Washington Post)

Information for patients and doctors

6 Ways Health Care Providers Can Reduce Medical Device Security Risks (WSJ)

Hack-Proof Pacemakers: Code Based on Heartbeat Could Thwart Disruption (Live Science)

Radio Frequency Wireless Technology in Medical Devices – Guidance for Industry and Food and Drug Administration Staff (FDA)

Keeping Hackers Out of Implanted Medical Devices (IEEE)