Friday, October 24, 2014
Inquirer Daily News

Could hackers really take over your pacemaker?

Fans of the TV series Homeland may have wondered at the end of last season whether it is truly possible to hack into a pacemaker and cause someone's death. That's what the show's terrorist organization did to the vice president. The answer is, scarily, yes.

Could hackers really take over your pacemaker?

Fans of the TV series Homeland may have wondered at the end of last season whether it is truly possible to hack into a pacemaker and cause someone’s death. That’s what the show’s terrorist organization did to the vice president. The answer is, scarily, yes.

For years, experts have warned about the vulnerability of medical devices to outside sabotage. The United States Department of Homeland Security (DHS) has even issued a warning that medical devices can be compromised by hackers. While it may seem far-fetched for a terrorist halfway around the world to tap into an individual’s pacemaker and cause a heart attack, it is perfectly plausible. And malicious attacks are not the only concern regarding this form of technology.

Many medical devices are controlled by software, just as your iPad, laptop, and smartphone are. As a result, security can be breached on a medical device just as it can be on other technology. Many people remember the time their iPhone software update temporarily turned their phones into dark-screened paperweights. Unfortunately, the same result is possible with wireless medical devices. Many are networked and can be monitored or controlled remotely, sometimes without adequate security engineering and protections.

In 2006, more than half of all medical devices marketed in the United States contained embedded software. And between 2002 and 2010, there were more than 537 recalls because of software malfunctions. Slight errors in computer code can result in significant patient risks. For example, a device that delivers a drug might give a patient 1,000 milliliters instead of the prescribed 10. And it is not possible to completely test systems in advance to ensure proper functioning.

More coverage
Are doctors in it for the money?
You’re about to find out what health insurance really costs
Doctors die differently than their patients
We’re a lot sicker than we realize
U.S. healthcare costs: It’s time to get worried
Your Health Flexible Spending Account just got a little less flexible

To make matters worse, regulatory authority over the security of medical devices is unclear. No single agency is responsible. Instead, jurisdiction is shared between the Centers for Medicare and Medicaid Services (CMS), Food and Drug Administration (FDA), Department of Defense (DoD), Department of Veterans Affairs (VA), and DHS. This has resulted in a lack of consistent accountability and oversight.

The FDA releases reports known as Manufacturer and User Facility Device Experience (MAUDE) reports, which include information on security issues. However, the agency does not require providers and suppliers to share information on many issues.

This is not to say that patients should avoid software-controlled devices. While the risks may be concerning, the benefits are significant in their convenience, capacity for customization, and greater potential for fine-tuning and management. Many medical treatments would not be possible but for the use of software control. However, additional security safeguards are clearly needed to ensure patient safety.

Although medical technology has advanced tremendously, it is clear that regulation of medical devices, at least in some regards, has not kept pace. Clearer oversight is needed along with mandatory reporting of software flaws. A single government agency, such as the FDA, should be in charge of responsibility for cyber security, and it should have authority to investigate security issues prior to approval for marketing. We need to make sure that intruders are kept out of our pacemakers before it’s too late.

About this blog

The Field Clinic reports and analyzes health care laws, government policies, and political trends that are transforming the care we receive and the way we pay for it. Read more about our panel of bloggers here.

This blog is produced in partnership with Kaiser Health News, an editorially independent program of the Henry J. Kaiser Family Foundation, a nonprofit, nonpartisan health-policy research and communication organization not affiliated with Kaiser Permanente. Portions of this blog may also be found on and in the Inquirer's Sunday Health Section.

Follow the Field Clinic on Twitter.

RSS feed.

Robert I. Field, Ph.D., J.D., M.P.H. Professor, School of Law & Drexel School of Public Health
Jeffrey Brenner, MD Founder of the Camden Coalition of Healthcare Providers, Medical Director of the Urban Health Institute at Cooper University Healthcare
Andy Carter President & CEO, The Hospital & Healthsystem Assoc. of Pa.
Robert B. Doherty Senior Vice President of Governmental Affairs & Public Policy American College of Physicians
David Grande, MD, MPA Assistant Professor of Medicine at the University of Pennsylvania
Tine Hansen-Turton Chief Strategy Officer of Public Health Management Corporation
Drew A. Harris, DPM, MPH Director of Health Policy Program at the Jefferson School of Population Health
Antoinette Kraus Director of the Pennsylvania Health Access Network
Laval Miller-Wilson Executive Director of the Pennsylvania Health Law Project
David B. Nash, MD, MBA Founding Dean of the Jefferson School of Population Health
Mark V. Pauly, Ph.D. Professor of Health Care Management, Business Economics and Public Policy at The Wharton School
Howard J. Peterson, MHA Managing Partner of TRG Healthcare, a national healthcare consulting firm
Donald Schwarz, MD, MPH Deputy Mayor for Health & Opportunity and Health Commissioner for the City of Philadelphia
Paula L. Stillman, MD, MBA Healthcare consultant with special expertise in population health and disease management
Elizabeth A. W. Williams Senior Vice President & Chief Communications Officer for Independence Blue Cross
Latest Health Videos
Also on
Stay Connected