/ Modified jun 12, 2017 1:33 p.m.

Another Possible Target for Hackers: Your Pacemaker

Doctor-hackers work to raise awareness of medical-device vulnerabilities

pacemaker hacking cybersecurity Some pacemakers are potentially vulnerable to wireless manipulation, according to security research. (PHOTO: Courtesy of Pixabay)

LISTEN

Members of the medical and hacker communities are raising concerns about cybersecurity vulnerabilities affecting medical records, infrastructure and devices.

Experts have long warned of security flaws in medical devices — insulin pumps that can deliver deadly doses, for example.

Ransomware like the WannaCry virus — which shut down at least 16 hospitals in Great Britain, and which experts say could spread to devices — has taken those concerns from serious to critical, as Christian Dameff, an emergency medicine doctor at Maricopa Medical Center, explained.

“When thousands of patients have these devices — or even hundreds of thousands who interact with the health-care system are exposed — it’s clear that we need to do something about it,” Dameff said.

Dameff and pediatrician Jeff Tully of Phoenix Children’s Hospital, both “white hat” hackers and alums of the University of Arizona College of Medicine in Phoenix, organized the June 8-9 CyberMed Summit on campus.

Tully said exploits can involve a wide array of systems because many of them share established code and common hardware. Moreover, patching such devices takes a bit more effort than updating a cellphone or home computer.

“So, it’s really kind of starting from the ground up when we design these types of things, to build cybersecurity in as a primary ingredient and not as an afterthought,” he said.

In addition, many devices include wireless connectivity capability. This grants the device additional capabilities. A pacemaker might alert a cardiologist of a patient’s heart irregularity, for example.

But they also open a potential route to hacking.

Both doctors agree that, unless something is done, it’s only a matter of time before something bad happens. Still, Tully said he doesn’t want to be alarmist.

In addition, officials are starting to take notice. The Health Care Industry Cybersecurity Task Force, established by the Cybersecurity Act of 2015, released its recommendations to the Department of Health and Human Services this month, and the Food and Drug Administration is beginning to take a stronger role as well.

Arizona Science Desk
This story is from the Arizona Science Desk, a collaborative of the state's public radio stations, including NPR 89.1. Read more from the Arizona Science Desk.
By posting comments, you agree to our
AZPM encourages comments, but comments that contain profanity, unrelated information, threats, libel, defamatory statements, obscenities, pornography or that violate the law are not allowed. Comments that promote commercial products or services are not allowed. Comments in violation of this policy will be removed. Continued posting of comments that violate this policy will result in the commenter being banned from the site.

By submitting your comments, you hereby give AZPM the right to post your comments and potentially use them in any other form of media operated by this institution.
Arizona Public Media broadcast stations are licensed to the Arizona Board of Regents. Arizona Public Media and AZPM are registered trademarks of the Arizona Board of Regents.
The University of Arizona