Security of medical devices is a concern
No one can turn the clock back to the days before the Tylenol killer laced bottles of the pain reliever with cyanide and changed drug packaging forever. But computer scientists and a prominent Boston cardiologist warn that medical devices may also be vulnerable to the kind of attacks that once seemed inconceivable.
Pacemakers, which keep hearts beating properly, and infusion pumps, which control diabetes, also connect patients to doctors by sending vital health data through wireless connections to allow regular monitoring and make programming adjustments possible. Those very communication channels may be susceptible to intrusion, exposing private information or even becoming avenues for interference with life-saving therapies, according to members of the Medical Device Security Center.
“These devices do increase the effectiveness of patient care,’’ said Kevin Fu, a director of the center, a collaboration of specialists from the University of Massachusetts Amherst, the University of Washington, and Beth Israel Deaconess Medical Center. He is an assistant professor of computer science at UMass. “The two main risks are access to private information and control of the device. Security and privacy have much room to improve for medical devices.’’
No such intrusion has been documented, although Fu and others have produced breaches in their labs. A leading manufacturer of implantable devices, Medtronic, says it already safeguards its products against unauthorized programming and manipulation.
“At present, we believe the risk of deliberate, malicious, or unauthorized manipulation of an implantable device is extremely low,’’ Medtronic said in a e-mail statement. “Medtronic would welcome the opportunity to work with the FDA, health care practitioners, and other medical device manufacturers to define and establish formal device security guidelines.’’
Security falls outside the purview of the Food and Drug Administration, a spokeswoman said, unless mandated measures taken to protect data end up causing problems. Encryption is the method used to make information unreadable while it is being transmitted; de-encryption converts it back. If that process goes awry and alters a patient’s clinical data, it could cause problems that might involve the FDA.
“Our concern for products is: Are they safe and are they effective?’’ FDA spokeswoman Karen Riley said. “We don’t weigh in on security per se, but on measures like encryption that might affect or could have an impact on product safety and effectiveness, we might look at it.’’
Dr. William Maisel, a cardiologist at Beth Israel Deaconess, recently wrote in the New England Journal of Medicine that accidental disruption may be more likely than a deliberate attack. Malicious software attacks from hackers could conceivably spread from other computer systems when medical devices automatically communicate with doctors’ offices, hospitals, or their manufacturers, he said.
“Although few patients are known to have been harmed by security breaches of medical computers or devices, the security of medical devices is not a luxury,’’ Maisel wrote with his coauthor Tadayoshi Kohno of the University of Washington.
Dr. Bruce Wilkoff, president-elect of the Heart Rhythm Society and director of cardiac paging and tachyarrhythmia devices at the Cleveland Clinic, said security is a serious consideration, but tampering with devices or eavesdropping on health data transmissions sounds more like material for a murder mystery than a practical reality.
He acknowledged that reverse engineering has shown it is possible to break into transmissions for implanted cardiac devices. But to disrupt a device, a perpetrator would have to be close to the devices, in some cases inches from the skin, he said. The information that could be gleaned is similar to what appears on hospital monitors tracking heart rates.
The reprogramming of pacemakers and implanted defibrillators takes place in a doctor’s office with special equipment. At home, data from the patient’s device are transmitted to a receiver set up to recognize signals from only that patient, so that if a husband and wife each had implants, they would each need their own receiver, Wilkoff said. Data are then sent to a secure Internet site that sends information and alerts to doctors.
“There is a cost to making things available and efficient. There’s always some risk,’’ Wilkoff said. “The risk here is very small. The advantage of having connectivity is really important.’’
Connectivity is important not just for implantable medical devices. Partners HealthCare’s Center for Connected Health uses simpler tools such as blood pressure cuffs to monitor health of patients at home and keep them in contact with their caregivers. The information is transmitted over the patient’s telephone, using an old-fashioned modem, the center’s director, Dr. Joseph Kvedar, said. The idea is to make the system both easy and affordable, while relying on secure, encrypted connections to ensure privacy.
“One of the principles we like to employ is using whatever technology you already own,’’ he said.
That increasingly means mobile phones, where security programs are emerging for the transmission of medical information.
At Cambridge Consultants, which provides product development and design services, using consumer wireless applications raises the bar higher, said Vaishali Kamat, group manager for medical technology. With implantable medical devices, there is a radio frequency band dedicated for that purpose, providing protection from interference. But new standards are required for using Bluetooth, a consumer technology now being adapted for medical purposes.
“You have to be that much more careful,’’ she said.
Continua Health Alliance, a nonprofit industry coalition with 200 health care and technology company members, has adopted standards for Bluetooth that mandate encryption of information and authentication to ensure the data are from a reliable source and going to the intended recipient.
Fu, the computer security specialist from UMass, said it is important to get ahead of any potential security threats.
“Today, if I were presently using a medical device, I’d feel much safer using it than not using it,’’ he said. “We anticipate problems because we know that it’s harder to fix them after the fact.’’
Elizabeth Cooney can be reached at firstname.lastname@example.org.