Estimated read time: 3-4 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
Paul Nelson reportingResearchers in Boston gave a strong warning to the medical community, saying hackers may be able to get a patient's personal information from defibrillators and pacemakers. But are hackers really targeting these devices, or are researchers creating a problem that doesn't really exist?
Defibrillating pacemakers are crucial to the survival of many heart patients. They can deliver a life-saving shock to the heart when a person needs it, and transmit important data. But, how do they work?
Intermountain Medical Center Heart Rhythm Services Director Dr. John Day said, "The device will communicate with the bedside transmitter, and with most companies, even that transmission right there is encrypted. Then it sends it from the bedside transmitter to a receiving station [which] is also sent encrypted."
Dr. Day says they can then read this data from a secured Web site. So, is it possible someone could steal this data once it's transmitted from the pacemaker? "Theoretically, it is possible if you had very sophisticated equipment and you were within, maybe, a couple of feet from the patient," Day said.But, he says there haven't been any reported cases of this actually happening. Day says the equipment a hacker would need to do this is very expensive, and, even if they were successful, a hacker might not get much out of it. He says there's not a lot of personal data that thieves could use imprinted on these devices.
"[There is] the patient's name, obviously, their date of birth, their doctor's name, their doctor's telephone number and their doctor's address and that's, generally speaking, the extent of the information," Day said.
Some future cardiac devices may have even less personal information than that.
Sigma Technology CEO Kurt Dobson said, "I would seriously doubt any intelligent manufacturer of an implantable medical device would put anything other than the serial number of the device inside the device itself."
Dobson is consulting on the creation of a new artificial heart for WorldHeart. The way an artificial heart transmits data is different from a pacemaker.
"Under the skin is a coil of wire, and you're able to put another coil of wire on the outside of the body and get information," Dobson explained.
However, much like the pacemakers, a hacker would need very expensive equipment to get the data, and they would have to be practically touching the person they're stealing the data from. Dobson says hackers are more likely to try to breach corporate medical databases than an individual patient.
