Dick Cheney’s defibrillator and medical device hacking

The news this week that former US Vice President Dick Cheney and his cardiologist decided to turn off wireless access to his implanted defibrillator (ICD) in 2007 based on fears of radio-based attacks underlines the increased awareness of security threats to wireless interfacing or programmable devices. The fear of ‘death by malicious hacking’ could very well lessen the sales and acceptance of new wireless-dependent designs in pacemakers, diabetes management/artificial pancreas and even medication ingestion tracking (Proteus). One proposal outlined in medical device supplier blog Qmed is interesting: “Since most proposed attacks would take place from a distance, researchers believe that using a patient’s heartbeat signature as a password could offer an adequate level of security. Using a heartbeat signature password, pacemakers and other devices would only unlock when “fed back” an individual’s heartbeat in real time.”  Yet beyond that, an advanced ‘white hat’ hacker like the late Barnaby Jack envisioned bugs in programming which could negate this to create murdering pacemakers as well as killer insulin pumps. (A look back at Barnaby and his still mysterious death in the Daily MailDick Cheney: Heart implant attack was credible (BBC News) Hat tip to TANN Ireland’s Toni Bunting. Previously in TTA: A ‘mobilized’ artificial pancreas breakthrough included the increased awareness of hack attacks in the medical mainstream and Contributing Editor Charles on compromised smartphone apps.

A ‘mobilized’ artificial pancreas breakthrough?

Neil Versel (again) profiles a mobile platform that may be the start of the end of the Continuing Battle of Stalingrad for type 1 diabetes patients.  The prototype system, Diabetes Assistant (DiAs), is a closed-loop system which combines a modified Android phone with wirelessly connected wearables attached on the skin–Dexcom glucose monitors and Insulet OmniPod insulin pumps- to effectively act as an artificial pancreas. It was developed by University of Virginia’s Center for Diabetes Technology with funding via The Juvenile Diabetes Research Foundation and the National Institutes of Health’s National Institute of Diabetes and Digestive and Kidney Diseases. Findings of the 20 patients monitored were initially presented at June’s American Diabetes Association’s annual scientific meeting and published in the July edition of the journal Diabetes Care (PDF does not require subscription). The system was designed by an international team:  Sansum Diabetes Research Institute in Santa Barbara, Calif., University of Padova in Italy and the University of Montpellier in France.  Tests continued with summer campers and the integration of Bluetooth LE into the connectivity system.  Mobihealthnews article.

But can this small miracle of a system be hacked–and can providers be held accountable? This scary thought of ‘harm or death by hacking’, with the example given of an insulin pump gone awry–was tagged at the 2011 Hacker’s Ball, a/k/a Black Hat USA by Jerome Radcliffe [yes, in TTA back in August 2011]. The late Barnaby Jack was also on the medical device hack track. The danger is only now entering the consciousness of medical administrators and the industry press in mainstream venues such as Information WeekAre Providers Liable If Hacked Medical Device Harms A Patient? (Healthcare Technology Online). Also Kevin Coleman in Information Week tells more about the liability providers may find themselves in if they don’t update their systems.

Both the diabetes closed-loop systems under development (Diabetes Assistant is one of three) and the hacking threat were addressed by Contributing Editor Charles earlier this month [TTA 5 August] in his examination of how systems should move from decision support to decision taking in order to truly reduce patient or caregiver burden.