Hackers Pose Serious Danger to People Wearing Medical Devices

Diabetics wearing implanted insulin pumps are potentially in danger, as their devices could be tampered with from afar.

In a 2012 episode of the Showtime thriller “Homeland,” the show’s antihero, Nicholas Brody, obtains the serial number of the pacemaker worn by Vice President William Walden and gives it to terrorist Abu Nazir. Nazir passes it along to a hacker, who is able to accelerate Walden’s heart rate wildly, inducing a fatal heart attack.

Frighteningly, since pacemakers, along with insulin pumps and other medical devices, are designed to allow wireless reprogramming — so that doctors and technicians can change their settings and update them when necessary — that scenario is all too plausible in real life.

The U.S. Food and Drug Administration warned that the Irish-based medical technology firm Medtronic’s MiniMed insulin pumps are at risk for tampering, and the company has issued a recall for some 11 models of the device.

The FDA recommends that while MiniMed users await replacement pumps, they keep their current ones under their own control at all times, not sharing the serial numbers with anyone.

FDA spokesperson Dr. Suzanne Schwartz said in a written statement that “Any medical device connected to a communications network, like WiFi, or public or home internet, may have cybersecurity vulnerabilities….” She added, however, that “the increased use of wireless technology and software in medical devices can also offer safer, more convenient, and timely health care delivery.”

In 2013, the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team identified some 300 such products, manufactured by 40 different companies, whose systems had unchangeable passwords — meaning that anyone who learned those passwords could log in and change settings at will. And for at least a decade, the FDA has been investigating the possibility that pacemakers and other medical implants will be hacked.

Last year, security experts singled ut pacemakers made by Medtronic as being particularly vulnerable to hacking. Some Medtronic pacemakers were also the subject of an FDA safety communication in May due to batteries that may drain more quickly than expected making them one of America’s unsafe medical products