Future recipients of the newest line of implanted medical devices may share a common enemy with the computer in front of them: Internet hackers.
In the United States alone, there are more then 2.5 million Implanted Medical Devices (IMDs), including pacemakers, defibrillators, and insulin pumps.
Doctors soon will be able to receive patient data through the Internet and other wireless sources, and also manipulate these devices the same way, according to the information they receive. While this would provide a whole new world of convenience to the recipients of IMDs, it would also make an immense number of people vulnerable to hackers and cyber terrorists.
Thankfully, Kevin E. Fu, an assistant computer science professor at the University of Massachusetts, is working on a solution to this frightening problem. Fu was recently awarded a three-year grant of $449,000 by the National Science Foundation to improve the security measures of these life-saving devices.
“The main goal of the study is to understand the patients’ expectations of security and privacy,” explained Fu.
Fu will be conducting a two-part research project. He will work on developing a working prototype of a secure IMD as well as conducting interviews with patients who are receiving new cardiac IMDs at Beth Israel Deaconess Medical Center in Boston. The patients will be asked about their expectations for security and privacy with their medical information, and the amount of trust they have in their IMDs.
Fu said if his team is successful, “all sorts of new therapies can be employed much more easily.”
Fu assured that patients who receive an IMD today are at very minimal risk for being attacked by ill-meaning hackers.
“What we mainly care about is that in the future, we know that these devices are going to become more connected to the Internet and to wireless and we want to catch these problems before they result in something bad,” he said.
Dr. Craig Smith, MD, an interventional cardiologist and the Director of Cardiac Care at UMass Memorial Hospital in Worcester, agreed that this is a very concerning problem for the future.
“There would absolutely be ramifications because you could easily send someone into [cardiac] arrest if you were Machiavellian enough to control these devices,” said Smith.
While the idea of online hackers attacking medical equipment may seem far-fetched now, according to Smith, it’s not “beam-me-up-Scotty far-fetched.”
Smith recalled that during the development of automated external defibrillators, or AEDs, there were similar concerns of people using these machines for malicious intent.
“One of the concerns was that it would not only be causing unnecessary harm to a patient, but you could use it as a security breach weapon by just slapping the pads on someone and shocking them, knocking them out or killing them,” Smith said.
During the 1990s, scientists worked to develop a computer algorithm that would make the machine smarter. They discovered a way to program the machine to deliver a shock only after the patient has been analyzed by the computer within the machine and all of the appropriate bodily conditions have been met.
Today, AEDs are found in many places such as airports and train stations, and have remained tamper-proof since their introduction to the general public.
Sara Cody can be reached at [email protected]