Follow CBSPHILLY Facebook | Twitter
PHILADELPHIA (CBS) — Implanted medical devices that help keep people alive can be hacked. Because they’re controlled by computers, someone could theoretically interfere with how the devices work.
As the government and manufacturers try to ensure the safety of things like pacemakers, some are wondering if they’re doing enough to protect users from hackers.
Billy Rios and Jonathan Butts say they have no trouble hacking into medical devices.
“We’ve yet to find a device that we’ve looked at that we haven’t been able to hack,” Butts said.
The two security researchers have examined critical machines like pacemakers, drug infusion pumps and insulin pumps — devices that keep people alive.
They found all have vulnerabilities that would allow someone else to take control of the machines because the devices are run by computers and computers can be hacked.
For example, they send a wireless signal telling an insulin pump to deliver the wrong amount of insulin to a patient nearby who might be wearing it.
Or with a pacemaker, a hacker could reprogram the device from anywhere, disrupting a patient’s heart rhythms in a way that could hurt or kill them.
“There’s no coming back from some of these exploits, right?” Rios said. “So if a pacemaker for a patient gets hacked, you can’t take that back. You can’t issue them a new credit card. You can’t tell them change to their password. You can’t issue them credit monitoring. They’re hurt. They’re killed.”
“Any device can be hacked and that’s often not understood,” Dr. Suzanne Schwartz said.
Dr. Schwartz oversees medical device cybersecurity for the FDA. She says manufacturers have been playing catch-up.
“It’s a culture shift,” Dr. Schwartz said. “So the actions and the activities that we’re seeing manufacturers take are very encouraging, they’re very promising but we still have a ways to go.”
Companies that make medical devices are working to improve security, mainly with new encryption technology that basically encodes data so that only authorized parties can access it.
Patients who have concerns should talk to their doctors or reach out directly to the manufacturer.