Security of implantable medical devices with wireless connections: The dangers of cyber-attacks
Introduction
Modern wireless implantable medical devices (IMDs) began to be widely introduced to medical practice in the early 2000s, when devices such as cardiac implants, insulin pumps, and neurological implantable pulse generators (IPGs) started featuring wireless clinician controls and monitoring functions. Enabled by rapid advances in technology, modern IMDs have developed these functions to the point that clinicians and patients can use their smartphone to control and monitor implants wirelessly either by directly connecting the two devices (e.g. via Bluetooth) or connecting them via the internet.
Though the advantages offered by wirelessly connected IMDs are substantial, there is a burgeoning risk of devices being disabled or subverted by attackers (i.e. malicious hackers) because of failures in cybersecurity. Wireless control features allow attackers to manipulate IMD settings from beyond the immediate vicinity of the patient, while networked IMDs (i.e. those connecting to internal hospital networks or the internet) are at risk from attacks originating anywhere in the world.
The risk of most individual patients suffering serious harm due to cybersecurity failures in their IMD is currently small, but the rapid proliferation of IMDs coupled with their increasing variety of features is increasing the risk at an alarming rate. Some patients, such as prominent public figures, may be at greater than typical risk of attack; then-US Vice President Dick Cheney reportedly requested that the wireless functions of his implanted cardiac device be disabled to reduce the risk of politically motivated assassination via IMD cyberattack. Successful attacks could do great harm to patients and, when reported in the media, could unfairly tarnish the reputation of lifesaving medical implants.
Cybersecurity research into IMDs has revealed that several devices are vulnerable to attacks of varying severity. Cardiac implants have been demonstrated to contain potentially lethal security flaws, as have implantable insulin delivery pumps, and our group has raised concerns regarding risks specific to neurological implants. Recently, Marin and colleagues directly demonstrated serious vulnerabilities in the proprietary wireless protocols of an implantable neurostimulator, enabling them to perform an array of software attacks.
Opportunities for attack have been found in IMDs made by a range of manufacturers, designed to treat a variety of conditions. There is little reason to believe that the devices tested were cherry-picked. As such, collectively this research suggests that security vulnerabilities in IMDs are the norm rather than the exception.
