A common new technology for monitoring defibrillators is vulnerable to hacking and even to reprogramming that could stop the devices from delivering a lifesaving shock, according to research to be released Wednesday.
In the past couple years, more than 100,000 patients in the U.S. alone have been implanted with newer devices that reduce medical visits by sending information on a patient to a bedside monitor that then sends the data to a doctor, usually once a day.
In the model researchers studied, transmissions from the defibrillator to the bedside monitor are not encrypted, which means that someone intercepting the transmissions could retrieve such data as the patient’s birth date, medical ID number and, in some cases, Social Security number.
As the technology spreads to more medical devices, including pacemakers, spinal cord stimulators and hearing implants - and as the range of the devices’ radio signals increase - the researchers predict patients’ data will face increasing risks.
“There will be more implanted devices and more wireless capabilities and transmissions over greater distances,” said Dr. William Maisel, one of the study’s authors and a Harvard-affiliated director of the Medical Device Safety Institute at Beth Israel Deaconess Medical Center in Boston.
A Food and Drug Administration spokeswoman acknowledged a hacker could use specialized software and a small antenna to intercept transmissions from a defibrillator.
But she said the chance of that happening - or of a defibrillator being maliciously reprogrammed using a technique similar to the one a doctor would use to program it - was “remote.”