Is Your Cardiac Device at Risk for Hacking?

Cardiovascular implantable electronic devices and other medical devices may be at risk for hacking. Taking into account this possibility, the American College of Cardiology's Electrophysiology Council examined the potential risk of hacking to patients and put forward measures to improve cybersecurity for medical devices. The study is published in the Journal of the American College of Cardiology. While there are no actual clinical reports of hacking or malware attacks affecting cardiac devices, recent studies have indicated that there is a possibility. The increasing use of software in the design and functioning of medical devices has made it necessary to protect these devices from harmful interferences including hacking. In theory, hackers deactivate features, alter the programming, delay or interrupt communication systems in medical devices. The reasons for hacking may include political, financial, social or personal motives and the devices may be hacked locally or remotely.

The Food and Drug Administration has issued guidance to improve cybersecurity of medical devices in both the pre-marketing and post-marketing stage. Legislative proposals related to medical device security have also been advanced in the U.S. Congress.

How hacking may affect the performance of medical devices:

The hacking of a cardiac device for example can result in a number of possible clinical consequences.

• In case of patients with pacemakers, oversensing and battery depletion may be the major concerns of hacking. Oversensing may inhibit pacing and could result in life-threatening shocks. Battery depletion could make the device unable to deliver therapies during life-threatening arrhythmias.
• In the case of patients with implantable cardioverter-defibrillators (ICDs), hackers may be able to interrupt wireless communications, inhibiting the value of tele-monitoring by not allowing the system to detect any clinically relevant event.

"At this time, there is no evidence that one can reprogram a cardiovascular implantable electronic device or change device settings in any form," said Dhanunjaya R. Lakkireddy MD, professor of medicine at the University of Kansas Hospital, a member of the Electrophysiology Council and the corresponding author of the paper Lakkireddy. "The likelihood of an individual hacker successfully affecting a cardiovascular implantable electronic device or being able to target a specific patient is very low. A more likely scenario is that of a malware or ransomware attack affecting a hospital network and inhibiting communication."

While the study team looks forward to reduce the risks of potential hacking of medical devices by tightening cybersecurity, they do not promote patients and physicians to stop the use of medical devices when required.

"Given the lack of evidence that hacking of cardiac devices is a relevant clinical problem, coupled with evidence of the benefits of remote monitoring, one should exercise caution in depriving a patient of the clear benefit of remote monitoring," Lakkireddy said.

Reference:

1. Baranchuk A, et al. ACC panel: Hacking of cardiac devices possible but unlikely. Journal of the American College of Cardiology (2018). DOI: 10.1016/j.jacc.2018.01.023

Source-Medindia