News | Cybersecurity | February 27, 2018

Can Your Cardiac Device Be Hacked?

ACC Electrophysiology Council discusses potential dangers and offers advice to patients and physicians

Can Your Cardiac Device Be Hacked?

February 27, 2018 — Medical devices, including cardiovascular implantable electronic devices, could be at risk for hacking. In a paper published online in the Journal of the American College of Cardiology, the American College of Cardiology’s Electrophysiology Council examines the potential risk to patients and outlines how to improve cybersecurity in these devices.

Cybersecurity in the medical field refers to the integration of medical devices, computer networks and software. While there have been no actual clinical reports of malicious or inadvertent hacking or malware attacks affecting cardiac devices, recent reports have discovered this possibility. Reasons for hacking include political, financial, social and personal motives. Devices can be hacked locally or remotely. The U.S. Food and Drug Administration (FDA) has issued both pre-market and post-market guidance for the security of medical devices, and legislative proposals related to medical device security have been advanced in the U.S. Congress.

“True cybersecurity begins at the point of designing protected software from the outset, and requires the integration of multiple stakeholders, including software experts, security experts and medical advisors,” said Dhanunjaya R. Lakkireddy, M.D., professor of medicine at the University of Kansas Hospital, a member of the Electrophysiology Council and the corresponding author of the paper.

Medical devices have been targets of hacking for over a decade. The increasing number of medical devices using software has created the need to protect devices from intentional harmful interference on their normal functioning. Advanced wireless communications between healthcare providers and patients’ devices have created the theoretical possibility for the deactivation of features, the alteration of programming, and the delaying, interfering or interrupting of communications.

There are a number of possible clinical consequences that may result from the hacking of a cardiac device. In patients with pacemakers, concerns mostly consist of oversensing or battery depletion. For patients with implantable cardioverter-defibrillators (ICDs), it is possible for hackers to interrupt wireless communications, inhibiting the value of telemonitoring and allowing any clinically relevant events to go undetected by the system. Oversensing may inhibit pacing or result in inappropriate or life-threatening shocks. Battery depletion can lead to a device being unable to deliver therapies during life-threatening arrhythmias.

“At this time, there is no evidence that one can reprogram a cardiovascular implantable electronic device or change device settings in any form,” Lakkireddy said. “The likelihood of an individual hacker successfully affecting a cardiovascular implantable electronic device or being able to target a specific patient is very low. A more likely scenario is that of a malware or ransomware attack affecting a hospital network and inhibiting communication.”

The council said that cybersecurity needs should also be addressed during product testing both pre- and post-market. Because cybervulnerabilities can emerge quickly, strong post-market processes must be in place to monitor the environment for new vulnerabilities and to respond in a timely manner. The council suggests that firmware may be useful in devices with possible vulnerabilities. Physicians who manage cardiac devices should be aware of both documented and possible cybersecurity risks. Systems should be established to communicate updates in these areas quickly and in an understandable way to the rest of the clinical team that manage patients with devices.

The council members said they do not feel that enhanced monitoring or elective device replacement is necessary at this time.

“Given the lack of evidence that hacking of cardiac devices is a relevant clinical problem, coupled with evidence of the benefits of remote monitoring, one should exercise caution in depriving a patient of the clear benefit of remote monitoring,” Lakkireddy said.

For more information: www.onlinejacc.org

Related Cybersecurity Content

Raising the Bar for Medical Device Cyber Security

The State of Healthcare Cyber Security

FDA Seeks Management of Cybersecurity in Medical Devices

Cybersecurity Threats in Medical Imaging

 

Related Content

AMA survey finds economic, patient-care impact of Change Healthcare cyber-attack ongoing
News | Cybersecurity
Life After Change Cyber-attack: Without Payment for Claims, Physicians Struggle to Keep Practices Afloat

April 10, 2024 — The American Medical Association (AMA) released informal survey findings (PDF) showing the ongoing ...

Home April 10, 2024
Home
In a new letter sent to federal officials on March 12, the American Medical Association (AMA) has presented six relief proposals to support physicians impacted by Change Healthcare hack, and praised the creation of the Change Healthcare/Optum Payment Disruption (CHOPD) Accelerated Payments.
News | Cybersecurity
AMA Presents Relief Proposals to Federal Officials to Support Physicians Impacted by Change Healthcare Hack

March 14, 2024 — The American Medical Association (AMA) has issued a new letter to federal officials in which it praised ...

Home March 14, 2024
Home
An AMA letter sent to Secretary Bacerra outlines ongoing concerns of physicians amidst the cybersecurity incident that has impacted Change Healthcare
News | Cybersecurity
As Cyberattack Jeopardizes Physician Practices, AMA Demands Action

March 6, 2024 — As the cyber-takedown of Change Healthcare has forced medical practices to go without revenue for a ...

Home March 06, 2024
Home
Videos | Cybersecurity
VIDEO: A Look at Cybersecurity and How Healthcare is at Risk

This year at HIMSS, the theme is Health That Connects + Tech That Cares, and cybersecurity is indeed a part of this ...

Home April 21, 2023
Home
The survey reflects the opinions of healthcare cybersecurity professionals that are responsible for either day-to-day operations or oversight of healthcare cybersecurity programs
News | Cybersecurity | By Melinda Taschetta-Millane
2022 HIMSS Healthcare Cybersecurity Survey Report Results Published

April 10, 2023 — The 2022 HIMSS Healthcare Cybersecurity Survey results were recently published. The survey reflects the ...

Home April 10, 2023
Home
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices
News | Cybersecurity
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices

August 29, 2019 — Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion ...

Home August 29, 2019
Home
New Report Examines Hospital Cybersecurity Challenges in Georgia
News | Cybersecurity
New Report Examines Hospital Cybersecurity Challenges in Georgia

August 20, 2019 — Healthcare data breaches are currently being reported at a rate of more than one a day, according to a ...

Home August 20, 2019
Home
According to the National Association of County and City Health Officials, only 33 percent of the organizations plan against cybersecurity threats and initiate patient identity protection protocols.
Feature | Cybersecurity | Maxim Chernyak
How to Protect Health Data With Security Testing Automation

As the National Association of County and City Health Officials state, healthcare breaches remained to be costly and ...

Home May 06, 2019
Home
Videos | Cybersecurity
VIDEO: Preventing Medical Imaging Cyberattacks

Anton S. Becker, M.D., radiology resident at the University Hospital of Zurich, Switzerland, discusses the long-term ...

Home December 12, 2018
Home
FDA and DHS Expand Partnership on Medical Device Cybersecurity
News | Cybersecurity
FDA and DHS Expand Partnership on Medical Device Cybersecurity

October 30. 2018 — The U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) will ...

Home October 30, 2018
Home
© Copyright Wainscot Media. All Rights Reserved.
Subscribe Now