Wireless devices have changed the way health information moves, making data more abundant and more accessible. But it’s also made medical devices more vulnerable.
Researchers at MIT and the University of Mass. Amherst are the first to develop a technology that could protect the millions of existing medical device implants without altering or replacing them.
Wireless technologies made their mark on medical devices in a big way, attaching themselves to everything from pacemakers and defibrillators to insulin pumps and nerve stimulators.
This connectivity allows doctors to monitor patients at home and react in real time if the device sends an alert. But it also leaves an open channel for sending and receiving information. An attacker, which the MIT team calls the “adversary,” could exploit that channel to hack into the device and steal sensitive information.
In the worst-case scenario, an adversary could send a message to a device instructing it deliver an excessive dose of medication or electricity, injuring or even killing the victim. Millions of people are already implanted with wireless-capable devices in the U.S. alone and 300,000 more are implanted around the world each year, according to a study cited by the researchers.
"I haven’t heard of any malicious activity being reported, so that’s the good news," researcher and associate professor in the UMass Amherst computer science department Kevin Fu told MassDevice, but it may just be a matter of time. "I always equate it to automobile security. I kind of feel that we’re going around in cars where nobody’s locked the doors yet but nothing bad has happened. I think it’s the right time now to start figuring out better mechanisms to improve security," Fu said.
Fu also worked on a study published in 2008 that proved it’s possible to use general-purpose radio software to access and manipulate medical devices. That study found that a properly motivated adversary could determine whether someone had an implanted medical device and the type of implant, then expose the identifying serial number and obtain patient personal information and health history stored on the medical device. Furthermore, the study showed that a targeted signal could change a medical device’s settings, change or disable therapies and deliver electrical shocks on command.
The MIT-UMass team started thinking about how to protect millions of existing medical devices without security checks less than a year ago. Other studies have considered adding a firewall component to new medical implants, but that would require patients to replace their implants to benefit from the new security measures. Installed security measures could also prove problematic in emergency situations if a decryption key isn’t readily available or isn’t functioning properly. The MIT-UMass device, which they call a shield, would be worn outside the body and could be removed by physicians in an emergency.
The shield is envisioned as a small, wearable radio transmitter custom-tuned to send and receive signals to and from an implanted device. The shield detects nearby signals and determines whether they are authorized or suspicious. If the implant is sending a signal to report an abnormality, the shield picks up that signal and transmits it to the health care provider on a secure channel. Similarly, a physician’s signals attempting to gather data from the device or reprogram its regimen would go through the shield.
If the shield detects an unauthorized transmission, it emits a strategically randomized response, effectively reducing the implant’s outgoing signals to indecipherable noise and protecting it from infiltration.
So far the protective jammer prototype has only been tested with two Medtronic Inc. (NYSE:MDT) implantable defibrillators obtained secondhand from Boston-area hospitals, but researchers say there are no technical obstacles preventing the shield from protecting other brands or other types of devices. The work showed that the presence of the shield successfully deflected close-range attacks (from 20 centimeters away) as well as long-range attacks from adversaries with 100 times the shield’s power level. While it was unable to deflect high-powered attacks from close range, it raised an alarm designed to prompt the patient to leave a suspicious situation.
The research is still fresh, and there are a lot of factors yet to consider, but the team is optimistic about the shield’s potential. While it has only been tested on defibrillators, MIT researcher and associate professor of the computer science and artificial intelligence lab Dina Katabi says the shield could have a wider reach.
"We haven’t plugged in details of all these potential implanted medical devices, but at the high level it seems that there is no technical reason that a single device cannot protect all of these devices that are used in wireless connectivity that are worn on the body or inside the body," Katabi told us.
The vulnerability is serious and medical databases and hospital equipment have been targeted before, but the research team emphasizes that no incidents involving medical device hacking have been reported to date. The research is intended to address a potential problem before it becomes a real issue.
"People should not really get scared," Katabi said, adding that the last thing she wants is to evoke panic in the millions of people with implanted cardiac defibrillators.
The team has a preliminary prototype that will be unveiled at this year’s Association for Computing Machinery’s upcoming Sigcomm conference and has just begun talks with interested companies through MIT’s newly launched Medical Device Innovation Center.
More information is available on the team’s project page.