UW News

Uncategorized

March 13, 2008

Implantable wireless: Blessing and threat

Ben Barnhart
Tadayoshi Kohno (left) and doctoral student Dan Halperin co-authored the first known study on security concerns related to implantable medical devices.

Computer scientists have uncovered potential weak points in implantable cardiac defibrillators. The group includes Tadayoshi Kohno, assistant professor (far right), and doctoral student Daniel Halperin (far left), both in the UW’s Department of Computer Science & Engineering, and their collaborators at the University of Massachusetts Amherst. A cardiologist at Harvard University (not shown) also participated in the experiment.

Some medical devices such as implantable cardiac defibrillators and pacemakers are now equipped with wireless technology, allowing for remote device checks and freeing patients from repeated doctor visits. But this convenience may come with unanticipated risks. The UW’s Tadayoshi Kohno, an assistant professor of computer science and engineering, is co-author of a new paper that outlines an experiment leaving reason for concern.

There has never been a reported case of a patient with an implantable cardiac defibrillator or pacemaker being targeted by hackers, and Kohno and his colleagues emphasized that the study was designed to identify and prevent future problems. Undertaking the study required a high level of technical expertise, and the published paper omits certain details that prevent the findings from being used for anything other than improving patient security and privacy.

“We hope our research is a wake-up call for the industry,” said Kohno, whose research concerns electronic security and privacy. “In the 1970s the Bionic Woman was a dream, but modern technology is making it a reality. People will have sophisticated computers with wireless capabilities in their bodies. Our goal is to make sure those devices are secure, private, safe and effective.”

The other lead authors of the study are Kevin Fu of the University of Massachusetts Amherst and cardiologist Dr. William Maisel of the Beth Israel Deaconess Medical Center and Harvard Medical School. Co-authors include UW doctoral student Daniel Halperin, also in the department of computer science and engineering. The peer-reviewed report will be presented at the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in Oakland, Calif., on May 19.

The team expects the issue of digital security of medical devices to take on greater importance as implantable cardiac defibrillators operate wirelessly at greater distances. These devices typically receive short-range wireless signals over several feet, but new technologies are expanding that reach even farther, creating the potential for information to be intercepted en route.

“As we’ve learned from other areas, such as electronic voting, it’s important to understand the risks associated with new technologies before those technologies are widely deployed,” Kohno said.

The researchers’ experiments used an implantable cardiac defibrillator, a sophisticated device that automatically regulates the heartbeat by sending small electrical signals to the heart to stimulate the heart rate or by delivering a large shock to restore a potentially fatal heart rhythm back to normal. Implantable defibrillators have improved survival in selected patients at risk for sudden cardiac death, and millions of the devices have been implanted worldwide. The model used in the experiment contained computers and radios that allow health care practitioners to diagnose patients, read and write private medical information, and adjust the device’s therapy settings wirelessly.

In computer laboratory bench tests, the research team used an inexpensive software radio to intercept and capture signals sent from the implantable device. They were able to obtain detailed information about a hypothetical patient, including name, diagnosis, date of birth and medical ID number. Researchers could determine the make and model of the device and access real-time electrocardiogram results as well as data on the hypothetical patient’s heart rate and cardiac activity.

The team then mounted several attacks. Researchers were able to turn off the therapy settings stored in the implantable device, rendering it incapable of responding to dangerous cardiac events. Additional commands were delivered, resulting in the delivery of a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia.

Three deterrence and prevention mechanisms were developed as part of the study, including a notification device that audibly alerts patients of security sensitive events, a device that authenticates requests for access from outside devices and a vibrating device that patients can sense. All three mechanisms require no power from the battery, and one of them was evaluated for effectiveness in a substance similar to human tissue.

“One of the purposes of this research is to encourage the medical device industry to think more carefully about the security and privacy of patient information, particularly as wireless communication becomes more common. Fortunately, there are some safeguards already in place, but device manufacturers can do better,” said co-author Maisel.

“Patients today should not be concerned,” Kohno said. “We do not know of a single case where a patient was harmed by a malicious security attack. But this is an eye-opening result, and calls for future studies.”

More information on the project is at http://www.secure-medicine.org.