Millions of people are fitted with a pacemaker, but what are the risks associated with these devices that save lives every day? Researchers have made an alarming discovery: Several pacemaker brands are riddled with safety risks.
Today, most pacemakers are linked to systems that alert doctors and other practitioners when patients experience the slightest problem. However, nobody, or almost nobody, seems to be monitoring this vital ecosystem.
Safety researchers at WhiteScope recently published an alarming report listing no fewer than 8600 safety failures in pacemakers from four different manufacturers. This is an enormous number, encompassing a significant number of problems that affect the entire pacemaker ecosystem, such as a lack of secure identification, data that is sent without being encrypted and operating systems which are never updated.
“We believe that this statistic demonstrates that the pacemaker ecosystem faces serious challenges in terms of updating their systems,” explain researchers, who have carried out tests on commercially-available devices.
One discovery, several issues
The experts’ discovery regarding safety reflects several problems. The first is confidentiality. Doctors can access their patients’ medical data without requiring any log-in details. As a result, monitoring pacemakers remotely is carried out without encryption, which fails to protect the patient’s identity. In addition, information about the patient’s medical condition can be easily accessed by anybody wishing to hack into the database, which contains their social security number, name, telephone number and health records. As a result, patient confidentiality is not being respected.
The other issue is linked to patient safety. In 2012, hacker Barnaby Jack revealed that it was potentially possible to take control of a pacemaker remotely and use it to assassinate patients by delivering an 830 V electric shock, resulting in their immediate death. Although it may sound like something out of a spy film, this is the reality, brought about by clear safety problems which should be impossible to ignore today.
The exact opposite of what should be done
Pacemakers tested by experts demonstrated the exact opposite of what should be done in terms of security. Hopefully this alarm bell acts as a warning for the four companies involved. At a time when the safety of connected devices is a hot topic, the medical industry should begin to address this complex issue, both in terms of ethical and safety considerations.