Saturday, March 15, 2008

PS: The Heart of the Matter

In the News You Can You Section, would it surprise you like it did me that pacemakers and other such heart devices do not have anti-hacker security? What does this mean? The WSJ reported that a study conducted by the Harvard Medical School and presented at a California computer security conference warned that wireless medical devices can be hacked, and they have proven it.

While leaving out various details of the exact experiment (thank heavens,) the researchers proved that Medtronic pacemakers and other devices are not secure. The article went on to say:
"The study is a latest in a series that have found flaws in the security of wireless-communications systems--from remote-controlled car keys, to Bluetooth telephone headsets, to the Wi-Fi technology used to connect to the Internet, to radio-frrequency credit cards that can be 'tapped' to make payments. But the prospect of remotely controlling somebody else's heart via radio waves rises to a different level" (3-12-08, D7, emphasis mine.)
Currently, Medtronics, who sells a goodly number of these pacemakers and other medical devices, said in a statement:
"The chance of an ICD [pacemaker] being reprogrammed by a computer hacker is extremely remote. . . the company said it was gradually increasing the sophistication of devices to prevent unauthorized people from tampering with a defibrillator, but said it was necessary to balance security with other factors. For example, it each defibrillator had its own password to prevent unauthorized access, a doctor might not be able t control it in an emergency situation."
Such nefarious intrusion has actually never happened, but could according to the Harvard study. Seems to me, it would be more enlightened than unenlightened to safeguard patients from a hacker dude stopping their heart on a whim. This does not seem like rocket science in an era where we are warned about wireless security ad nauseum.

The other large pacemaker outfit, Boston Scientific, assured the news that they do have rocket scientists in residence and have always secured its devices with encryption of some sort, which would at least slow any would-be hackers down. Lordy, save us from corporations who have their bottom line rather than the patient in mind.

No comments: