We witnessed the first pacemaker intrusion over 13 years ago. Since then, hackers have come up with numerous ways to attack safety and security flaws within cardiac pacemakers. These include manipulation of radio commands and hacking of the software installed in the pacemaker.
Researchers have been studying the vulnerability of the device for years. They have also demonstrated the mechanism of hacking into embedded medical implants by modifying the system through remote access. Although it seems unusual for a device we rely on to be such a threat, pacemakers can create a channel for hackers to gain a two-way communication protocol.
Cardiac implantable electronic devices (CIED) communicate with medical equipment whose telemetry capabilities and IP connectivity are creating new entry points that may be used by attackers. As such, considering that many security and government officials are relying on pacemakers, it can also prove to be a very potent national security threat.
CIEDs are susceptible to radio frequency (RF) attacks. Hackers mainly use long-range RF interfaces to enter into the implants. Researchers have discovered that these hackers can even alter the fundamental functions of a pacemaker, thus putting the patient’s life in jeopardy.
In a newly-published paper, “On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them,” researchers from KU Leuven University, Belgium, University of Birmingham and University Hospital Gasthuisberg addressed the issue with the statement:
‘Adversaries may eavesdrop the wireless channel to learn sensitive patient information, or even worse, send malicious messages to the implantable medical devices. The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy’
About Medtonic’s partnership with Sternum
Medical equipment manufacturer, Medtronics has been a consistent target for hackers who have cyber-attacked their pacemakers through their internet-based software updating systems. The company is looking to resolve the issue with the help of a new partnership with Israeli IoT cybersecurity startup, Sternum.
Medtronic has been frequently accused of providing unsafe cardiac implants in the past. With its association with Sternum, it has finally been able to integrate the knowledge of embedded systems to provide safe implants to patients. Sternum has already secured more than 100,000 Medtronics devices since their partnership.
This partnership was initiated after the federal Cybersecurity and Infrastructure Security Agency handed out a warning to Medtronic regarding its MyCareLink patient monitoring system. The MyCareLink patient monitoring system was Medtronic’s remote system used to monitor and update the pacemakers manufactured by Medtronic. In an interview with TechCrunch, Sternum’s founder and CEO, Natali Tshuva said:
‘There’s this endless race against vulnerability, so when a company discovers a vulnerability, they need to issue an update, but updating can be very difficult in the medical space, and until the update happens, the devices are vulnerable. Therefore, we created an autonomous security that operates from within the device that can protect it without the need to update and patch vulnerabilities.’
Sternum’s platform does not rewrite system coding. Instead, it edits the coding to enhance the security element of it. The platform is built on a cloud-based monitoring and analytics system that performs digital transcription to detect cyber-attacks in real-time. The cloud security system automatically updates security protocols which prevent any harm to pacemakers and in turn, patients.
The future of Medtronic
The constant backlash Medtronic received since 2018 saw a potential downfall of the company. From 2018 to 2019, Medtronic revealed several security breaches in its remote system. Despite the safety issues, both Medtronic and FDA agreed on the usage of the devices except the CareLink devices. The issue was later resolved in January 2020.
Fast forward to April 2021, Medtronic has successfully secured all hackable devices with the help of Sternum’s IoT cybersecurity technology. In a recent statement, Medtronic stated:
‘To date, no cyberattack, privacy breach or patient harm has been observed or associated with these vulnerabilities.’
Important medical devices like pacemakers serve an extremely crucial role in the current medical landscape. These devices have been helping numerous people find the required medical assistance to combat life threatening medical conditions. Cyber attacks threaten to affect the patients’ trust in these medical devices, which in turn affects their mental and physical health adversely. Finding a concrete solution to this problem is the only way companies like Medtronic can regain their consumers’ trust and establish themselves as a formidable brand in the market.
About the Author: Akshat Biyani
Akshat Biyani is a contributing Features Writer, with extensive expertise in Business, Finance and Technology.
Recommended for you
Carers of disabled young people are increasingly having to choose between heating and eating as rising energy costs hit poorer UK households.
More people are taking antidepressants than ever. Is this a dark sign of the times or an indication that mental health stigma is changing?
An 8-year study found school mindfulness classes are less effective than hoped. However, there have been some positive side effects.
When cancer patients go into remission, they often worry about it coming back. AI can now help identify those at risk of cancer recurrence.