Posted on September 5, 2017 at 9:00 AM
by Karola Kreitmair, PhD
The FDA has issued a recall of 465,000 pacemakers on the grounds that they are vulnerable to hacking. It was discovered that unauthorized users could remotely access the implanted cardiac device and modify its programming, thereby delivering inappropriate shocks or rapidly draining the battery. In effect, a nefarious actor could hack into the very thing tasked with sustaining someone’s life and turn it into the device that kills them.
Now, luckily, patients with affected pacemakers do not need to have the device removed, an in-office software update suffices, and there have been no reports, so far, of anyone being harmed. But it does provide a poignant reminder that allowing cyber-vulnerable technology into our lives and into our bodies comes with serious risks and drawbacks. Beyond pacemakers, individuals rely on an array of wearable devices to monitor and control their health, such as wearable EMG devices to monitor seizures, or wearable patches to deliver personalized medication transdermally. A much broader group of people uses personal technology to enhance their wellbeing through devices such as fitness trackers, sleep trackers, or mental health apps. Moreover, with the internet of things (IoT), technologies are now more interconnected than ever, with cyber pathways opening up between smart household appliances and personal medical devices, via the central role of the smartphone. This makes us vulnerable not only to hackers interfering with the programming of devices, with the possibility of deadly consequences, but also to the massive theft of highly sensitive data.
We should enter into the personalized health and wellness technology era with eyes wide open. For some this technology is life-sustaining, and here we need developers and regulatory agencies to be at the forefront of cybersecurity concerns. It appears that in this case, the FDA and Abbott (the pacemaker company) are doing that. However, for the huge number of devices that we use for less critical health and wellness tasks, it is also incumbent on us to seriously consider our use and practices. For one, wearable technology is neither necessary for, nor does it guarantee, a healthy life. As such, we should be judicious in deciding whether and how much such technology we should allow into our lives and onto/into our bodies. Secondly, once we do use such technology, we must keep ourselves informed about inevitable cybersecurity risks, and what we can do to combat them.