http://www.seacoastonline.com/news/02242005/news/66202.htm [This is just pandering for the racy headline than anything else, when you look at the steps to attack a pacemaker remotely, the physical attack is way easier. - WK] By Joe Adler jadler@private February 24, 2005 PORTSMOUTH - Although praised by doctors for their convenience, the emerging technology of remote-from-home defibrillators has caused some to fear that hackers could someday interfere with a patient's treatment for heart ailments. Defibrillators, also commonly known as pacemakers, can be half the size of a person's palm and fit tightly inside the chest wall. The device relays information to a physician about a patient's heart rate and rhythm, and can "shock" a heart back into rhythm when it suffers from fibrillation. As defibrillators become more common, and doctors attend to many more patients with the devices, ICDs (implantable cardioverter-defibrillators) are being tailored to relay information from outside the examination room, according to Dr. Mark Jacobs, a Portsmouth Regional Hospital cardiologist. The Food and Drug Administration has already approved - and medical technology companies are already marketing - equipment for the devices that can transmit a patient's heart-monitoring information, such as an electrocardiogram, through phone lines. A cardiologist can assess a patient's progress while the patient is miles away. "As the technology changes, more and more of this is being done at the home for patients with an inability to be transported," Jacobs said. "Some patients go to Florida, and they're living here only part time." With breakthroughs in defibrillator technology come security concerns. The remote relaying system - which allows patients to hold a wand above their chest and transmit information through an answering machine-sized contraption - is encrypted. But like any telecommunications, there is the small risk of a hacker obtaining sensitive information, Jacobs said. He added that, while the FDA has not approved it, technology now exists to allow physicians to program ICDs through the phone lines. Currently, heart disease patients have regular checkups to fine tune their defibrillators. "The devices aren't perfect. As people change medication, their defibrillators need to be adjusted, or a battery can start to be depleted," Jacobs said. "If it's approved that we are able to re-program the device over the phone, it's theoretically possible that someone could intercept that call and reprogram someone's device in an adverse fashion." Peter Gove, vice president for St. Jude Medical, which sells a home remote monitoring system for defibrillators, said the technology for remote reprogramming of the devices is a long a way off, but "moving in that direction." "(Patients) today typically visit their physicians on regular basis to have the device interrogated," Gove said. Gove added that St. Jude's product is careful not to transmit any personal information about patients. Despite the concern, Jacobs said the transmitters now on the market are a godsend for his patients with busy schedules, and they are equipped with encryption devices to protect their information. "They like it because it is very convenient," he said. "They don't have to interrupt their schedule. If they're having a problem, they can call up and it can be evaluated immediately. It saves them from not going to work for half a day." _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Mon Feb 28 2005 - 06:46:32 PST