Bioethics Blogs

FDA recall of pacemaker raises questions about cybersecurity

by Karola Kreitmair, PhD

The FDA has issued a recall of 465,000 pacemakers on the grounds that they are vulnerable to hacking. It was discovered that unauthorized users could remotely access the implanted cardiac device and modify its programming, thereby delivering inappropriate shocks or rapidly draining the battery. In effect, a nefarious actor could hack into the very thing tasked with sustaining someone’s life and turn it into the device that kills them.

Now, luckily, patients with affected pacemakers do not need to have the device removed, an in-office software update suffices, and there have been no reports, so far, of anyone being harmed. But it does provide a poignant reminder that allowing cyber-vulnerable technology into our lives and into our bodies comes with serious risks and drawbacks. Beyond pacemakers, individuals rely on an array of wearable devices to monitor and control their health, such as wearable EMG devices to monitor seizures, or wearable patches to deliver personalized medication transdermally. A much broader group of people uses personal technology to enhance their wellbeing through devices such as fitness trackers, sleep trackers, or mental health apps. Moreover, with the internet of things (IoT), technologies are now more interconnected than ever, with cyber pathways opening up between smart household appliances and personal medical devices, via the central role of the smartphone. This makes us vulnerable not only to hackers interfering with the programming of devices, with the possibility of deadly consequences, but also to the massive theft of highly sensitive data.

We should enter into the personalized health and wellness technology era with eyes wide open.

The views, opinions and positions expressed by these authors and blogs are theirs and do not necessarily represent that of the Bioethics Research Library and Kennedy Institute of Ethics or Georgetown University.