Security & Privacy of Implanted Devices May be Compromised Wirelessly

A March 2008 study shows that some implanted medical devices may be susceptible to unauthorized reprogramming and may permit unauthorized access to personal medical information. 

Researchers from the Medical Device Safety Institute, the University of Massachusetts-Amherst, and the University of Washington demonstrated that they could wirelessly reprogram an implantable defibrillator in an unauthorized fashion to disable the defibrillator or deliver an unnecessary painful shock.   In addition, they could retrieve personal patient information from the device. 

William Maisel, a senior author of the report, commented:  "Our tests were performed in a laboratory, not in an actual patient – but the implications are clear.  We think it is critical that manufacturers of implanted medical devices that utilize these technologies commit to improving the security and privacy of wireless transmissions.”    Despite the questions the research may raise for users of implanted cardiac devices, Maisel reassures them that they are "much better off having the defibrillator than not."  The study also proposes several solutions to prevent and deter such attacks.