Skip to main content
Part of complete coverage on

Scientists work to keep hackers out of implanted medical devices

By John D. Sutter, CNN
A barcode tattoo could give a patient's pacemaker password to medical professionals in the event of an emergency.
A barcode tattoo could give a patient's pacemaker password to medical professionals in the event of an emergency.
  • Researchers say pacemakers and other medical devices are open to hacking
  • But computer scientists are trying to come up with solutions
  • One possibility is password protection with barcode tattoos
  • Industry describes security risks with the devices as "extremely low"

(CNN) -- Nathanael Paul likes the convenience of the insulin pump that regulates his diabetes. It communicates with other gadgets wirelessly and adjusts his blood sugar levels automatically.

But, a few years ago, the computer scientist started to worry about the security of this setup.

What if someone hacked into that system and sent his blood sugar levels plummeting? Or skyrocketing? Those scenarios could be fatal.

"If your computer fails, no one dies," he said in a phone interview. "If your insulin pump fails, you have problems."

As sci-fi as it sounds, Paul's fears are founded in reality.

Researchers say it is possible for hackers to access and remotely control medical devices like insulin pumps, pacemakers and cardiac defibrillators, all of which emit wireless signals.

In 2008, a coalition of researchers from the University of Washington, Harvard Medical School and the University of Massachusetts at Amherst wrote that they remotely accessed a common cardiac defibrillator using easy-to-find radio and computer equipment. In a lab, the researchers used their wireless access to steal personal information from the device and to induce fatal heart rhythms by taking control of the system.

Read the full report from the researchers (PDF)

In the two years since that finding, some computer scientists have been on a quest for security fixes for these potentially life-saving devices.

Pacemaker passwords

Paul, a research scientist with the Oak Ridge National Laboratory in Tennessee, is among them. He's mocking up a design for a more secure insulin pump that cuts some of the wireless connections between parts of the system.

Others are looking for security solutions for pacemakers and cardiac defibrillators, which are embedded inside a patient and can adjust his or her heart rhythms.

At the Computer-Human Interaction conference in Atlanta, Georgia, this week, Tamara Denning, a PhD student at the University of Washington, presented a number of prototypical security safeguards for pacemakers and defibrillators.

View Denning's full presentation (PDF)

Some of the suggestions would protect the devices with passwords. But that poses further complications, Denning said, because doctors and nurses have to be able to control the devices in the event of an emergency, even if the patient who knows the password is unconscious.

It may be possible to get around that issue by tattooing a barcode containing the password on the patient's skin, either with visible ink or ink that can be seen only under ultraviolet light, she said.

Patients also could wear bracelets with their passwords on the inside, or doctors could carry devices that would de-activate a pacemaker or defibrillator's security protections in the event of an emergency.

Denning said it will be important to standardize security measures.

"If you have a patient that's unconscious on the ground, you really don't want the medical staff to have to figure out what security system they're using," she said in the presentation.


Some people are prodding the U.S. Food and Drug Administration to further regulate these devices, perhaps requiring them to be more secure.

In an April 1 article in The New England Journal of Medicine, Dr. William Maisel, an assistant professor at Harvard Medical School, wrote that the FDA should lead an effort to develop appropriate legislation for the medical devices.

The pacemakers and defibrillators are more open to attack as they become more sophisticated, he wrote.

"Medical devices have provided important health benefits for many patients, but their increasing number, automation, functionality, connectivity and remote-communication capabilities augment their security vulnerabilities," he wrote.

He added: "The security of medical devices is not a luxury."

FDA spokeswoman Karen Riley declined to say whether the FDA is looking into new regulations of wireless medical devices; she added that the responsibility for making the devices secure falls primarily on the manufacturer.

"The FDA shares concerns about the security and privacy of medical devices and emphasizes security as a key element of device design," she said.

Wendy Dougherty, spokeswoman for Medtronic Inc., a large maker of implantable medical devices, said the company is willing to work with the FDA to establish "formal device security guidelines."

The company is aware of potential security risks to implanted medical devices, she said. "Safety is an integral part of our design and quality process. We're constantly evolving and improving our technologies."

In a written statement, Dougherty described the risk of someone hacking into a wireless medical device as "extremely low."

Wireless connections

The security concerns stem from the fact that pacemakers, defibrillators and insulin pumps emit wireless signals, somewhat like computers.

These signals vary in range and openness. Researchers who reported hacking into a defibrillator said some in-the-body devices have a wireless range of about 15 feet.

Many devices do not have encrypted signals to ward off attack, the researchers say. Encryption is a type of signal scrambling that is, for example, employed on many home Wi-Fi routers to prevent unknown people from accessing the network.

Researchers urged people who use wireless medical devices not to panic.

While security threats to medical devices theoretically exist, there have been no documented cases of wireless attacks on medical devices, the researchers said in papers and interviews.

The real concern will come when these devices are further connected -- to phones, the Internet and other computers, said Kevin Fu, an assistant professor of computer science at the University of Massachusetts at Amherst.

"Today, there should be no reason for concern," he said.

"If I were prescribed a device by a doctor, I would certainly take it. The concern about the security of the devices is for the future."


There's some question as to why a person would hack into a pacemaker or insulin pump and how the hacker would know a person uses a medical device.

Maisel listed some possible scenarios in his New England Journal article.

"Motivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker's ego," he wrote.

Denning, from the University of Washington, said the current risk of attack is very low, but that someone could hack into a pacemaker without apparent motive.

She referenced a case from 2008 in which a hacker reportedly tried to induce seizures in epilepsy patients by putting rapidly flashing images on an online forum run by the Epilepsy Foundation.


Paul, the diabetic who is concerned about his insulin pump, said researchers face many challenges in making medical devices more secure.

Patients don't want to have to enter passwords constantly or adopt security measures that would make daily tasks inconvenient, he said.

But with cooperation and increased awareness, he said the security gap can be closed.

"It's definitely a problem, but the good thing is we have people looking at this problem now and I think we should start seeing some good solutions soon," he said.