Advertisement

Dick Cheney Feared his Heart Device maybe Hacked by Terrorists

Former U.S Vice President Dick Cheney has struggled with coronary disease since his first heart attack in 1978 , at age 37 years.  He had two more heart attacks while in Congress, in 1984 and 1988 and suffered another in 2000 as well as another in 2010.

Dick Cheneys’ doctors replaced an implanted defibrillator near his heart in 2007.

This device can detect irregular heartbeats and control them with electrical jolts.  His cardiologist Johnathan Reiner

 Turned off the device’s wireless function,

In case a terrorist tried to send his heart a fatal shock.

In 2001, doctors implanted a monitoring device to keep track of Cheney’s heart rhythm and slow it down if necessary.

The susceptibility of the implant being hacked into by terrorists is largely due to the its wireless communications abilities. Dick Cheney is well known for his tough-minded views of national security & related issues. He advised “I was aware of the danger… that existed… I found it credible.”

A Heart Device Is Found Vulnerable to
Hacker Attacks

(New York Times 2008)

To the long list of objects vulnerable to attack by computer hackers, add the human heart.

The threat seems largely theoretical. But a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.

They were able to: 

  • Reprogram it to shut down
  • To deliver jolts of electricity that would potentially be fatal — if the device had been in a person. In this case, the researchers were hacking into a device in a laboratory.
  • Gather personal patient data by eavesdropping on signals from the tiny wireless radio transmitter that was embedded in the implant as a way to let doctors monitor and adjust it without surgery. More… 

 

 Advertisement

It sounds like a scenario out of a James Bond movie: a villain spots his quarry and uses a small device to hack into the official’s heart defibrillator, sending a signal for mayhem.

There’s chest grabbing, and a collapse, and alarms, but the bad guy walks free because there’s no gun, knife, poison dart – no evidence at all a murder has been committed.

According to a recent report by the Government Accountability Office (GAO), a non-partisan agency that works for Congress, not only is such a scenario possible, there’s a growing danger that grandpa’s heart rhythm device, or, say, a child’s insulin pump – any implantable device that can be accessed remotely, could be susceptible to hacking.

FDA Alert 13 June 2013

FDA announces electronic medical devices can be hacked into…

The FDA is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks. More

NOTE: It has been well known for many years that wireless networks can be hacked into, so one has to ask ‘why has it taken the FDA so long to even do a recommendation?”  It’s also interesting that this is only a recommendation.   At time of writing (2013) I haven’t seen any laws making it mandatory for these safety measures to be put in place.

History shows us – Money & Profit has Come Before Safety Before

   As previous warnings have been ignored:

 

Coupled with security and privacy concerns then, the long-term commercial viability for  humancentric applications of RFID is questionable.

In the short- to medium-term, adoption of humancentric RFID technology and use of related applications will be hindered by a lack of infrastructure, a lack of standards, not only as to interoperability but also as to support for service and transponder placement, and the lack of response from developers and regulators to mounting ethical dilemmas.

The U.S. Federal Drug Administration regulates the sale of medical devices, but not their use, which could lead to breaches, DHS reported.

“The expanded use of wireless technology on the enterprise  network of medical facilities and the wireless utilization of MDs opens up both new opportunities & new vulnerabilities to patients and medical facilities,” the bulletin from the DHS’ National   Cybersecurity and Communications Integration Center stated.

“Smartphones with poorly designed security protections are frequently connected to medical IT networks and provide a new vector for malware transmission,” DHS reported.

Although many claim they are putting methods in place to stop these implants from being hacked into – There is nothing as yet, forcing them to do so.

It is well known that hackers will keep trying to hack no matter what safety measures are applied.

Hacker dies days before he was to reveal how to…
Remotely Kill Pacemaker Patients

(RT News July 2013)

Security researcher Barnaby Jack has passed away in San Francisco, only days before a scheduled appearance at a Las Vegas hacker conference where he intended to show how an ordinary pacemaker could be compromised in order to kill a man from a remote distance. More…

Please Note: This clip advises they have no knowledge or reports of medical devices being hacked into. This does not mean it hasn’t happened.

One would expect it to be hard to prove if a shock was sent to a heart (via wireless technology) to a defibrillator/pacemaker.

This highlights the fact that laws need to be put in place for manufacturers to apply cyber-security to all medical devices. Measures to detect such cyber attacks also need to be applied.

Article written by Wen Dee:

SUBSCRIBE to Zip Zap Insights – Latest Articles

 Advertisement
Sources