Homeland's 'pacemaker' episode: a healthcare horror story

The public at large took an unhealthy dose of Hollywood science (fiction) back in 2012, when an episode of the popular show Homeland aired the ‘assassination’ of the US vice president by means of a hacked pacemaker.

That grizzly example may sound far-fetched, but the Wall Street Journal reported last week that a former National Security Agency official has raised fresh concerns over the cyber-safety of wearable medical devices. Glenn Watt, formerly the NSA’s deputy chief of network security research, refers to wearable devices as “a new threat axis” in a quote from the WSJ.

Though the popular media may have played a role in creating hysteria around cyber-security in healthcare, the fact remains that if change is needed, window for implementing it is getting smaller, just as the line between fact and fiction is increasingly looking blurry. At present the real Homeland Security department is reported to be looking into about two dozen instances of devices with inherent security flaws. But these kind of investigations only began about two years ago.

Earlier this year, Medical Plastics News printed an article by Alan Grau at Icon Labs, which goes into detail as to the risks and measures already present in medical device technology. One of the key risks in Alan’s report is product life cycle. Devices already in use around the world may have been designed for use for up to 20 years.

In some cases, this may be no bad thing. If a device pre-dates connectivity, it’s likely to be far less vulnerable to any kind of attack. However, newly developed device face the prospect of being outmoded in a much shorter time-frame.

Alan looks in detail at the security features in present device technology – which, in principle mirror standard blockades that you’d expect to find in your PC at home (see the table below).

However, as Alan pointed out, medical devices don’t run standard operating systems, so implementing the necessary measures is far more challenging and costly than installing a standard piece of protective software.

For the med-tech industry, impending investigations may be a tough pill to swallow. Experts have identified the difficulties and expense of implementing bulletproof security measure, and it may well present a real distraction to progress in other areas.

But if public opinion is shifting back in favour of ‘low-tech’ healthcare aids, the sector may need to react with haste.