Could new and evolving heart monitoring technology that transmits data about a patient’s cardiac functions be vulnerable to cyber attacks that threaten the patient’s well-being?
The answer is a qualified "maybe," according to some experts, who add that the security risks increase dramatically as these patient telemetry systems become more widely used, more complex and acquire additional capabilities and modes of transmission.
To understand how much is at stake, consider the recent announcement by Mark McClellan, administrator of the Centers for Medicare and Medicaid Services, that his agency will greatly expand Medicare coverage for implantable cardioverter-defibrillators (ICDs) to hundreds of thousands of elderly and disabled people.
"This policy change may increase the number of Medicare beneficiaries who are eligible for an ICD, to more than 500,000, two to three times the number who are currently eligible," McClellan wrote in an article for the Jan. 20 issue of the New England Journal of Medicine.
Or imagine a military field hospital in which the basic heart functions of dozens of wounded soldiers are simultaneously monitored in real time and transmitted by a device attached to each patient to a centralized monitoring station using wireless fidelity, or WiFi, technology.
Or picture a patient with an ICD that permits the patient to transmit his or her heart function data remotely to a physician via the telephone. Better yet, how about an ICD that automatically detects problems and sends the doctor a fax or e-mail alert?
Or ratchet it way up and consider the possibility that, the next time he goes in for surgery to replace his current ICD, Vice President Dick Cheney upgrades to an implanted device that automatically transmits data to his cardiologist and permits the physician to remotely tweak the Veep’s ticker.
All but the Cheney scenario describe currently available technology, and most experts predict that the latter is not too far off. And with each scenario comes various risks, both to the data gathered and transmitted by the devices, as well as to the patient using the technology.
"With a device that transmits information outward, I don’t have that much problem with it. They’ve been doing the same thing for a number of years using wire line," says Phil Jensen, product marketing manager for Checkpoint Software Technologies Ltd., a Redwood City, CA-based firm specializing in virtual private networks and firewall solutions. "Now, it is just a little more automatic."
But security becomes a far more serious issue if the device which transmits heart data is capable of receiving commands remotely, says Jensen.
"Where it gets scary is the next step -- where that heart device, or any medical device, starts accepting information as well as sending out information," he says. "A lot of the [cyber] attacks that come out are just indiscriminate about what they are targeting. Once they are out there, they don’t really care if it’s a home computer or a corporate computer, and they’re not going to worry if this is a problem with somebody’s pacemaker."
For the rich and powerful who might be wearing them, there is a special cause for concern about these as-yet theoretical, remotely programmable implanted heart devices -- which some firms reportedly are developing , Jensen says.
"Once you have all these devices accepting information, then it becomes very vital that you protect that information," he explains. "That does bring up issues for the high-profile clients who are using it, such as the vice president of the United States."
HIPAA and WiFi Security Standards
In general, cardiac telemetry systems seem to have four basic elements:
* A sensor device, either external or implanted, which monitors and captures various data from the patient’s heart.
* A monitoring device that receives the data from the sensor and transmits it to a remote recipient. Currently, cellular and land-line telephones seem to be preferred methods for longer distance data transmission, while WiFi may serve for transmission to a local monitoring station.
* An intermediary monitoring service often receives and stores the patient data in a secure server.
* Finally, the physician, nurse or other caregiver may use an electronic device — a cell phone, a personal computer, or even a personal digital assistant — to download the patient data from the server, either via the Internet or an in-house network connection. In some cases, the data may even arrive as a message on the physician’s office fax machine.
Several such remote monitoring systems are currently manufactured by a variety of medical technology firms, including Indianapolis, IN-based Guidant Corp., Minneapolis, MN-based Medtronic, Inc. and Skaneateles Falls, NY-based Welch Allyn, Inc..
Some industry officials acknowledge that their firms have focused more on patient safety rather than securing the telemetry of their products, and rightly so. Manufacturers must produce devices that are safe for use by patients. But these firms insist they also have equipped their devices with a reasonable level of security as a result of a patient information privacy law known as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
Medical technology firms have had to build security into their patient telemetry products to meet the HIPAA needs of their healthcare clients, who are obligated to protect patient information, says Jim Welch, vice president of Welch Allyn.
"Those providers, which are the insurance companies and health care providers — physicians, hospitals, etc., must ensure that diagnostic data used to treat a patient is safe and secure. Those entities, in turn, look to the suppliers to provide levels of security for these devices," says Welch. "You can equate privacy to security."
Although he cited no federal regulation mandating specific cyber security measures for patient telemetry devices, Welch says information security analysis is implied in the Food and Drug Administration’s approval process for bringing new medical devices to market.
"The FDA requires us to think about that," says Welch. "Companies like ours do very thorough hazard analysis. So we actually try to anticipate what is the worst that can happen."
Welch also emphasized that his and other firms’ remote cardiac telemetry devices are built to the WiFi standards crafted by the Institute of Electrical and Electronics Engineers.
"Data security and encryption is now built into the wireless standard," he says. "Even the standards bodies are embedding security right in the WiFi suite of standards. Not only can you not get access to the patient name, but you also can’t get access to the data."
In cases requiring enhanced security, technology firms can build in additional security measures for their devices, such as secure sockets layer connections, virtual private networks and higher-level encryption, he says.
Despite all of these security options, a skilled and determined hacker could still intercept a patient’s telemetry, says Welch, who adds, "It would be extraordinarily difficult for a hostile entity to gain access to the patient data."
So how soon before the first system for remotely programming a cardiac pacer or defibrillator is unveiled? Several medical device experts agree that the answer is "soon."
"The technology really is there to do that today. There’s nothing that would have to be invented for people to do that," says Charles Sidebottom, an engineer and director of corporate standards for Medtronics.
David Stern, president and CEO of Atlanta, GA-based medical device firm CardioMEMS, Inc. agrees.
"They keep building sensors to cars. They just keep adding all these sensors and they have an onboard computer and it makes all these adjustments to optimize performance and it’s the same with your heart," says Stern, whose firm is developing a tiny implanted wireless sensor to measure pressure within the aneurysm sac of heart patients.
He predicted that remote heart device programming systems will become so advanced that some day computers, rather than physicians, will be capable of doing the tweaking.
"Everything is moving in the direction where the next step is two-way communications. The last step is internal communications where you take everyone out of the communications," he says.
www.gsnmagazine.com/feb_05_02/hackers_monitors.htmlE-mail this article