Željko Ferenčić MD
Željko Ferenčić MD

After he was suffering a sustained (really unpleasant) atrial fibrillation, the cardiologists decided to implant him a device called Implantable Cardioverter Defibrillator (ICD). Of course, the dinner menu was composed of mediterranean food and we cheered with red wine (hoping to boost our hearts and blood vessels with tomato’s lycopene and red wine’s resveratrol).

Enjoying the post-dinner cognac (a well-known vasodilator and blood pressure lowering agent) we turned our discussion towards his new corpus alienum, the ICD. After we agreed that his device is duly programmed and working properly he admitted some concerns about the possibility of hacking the ICD. When he was discharged from the hospital, the only information he obtained was about taking care at airport security control. As he is partially involved in IT business, I was carefully listening because his concern was on a steady ground.

Wirelessly reprogrammable implantable medical devices such as pacemakers, implantable cardioverter defibrillators, neurostimulators, and implantable drug pumps use built-in computers and radios to monitor chronic disorders and treat patients with automatic therapies. For instance, an ICD that senses a chaotic or rapid heartbeat can administer an electrical shock to restore a normal heart rhythm, then later report this event to a health care practitioner who uses a commercial device programmer with wireless capabilities to extract data from the ICD or modify its settings without surgery.

Although these IT advances bring great clinical benefits to patients, new security and privacy threats also emerge, especially due to the wireless communication between these devices. The wireless channels can be hacked to learn sensitive patient information, or even worse, send malicious messages to the ICD. The consequences of these attacks can be fatal for patients as these messages can contain instructions to deliver a shock or to disable a therapy. (A comprehensive study on this topic:  Eduard Marin Fabregas “Security analysis of an implantable cardioverter defibrillator” Master of Science Thesis, University of Leuven, Academic year 2012/2013).

The AACI International AccreditationStandard (http://aacihealthcare.com/services/accreditation/) addresses the confidentiality of patient records in three major points:

  1. The healthcare organisation shall ensure the confidentiality of patient records.
  2. The healthcare organisation has sufficient safeguards to ensure that access to all information regarding patients is limited to those individuals designated by law, regulation, and policy; or duly authorised as having a need to know.
  3. Healthcare organisation staff and consultants, hired to provide services to the individual, should have access to only that portion of information that is necessary to provide effective responsive services to that individual.

Obviously, the new technologies are running in front of our established ideas about patients’ records, information and confidentiality and too little attention was being paid to security in the growing number of medical implants being equipped with communications capabilities. The patients’ records, printouts, pictures, and archives are nowadays not the only data which has to be safeguarded. Moreover, the patient with these implantable devices should be informed of all the threats connected with their device. A better understanding of new technologies and better communication between the medical practitioner and the patient can mitigate the potential risk in such situations.