Recently, there have been news articles describing how people have managed to hack implanted pacemakers and infusion pumps. The pacemaker article told how students at the University of South Alabama had managed to hack a pacemaker and alter its functions causing it to deliver fatal doses of energy. This, of course, would be very disturbing news to anyone with an implanted pacemaker. Investigation of the article revealed, however, that the pacemaker had not actually been hacked. It turns out that the “hacked” pacemaker was located inside a patient simulation mannequin and the students had managed to hack into the mannequin’s controls. This, in turn, enabled them to alter the pacemaker.
In the case of the infusion pumps, initial news reports showed how hackers were able to gain wireless access to infusion pumps and change their flow rates. The reports gave the appearance that hackers could easily change flow rates and administer fatal doses to hospitalized patients. This could cause alarming problems for hospitals whose caregivers rely heavily on infusion pumps to administer IV fluids and sophisticated medication. Further investigation, however, showed that the pumps had not truly been hacked. The hackers in question had previous physical access to the pump where they modified the firmware, which then gave them the ability to gain wireless access the controls.
While we must always be aware of the potential vulnerabilities of medical devices, we must also be equally vigilant to the presence of news articles that are misleading or poorly researched. This is especially true with news that we receive over the internet where there is so much information that lacks proper validation. Also, internet articles can be rapidly reproduced and quickly appear on multiple websites which tends to give them credibility. In the worst case, they can eventually become topics on the nightly TV news reports causing undue concern in the community at large.
We play an important role in assuring caregivers and patients that the devices they use are safe and operate according to specification. We also have a responsibility to prevent caregivers, patients and the public from worrying needlessly about the safety of these devices especially when the internet and other media report unsubstantiated information. One of the things that we can to minimize the impact of these stories is to bring misleading information to people’s attention to prevent them from worrying or demanding extra security measures. We also need to be certain that we are not part of the problem and avoid disseminating these reports without first questioning their legitimacy. We can take advantage of websites like MedWrench and ECRI’s Biomedtalk and rely on one another to openly discuss and attempt to determine the validity of these stories. This is an area where we have a professional obligation to become the voice of reason.