Image via Today I Found Out
Former Vice President Dick Cheney is afraid terrorists will kill him remotely by hacking his heart. Cheney explains in tonight’s 60 Minutes interview that to prevent this his doctors disabled the wireless function of his heart implant in 2007. Hacking someone’s electronic heart to kill them sounds like a movie plot—it happened in an episode of the Showtime series Homeland—but this isn’t Cheney being paranoid here. Heart devices, and other biomedical implants with wireless functions do have security risks. It’s incredibly difficult to hack them, but still possible.
Implanted defibrillators and pacemakers function by sending electric shocks to a heart that is acting irregularly, and they do this through the use of radio waves emitted by a special medical device called a “programmer” given to the patient’s doctor. In 2008, researchers found hackers could administer jolts to patient’s hearts without this programmer device.
William Maisel, a Harvard Medical School cardiologist and a co-author of the research report told the Wall Street Journal at the time "our report is a theoretical risk, not an actual risk" and that there are no known cases of this actually happening.
“To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide,” a spokesman for heart implant company Medtronic told the New York Times in a 2008 article on the same study.
The matter was more or less put to rest until Homeland Security issued a report in 2012 on the hackability of medical devices using malware to cause “mass murder.” This fear was echoed again this summer when the U.S. Food and Drug Administration (FDA) issued a warning to all medical device manufacturers, hospitals, medical device user facilities, health care technical staff, and even biomedical engineers that medical implants could indeed be hacked.
“The FDA is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack,” read the warning.
This warning was sent out in part because of the work of the late white hat hacker Barnaby Jack. Jack found he could would administer a jolt, speed up and even shut down, a pacemaker within a 50-foot radius. Jack also found vulnerabilities in implanted insulin pumps, and his discoveries led to medical device companies beefing up the security on their machines.
“If the devices can be accessed remotely, there's always a potential for abuse” Jack told VICE in an interview shortly before his death.
There is a security solution to this hacking hearts problem: last month researchers proposed using the patient’s heartbeat as a method of authentication. There has yet to be a death caused by a hacked medical implant, but Cheney, as perhaps one of the most hated men in America, is not taking any chances.