Over 90 Total Lots Up For Auction at One Location - WA 04/08

ACC outlines how to prevent cardiac device hacking in new paper

by Lauren Dubinsky, Senior Reporter | February 23, 2018
Cardiology Risk Management
Better safe than sorry
Computers are not the only health care systems that are vulnerable to cybersecurity attacks – cardiovascular implantable electronic devices are as well, according to a paper recently published in the Journal of the American College of Cardiology.

“True cybersecurity begins at the point of designing protected software from the outset, and requires the integration of multiple stakeholders, including software experts, security experts and medical advisers,” Dr. Dhanunjaya R. Lakkireddy, professor of medicine at the University of Kansas Hospital and corresponding author of the paper, said in a statement.

To date, there haven’t been any clinical reports of malicious or unintended hacking or malware attacks that affected cardiac devices like pacemakers and implantable cardioverter-defibrillators (ICDs). The chance that a sole hacker could interfere with these devices to target a specific patient is very low.

However, in response to recent reports have brought the possibility of hacking cardiac devices to light, ACR’s Electrophysiology Council outlined the potential dangers associated with this and potential ways to prevent it.

The motive for a malicious cyberattack could involve political, social, financial or personal factors. The hacker can deactivate features, alter programming and delay or interfere with communications between health care providers and the patients’ devices.

In the case of a pacemaker, the hacker could deplete the battery or cause the device to over-sense, which could inhibit pacing or lead to life-threatening shocks. For patients with ICDs, hackers could interfere with wireless communications so that any clinically important events would go undetected.

The council recommends that cybersecurity should be a priority in both the pre- and postmarket testing phases. Strong postmarket process also should be in place to monitor the environment for new vulnerabilities, and firmware may be useful for potentially vulnerable devices.

In addition, physicians need to be informed about the documented and potential cybersecurity risks associated with these devices. To do that, systems that quickly relay these updates to the clinical team have to be put in place.

The council noted that there currently isn’t a need for enhanced monitoring or elective device replacements.

You Must Be Logged In To Post A Comment