Cybersecurity for Cardiac Implantable Electronic Devices: What Should You Know?

doi:10.1016/j.jacc.2018.01.023

Review

. 2018 Mar 20;71(11):1284-1288.

doi: 10.1016/j.jacc.2018.01.023. Epub 2018 Feb 20.

Cybersecurity for Cardiac Implantable Electronic Devices: What Should You Know?

Adrian Baranchuk¹, Marwan M Refaat², Kristen K Patton³, Mina K Chung⁴, Kousik Krishnan⁵, Valentina Kutyifa⁶, Gaurav Upadhyay⁷, John D Fisher⁸, Dhanunjaya R Lakkireddy⁹; American College of Cardiology’s Electrophysiology Section Leadership

Affiliations

¹ Electrophysiology Section, Division of Cardiology, Queen's University, Kingston, Ontario, Canada.
² Electrophysiology Section, Division of Cardiology, American University of Beirut, Beirut, Lebanon.
³ Electrophysiology Section, Division of Cardiology, University of Washington, Seattle, Washington.
⁴ Electrophysiology Section, Division of Cardiology, Department of Cardiovascular Medicine, Heart & Vascular Institute, Cleveland Clinic, Cleveland, Ohio.
⁵ Electrophysiology Section, Division of Cardiology, Rush University Medical Center, Chicago, Illinois.
⁶ Electrophysiology Section, Division of Cardiology, University of Rochester Medical Center, Rochester, New York.
⁷ Electrophysiology Section, Division of Cardiology, University of Chicago, Chicago, Illinois.
⁸ Electrophysiology Section, Division of Cardiology, Albert Einstein College of Medicine, New York, New York.
⁹ Electrophysiology Section, Division of Cardiology, University of Kansas, Kansas City, Kansas. Electronic address: dlakkireddy@kumc.edu.

PMID: 29475627
PMCID: PMC8418792
DOI: 10.1016/j.jacc.2018.01.023

Review

Cybersecurity for Cardiac Implantable Electronic Devices: What Should You Know?

Adrian Baranchuk et al. J Am Coll Cardiol. 2018.

. 2018 Mar 20;71(11):1284-1288.

doi: 10.1016/j.jacc.2018.01.023. Epub 2018 Feb 20.

Authors

Affiliations

¹ Electrophysiology Section, Division of Cardiology, Queen's University, Kingston, Ontario, Canada.
² Electrophysiology Section, Division of Cardiology, American University of Beirut, Beirut, Lebanon.
³ Electrophysiology Section, Division of Cardiology, University of Washington, Seattle, Washington.
⁴ Electrophysiology Section, Division of Cardiology, Department of Cardiovascular Medicine, Heart & Vascular Institute, Cleveland Clinic, Cleveland, Ohio.
⁵ Electrophysiology Section, Division of Cardiology, Rush University Medical Center, Chicago, Illinois.
⁶ Electrophysiology Section, Division of Cardiology, University of Rochester Medical Center, Rochester, New York.
⁷ Electrophysiology Section, Division of Cardiology, University of Chicago, Chicago, Illinois.
⁸ Electrophysiology Section, Division of Cardiology, Albert Einstein College of Medicine, New York, New York.
⁹ Electrophysiology Section, Division of Cardiology, University of Kansas, Kansas City, Kansas. Electronic address: dlakkireddy@kumc.edu.

PMID: 29475627
PMCID: PMC8418792
DOI: 10.1016/j.jacc.2018.01.023

Abstract

Medical devices have been targets of hacking for over a decade, and this cybersecurity issue has affected many types of medical devices. Lately, the potential for hacking of cardiac devices (pacemakers and defibrillators) claimed the attention of the media, patients, and health care providers. This is a burgeoning problem that our newly electronically connected world faces. In this paper from the Electrophysiology Section Council, we briefly discuss various aspects of this relatively new threat in light of recent incidents involving the potential for hacking of cardiac devices. We explore the possible risks for the patients and the effect of device reconfiguration in an attempt to thwart cybersecurity threats. We provide an outline of what can be done to improve cybersecurity from the standpoint of the manufacturer, government, professional societies, physician, and patient.

Keywords: cardiac implantable electronic devices; cybersecurity; hacking; remote monitoring.

PubMed Disclaimer

Figures

**CENTRAL ILLUSTRATION. Interaction Amongst Various Stake Holders in Addressing the Cybersecurity Issue**
CIED = cardiovascular implantable electronic device; FDA = Food and Drug Administration.

See this image and copyright information in PMC

Comment in

Digital Defenses for Hacked Hearts: Why Software Patching Can Save Lives.
Tully J, Jarrett M, Savage S, Corman J, Dameff C. Tully J, et al. J Am Coll Cardiol. 2018 Jul 3;72(1):126-127. doi: 10.1016/j.jacc.2018.03.540. J Am Coll Cardiol. 2018. PMID: 29957225 No abstract available.
Reply: Cyberattacks and Cardiac Devices: Firmware Patches Are Not Vaccinations!
Baranchuk A, Refaat MM, Chung MK, Fisher JD, Lakkireddy D. Baranchuk A, et al. J Am Coll Cardiol. 2018 Jul 3;72(1):127-128. doi: 10.1016/j.jacc.2018.05.003. J Am Coll Cardiol. 2018. PMID: 29957226 No abstract available.

Cited by

Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic Review.
Ewoh P, Vartiainen T. Ewoh P, et al. J Med Internet Res. 2024 May 31;26:e46904. doi: 10.2196/46904. J Med Internet Res. 2024. PMID: 38820579 Free PMC article. Review.
Patient informed consent, ethical and legal considerations in the context of digital vulnerability with smart, cardiac implantable electronic devices.
Torgersen LNS, Schulz SM, Lugo RG, Sütterlin S. Torgersen LNS, et al. PLOS Digit Health. 2024 May 23;3(5):e0000507. doi: 10.1371/journal.pdig.0000507. eCollection 2024 May. PLOS Digit Health. 2024. PMID: 38781144 Free PMC article. Review.
Cyberattaques contre les systèmes d’information de santé au Canada.
Harish V, Ackery A, Grant K, Jamieson T, Mehta S. Harish V, et al. CMAJ. 2024 Feb 19;196(6):E198-E205. doi: 10.1503/cmaj.230436-f. CMAJ. 2024. PMID: 38378216 Free PMC article. French. No abstract available.
Reducing inappropriate and unnecessary implantable cardioverter-defibrillator therapy: Is patient confirmation via a mobile application the solution?
Noordman ABP, Rienstra M, Blaauw Y, Tieleman R, Maass AH. Noordman ABP, et al. Heart Rhythm O2. 2023 Nov 10;4(12):815-819. doi: 10.1016/j.hroo.2023.11.004. eCollection 2023 Dec. Heart Rhythm O2. 2023. PMID: 38204464 Free PMC article. No abstract available.
Cyberattacks on Canadian health information systems.
Harish V, Ackery A, Grant K, Jamieson T, Mehta S. Harish V, et al. CMAJ. 2023 Nov 20;195(45):E1548-E1554. doi: 10.1503/cmaj.230436. CMAJ. 2023. PMID: 37984938 Free PMC article. No abstract available.

See all "Cited by" articles

References

1. Williams PA, Woodward AJ. Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med Devices (Auckl) 2015;8:305–16. - PMC - PubMed
1. Clery D The privacy arms race. Could your pacemaker be hackable? Science 2015; 347:499. - PubMed
1. Lewis JA. Cybersecurity and critical infrastructure protection. 2006. Available at: http://cip.management.dal.ca/publications/Cybersecurity%20and%20Critical....AccessedSeptember 3, 2017.
1. Takahashi D Insulin pump hacker says vendor Medtronic is ignoring security risk. Available at: https://venturebeat.com/2011/08/25/insulin-pump-hacker-says-vendor-medtr....AccessedSeptember 3, 2017.
1. Rockoff JD. J&J warns insulin pump vulnerable to cyber hacking. The Wall Street Journal. Available at: https://www.wsj.com/articles/j-j-warns-insulin-pump-vulnerable-to-cyber-....AccessedSeptember 3, 2017.

Publication types

Actions

MeSH terms

Actions
Actions
Actions
Actions
Actions

Grants and funding

R01 HL111314/HL/NHLBI NIH HHS/United States

LinkOut - more resources

Full Text Sources
Other Literature Sources
- scite Smart Citations
Medical
- MedlinePlus Health Information

[1] Williams PA, Woodward AJ. Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med Devices (Auckl) 2015;8:305–16. - PMC - PubMed

[2] Williams PA, Woodward AJ. Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med Devices (Auckl) 2015;8:305–16. - PMC - PubMed

[3] Clery D The privacy arms race. Could your pacemaker be hackable? Science 2015; 347:499. - PubMed

[4] Clery D The privacy arms race. Could your pacemaker be hackable? Science 2015; 347:499. - PubMed

[5] Lewis JA. Cybersecurity and critical infrastructure protection. 2006. Available at: http://cip.management.dal.ca/publications/Cybersecurity%20and%20Critical....AccessedSeptember 3, 2017.

[6] Lewis JA. Cybersecurity and critical infrastructure protection. 2006. Available at: http://cip.management.dal.ca/publications/Cybersecurity%20and%20Critical....AccessedSeptember 3, 2017.

[7] Takahashi D Insulin pump hacker says vendor Medtronic is ignoring security risk. Available at: https://venturebeat.com/2011/08/25/insulin-pump-hacker-says-vendor-medtr....AccessedSeptember 3, 2017.

[8] Takahashi D Insulin pump hacker says vendor Medtronic is ignoring security risk. Available at: https://venturebeat.com/2011/08/25/insulin-pump-hacker-says-vendor-medtr....AccessedSeptember 3, 2017.

[9] Rockoff JD. J&J warns insulin pump vulnerable to cyber hacking. The Wall Street Journal. Available at: https://www.wsj.com/articles/j-j-warns-insulin-pump-vulnerable-to-cyber-....AccessedSeptember 3, 2017.

[10] Rockoff JD. J&J warns insulin pump vulnerable to cyber hacking. The Wall Street Journal. Available at: https://www.wsj.com/articles/j-j-warns-insulin-pump-vulnerable-to-cyber-....AccessedSeptember 3, 2017.

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Cybersecurity for Cardiac Implantable Electronic Devices: What Should You Know?

Affiliations

Cybersecurity for Cardiac Implantable Electronic Devices: What Should You Know?

Authors

Affiliations

Abstract

Figures

Comment in

Similar articles

Cited by

References

Publication types

MeSH terms

Grants and funding

LinkOut - more resources

Full Text Sources

Other Literature Sources

Medical