ICDs are just one increasingly popular medical gadget in a rising sea of clinical and commercial wireless health devices. Whether it is the growing suite of cardiac-monitoring devices available at home and on the go or an Apple Watch outfitted with diagnostic software, we are outsourcing more and more of our health to internet-enabled machines.
The first cardiac device I had was a pacemaker, implanted when I was nine years old. Though pacemakers and ICDs have overlapping patient demographics and are sometimes bundled in the same device, they have drastically different functions. Pacemakers help a patient’s normal heart rhythm cycle, while ICDs are tiny defibrillators meant to terminate dangerous arrhythmias and prevent cardiac arrest. In everyday life, defibrillators wait in hospitals and public spaces (gyms, churches, movie theaters) for disaster to strike — they are tools you seek out in an emergency. But an ICD brings the emergency response to you. It is watchful, an active listener. I think of a pacemaker as a heartbeat assistant; an ICD is an arrhythmia assassin.
Manufacturers like Medtronic often advise that patients keep their monitors turned on and connected so this sort of patch or upgrade can be delivered. But patches, often quietly sent to the devices, can leave patients in the dark: There is no streamlined process to let patients know when a vulnerability has been identified in their specific device or when a patch might be on its way. And researchers have argued that retroactive patches are no replacement for baked-in security. “The main concern is if vendors continuously rely on reactively resorting to pushing patches instead of securing their devices by design,” Fotis Chantzis, a security engineer who used to hack medical devices for a major health care institution and the lead author of Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things, told OneZero. “Usually these patches fix a particular vulnerability,” he continued, “but keep in mind that there is also this view of the security community that every bug can potentially be exploited given the right circumstances.”
I don’t have to do this anymore. Remote-monitoring pacemakers were first sold to the general public around 2007; currently, the industry standard for remote monitoring involves routers paired via Bluetooth to wireless-enabled cardiac devices. These routers sit in a patient’s bedroom and run constantly, pulling data at regular intervals and transmitting it straight to their doctor via the internet. No phone calls and no magnets involved. Ideally, a patient never even knows their data is being collected.
Having now lived with an ICD for more than three years and a pacemaker for the preceding 14, I understand intimately the consequences of being a body paired to the grid. If your smart fridge loses connectivity, maybe your food goes bad a few days early. But if a wireless ICD experiences a failure, the result could be lethal. I am stalked by the fear of the device misfiring and have wondered endlessly whether the documented security risks posed by these devices could end up harming me.
There are two kinds of connections involved in remote monitoring: the connection from the patient’s implanted device to the router, which is often Bluetooth, and the connection from the router back to the data portal seen by the physician, which can use anything from a home Wi-Fi network to a hardline Ethernet cable or a phone line. Manufacturers insist that these channels have now been made secure.
But as remote monitoring has become more widespread, concerns about the cybersecurity of the practice have only grown. Since 2011, the FDA has issued at least 11 warnings and many recalls on pacemakers and ICDs over concerns relating to cybersecurity and safety. This includes the 2017 notice for St. Jude devices that I found just before my surgery. The security defect affected at least a half-million patients and was ultimately resolved by a software patch sent directly to their remote monitors.
Doctors also posed a risk to my new device. During regular office checkups, ominously called “interrogations,” they would place a large magnetic wand over the pacemaker to take control of it. Between in-office interrogations, every three months, my physicians mandated that I do “home monitoring,” which involved a complicated and archaic process. I would hook myself up to a transmitter box that would screech out a dial-up tone to a stranger sitting in a call center somewhere via the receiver of a landline phone. And just like in-office interrogations, I needed to place a heavy round magnet over the device. Because a heavy magnet disrupts a pacemaker, I would sit in a wave of dizziness and nausea while a distant tech received the information. The whole process often lasted 15 or 20 minutes. When it was done, I would sit back in the kitchen chair, spent, waiting for the blood to return to my head.
For as long as I’ve had one, I’ve been acutely aware that a pacemaker is a sensitive machine and can be derailed by plenty of things: airport security; laser tag vests; the seats in 4D amusement park rides; store security towers; cellphones; and still, somehow, microwaves. All of these things could disrupt the pacemaker, reprogram it, even stop it cold. As a child in the grocery store, I ran through the theft towers quickly, like I was trying to shoplift. I sat on the sidelines while friends ripped through laser tag arenas at birthday parties. Fewer than two years into post-9/11 hysteria, I panicked as a nine-year-old when a TSA agent came toward me with a security wand. I bolted, running farther into the terminal at Boston’s Logan Airport. I only made it a few yards before I was stopped by a knee to my chest, a muscled agent pulling me to the ground. My panic had made me into an apparent security threat.
“[The benefits of remote monitoring have] been held up over the years with just being able to diagnose something early,” said Dr. Leslie Saxon, a cardiologist and electrophysiologist who runs the Center for Body Computing at the University of Southern California. In 2010, Saxon led a study in partnership with device manufacturer Boston Scientific that found improved survival rates for patients who were monitored with remote monitoring, as compared with patients who were only followed with periodic in-clinic visits. “We also learned that we could learn how to program and make these devices a lot better if we were looking at all this data all the time,” she said.
In the past 13 years, these devices have also been fully integrated into the so-called Internet of Things—millions of everyday consumer items being programmed for and connected to the internet. Once connected to the internet, the devices ease the work of physicians and hospitals, who can now manage the device and monitor the patient’s condition remotely. Patients are typically charged each time their device sends data to the hospital. Think of it as a subscription—for your heart.
Device companies and doctors are often quick to insist that the cybersecurity concern is overblown. For years, they’ve maintained that while the routers can communicate with and gather data from patient devices, they can’t actually control the devices or deliver reprogramming directives. Dr. Rob Kowal, chief medical officer for cardiac rhythm and heart failure at Medtronic, told OneZero, “[Remote programming is] not possible,” at least with his company’s current home routers.
But many related FDA warnings have warned that hackers could, in fact, assume control and reprogram a patient’s device. Researchers and white hat hackers have demonstrated that the connections from the device to the router and from the router to the data portal are exploitable. Hackers have made headlines over the past decade-plus by exposing vulnerabilities in pacemakers and ICDs from every major developer, including St. Jude’s (now Abbott), Medtronic, and Boston Scientific.
Clinically, the benefits of remote monitoring are twofold: The patient doesn’t have to enter a medical setting to be monitored, which reduces the likelihood of iatrogenic disease — illness caused by the interference of the medical system. At the same time, doctors get more data than they’ve ever had access to, allowing them, ideally, a window to disease prevention. (I, along with many other patients, take issue with the second proposition, given that we cannot access our own data; there’s a substantial activist movement toward data liberation that includes cardiac patients who have fought for more than a decade to gain access to the information generated by wireless-enabled pacemakers and ICDs.)
- Get latest and updated exam material from mockdumps with passing guarantee in first try. We provide 24/7 customer support to our honorable students
- Mock4Solutions assure your success in every exam in first attempt. 100% verified study ... Search your exam with the help of Mock4Solutions