Taking Cyber Attacks “to heart”
Recently, someone very dear to me had emergency pacemaker surgery. The successful implant changed her life and possibly may have saved it. A few days after the surgery I accompanied her to her first post surgical check up. As we waited in the exam room we reflected on how she felt prior to the surgery and what an amazing difference the pacemaker had made in her daily activities. She no longer became winded from the smallest of activities and therefore her quality of life improved dramatically. Besides some post surgical discomfort she could not believe that she now had a device implanted in her body and she now referred to herself as “the bionic woman”.
The cardiologist entered the exam room, wheeling in a cart with what appeared to be some sort of laptop. He explained that he was going to run a series of tests on the pacemaker and she should lay back on the exam table. The doctor assured her that there would be no discomfort. It is important to note that he did touch her with any sort of device or connect anything to her body. First he said, “I’m going to slow your heart down a little”. As he looked intently at his laptop screen he said things like, “OK, I’ve slowed your heart down and everything looks good, now I’m going to speed it back up a little”.
I looked with amazement at was taking place. The doctor had the ability to control her heart rate wirelessly! Being the curious geek that I am, I began asking him questions about what I was witnessing. I was astounded by this amazing technology.
After the exam the doctor advised us that “everything looked perfect and the pacemaker was functioning correctly”. Then he exited the exam room and we looked at one another with satisfaction and both breathed a sigh of relief.
A few moments later a nurse entered the room and sat behind the PC that was in the room. She appeared to be logging on but seemed frustrated after a few minutes had past. I asked, “Trouble logging on?” She replied, “it has been taking forever to do anything on this network since we were hacked a few weeks ago”. I seized the opportunity and handed her one of my business cards.
It then dawned on me… Had the cardiologists laptop ever connected, in any way, to the medical centers network? The network that had been hacked recently? This caused me great anguish and concern. Of course I didn’t express any of this to the patient lest she worry more than she already was. I began my research immediately. Implantable medical devices can, and more importantly, have been hacked. Many of these devices use old and proprietary operating systems. Some that still connect to Windows XP and Windows Server 2003: operating systems that have been long past end of life and thus extremely vulnerable.
So now my advice to anyone who will be the recipient of any implantable device is to talk to your care giver and ask pertinent questions about the security and safety of the devices and be sure to let them know that you are a well informed advocate and aware of the cyber safety concerns.