It seems like a scenario from a bad spy movie: someone hacking a medical device like an insulin pump or pacemaker and control it at his will. Unfortunately, this is all but possible.

There are currently millions of people fitted with various electronic devices, some of which we’ve featured here on ZME Science. These range from smart regulatory devices that adjust things like heart beats or deliver drugs to simple tiny monitoring devices, that feedback data in real time and can provide valuable info otherwise unavailable.

A tiny, self-propelled medical device that would be wirelessly powered from outside the body, enabling devices small enough to move through the bloodstream. (c) Stanford University

However, scientists and government offices paid little attention to cyber attacks on such devices, either because they couldn’t believe something like this would be possible or simply because the technology employed today doesn’t allow for fitting cyber protection. Energy consumption is one of the biggest concern  when designing such tiny medical implants, and factor of the matter is battery life can only allow for so few processes. On top of that, it’s not like you can update your firmware on your pacemaker. An update signifies surgery.

The first signs that hinted towards the idea of cyber threats to medical implants as a genuine possibility came in 2008 when academic researchers demonstrated an attack that allowed them to intercept medical information from implantable cardiac devices and pacemakers and to cause them to turn off or issue life-threatening electrical shocks. Back then it would’ve cost thousands of dollars for a hacker to afford the necessary equipment to intercept a transmitter, but today you can do it just as well with only $20 using an Arduino module.

A McAfee security analyst demonstrated in July that he could scan and identify insulin pumps that communicate wirelessly and have any such pump immediately dump all its contents within a range of 300 feet. The same security analyst showed at a conference how he reverse engineered a pacemaker and could deliver an 830-volt shock to a person’s device from 50 feet away. Now that’s an assassination.

Indeed many companies took notice of this and haven’t taken the issue lightly. Noise shields or biometric heartbeat sensors to allow devices within a body to communicate with each other, keeping out intruding devices and signals. Governments are looking to staple regulations designed to protect patients from cyber attacks, and have future implants meet a certain anti-malware criteria. Still, it seems like the enforcing bodies are trailing behind the fast expanding branch of medical cyber-crime. I recommend you read more on the subject at these editorials from Fast Company and Singularity Hub.

If you have an electronic medical implant currently in your body or are considering one, please don’t be startled. There has been no reported actual attack on a person so far, so no one was injured let alone killed by hacking his medical device, despite being possible.