According to the Circulation Journal, 3 million people around the world have electronic pacemaker implants, with almost 600,000 new pacemakers being implanted each year. These small, yet powerful electronic devices work by normalizing irregular heartbeats for patients of arrhythmia, a heart disorder that affects the rate of one’s heartbeat. Electronic pacemakers have been used in the medical field as bionic implants for around sixty years, but as of recent, much attention has been turned to the potential of a bluetooth-connected pacemaker, which patients could monitor on their personal smartphones. To understand the significance of this medical innovation, it is important to understand how exactly a pacemaker works.
To provide an analogy, in marathon running, a pacemaker or pace-setter runs in front of the main pack of athletes for around half the race to keep them on constant pace for a desirable time. Similarly, a pacemaker implant works by sending electric shocks into one’s heart, to keep their heart beating at a regular pace. Essentially, a pacemaker is a very miniature version of the defibrillator’s often featured in films to revive characters suffering a heart attack.
In a healthy human heart, the Sinoatrial Node (pictured left) facilitates the heartbeat by sending electrical impulses to fibers throughout the heart, which causes them to contract and expand. In some cases, the Sinoatrial node ceases to work or sends impulses at an irregular rate, resulting in arrhythmia (an irregular beating of the heart). In order to correct this discrepancy in the heart’s rhythm, medical scientists invented a device that could replicate the function of the sinoatrial node — the pacemaker.
This device consists of three main parts, include a pulse generator, leads, and electrodes. Electrodes, which are electrical conductors used for contact with non-metal solids, are placed in strategic locations throughout the heart to fill the role of the Sinoatrial Node. Then, pacing leads, wires that carry electrical current to the electrodes, are led out of the heart through a vein and connect to a Pulse Generator, a device implanted beneath the patient’s skin. The purpose of the Pulse Generator is to synchronize a patient’s heartbeat to that of a healthy heart by sending electric impulses at a specific rate (specified by a doctor). Thus, the pacemaker is a crucial part of an arrhythmia patient’s life.
The surgery for a pacemaker implant requires just a few incisions and recovery time spans only about 2 weeks on average. However, the millions of pacemaker patients around the world are required to visit their clinics often for various tests, readings, and data analyses. This inconvenience has only been exacerbated by the Covid-19 pandemic, in a year where hospital checkups and travel in general is dangerous, especially for those with pre-existing conditions, such as pacemaker patients.
On the other hand, bluetooth-connected pacemakers erase the need for these visits because patients have access their pacemaker data from their fingertips on a smartphone app. Additionally, this personal monitoring is beneficial for patients, as it teaches them more about their condition. In fact, a study conducted by the Cleveland Clinic on a pacemaker monitoring app called BlueSync found that patients who monitored their pacemakers through the app had a 94.6% success rate for scheduled pacemaker data transmissions (to their clinic), while patients who required manual monitoring reflected a significantly lower success rate.
With the modernization and integration of pacemakers to the IoT, or Internet of Things, many raise the question — Can these pacemakers be hacked?
According to Forbes, the Internet of Things (IoT) includes “everything from cellphones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of.” Essentially, “if it has an on and off switch then chances are it can be a part of the IoT.” Thus, the mechanical features of the modern pacemaker, including both its electrical impulse system and bluetooth app connection capabilities, make it a part of the IoT and connects it to the almost 31 billion IoT devices in the world, an innovative and potentially dangerous change.
The medical field is no stranger to cyber-attacks through the IoT. In fact, during the WannaCry ransomware attacks of 2017, a group of hackers used an exploit method stolen from the the US National Security Administration (NSA) and interfered with over 200,000 computers, including those of the UK’s NHS (National Health Service), a government organization that oversees healthcare in the United Kingdom. The gravity of cybersecurity is greater than ever, and it is important to evaluate the possibilities of cyber attacks medical implants such as pacemakers.
First, bodily harm that hackers could produce through a cyber-attack should be considered. According to the Digitalist Magazine, we can “rest assured [that] so far they can’t short-circuit a heart.” Essentially, it is impossible, at least with existing technology, to halt or alter the function of a pacemaker. However, with the introduction of bluetooth-connected pacemaker’s, there is one way that pacemakers can potentially be hacked, through exploiting their data transmission over bluetooth. Bluetooth Pacemakers regularly transmit cardiovascular health data points to various smartphone apps operated by patients on their phones and due to this connection, there is a possibility that hackers can alter or steal the data that is transmitted. The potential side effects of such an attack include breaches of privacy, the inability to monitor one’s heart, and even falsified heart data which could prompt pacemaker patients to worry.
In short, although pacemaker hacking cannot cause bodily harm, it certainly can lead to catastrophic circumstances. As computer technology evolves, the existential threat of hacking in the medical field devices will grow in parallel. To compensate, the field of cybersecurity must also evolve, by identifying potential loopholes in the IoT and filling them. In fact, medical cybersecurity companies are beginning to pop up all around the world. In the future, branches of hospitals will be dedicated solely towards cybersecurity. The IoT is expanding at an exponential rate, as seen through the proliferation of smart homes and in order to ensure the safety of hospitals, cybersecurity experts must tackle this problem head-on.