Cybersecurity For CIEDs: What Should You Know?

The potential for hacking cardiovascular implantable electronic devices (CIEDs) such as pacemakers and defibrillators may be a growing problem for patients and health care providers, according to an article by ACC's Electrophysiology Section Council published Feb. 20 in the Journal of the American College of Cardiology.

Adrian M. Baranchuk, MD, FACC, et al., examine the risk of hacking cardiac devices and provide an outline of what can be done to improve cybersecurity from the standpoint of manufacturers, government and professional societies, and physicians and patients.

The authors point out that as wireless communication between health care providers and patients' devices has enhanced, so has the possibility of manipulating normal interactions such as deactivating features; delaying, interfering or interrupting communications; and altering programming. These manipulations could be of major harm to patients and a risk to clinical care.

For example, in pacemakers, patient safety issues can come from oversensing or sudden battery depletion, the authors explain. Just like other causes of electromagnetic interference, the detection of signals of non-cardiac origin may prevent pacing, causing for prolonged periods of asystole with the risk of syncope or sudden death.

As new cyber vulnerabilities quickly emerge, the authors note that cybersecurity needs should be addressed during product testing both pre- and post-market to ensure a safe system. Other options to improve cybersecurity include using a protective software such as firmware, which is embedded in the hardware of devices, and remote monitoring or interrogation of all tele-monitored devices.

In addition, the authors suggest that physicians who manage CIEDs should be aware of both documented and possible cybersecurity risks, and engage patients in conversation and shared decision-making. Clinics and hospitals should also review security updates and keep track of any issues at hand.

While it is important to stay alert, the Council states that no enhanced monitoring or elective device replacement is necessary at this point, and there is currently no evidence that a CIED can be reprogramed.

"The possible future impact of this issue is immense," the authors conclude. "The FDA, manufacturers and professional societies like the [ACC] and Heart Rhythm Society are actively participating in larger conversations regarding overall risks, and how to best protect patients and provide the most effective care."

Keywords: Patient Safety, Physicians, Computer Security, Risk, Syncope, Defibrillators, Death, Sudden, Government, Decision Making, Heart Arrest, Electromagnetic Phenomena, Software, Pacemaker, Artificial, Electrophysiology


< Back to Listings