A personal account by former Vice President Dick Cheney appears to have brought further credence to hacking concerns about implanted medical devices.
On Sunday, Cheney revealed that during his term as VP, his heart defibrillator's wireless feature was disabled for fear of an assassination attempt via a “terrorist” hack.
Dr. Sanjay Gupta interviewed Cheney, who appeared on 60 Minutes (video) along with his longtime cardiologist Dr. Jonathan Reiner.
Cheney's handlers believed that a saboteur could kill him by sending a signal to the wireless heart device, “telling it to shock his heart into cardiac arrest,” Gupta revealed during the episode.
During the interview, Reiner also weighed in on the decision in 2007 to take additional security measures.
“It seemed to me to be a bad idea for the vice president of the United States to have a device that maybe somebody on a rope line or in the next hotel room or downstairs might be able to get into, hack into,” Reiner said, before addressing Cheney. “And I worried that someone could kill you," he added.
Cheney attested that the heavily discussed television episode of Homeland, in which a fictional vice president's pacemaker is hacked as part of a fatal terrorist plot, was “an accurate portrayal” of something that could actually happen.
Researchers like Jay Radcliffe, of Washington, D.C.-firm InGuardians, and the late Barnaby Jack, have demonstrated just how vulnerable medical devices are to attacks at various hacking conferences.
And more recently, the Center for Internet Security (CIS), a New York-based nonprofit focused on improving organizations' cyber security readiness, recently launched an effort to develop the first security control guidelines for internet-enabled medical devices.
On Monday, Will Pelgrin, CEO of CIS, told SCMagazine.com that Cheney's revelations bring an “additional reality” to the need to provide overarching security guidance for medical device manufacturers, health care entities and security experts.
“What we want to do is marry the manufacturers' understanding of those devices – making sure they don't lose any of their functionality… while at the same time making sure they are as secure as they can be,” Pelgrin said.
So far, Albany Medical Center in New York has joined the effort, called the CIS Medical Device Security Benchmark Initiative, along with nonprofits, which include the Medical Device Innovation, Safety and Security Consortium (MDISS).
Within the next few weeks, CIS plans to hold a webcast (time TBA) discussing the next steps of the initiative.