Pacemakers: the new weapons of M2M destruction?

Last updated: 11 April 2014

After the thrilling finale to last year’s second season of Homeland, [Spoiler Alert!] it would be easy to forget the chilling events which featured on the show only a couple of weeks before, and which could have huge implications for those in the M2M industry.

In episode 10, the series’ main protagonist, Nicholas Brody, hunts down a serial number for the Vice President’s pacemaker, which is then used to execute the politician remotely. Since then, numerous sources have speculated on whether such a feat of terrorism would indeed be possible.

The Dallas News’ Health blog consulted a cardiac electrophysiologist to get his views on the subject. When asked whether the show’s plotline was plausible, the doctor’s response was a resounding ‘No’.

However, a number of security researchers would beg to differ. Barnaby Jack, of IOActive, has spoken at length with Vanity Fair about his fears over how the ‘Internet of Things’ can be easily compromised to target human lives. Jack believes this extends beyond embedded medical devices such as pacemakers, and includes everything from cars to smart energy meters.

Whatever the current reality, it is clear that linking our lives so closely with networked technology will bring with it extra risks. While there are obvious benefits of being able to remotely monitor everything from a patient’s blood sugar levels to car’s tyre pressure, these technological advances need to be approached with caution.

Stuart McClure, CTO of McAfee, has gone so far as to claim that ‘only when these embedded computers start to kill a few people… will we take it seriously’. His view that ‘we live in a reactive society’, in which both businesses and the public only sit up and take notice of a problem when something catastrophic occurs, could be said to be true of the banking industry, amongst others.

However, healthcare is a very different matter, with human lives at stake rather than bank balances. Those working with embedded medical devices must be aware of the potential security risks that they pose and consult with experts every step of the way to ensure that they are not placing their patients at risk.

M2M security for healthcare is improving rapidly. While the show featured an attack that does not exist today, we need to be proactive in building security into these devices and ensuring that only authorized users are able to access data networks connected to these types of medical devices. Today, the same security that protects the data connection of your mobile phone is being used to protect the connection these devices have to the network. But as technology progresses and more of these medical devices are accessible through a wireless connection there needs to be a proactive (rather than reactive) approach to security from the manufacturers of these devices, in line with the commitment to a duty of care that we come to expect from our healthcare professionals.