Nav: Home

Staying a heartbeat ahead of hackers

March 08, 2017

Nearly a million new forms of malware are unleashed on the world every day. Manufacturers of software for smartphones, laptops and security cameras, as well as banks, retailers and government agencies, release upgrades frequently to try to protect customers and assets.

Yet the millions of people with implanted medical devices typically never receive software upgrades to address security vulnerabilities for the gadgets in their bodies.

"It used to be we only had to worry about breaches of our computers and smartphones," said Roman Lysecky, an associate professor in the University of Arizona Department of Electrical and Computer Engineering. "Industry analysts predict that by 2020 most of the 20 billion electronic devices on the market will be interconnected -- and millions of these will be implantable medical devices."

Like other modern electronics, implantable medical devices are connected through the internet or wireless technologies. They include cardiac pacemakers and defibrillators for people with arrhythmia, insulin pumps for people with diabetes and brain neurostimulators for people with Parkinson's disease.

Many IMDs have sensors to monitor vital signs such as heart rate and transmit data to healthcare providers' computers in real time. Doctors can evaluate patients remotely and, with a few simple adjustments, improve their conditions or even save their lives.

But along with their benefits, IMDs pose risks.

Hackers who gain access to confidential patient information could use malware as "ransomware." Worse, they could put a patient with an implanted cardiac pacemaker -- there are more than 225,000 such people in the United States alone - into cardiac arrest.

"This hasn't happened yet to our knowledge," said Lysecky, an expert in connected, or embedded, electronic systems who is leading two federally funded projects to reduce cybersecurity risks in pacemakers and other biomedical devices. "But security researchers have proved it is possible."

Good Timing

Lysecky is pioneering technologies to enable IMDs to detect malware and help ensure they will continue functioning properly in a patient when their security is breached. He has built a prototype of a network-connected pacemaker and is running experiments based on case studies of malware infecting other types of embedded systems.

In one project funded by the National Science Foundation, he and co-principal investigator Jerzy Rozenblit, UA Distinguished Professor and Oglethorpe Endowed Chair in the Department of Electrical and Computer Engineering and professor of surgery in the College of Medicine, are developing runtime anomaly detection.

This technology exposes minuscule changes in the timing of how computations and data are transmitted from the pacemaker to a cardiac data log, revealing the potential presence of malware.

A pacemaker might be engineered to send data to the patient's digital cardiac log every three milliseconds or to send specific types of data, such as ventricular or atrial readings, in less than 10 milliseconds. Any aberrations in these precisely timed processes could signal the presence of malware. The changes would immediately alert a doctor, who could then take action remotely, possibly with the patient never knowing of the harm averted.

Lysecky, recipient of a prestigious NSF Early Career Award, is also looking for malware mimicry, whereby hackers tweak functioning of IMDs in subtle ways to avoid detection.

His team, including doctoral students Sixing Lu and Minjun Seo, achieved a 100-percent detection rate for mimicry malware using runtime anomaly detection in the prototype pacemaker system. The researchers reported their findings for the 2015 Workshop on Embedded Systems Security and in the Institute of Electrical and Electronics Engineers' Embedded Systems Letters in 2016.

Pressure Building for Regulations

Pacemakers are not yet required to have built-in detection and mitigation capabilities, but pressure is building.

"As a cardiologist, I have seen an increase in patient awareness of security issues about their implanted devices in the digital realm," said Dr. Peter Ott, an associate professor in the UA College of Medicine Sarver Heart Center who has collaborated with Lysecky and Rozenblit and routinely implants cardiac pacemakers and defibrillators in patients. "I expect such concerns will grow."

The U.S. Food and Drug Administration has identified hundreds of medical devices infected by malware and first published recommendations in October 2014 for manufacturers to consider software protections throughout a product's lifecycle. In December 2016 the agency issued security guidelines encouraging pacemaker manufacturers to regularly monitor, maintain and update software.

"We believe manufacturers should build implantable medical devices like pacemakers with malware detection strategies from the get-go, and provide patches as future problems develop," said Lysecky, who is looking toward clinical trials of his runtime anomaly detection system at Banner-University Medical Center Tucson in the coming years.

Thwarting Hackers from Every Angle

Lysecky is working on another project, with a grant from the Army Research Office, to make medical implants more resistant to side-channel attacks. He and co-principal investigator Janet Meiling Roveda, UA professor of electrical and computer engineering, are developing mathematical models to analyze changes not only in timing, but also in power consumption and electromagnetic radiation.

"Side-channel attacks like these are a critical threat to the security of embedded systems," Lysecky said. "By analyzing data transmission timing, power consumption and electromagnetic radiation from a life-critical device such as a pacemaker, a hacker can extract data like cryptographic keys that are essential for shielding communications from unauthorized users."

Lysecky is one of many engineers, scientists and physicians throughout the UA working to improve cybersecurity for implantable medical devices, often in collaboration with the Arizona Center for Accelerated Biomedical Innovation.

University of Arizona College of Engineering

Related Pacemaker Articles:

Texas team debuts battery-less pacemaker
A battery-less pacemaker that can be implanted directly into a patient's heart is being introduced by Rice University and Texas Heart Institute researchers at the IEEE's International Microwave Symposium.
Pacemaker program can reduce dangerous fainting episodes
Patients with recurrent fainting episodes (syncope) who received a pacemaker delivering a pacing program designed to detect and stop the abnormal heart rhythms that precede syncope had a seven-fold reduction in fainting compared with patients in a placebo pacing group, according to research presented at the American College of Cardiology's 66th Annual Scientific Session.
Pacemaker function may be impacted by electric appliances; tools
Electric and magnetic fields generated from everyday household appliances, electrical tools and more, used in very close proximity to the body, can interfere with the ability of pacemakers to regulate patients' heartbeats.
Cedars-Sinai Heart Institute awarded $3 million to develop biological pacemakers
With a new $3 million grant from the National Institutes of Health, Cedars-Sinai Heart Institute investigators are moving closer to their goal of developing a biological pacemaker that can treat patients afflicted with slow heartbeats.
Major €5 million project to improve heart disease treatment with smart pacemaker technology
Creating a new generation of advanced pacemakers which adapt to the demands of a patient's body is the goal of a new €5 million international research consortium led by the University of Bath.
The beating heart of solar energy
Using solar cells placed under the skin to continuously recharge implanted electronic medical devices is a viable one.
McEwen Centre scientists produce functional heart pacemaker cells
Scientists from the McEwen Centre for Regenerative Medicine, University Health Network, have developed the first functional pacemaker cells from human stem cells, paving the way for alternate, biological pacemaker therapy.
Faster, noninvasive method to determine the severity of a heart failure
Researchers at Eindhoven University of Technology and the Catharina Hospital in Eindhoven have developed a method that is very quick, noninvasive, cost-effective and can be performed at the hospital bedside.
Getting a pacemaker soon after heart valve replacement linked with worse outcomes
Patients who undergo minimally invasive heart valve replacement, known as TAVR, sometimes develop heart rhythm problems that necessitate placement of a permanent pacemaker.
Can stem cell technology be harnessed to generate biological pacemakers?
Although today's pacemakers are lifesaving electronic devices, they are limited by their artificial nature.

Related Pacemaker Reading:

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Do animals grieve? Do they have language or consciousness? For a long time, scientists resisted the urge to look for human qualities in animals. This hour, TED speakers explore how that is changing. Guests include biological anthropologist Barbara King, dolphin researcher Denise Herzing, primatologist Frans de Waal, and ecologist Carl Safina.
Now Playing: Science for the People

#SB2 2019 Science Birthday Minisode: Mary Golda Ross
Our second annual Science Birthday is here, and this year we celebrate the wonderful Mary Golda Ross, born 9 August 1908. She died in 2008 at age 99, but left a lasting mark on the science of rocketry and space exploration as an early woman in engineering, and one of the first Native Americans in engineering. Join Rachelle and Bethany for this very special birthday minisode celebrating Mary and her achievements. Thanks to our Patreons who make this show possible! Read more about Mary G. Ross: Interview with Mary Ross on Lash Publications International, by Laurel Sheppard Meet Mary Golda...