The Digital Security Threat Inside Jameson Rich’s Body

Pacemaker, The University Hospital In Lille, France, Pacemaker And Heart Defibrillator. (Photo By BSIP/Universal Images Group via Getty Images)

For the past four years, author Jameson Rich has had a small defibrillator implanted in his chest. Its job? To detect and prevent an arrhythmia that could end his life.

At OneZero Rich reports on what happens when the cure itself brings a whole host of new problems. The defibrillator, called an ICD, is part of the internet-of-things, sending data to his doctor and updating its software to patch vulnerabilities. Despite empty assurances from device manufacturers, anything on the internet can and will eventually be hacked. Is it only a matter of time before malicious people hack the very device that protects his heart’s rhythm?

The ICD would be a fail-safe, a tiny defibrillator inside my body that could go everywhere that I went.

When I came across an FDA safety notice warning that some ICDs, namely those made by a company called St. Jude, could be hacked, I was only days away from surgery. Once hacked, the devices could allow an external actor to gain control of the ICD, reprogram its functions, and inflict all kinds of damage—even trigger death.

In the past 13 years, these devices have also been fully integrated into the so-called Internet of Things—millions of everyday consumer items being programmed for and connected to the internet. Once connected to the internet, the devices ease the work of physicians and hospitals, who can now manage the device and monitor the patient’s condition remotely. Patients are typically charged each time their device sends data to the hospital. Think of it as a subscription—for your heart.

ICDs are just one increasingly popular medical gadget in a rising sea of clinical and commercial wireless health devices. Whether it is the growing suite of cardiac-monitoring devices available at home and on the go or an Apple Watch outfitted with diagnostic software, we are outsourcing more and more of our health to internet-enabled machines.

Having now lived with an ICD for more than three years and a pacemaker for the preceding 14, I understand intimately the consequences of being a body paired to the grid. If your smart fridge loses connectivity, maybe your food goes bad a few days early. But if a wireless ICD experiences a failure, the result could be lethal. I am stalked by the fear of the device misfiring and have wondered endlessly whether the documented security risks posed by these devices could end up harming me.

Read the story