Larry Greenemeier in Scientific American:
It sounds like the far-fetched plot of a sci-fi thriller: Bad guys strike down a high-ranking politician or captain of industry by hacking into and remotely tinkering with his or her pacemaker, insulin pump, implantable cardioverter defibrillator (ICD) or other medical implant. Unfortunately, new research shows such a scenario is no longer just science fiction.
Scientists from Harvard Medical School’s Beth Israel Deaconess Medical Center in Boston, the University of Massachusetts Amherst and the University of Washington in Seattle say they were able to launch cyber strikes against and glean private patient data from an ICD’s communication protocol while testing the device’s safety and security.
The researchers tested a Maximo DR VVEDDDR (manufactured by Minneapolis-based Medtronic, Inc.), because it is a typical ICD with pacemaking (steady, periodic electrical stimulation) and defibrillation (single, large shock) functions that communicates with an external monitoring device smaller than a laptop. The monitoring device has a handheld antenna that the patient holds over his or her chest, where the ICD is implanted, to read information wirelessly. The scientists acknowledge their findings are limited to this particular ICD (available in the U.S. since 2003), but warn that it highlights potential dangers that manufacturers must address.
More here. [Thanks to Felix E. F. Larocca.]