Medical implants vulnerable to cyber attacks, experts warn

Cybersecurity, News

Medical implants are “vulnerable” to cyber attacks and should be developed with security in mind to help protect patients, experts have said.

Connected or “smart” devices, which are placed inside the body and can communicate with external devices, could be exposed to breaches or be hacked, according to the Nuffield Council on Bioethics.

However, current regulations do not require manufacturers to show medical implants are cyber secure before they receive approval.

Connected implants, such as pacemakers and implantable defibrillators, monitor and automatically deliver treatment in response to changes in the body.

They can store, process and transmit data about the patient and implant, and receive software updates.

There have been no known cyber attacks on devices to date, but researchers have demonstrated that it would be possible to target cardiac defibrillators, pacemakers, and insulin pumps, the Nuffield Council on Bioethics said.

“The emergence of connected implants opens up possibilities for improving patient care through data gathering and use,” it said in a briefing note for policy-makers.

“However, these implants are vulnerable to error and attack and raise privacy issues.

“It will be important that their development is accompanied by security measures and efforts to ensure data use is in-line with the expectations of patients.”

The briefing note also highlights the safety of devices and implications of their long-term presence in the body as other potential challenges.

The independent body suggests that manufacturers, regulatory bodies and healthcare professionals must ensure implants are used in a “responsible and trustworthy” way and “are carefully monitored to ensure that any problems are discovered early”.

The Government announced a review in February last year, amid concerns over the safety of medical devices including vaginal mesh.

There have also been calls for a register to track all new devices implanted in the UK.

Hugh Whittall, director of the Nuffield Council on Bioethics, said:

“Medical implants can greatly improve a person’s quality of life, even save their life, but their invasive nature leads to challenges in testing for safety and efficacy, and raises a number of ethical considerations.

“In light of recent cases of patients coming to significant harm through the use of medical implants, and the emergence of ‘smart’ implants, our briefing note aims to help guide policy-makers in promoting innovation in the sector to address patient need, while ensuring equitable and timely access to safe and effective implants.”

A Medicines and Healthcare products Regulatory Agency (MHRA) spokeswoman said: “Patient safety is our highest priority and where necessary we take action to protect public health.

“We have been conscious of the potential for cyber security attacks towards medical devices and continue to actively monitor the situation.

“Although this theoretical risk has existed for more than 15 years, we are not aware of any incidents of cyber security attacks towards UK medical devices.

“In order to gain market approval, manufacturers must reduce the risk to patients and users through designing and constructing their devices to be state-of-the-art for the environment they are to be used in.

“This includes appropriate safety protocols.”

Chris Price
For latest tech stories go to