Skip to main content

Feature Stories

Protected Pacemakers
Hack-proof medical devices a goal for wireless security
Professor Kevin Fu and colleagues in the lab.

"Understanding the security and privacy of implantable devices is essential for protecting the nation’s health and cyber infrastructure.”
--Kevin Fu

In the 1970s, shows like the “six Million Dollar Man” and “Bionic Woman” predicted computerized devices would one day enhance the work of the human body. Fast forward to the 21st century and those devices are now on the market. Computer scientist Kevin Fu’s research is at the forefront of a critical element in the development of implantable medical devices - ensuring that they’re resistant to hackers so that they work securely and afford privacy for the data transferred from the devices between medical professionals and patients.

Take pacemakers and implantable cardiac defibrillators, for example. Data is currently transferred from these devices across a closed, secure system. But closed systems have limitations. Using wireless technology and the internet to transfer the data would allow for greater convenience such as remote device checks and fewer doctor visits. But this convenience may come with unanticipated risks. Fu was part of a research team in 2008 that demonstrated that patients’ private medical information could be extracted and their devices reprogrammed without the patients’ authorization or knowledge.

Since that report was published, Fu’s investigation into how to ensure the security and privacy of implantable medical devices has been going full throttle. His research received a best paper award from the IEEE Symposium on Security and Privacy, and coverage of his work appeared in the New York Times and the Wall Street Journal. This year he received an Alfred P. Sloan Foundation Research Fellowship - given to early career scientists and scholars who demonstrate outstanding promise and potential to contribute substantially to their fields - and a $450,000 grant from the National Science Foundation to improve future security in implanted cardiac devices without compromising safety and effectiveness. Fu was also named MIT’s Technology Review’s 2009 young innovator.

Fu says this work comes at a critical time to make a difference because extremely few, if any, implanted devices now share patient data outside secure settings like clinics and none are reprogrammable from remote locations. But the situation will soon change, he predicts, as the next generation of products comes on the market. Fu says, “We’re getting in early enough to influence the design and provide cyber trust. Understanding the security and privacy of implantable devices is essential for protecting the nation’s health and cyber infrastructure.”