According to a new study conducted in controlled laboratory conditions, sensors that pick up the rhythm of a beating heart in implanted cardiac defibrillators and pacemakers are vulnerable to hacking. In experiments using simulated human models, an international team of researchers demonstrated that they could, theoretically, create an erratic heartbeat with radio frequency electromagnetic waves. A false signal, like the one they created, could inhibit needed pacing or induce unnecessary defibrillation shocks. However, the researchers stated that they know of no case where a hacker has corrupted an implanted cardiac device, and that doing so in the real world would be extremely difficult.

The team included researchers from the University of Michigan (U-M), University of South Carolina, Korea Advanced Institute of Science and Technology, University of Minnesota, University of Massachusetts, and Harvard Medical School.

This is not the first time vulnerabilities have been identified in implantable medical devices. But the findings reveal new security risks in relatively common "analog" sensors—sensors that rely on inputs from the human body or the environment to cue particular actions.

Although the medical devices contain security mechanisms, the information the analog sensors receive bypasses their safety layers, the researchers said. The devices convert the input from the sensors directly into digital information that they use to make quick decisions.

In medical devices, the researchers’ experiments suggest that the human body acts as a shield, protecting the medical devices to a large degree, the researchers said. “People with pacemakers and defibrillators can remain confident in the safety and effectiveness of their implants,” said Kevin Fu, U-M associate professor of electrical engineering and computer science. “Patients already protect themselves from interference by keeping transmitters like phones away from their implants. The problem is that emerging medical sensors worn on the body, rather than implanted, could be more susceptible to this type of interference.”