Yes, terrorists could have hacked Dick Cheney’s heart

October 21, 2013

Dick Cheney currently has a pulse -- which was not always the case. (AP Photo/Olivia Harris, Pool, File)

On "60 Minutes" this Sunday, former Vice President Dick Cheney revealed that his doctor ordered the wireless functionality of his heart implant disabled due to fears it might be hacked in an assassination attempt. And despite literally being a scenario from Homeland, that's a pretty valid fear.

"It seemed to me to be a bad idea for the vice president to have a device that maybe somebody on a rope line or in the next hotel room or downstairs might be able to get into-- hack into," explained Dr. Jonathan Reiner. Cheney concurred, saying he found the threat "credible."

Cheney has had a long history of heart problems, resulting in an implanted defibrillator and heart pump that literally meant he had no pulse until a heart transplant last year. He was on "60 Minutes" to promote his new book about his struggles with heart disease.

Security Researchers have long warned that the IT security on medical devices is lacking and malware runs "rampant" in hospital environments. Often, medical software tends to be older and more vulnerable than consumer tech because updating the software might risk running afoul of their Food and Drug Administration approval. So somewhat ironically, regulation in place to ensure the safety of medical devices ends up being an excuse for those systems to remain static, and thus less secure. That is especially worrisome because more and more of the medical devices people depend on to stay alive are becoming networked into the so-called "Internet of things."

The late Barnaby Jack was on the forefront of research into the vulnerability of medical devices. Last year, he demonstrated how a certain model of implanted insulin pump could be lethally hacked to administer incorrect dosages from up to 300 feet way. And this year he was expected to show off how implanted pacemakers and defibrillators could be hacked to deliver deadly shocks -- the almost exact type of issue Cheney's doctors were working to avoid.

But Jack was found dead in San Francisco just days before he was expected to present his research at the Black Hat security conference this year. Conspiracy theories instantly circulated, but the police at the time said it was "not foul play." However, the San Francisco's Medical Examiners Office confirmed to the Post Thursday that its inquiry into cause of death remains ongoing.

So yes, Cheney and his doctors were right to worry about the security of his heart implant -- given the right amount of access and technical know-how, it's possible it could have been used as an attack vector. But the bigger question might be why we have a system in place that knowingly lets those same type of vulnerabilities exist in the medical technology relied upon by millions of everyday Americans.

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.
Comments
Show Comments
Most Read Business
Next Story
Andrea Peterson · October 21, 2013