The Hack-Able Body: Raising Big Questions About The Medical Devices Inside You

A thought-provoking piece on MassDevice.com asks the question: Are medical device makers doing enough to shield patients from hackers?

The story, by Arezu Sarvestani, details the case of a young woman diagnosed with a heart condition that requires a device be implanted in her chest to monitor her heart rate, and shock it back to normal if needed. It sounds good, but the tech-savvy patient, Karen Sandler, begins to wonder about all the implications of having a computer in her body:

Even as a self-professed "technology warrior," the prospect of becoming part machine caught Sandler off guard. Computers crash, run out of power and succumb to hackers. Would becoming a "cyborg" ultimately count as an affliction or an upgrade? And could she really trust a machine with her life...

Sandler wasn't ready to trust her heart to a program she hadn't seen. Her work with open-source computer software had taught her that the best way to detect bugs and fix them is to tap the wisdom of the crowd through open-source programming. Open-source projects allow the world to view a copy of machine's source code, the underlying instructions that tell the device what to do. In terms of an implantable defibrillator, that would mean making public a copy of the code that tells the device when to provide a shock and how much shock to provide, as well as how to monitor the heart rate and log unusual events. Modern heart devices can communicate wirelessly, so the software is additionally responsible for prescribing how a machine sends and receives signals and how it determines whether a signal is authorized to access the machine. While an individual person's device needn't be open to the world, a circulated copy can gather comments and suggestions that the device manufacturer can choose to adopt or ignore...

Sandler goes on a quest to find more information. She calls the device makers and asks for the code. Surprise: they don't tell her anything.

In the end, Sandler gets the implant, but a wireless version, and then writes a research paper about it.

In July 2010, Sandler published the result of her years of research in a paper entitled "Killed by Code: Software Transparency in Implantable Medical Devices," in which she defended open-source programming as the best route to solid, secure devices for patients. She chided the FDA for its policies and proposed that all source code for medical devices be available for scrutiny, in the interest of public health and corporate responsibility.