and has 1 hour to get in,
destroy the clot (with a
laser), and get out before
returning to normal size.
CSWN talks with Bradley P.
Knight, MD, the Chester
The year was 1966,
C. and Deborah M. Cooley
the film “Fantastic VoyDistinguished Professor of
age”—and at the time, we
Cardiology at Northwestern
University, Chicago.
marveled at this concept
of vast miniaturization,
even if we knew we were
watching science fiction.
Fast forward nearly
50 years to the 2015
summer hit, Ant-Man.
Ever since Ant-Man’s debut in Marvel Comics, we
have known his super powers involved packing
super strength and other abilities into a tiny package. But at some point in the film (spoiler alert),
the question looms whether it is possible to get too
small, too microscopic to do any good. With sequels
Efficacy of the Totally Subcutaneous Implantable Defibrillator: 2-year Results
at the ready, we may get that answer—at least in the
Marvel Universe.
Fortunately, in the real world of medicine, miniaturization straddles the best of both of these worlds:
smaller and smaller devices incorporate complicated
miniaturized technology and complex algorithms
to provide powerful, real-time information coupled
with more comfortable, user-friendly portability. But
we are also learning our limits as to how small is too
small (such as with catheters). Where we go from
here will continue to be another fantastic voyage. ■
Editor’s Note: Some of this material also appears
in the current issue of CardioSource WorldNews:
Interventions.
REFERENCES:
1. Abdelaal E, Rao SV, Gilchrist IC, et al.
JACC Cardiovasc Interv. 2013;6:99-112.
2. Ritter P(1), Duray GZ(2), Steinwender C(3), et al.
Eur Heart J. 2015 Jun 4. [Epub ahead of print]
3. Sanna T, Diener HC, Passman RS, et al. N Engl J Med.
2014;370:2478-86.
4. Kamel H. N Engl J Med. 2014 Jun 26;370(26):2532-3.
5. Chen-Scarabelli C, Scarabelli TM, Ellenbogen KA, et al.
J Am Coll Cardiol. 2015;65(3):281-94.
6. Carabello B. JACC Cardiovasc Interv. 2015;8:678-80.
7. Hanke JS, Rojas SV, Avsar M, et al. Curr Cardiol Rev.
2015;11:246-51.
8. Cheung A, Chorpenning K, Tamez D, et al. Innovations
(Phila). 2015;10:151-6.
9. Rojas SV, Avsar M, Hanke JS, et al. Artif Organs.
2015;39:473-9.
10. Mancini D, Colombo PC. J Am Coll Cardiol.
2015;65:2542-55.
11. Raspé C, Rückert F, Metz D, et al. Perfusion. 2015;30:52-9.
12. Barrett PM, Komatireddy R, Haaser S, et al. Am J Med.
2014;127:95.e11-7.
13. Li L, Yiin GS, Geraghty OC, et al. Lancet Neurol. 2015 Jul
27. [Epub ahead of print]
14. Ferro JM. Lancet Neurol. 2015 Jul 27. [Epub ahead of
print]
15. Tarakji KG, Wazni OM, Callahan T, et al. Heart Rhythm.
2015;12:554-9.
16. Gladstone DJ, Dorian P, Spring M, et al. Stroke.
2015;46:936-41.
If you build it, they will hack it
Black Hat represents
the cutting edge of
network security. They
call their conventions “the show that
sets the benchmark
for all other security
conferences.” They
hold “briefings” with
names like: “Leviathan: Command and
control communications on planet Earth.”
They are also worried
about your car and your
consumer premise equipment (read: MODEM) getting
hacked. These are the good guys who
keep us all safe from bands of roving evil and meanspirited individuals with advanced coding skills.
For the last several years, Black Hat has included
in their schedule discussions on medical devices
and related issues of security and privacy. According
to a Forbes article (August 3, 2013), at one meeting
security consultant Jay Radcliffe demonstrated how
to induce an insulin overdose on an insulin pump. A
program launched by the push of a computer key
breeched the security credentials of an infusion
pump strapped to an onstage “diabetic” mannequin
and instructed the device to dump what would be a
lethal insulin dose into the dummy’s “bloodstream.”
In fact, in a May 29, 2014, article from Reuters,
Radcliffe, a diabetic, hacked his own insulin pump, a
Medtronic device.
One of the experts in this area was the cel-
34
CardioSource WorldNews
ebrated hacker Barnaby Jack, a New Zealander
best known for “Jackspotting,” which involves getting
ATMs to spew out bills without deducting the money
from your bank account. Mr. Jack was set to make
a high-profile presentation at Black Hat in 2013 but
died unexpectedly the week before.
One of the last interviews he did was with CardioSource WorldNews. Pacemakers and implantable
cardioverter-defibrillators (ICDs) share the same vulnerabilities, said Mr. Jack. “They have no encryption
and they require no authentication,” he told us then.
The high-gain six-foot antenna used in the pumphacking demo has an effective range of about 300
feet, said Stuart McClure, McAfee’s global chief
technology officer. “But a determined adversary absolutely could miniaturize and hide these types of antennas, or could create alternative pathways and tap
into other large structures (in a stadium, for example)
and use them as antennas to send information packets to invade and co-opt devices.” Imagine a bevy of
chaotic heart rates or ICD shocks in a crowd.
In a prepared statement for our original CSWN
story, Medtronic wrote: “Medtronic takes patient
safety and device security very seriously and we appreciate the security community bringing new information on the possibility of manipulating or ‘hacking’
our insulin pumps.”
Christopher Garland, Medtronic’s vice president
of communications, disagreed with Mr. Jack’s assertion that pacemakers and ICDs are more vulnerable
than infusion pumps, and reaffirmed, “We have taken
a number of steps to address this matter including
conducting an in-depth risk/benefit analysis to clearly
assess the potential risk, evaluating the best encryption and security technologies for incorporation into
our products and design process, and working with
outside security experts to develop new approaches
and best practices to device security.”
In the last few years, the FDA has issued several
statements on the topic of device cybersecurity,
including a guidance document in October 2014 calling for manufacturers to develop adequate cybersecurity controls during the design and testing stages
for new devices. Fixes have also been made in older
devices to improve security.
As with other areas of cybersecurity, this will
undoubtedly be an ongoing game of cat and mouse.
On July 31, 2015, the FDA, and Hospira alerted
hospitals to a security issue with the Symbiq Infusion
System.1
Hospira and an independent researcher confirmed that Symbiq could be accessed remotely
through a hospital’s network. This could allow an
unauthorized user to control the device and change
the dosage the pump delivers. While Hospira is no
longer selli ng these devices, they are potentially
available for purchase from third parties not associated with the company. The FDA and Hospira are
currently not aware of any patient adverse events or
unauthorized access of a Symbiq Infusion System,
but recommend that users quickly transition to alternative systems.
Hospira said in a notice on its website that it was
working with Symbiq customers to deploy a software
update that closes access ports to the pump and
includes other cyber-security protections. ■
REFERENCE:
1. FDA Safety Alert. July 31, 2015. www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm456832.htm. Accessed on August 1, 2015.
September 2015