Internet Aware Pacemakers Planned

tuiterwyk writes: "There's an article here on Techweb about manufacturers plans to give pacemakers and defibrillation devices internet capabilities. BSOD takes on a whole new meaning...." And so does 'denial of service attack'.

RIAA moves to quash new "Internet aware" pacemaker

Hillary Rosen of the RIAA announced today that a lawsuit is being filed against the makers of this new pacemaker. "We feel that this device may be used to keep people alive, and those people may be listening to music that they have downloaded from the Internet," she said. She added, "In order to preserve our market and uphold artists' rights, it is imperative that possible theives' not be permitted to live past their natural life expectancy." She explained that when someone purchases a CD, they're really only leasing the right to listen to the songs until their natural life ends. Living longer than you're supposed to is a clear violation of the 'fair use' copyright protection. New "bloodmark" technology will be added to all CDs in the future to protect against people with the pacemaker from hearing pirated CDs because after all, blood is thicker than water.

The truth of pacemakers.

Having worked for one of the mentioned pacemaker companies for a couple years this comes as no surprise to me. This technology is part of the constant effort to free cardiac patients of the chains which their conditions subject them to. The idea of a pacemaker is to restore a person to being able to live a normal life. A full and productive life just as the rest of us enjoy. Freedom from your condition is difficult when you need to visit your doctor for regular checkups. This technology will allow people to spend that year over seas or take a vacation when they please. These are simple things we take for granted but make a world of difference to somebody who is limited by cardiac disease. This technology could even protect these people by allowing the pacemaker to contact the doctor if an earlier that scheduled visit is necessary. There is no risk to this feature. Pacemaker companies are subject to the Food and Drug Administration. Having worked for a pacemaker company and having seen the effect of FDA influence, I will never doubt the safety of these devices. These companies work to the letter with extensive processes of design, development, and testing. The FDA can audit any part of any of these companies whenever they please. If things are even slightly disorderly, the FDA can take random files right out of the drawers and start analyzing them. If the FDA sees anything that looks uncertain they can shut down one of these companies with the blink of an eye. These are billion dollar companies and they work hard to keep a clean record.

McHealthCare (tm)

So now if I have a pacemaker or other implant, and I feel chest pain, I can go to some website which will tell me I'm just fine.... great, another way for doctors to evade any contact with their patients. This whole "healthcare-as-big-business" mentality is really terrible. When the revolution comes, only Libertarians and Randites will have to use HMO's.

Re:McHealthCare (tm)

[stain+ain]

I guess it helps the patient rather than disturbing them; monitoring data can be accessed both by the patient and the doctor, at the end it means that one just goes to the doctor when it is necessary, and that the doctor has much more data available in case that it is needed.
The last thing I would like to do in case of a long-term illness is to go periodically to the doctor if I can prevent it by some kind of remote diagnosis.

Re:telnet...

[drsoran]

Well, anybody that leaves telnet, much less remote root logins, open on such a mission critical system deserves what they get. ;-) Let's just hope Jack Kevorkian doesn't take up computers.

Great opportunity for profitable info gathering

[pedro]

Anyone here remember the hubbub about the hijacking of dna from unwilling contributors?
Here's your next step, pal.

The remote analysis of hundreds of thousands of heart patterns, all channeled into a single, PROPRIETARY database?
Haven't we been here before?
I would have no problem with any correlatory results being made public, were this a publicly funded effort, but..
There is severe profit available here if the info generated was legally allowed to be incorporated into a proprietary database.

Re:Article scores -1, Flamebait

[maggard]

Pacemakers generally maintain logs & are externally programmable, heve been so for years. This is used to fine tune their responses, to check the battery state, etc. They don't run an OS, at least not in the sense of Win/Mac/'nix, they're dedicated purpose devices.

There is no wire protruding out of a person's body, all communication is done via a small radio transmitter/reciever and a dedicated piece of hardware (though doubtless this could be duplicated on a PC.)

The pacemaker would presumably report in a two-stage process. Either a dedicated-purpose device or a reciever/transmitter (possibly connected serially/USB) would use a coded signal to cue the pacemaker to broadcast it's logs. These would be recorded on the dedicated device or a home PC and then transmitted online to the central site.

There the records (I'm guessing here) could be analyzed for warnnig signs, dangerous trends, etc. Likely if they exceed some threshold a flag will be set and a specialist will review the information.

I can't imagine any scenario where the pace-maker would ever transmit directly to an online site; there simply isn't the power available for that sort of direct telemetry. Therefore no sort of direct atttack, DOS or otherwise would be possible.

On the outside chance that remote reprogramming of the pacemaker were allowed I would be concerned, and of course there should be concerns over the security of one's uploaded logs, but from what's reported the whole situation seems very safe if possibly not entirely private.

Frankly I think you would do well to invest the 5 minutes to do a search, read a pacemaker FAQ & answer the rest of your own questions on your own.

LMAO

[Archfeld]

you could IM the old guy on his artificial heart :)

Re:Article scores -1, Flamebait

[matguy]

I would think only the reporting device could be attacked (in the article) and not the defibulator itself. Which means only the reporting would be disrupted, with a simple dial-up that could/would be much harder to point an attack on. With easily implementable round-robin dial-up schedule to different carriers is should be pretty hard to dos on to, then add possible cell capability and that thing would be damn near buletproof from the internet as far as dos attacks go. Then even if it is attacked, it's not like it's giong to mess with the difibulator itself, all it would really mean is that whoever has the difibulator would not get to have the simple disl-up-observation and they would have to go in to have the data read. Hardly a life threatening situation.

matguy

Re:Article scores -1, Flamebait

[matguy]

ok, this might have turned out to be a redundant post, but it sure didn't seem that way when I started typing, I guess I need to brush up on my typing speed skillz.

matguy

As someone who has a pacemaker...

[DavidTC]

...let me tell you a little about them. Many people don't know how they transmit and receive data. They use magnets. (Which, BTW, was the whole point behind the microwave prohibition, cause early microwaves spun off magnetic fields like crazy. Nowdays, microwaves have stopped that, and pacemakers only respond to very strong magnets. Still can't go inside power planets with big generators.)

Anyway, they have a little handheld device used to program the pacemakers using magnetic fields. They can send and receive data, obviously using some sort of modulation.

Now, pacemakers have all sorts of data that can programmed, like 'threshholds', which is how small a voltage in the patient's heart triggers a real voltage, and various other stuff, and they give out all sorts of data like how much battery life they have and how often they get triggered, and even patient's average heartbeat.

Now, all this data is completely unaccessable to me. Forget reprogramming, I can't even check the batteries. It would be nice to be able to access this information, but I have a few questions...first of all...WHAT THE HELL TOOK THEM SO LONG? Seriously. They go from no access at all to remote telemetry? Sheesh.

How about just giving me a handheld device to access it? Or a dialup phone access. I mean, we'd need a handheld device to hold against it anyway. Why haven't they come out with the thing earlier, to let us read it, without a computer link? Wouldn't have to be much, simply a 'magnetic modulator' and a tiny LED screen.

-David T. C.

Re:As someone who has a pacemaker...

[junge_m]

In a study I performed on the pacemakers in bodies before cremation out of 218 pacemakers tested 41 indicated that they should be replaced due to a near-dead battery. 14 Batteries were flat, 4 pacemakers looked up and had to be reset. I prosume that non of the carriers knew about their flat batteries, some haven't been to a follow up session in a cardiology clinic for up to 8 (eight!) years. In order for the patients to know about their pacemaker status they regulary have to go to their doctors. By giving the patients a device to check their implant the responsibility for the patient is dramatically increased. But there is no reason why the normal physician should not be able to check the pacemaker. Nowadays there are numerous telemetric programmers for all the different kinds of pacemakers that know physician can affort to buy them all: A standard interface is badly needed!

It's May 5, right?

[zCyl]

Didn't we already have an April First this year?

Seriously, this is just ridiculously stupid. There are some applications where a dedicated device is the most ideal device. Simple tools for a simple job, and there is much less chance of system failure.

Good thing or invasion of privacy?

[Compuser]

Many people here seem to think this is a
good thing. What they forget is that with
this device a doctor can tell when/whether
grampa is doing any physical activity vs.
resting/sleeping. This creates a precedent
for putting monitoring devices in humans.
Just wait until your HMO requires you to have
e.g. a sound level meter implanted, such that
if you are exposed to too much noise then
they can deny you hearing coverage.
I think this is VERY BAD, especially since they
try to present it as a "patient management" tool,
in an explicit attempt to reduce your face to
face time with your doctor.

Re:DoS

[PRickard]

I guess now instead of just worrying about somebody from China or Iraq hacking in Yahoo, we have to worry about them hacking into Dick Cheney. Great...

" this heart hax0r3d by ahmed "

Re:Article scores -1, Flamebait

[sharkey]

Gives a whole new meaning to, "Just finger me to get my .plan!"

--

Re:New meaning to uptime?

[sharkey]

Oh my God! They kill -9'ed Kenny!

--

Re:look at the applications...

[CokeBear]

I can personally see where this has huge benefits. For example, if my Grandmother was in the hospital in critical condition, I would feel alot easier knowing I can check that she's OK anytime during the day by simply going to a web site. This frees up time for families with sick relatives and allows them to do such things as go to work to pay for the bills.

But what is the corrolary to this? When grandma is dead, do you want to learn about it from a website?

No DOS, yes Death...

[flamingdog]

Okay, sure, no denial of service, we've established that.

But things are transmitted via a small radio? Suppose someone is really really bored and decides to figure out how to hack those airwaves and report false information regarding the patient...what then? The pacemaker itself is never even involved in the process then. So it doesn't really matter how secure that actual piece of equipment is...

---------------------------
"I'm not gonna say anything inspirational, I'm just gonna fucking swear a lot"

Re:Article scores -1, Flamebait

[dinotrac]

I imagine this could be a really good thing for people who live in remote areas, but BSOD jokes are more fun.

"There ain't no proper equipment here in Moose Elbow. Ya gotta go on over to Seal Nose on the third friday of the month, except for months with an "A" in the name. Then you go on the second Tuesday."

Pray they don't run Windows...

[mackman]

Oh shit, we've got a code blue... he's blue-screening! Somebody hit the reset switch!

Re:This stuff isn't funny

[tomreagan]

I don't disagree with the idea that death needs a degree of lightening up, but that wasn't what this was. Many of these comments were directed squarely at the people who have these devices. That isn't funny - the circumstances which led to the implantation of the device were beyond their control.

Further, death as an abstract concept is funny. But in general, I don't think that the death of specific people in sad circumstances beyond their control is funny.

Regardless, these jokes weren't that funny anyways, and were more rude than anything else.

This stuff isn't funny

[tomreagan]

My father has one of these devices, and being able to have the cardiologists monitor and check the status of his ICD after or immediately before an event would be a godsend.

These stupid jokes about "fat slobs" and "people having crash carts in their chests" and "rebooting someone's heart" and "ping grandma" are all really funny, until you realize that these devices save people's lives, and people really die without them. I'm really disgusted that people find this stuff so funny. Though I generally consider my taste in humor to be pretty wide and esoteric, this is sick shit. That's like making fun of people with Alzheimer's or cancer - imagine a remote chemo device, leading to "haha, reboot his tumor!"

I am just disgusted, and I feel the need to go wash my hands.

Re:This stuff isn't funny

[Cruciform]

Humour is almost invariably at the expense of someone or something else, whether the intent is to harm or not.
Ranting about it is hyprocrisy unless you can show that at no point in your life you've ever made a funny or embarassed someone.

Re:This stuff isn't funny

[Kidbro]

I agree. God forbid that anyone would ever make fun of something serious.

</sarcasm>

The sad part with people being offended by others' jokes is that they usually don't understand that the jokes are in fact... jokes. That somebody's saying something funny about something is not an indication that he does not understand, or care about it. It's just an indication that he's trying to brighten up your day, and you should be fortunate to be able to hear it.

If death is beyond your sense of humour, I feel sad for you, because it is indeed a topic horrible enough to need some brightening up every now and then.

--

Re:This could seriously save lives.

[SEWilco]

"I see you've been having problems breathing, here's something I can do to help..."

Sounds like Clippy, the Office Assistant, might have a new job.

Re:Article scores -1, Flamebait

[Godeke]

Other than being a flippant remark, remember that data is transmitted to a server on the internet, and *that* point is vulnerable to an attack, or spoofing of data from the device, etc. The only life threating thing about that is that it defeats the intent of tranmitting the data in the first place.

And how, pray tell, do they plan on connecting?

[Exantrius]

Does it come with a built in ethernet jack? Just the thing I want coming out of my chest(Wait, that might be kinda cool...), but it's probably a far sight better than radio waves. I seem to remember something about not being allowed to use cell phones in hospitals because the phone sends out signals which *MIGHT* mess up pace makers...

Even though it doesn't specifically state it, I would guess they mean a wireless connection. This would connect to a base station, relay information. Aside from the above, *WHEN* does it send out? Constantly? Do I want anyone with a radio to be able to tune into my heart? For that matter, do I want the radio to lose reception any time I'm near it?

How often would this be sent? Twice a day? Twice an hour? Twice a minute? What happens when some smartass with too much time on his hands decides to pretend gramps is having a heart attack by hijacking the signal, and watch the coroner pull up while gramps is asleep? I don't see this working on a modem connection, and since the number of old people on broadband connections are very small, I don't see much of a use for this... Some revolution...

I think that's enough for me to consider this a Bad Idea.
--Ex

Re:Microsoft based

[Dwonis]

Your pulse has changed. You will now be restarted in 15 seconds. Press Any Key to Abort.

Where's the any key???
------
I'm a C++ guru ... What's STL?

Article scores +3, Funny

[invenustus]

How about reporting news without inserting redundant pokes at certain software simply for the shock/sarcasm/controversy value?

Oh, come on now. They weren't saying the equipment sucks. They weren't passing judgment either way. It was a joke. A mild, harmless joke. There's no need to be anywhere near this touchy.
----
"Here to discuss how the AOL merger will affect consumers is the CEO of AOL."

Probably false alarm...

[Velox_SwiftFox]

Assuming some degree of sanity these things have to be using a broadcast mode to send statistics, power levels, et cetra.

Pity, I can imagine a cardiac specialist in a panic mode trying to find out what a sudden increase in a patient's ping time is being caused by.

just great

[joq]

Now we'll have an influx of PKI vendors for packemakers. Better yet: pacemaker-incidents@securityfocus.com

heh, it was a...

[Ender+Ryan]

joke...

you know, as in, not serious, not to be taken literally, etc...

Oh NO!!! UCITA!!!!

[Ender+Ryan]

Just think, UCITA give companies the right to remotely disable software, I don't want Microsoft or SUN remotely disabling my grandfather's pacemaker because he forgot to pay for his daily licensing fee!!!!

It's only a matter of time...

[nettdata]

Patient goes to the Emergency Room complaining of irregular heartbeats. The Doctor listens to his chest for a bit, and, plainly recognisable, in Morse code:


"All your beats are belong to us!"

Contrary to Smartass opinion, this is a good thing

[BierGuzzl]

As for security, the data goes to "secured" websites, meaning we've got some sort of encryption going on, and really, who's going to spy on a pacemaker site to see if grandpa Joe's pacemaker is malfunctioning? (RESIST the urge to make a smartass remark here) The pacemaker passes info on to medical professionals who can determine if there's anything wrong with it. This is not a replacement for visiting your doctor, nor is it being presented as such -- it's something that supplements existing tools and is for certain cases only. The article seems to imply that this might be good for people who constantly worry that their pacemaker is broken. This will free up doctor time, reducing medical care costs as well as increasing quality of service that would not have been possible otherwise.

On a lighter note...

[BierGuzzl]

I sure hope they won't be using cellphones to upload the data to the website.

remotely communicable implants -- CLEAR!

[BierGuzzl]

Hey, for people who need to be given that electric jolt of life, they can have a built in crash cart!

what about JXTA

[Zode]

When your Java-enabled pacemaker gets an infusion of JXTA, your heart can connect itself to a global pacemaker peer group. This gives new meaning to the term "support group," and a whole new slant to the phrase "two hearts beating as one."

Re:Yikes

[superpeach]

If they're only transmitting information out, this should be fine (except for maybe privacy concerns, that is)

Data transmission? You mean like what mobile phones do. Just think how many people would be against that claiming that it causes cancer..

oh my chest...

[kaoshin]

I forgot to pay my AOL bill.. arghh

Re:they are out of their fucking minds!

[sigwinch]

Is it? If the device communicates on "The Internet" then it has a TCP/IP stack.

If the life critical component is not totally isolated from Internet influences, they are idiots. The only signal going back into the medical equipment should be "please dump data". The engineers who design things like pacemakers are totally in tune with the KISS principle, so this shouldn't be a problem.

and shortly thereafter the deaths when someone ownz the system and turns the cities light system all green simultaneously.

Not a worry: they have relays that pretty much guarantee that 4-way green can never happen. Otherwise people would be killed everytime the timer loses its mind. Of course, an attacker could still screw with the timing and cause gridlock, which means you still need security.

Your message sounds like the beginnings to so many ridiculously unsecure/vulnerable systems out there.

Nah. Define it as insecure right from the start and make the absence of encryption conspicuous. That way there's no false sense of security, which is often a worse problem than mere disclosure of information. Ignoring the low-benefit part means you have more resources and fewer distractions for the important part: digital signatures so that the physician can trust the data. You have to fit security to the application, and not just design in every possible security feature simply because you can.

Re:they are out of their fucking minds!

[sigwinch]

... but it is absurd that it will use the internet, and whoever is thinking that is a good idea should be fired and removed from anything even remotely technical.

This is pure uninformed hysteria, just like the /. story itself. Unless you're using physically-secure data links every step of the way (secure as in no wireless data, ciphers on every physical link, guaranteed QoS, and Marines ready to deploy when the intrusion-detection system finds something), then you're at the mercy of the public data networks. The Internet is not much less reliable than the phone system that supplies 911 emergency telephone services, and diagnostic data from cardiac equipment is rarely time critical anyway.

Sure maybe it'd be nice if these devices had an encrypted bluetooth/802.11

This is just pure ignorance. Heart waveforms aren't secrets and don't need encryption. All that is needed is simple authentication.

Internet-aware Pacemakers?

[AMuse]

Now we can prove that hundreds of porn-site-popup windows attacking you all at once really DO cause heart attacks.
---------------------------------------- ----------

DirectPace

[ozbird]

New! Enhance your gameplay with the DirectPace API!
Experience blackouts and redouts in your favourite flight simulator!
Make those heart-stopping moments in your favourite action or adventure come alive!

(Medical insurance not included.)

Typical doctor trick:

[Chagrin]

Doctor: Just click this link to update the firmware on your pacemaker.
Patient: Thank you, doctor.
Patient: GOOD HEAVENS! What the ... *THUMP*

(yes, that is a goatse.cx link)

Re:Article scores -1, Flamebait

[istartedi]

How about reporting news without inserting redundant pokes at certain software simply for the shock/sarcasm/controversy value?

Umm... because then the audience wouldn't eat it up?

Read this. Seriously..

[ogre2112]

Some people may be dissappointed with this argument, but why such a big push for every device to be on the internet?

What GOOD valid reason is there for having a pacemaker on the internet? Monitoring? Couldn't that be done on a private (radio..? I dunno) network? WOuld you really want something that makes your heart beat hooked up to a worldwide network? Not I.

Some things are just meant to have there own PRIVATE networks. Besides, my toaster would be a huge waste of an IP address.

Re:Read this. Seriously..

[SnapperHead]

Damn ... this was my point.

The internet is Not the 2nd comming. When are people/companys going to relize this. Sure, it can be a very powerfull tool. But, if used wrong ... you could do something very seriously wrong.

until (succeed) try { again(); }

Re:Read this. Seriously..

[AndroidCat]

But with Internet access, you could add lots of features to the pacemaker: Like pager functions with a vibration mode. Possibly audio could managed if the heart could be modulated fast enough.

This could cause a quandry to the warning about turning off pagers in movies, meetings and court rooms.

How about....

[evilviper]

What if somebody hacks into your pacemaker and makes it beat out a certain tune!

Re:Article scores

[BMazurek]

I was assuming we could overload the .org to mean organization and organ....

Re:Article scores

[BMazurek]

I wonder if he can ping it?

Of course! Just watch:

SunOS 5.6

/home/bmazurek% ping george.pacemaker.heart.org
george.pacemaker.heart.org is alive
/home/bmazurek%

Of course, that's Solaris' output for ping...most OS's don't really make it so obvious whether the patient is doing well.

Net vs phone, phone wins

[Frank+T.+Lofaro+Jr.]

The Internet is not much less reliable than the phone system that supplies 911 emergency telephone services

Umm, no. My phone doesn't go down often at all, same with not being able to reach people due to technical problems. However I have dealt with many network failures, both local and remote (host unreachable, connection timed out, routing loops, dropped packets, etc). I have phone problems less than once a month, excluding my Verizon (ugh) cellphone. I deal with Internet failures every WEEK.

Telephony is way more reliable than the net, unless you are using Voice-over-IP, in which case your phone reliability degrades to that of the net, but that is for another debate.

I'd feel much safer having medically critical communications done over the phone, or be able to use the phone as a backup, rather than relying on a *unreliable) packet-switched network such as the Internet.

UCITA may apply.

[www.sorehands.com]

If you are late in paying the doctor or hospital, will they invoke the UCITA self help provisions?

New meaning to uptime?

[Chester+K]

$ ping Kyle
Kyle is alive.

$ ping Stan
Stan is alive.

$ ping Kenny
No response from Kenny.

I guess that's when it'd be time to call an ambulance.

Re:New meaning to uptime?

[junge_m]

It is a big problem for the pacemaker to confirm the death of a person: Due to the frequent breakage of the electrodes the pacemaker generator will increase the sensitifity to the maximum. Thus noise will be detected as signals originating from within the heart and paceing is used to get the `noise' back into gear. This approach works quite well on broken electrodes!

Re:ping heart.chest

[mheckaman]

This puts a whole new meaning to "Time To Live (TTL)"

Matt :)

Re:Why Internet Protocol?

[Glowing+Fish]

Everyone should read this post to see that it is possible to answer a question, even a dumb one, without insulting someone. Thank you for answering my question, your answer makes sense.

Why Internet Protocol?

[Glowing+Fish]

What is the purpose of this device using the Internet (which I assume means it uses IP/TCP)? IP is for one main purpose, and that is to have a device have a unique identity that can be reached by any other device with ip. The purpose of TCP is so that devices with unreliable connections can talk with each other.

It seems to me that a pacemaker, if it were to communicate, does not need to be public, and shouldn't be travelling over the same insecure communication pathways as other devices. For that matter, even at the physical level, I wouldn't suppose a pacemaker would be travelling over the same physical links that TCP\IP usually uses. In other words, if they want to make a pacemaker remotely monitorable, it would seem the best way to do it would be to build it from the physical layer up with it's own protocols.

Re:Why Internet Protocol?

[Glowing+Fish]

You have no idea what you're talking about, do you?

Thus the question mark in my post's title. And, yes, the technicalities of TCP\IP are not something I eat breathe and sleep.

TCP\IP sounds better, but more accuratly, it should be IP\TCP, since TCP is a protocol that goes on top of IP. Of course, I wasn't consistent with this or the direction of my slases.

And yes, the purpose of TCP is to make unreliable connections more reliable. A person does not use TCP to handle serial ports in the back of her computer. TCP is used to make a physically (or otherwise) unreliable network theoretically more reliable. It would not seem that someone would design a remotely controlled pacemaker to run over the same phone, or wireless lines, as a normal internet client would, and therefore it is not going to have to use TCP the same way. Instead of making sure that those packets won't get lost in the shuffle, it would make more sense just to escape the shuffle altogether.

And yes, TCP\IP can run over any physical layer it wants to. Including, as was shown recently, carrier pigeons. I suppose someone could design a Internet Pacemaker over Avian Carriers, but it would seem that it would make more sense to use a physical layer designed specifcally for this purpose. Of course, someone could later run TCP\IP over this physical layer, but again, why would they want to?

Re:Why Internet Protocol?

[Ergo2000]

By your logic, there is also IP\UDP, IP\SMTP, IP/Telnet and IP\NetBIOS. Get informed.

Wow what a silly argument. However your example of their thought process was errant. Wouldn't it be IP\TCP\SMTP, IP\TCP\Telnet, etc? SMTP & Telnet are protocols that run on top of a TCP connection.

Not funny.

[Ayatollah]

This story shouldn't be joked about.

From the article:

Medical professionals say the revolution is being fueled by a universal demand for remote patient management. With less face-to-face time available for patients, physicians and health-care managers say they want new techniques to deal with patient needs.

This is another sign of a decline in healthcare due to greed. Patients are increasingly being treated as secondary to money in the health care game. This ability will be used to increase the profits of the health-care businesses by cutting costs, decresing personal interaction between doctors and patients, and increasing the workload per doctor.

Just hope you don't end up with any remotely communicable implants. You'll probably end up paying for treatment you don't directly receive from doctors you never directly meet.
.

Microsoft based

[Aloekak]

I'll not even mention the obvious, but:

What about an update? Do you need to reboot?

Article scores -1, Flamebait

[andyh1978]

Medtronic Inc., Minneapolis, demonstrated the Chronicle, an implantable heart-monitoring device now being clinically tested by physicians in applications where it transmits critical patient information to secure Internet sites.

So how exactly do you get a denial of service attack against a system that only transmits and does not receive or process requests?

How about reporting news without inserting redundant pokes at certain software simply for the shock/sarcasm/controversy value?

Re:Article scores -1, Flamebait

[3seas]

As an input/output device that can communicate to another
input/output device, making the line of communication able
to go across a better known and widely used media only opens
up more possibilities, both positive and negitive.

Consider what a lie detector is, a device that requires
non-technology interaction in the fedback loop process.

Now consider what the possibilities are on the negitive side
of this topic. What could someone do if they tapped into
receiving data from a pace maker while interacting with the
pacemaker user. The perfect murder? Emotionally Upset someone
to death?
3 S.E.A.S - Virtual Interaction Configuration (VIC) - VISION OF VISIONS!

Re:Article scores -1, Flamebait

[mizhi]

Someone needs to check their funny bone. I wonder if he can ping it? Would fingering it help?

Doctors getting it wrong, we want internet enabled brains... a little slot in the temple for a wireless nic.

Hmmm... what if there was an annual subscription for the use of your heart ala Windows XP? =)

"Honey, did you pay the heart fee? Honey???"

Re:Article scores -1, Flamebait

[Mynn]

Excuse me, that's Moose Jaw thankyouverymuch.

Re:Article scores -1, Flamebait

[Da+Web+Guru]

Correct me if I'm wrong, but don't most TCP/IP protocols usually send a response to verify that the recipient received the packet? And if a pacemaker transmit's over the Internet, then it would use TCP/IP, would it not? It would still have to listen on some port. (Portscaning for pacemakers...) Of course it could use UDP, but how would it know that the monitoring system's servers received the pacemaker's current status...

Now for the rest of my questions. (More realistic ones this time...) Chances are the pacemaker will connect to some external hardware connected to your computer via a USB or serial cable. (Assigning the pacemaker a globally routeable IP address would be *really* dumb.) What would the human interface be like? Will there be a wire hanging out of their hand? Will it be a wireless connection like a cell phone? (Let's not have any more cell phone radiation...) Will the hardware be PC, Mac, and Linux/UNIX compatible? (You can't always tell a customer that they *must* have Win98...) Can a hardware failure in the PC or external equipment cause any problems with the pacemaker? (Some failures do cause power surges, and I'd *really* hate to have a power surge fry someone's pacemaker...) How often would they need to check in? How are the pacemakers checked when they go to get their checkups now?

Re:Article scores -1, Flamebait

[Mozz+Alimoz]

I completely agree with maggard.

From 1990 to 1996 I wrote software for a device that can upload logs and reprogram an implanted pacemakers or defibrillator. All that Maggard describes above was true in 1996, except that we used RS232C, modems and the kermit protocol to upload data to a central database instead of the USB and the internet.

Re:Oh NO!!! UCITA!!!!

[Fervent]

Right. And that would happen... when? MS or Sun's OS on a pacemaker? Right....

The remote access society

[bl968]

I had to sit and think about this article for a bit before I could write a coherent response. The world is becoming a more interconnected and complex place at the same time we are each becoming more remote from each other. The risks from a change of this nature can sometimes outweigh the benefits offered by it. The problem with interconnecting medical devices to the Internet is that you are not placing a generic computer system with an IP address at risk to hackers. It is also not just that you are also providing a layer of complexity to these vital devices, which increases their possibility of the failure.

My problem with them is of a more social nature. I would much prefer that my doctor sits in front of me and looks at me the person rather than an impersonal serial number. Already our society is one that is slowly but surely cutting the individual from the societal whole. Do we need, do we want this process to extend to our medical care? Sure it is possible that these changes will save some lives. These changes may make it possible for a doctor to diagnose and prescribe treatment before the person in a life threatening condition can reach the hospital. However, unless it is life threatening I personally will take the trip to the doctor's office even with the additional wait.


--
When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run :P

thought for a new murder mystery twist

[Papa+Legba]

Could be just a good fiction story... Or just a good idea period... you decide.
Kill someone with these and fake the signal back to the server in order to make it appear that they are alive, leave town and then have it shut off when you are safely in alibi land.
"My client is inocent or all charges, from these server records it is obvious that Mr. Gates did not die until my client was in chicago!"
My real question is- Will I read this in a book first or hear it on the news first.

Wait! I had a brialliant idea! I will rambus this and patent the idea of an alibi based on internet related patient monitorring! I'm going to be rich!

Dependence

[QuantumFTL]

Do we really need more things dependent on the internet? I mean, so much already is today, if something happenned to the internet, the economy would be a disaster. Do we want grampa to crash cause he's connected through AOL?

Just a thought.

Re:Dependence

[jfryer]

The thought of owning a brand new "eHeart" running "Microsoft Windows of the Heart" is scary I would guess a reboot would be required every 5 to 10 days (including a 6 minute load up cycle)

Ping of Death

[shumacher]

From the article:

"Right now, we have patients who often must travel two hours just to find out that nothing's wrong."

One of the things I remember from a bicycling book I read in high school was that a mirror could be relied on to tell it's user that it was not safe behind, but never that the road is clear. The same would seem to be true here. I'd trust the unit to tell the doctor that there were problems, but I would probably go into the hospital if it said everything okay and I felt otherwise. I also wonder what sort of security we're talking about. I would hope the encryption is outside the patient, for easy updating in the event of an exploit. I would also hope that the internet related system is completely isolated and unable to interfere with the more critical aspects of the device.

Predicted in Finder

[LionKimbro]

In Finder, there's a part where a kid telnets into his little systers biological interface. I forget if it was telnet, or if he manipulated her through /dev/something. It was rather interesting to see that it was UNIX. The series also includes lots of plausible AI, genetic manipulation, etc., etc.,. One of the smartest series I have read in a long time. Thought I should mention it, since it is a neat comic that includes this idea of telnetting into people's bio systems.

One of the finder issues is free to view online. No, doesn't feature what I was describing.

I'm sure that others have thought of this before, but hey. I think other nerds would like this comic. (News for Nerds, News that Matters.)

Re:they are out of their fucking minds!

[Ergo2000]

It's completely idiotic for sure. This is just someone being a wank and dreaming of "synergy" in the most ridiculous of places. Sure maybe it'd be nice if these devices had an encrypted bluetooth/802.11 so they could easily diagnose it, etc., but it is absurd that it will use the internet, and whoever is thinking that is a good idea should be fired and removed from anything even remotely technical.

Re:they are out of their fucking minds!

[Ergo2000]

This is pure uninformed hysteria, just like the /. story itself.

Is it? If the device communicates on "The Internet" then it has a TCP/IP stack. If it has a TCP/IP stack then it almost certainly has vulnerabilities, which could be as simple as hogging CPU time (and I'm sure there are plenty of people who, assured of their brilliance, would put the stack on the same CPU that is responsible for beat timing, etc). How many times have idiots claimed "Oh, this is secure...nothing to worry about here" because of their naively utopian vision of how the world works: "Sure it's a classified network that we dropped the web server on...but don't you worry all the web server does is serve up static pages. No threat here...". Whoops, buffer overflow...you are ownzed.

There is no such thing as "hysteria" when it comes to system critical/restricted/confidential systems. I'm waiting for the day that some clown trying to get some hype for the company stock price announces a new intercity stoplight system that's "on the net!" (no particular reason why it SHOULD be...but hey, why not), and shortly thereafter the deaths when someone ownz the system and turns the cities light system all green simultaneously. The people pushing such a system would claim it's "hysteria" to worry about it...don't you worry, it's all covered. Reality has shown time and time and time again that it's quite different in reality.

Software, with very few exclusions, has faults and vulnerabilities. The more lines and the more complex the system (and something like even a TCP/IP stack gets fairly complex), the more likely of vulnerabilities going undetected until it's too late. Still it's amazing seeing people completely ignore historical evidence because what they're doing is so much different.

This is just pure ignorance. Heart waveforms aren't secrets and don't need encryption. All that is needed is simple authentication.

Pure ignorance? What are you, with the NSA? Your message sounds like the beginnings to so many ridiculously unsecure/vulnerable systems out there.

Braudband Pacemaker?

[the_lizardman]

Why, back in my day I had a 9600 baud pacemaker and still was jitterbuging every night!

"Work expands so as to fill the time available for its completion."

Theme Song

[Cardhore]

The device's theme song will be "E-mail my Heart" by Britney Spears. God that's an awful title for a song.

Help

[Gaijinator]

Help, help!! This is the big one! The script kiddies are at it again.

(switch to ER scene)

Clear! (ping!) Don't time out on me!!!
----------
"Remember, your friends will stab you in the back for the price of an Extra Value Meal."

Ooo... bad news

[BigumD]

"Let's test our network connection"
"Ok, ping grandma's pacemaker!"
Talk about being worried when the ping times out...
What I wanna know is, how to hack it to add a larger hard drive and load Linux on it ;)

Re:In case you fall, and can't get up!

[KarmaBlackballed]

Why not have a computer that constantly monitors all our vital signs?

How about a company sell these things for parents to have their kids wear? I'm a parent and I might buy one.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~

Re:look at the applications...

[corvi42]

I'm sorry, but you're very much misinformed.

It is true the industrial revolution era factory workers did work longer on average than we work today, but if you look further back in history you will find that the average number of hours worked at almost any period was much less - and with many more holidays.

Average amount of work per day by stone-age hunter gatherers to survive: 2 hours.

Re:look at the applications...

[corvi42]

"I can personally see where this has huge benefits. For example, if my Grandmother was in the hospital in critical condition, I would feel alot easier knowing I can check that she's OK anytime during the day by simply going to a web site. This frees up time for families with sick relatives and allows them to do such things as go to work to pay for the bills."

I don't know about anyone else - but personally I think this is the saddest comment on society that I've seen in a long time. Not only are people so disinterested in their older generation that they shove them off into isolated "communities" to whither and descend into dementia and death, but now you're saying you can't even be bothered to take time out of your working schedule to go visit your grandmother as she dies? That's totally sick and demented.

Sorry Granny, but honestly nobody likes you 'cause you're old and no longer a productive member of the tribe - so we're not going to give your dying hours more attention than a few clicks on a website.

Old people don't want to be stuffed off in retirement communities with lots of senile people. They want to be with their families. They want to have meaningful contact with LUCID people - just like everybody else. But how often have we heard the same thing: no time for granny, put her in a home, no time for little billy let the TV or some strangers raise him. Got to be productive, got to work. And then we wonder why kids grow up to kill each other and people generally feel like society is slipping?

In general people in our society work too much. Never before in the history of mankind have people spent so much time working and considered it normal. Even slaves in the Roman empire had more time off than your average worker today. We're amazingly rich as a society, we have technology that even a few decades ago would only have been fanciful stories - and are we enjoying the benefits of any of it?

Something to think about anyway....

Re:look at the applications...

[HD+Webdev]

Not to mention the bookies in Vegas that will be able to take bets on how long famous celebrities using the device will live...

Re:This could seriously save lives.

[baptiste]

But your DSL line went down so the message can't get out and you die. Your family sues the DSL provider for millions. They go under or start charging huge monthly fees just to cover teh cost of insurance.

I think some internet aware devices are a great idea and this is way better than a refrigerator that emails you when the milk goes bad. But the danger of all new technologies like this is having the lawyers ruin it for everybody.

--

BSoD? No.

[TheSHAD0W]

You wouldn't have to worry about BSoD if the pacemaker unit were transmit only.

What you MIGHT have to worry about is exploits on the receiving computer. DDoS on a medical server might block reception of statistics for thousands of implants. Or an exploit might lead to patients' being called in unnecessarily.

Monitoring nurse: "Um, Doctor. Mrs. Magruder's heart is beating SOS in Morse code..."

Re:look at the applications...

[hyrdra]

I want to reply to all of those who think my comment was sinical about the Grandmother analogy. First, of course it wouldn't be a replacement for truly taking the time out and visiting your loved one, but for someone who is chronically ill, you can't be there all the time. When my Grandmother died, I obviously couldn't be there throughout the entire two month hospital stay. When she did past away, the hospital was unable to contact me so I wasn't able to be there with other family members during her last hours.

To summerize: I'd rather want to learn there is trouble from a web site (any source, really) and have the 24-hour active monitoring capability of any Internet connection than not knowing at all.

look at the applications...

[hyrdra]

I think this is a great idea. Unlike many others here who are afarid of introducing a public network into critical operating devices, I think the article clears this up pretty well. They're not going to be hosting CNN.com, and the only thing they'll probably do is transmit a keep-alive signal (takes a whole new meaning) to a web server and this is then made available on a secure site which family can monitor.

I can personally see where this has huge benefits. For example, if my Grandmother was in the hospital in critical condition, I would feel alot easier knowing I can check that she's OK anytime during the day by simply going to a web site. This frees up time for families with sick relatives and allows them to do such things as go to work to pay for the bills.

I could also see it being used as a way to rate hospitals. How long has it been since a patient has gone into arrest? How many per day? I could see hospitals advertising their 'uptimes' just as much as is the case with network system stability.

In addition, if the information was de-personalized and made available to the public, researchers and doctors could have access a wealth of data (especially if the devices are trasmitting more than a signal, e.g. heartrate, etc.) to examine regarding conditions, and varying opinions could be generated by many experts by examing data. In a way, you could get a second opinion by just telling your doctor to go look at the log on the web.

I think this is a case where humor got the best of us. Something like this has real possibilities for a wide range of audencies.

Re:look at the applications...

[Ellenor]

Two points: "I can personally see where this has huge benefits. For example, if my Grandmother was in the hospital in critical condition, I would feel alot easier knowing I can check that she's OK anytime during the day by simply going to a web site. This frees up time for families with sick relatives and allows them to do such things as go to work to pay for the bills." Firstly, part of life is visiting someone in hospital.. making the TIME to see them. Letting them know that you care. That's what they need the most. NOT a phone call that says " Hey, I checked you out on the Web today And you Look FINE and DANDY. Yep... well, we'll see you when you get out!" Secondly, "if the information was de-personalized and made available to the public, researchers and doctors could have access a wealth of data" That would go against evrything that a Paitent- Doctor confidentiality agreement stands for. Health care will only become more impersonal if we continue to act if that's ok by us

Analog vs. Digital

[El+Camino+SS]

Are these digital pacemakers? Great, then you have software and hardware issues, right? IANApacemaker expert. But I have a divergent opinion about all of this. This brings up an interestig question of maintenance. A LOT of my friends are television engineers and have been complaining about "digital" for years. I am a television photographer, and ultimately I despise anything digital. THE REASON? It gets in the way. REALLY. It should be digital in the edit... but get it the hell away from the cameras. Stop complicating simple things... because right now it is worse than traditional videotape. YES, because of computers, it has actually made TV worse... more time consuming and quirky. My job is photography... I am not a software engineer... nor do I want to be. I need to focus on my work to make it visually appealing and tell a story instead of tracking bugs and patches. It is not "transparent" to fix anything on a digital video camera (OLD DAYS: ohhh, here is where the circuit board fried, let me get the soldering iron. NEW DAYS: let me check all of the circuits, and the software, I'll get back to you in a week when I find out where they aren't talking). Now you have to check all of the hardware, then do the software... ugggh. Here's the rub: THE QUALITY OF THESE CAMERAS IS NEGLIGABLE TO THEIR ANALOG COUNTERPARTS. Video cameras have set qualities set by hardware, the software really doesn't even need to be there. There are several television standards, but they all look about the same to the consumer, unless they are a /.er who bought a high-definition and surround sound... but most people even then can't really tell, nor should they care. People like TV, not the television. So here is my question... a pacemaker regulates heartbeat exactly the same either analog or digital. So what is the distinct advantage to having a device like that with a programmable brain if the others work exactly the same? Don't we tweak analogs too? It seems to be similar to my television dilemma, that the powers that be almost always need to make something more complicated than it possibly needs to be... and therefore gumming up the works with unneeded repairs and down time. Its the old VW bug argument. You still see them around. Why? 'Cause they are uncomplicated... more importantly, you don't need to hook them up to a computer to fix them. You need screwdrivers and a socket set. It is a superior design. Think design first.

fun stuff comes to mind

[gabriel_aristos]

Other than the inevitable "Imagine a Beowulf cluster.." jokes, some other fun stuff comes to mind:

Give whole new meaning to "catching a virus".
Easy way to add tons of new nodes to SETI@home.
Would finally make "The Clapper" obsolete ("I've fallen, and I can't get up!")..
Could possibly make a nifty wireless peer-to-peer network at the retirement home.

However, on the downside:

If your ISP goes belly-up, you go belly-up.

Yikes

[rahl]

Can you say "Fatal System Crash"?

On the other hand, the article wasn't too clear on just the degree of dependance the hearts would have on outside sources. If they're only transmitting information out, this should be fine (except for maybe privacy concerns, that is). But near the end, where it talked about "remote patient management"...

I dunno. It'll be interesting, though, to see how it turns out, and how much rampant fear there is of "Internet hackers."

Re:Yikes

[rahl]

But cell phones are safe! Nokia payed RJR to say so.

Errr...

Or something like that, anyways.

The above is not intended to be taken seriously and the poster should not be sued for.. anything. Thanks :)

Re:This could seriously save lives.

[cavemanf16]

Yeah, that's a really smart idea if it wasn't for our lazy, greedy, evil human nature. So when *almost* everyone has something implanted in them to monitor vital signs, doctors will just quit trying to help those without it because "it just takes too long to diagnose and treat their problems". Sorry, but I don't trust humanity THAT much to give them the power to say: "Here, we know you say you're feeling fine, but take this, it will make you feel even better. Your biometer told us so!" - And then the sianide takes affect and out I go because I don't agree with everything The Man says. Your trust in humanity is commendable, but I would suggest finding something better to place all of your trust in.

damn it

[CRAssEsT]

Great so ECHELON and Carivore can tell that i look at a lot of porn AND im a lazy slob with have high blood pressure now

This could seriously save lives.

[metatruk]

Imagine you have a heart condition. You're at home, and all of a sudden, you have a heart attack. This system notifies your medical care provider, which then instantly relays the information to 911, who then sends paramedics to your house to save you. Or similar devices could be implanted in patients who have other illnesses, severe epilepsy perhaps? Respitory problems? We could see a whole new line of devices that would be able to remotely monitor patients' health. Daily data could be compiled into a databse, so doctors can review organ operation when a problem comes up. Not all patients can give reliable information to their doctors either, Espescially the elderly: "Have you been having problems breathing?" "I'm not sure, I don't really remember" could become "I see you've been having problems breathing, here's something I can do to help..."
I hope to see these devices appear more and more, because frankly, I think it's a good idea.

ping heart.chest

[PicassoJones]

PING heart.chest (10.63.32.153) from 127.0.0.1 : 56(84) bytes of data.
64 bytes from heart.chest (10.63.32.153): icmp_seq=0 ttl=242 time=10.025 msec rate=73 bpm

DoS comment.

[JesusFish]

These depend on a server actually being up to trasmit to. I guess someone could DoS attack those servers, affecting patients by doctors not having the critical information in time. Which kinda supports michaels story comment, then again maybe not.

True test of eula's

[Benjiman+McFree]

hospital If you fail to make your require upgrade, your device will be remotely disabled;don't you know this device is a rental!

consumer but, I just don't have the money.

hospital sorry, we have no control, the device is not ours and we have no control of the software. Our contract with the oem has our hands tied.. It's this simple, pay or die.

and then...

[neodymium]

...imagine what could be done with traceroute:

~$ traceroute pacemaker.george.heart.com
traceroute to pacemaker.george.heart.com (1.2.3.4), 30 hops max, 38 byte packets
1 my-isp.somewhere.de (3.4.5.6) 3.611 ms 2.279 ms 2.033 ms
[...]
8 george-isp.somewhere.com (5.6.7.8) 5.281 ms 4.522 ms 4.147 ms
9 phone.george.heart.com (1.2.3.7) 108.742 ms 105.656 ms 376.795 ms
10 living-room.george.heart.com (1.2.3.6) 180.167 ms 168.235 ms 186.593 ms
11 toilet.george.heart.com (1.2.3.5) 167.976 ms 168.376 ms 168.926 ms
12 heart.george.heart.com (1.2.3.11) 180.141 ms 169.184 ms 168.880 ms
13 pacemaker.george.heart.com (1.2.3.4) 170.063 ms 170.369 ms 169.367 ms

Social-scism (sigh)

[Richthofen80]

*sarcasm* Wow... yeah, why would we want to enable the patient to monitor his own health? It should all be in the hands of someone else */sarcasm*

I like this idea, that maybe I won't have to go to some large impersonal hospital and wait in line for a while to get my information... Why can't we automate medical services? remember those blood-pressure testers in CVS? this is the exact same thing, on a more serious scale. All it means is that instead of taking up a doctor's time which he could be treating a gunshot victim, you can do your own checkup on your pacemaker. This empowers patients, not disables them. The more we can do on our own, the more educated we become about these issues, and the less we need to rely on an often unreliable system

BTW: "Randites" prefer to be called Objectivists.

What if..

[bsquizzato]

What if someone with one cracked 100mbit box from Japan just happened to ping -f old granny's pacemaker? Then what?

DoS

[TwistedTR]

So what happens if someone fires up a DoS attack on your pacemaker? Does it start shocking the sh*t out of your heart??

In case you fall, and can't get up!

[6EQUJ5]

Why not have a computer that constantly monitors all our vital signs? You'd only wear it perhaps if you live alone or are travelling. It instantly alerts the nearest emergency health center, your family, boss, and various government or corporate agencies that could benefit from your passing.