My Pacemaker Is Tracking Me From Inside My Body

Neta Alexander / Ian Bogost / The Atlantic

Featured eBooks
Space Tech
Read Now

CDM

Read Now

Digital Transformation

Read Now
By Neta Alexander,
The Atlantic

By Neta Alexander ,
The Atlantic

|

Cloud-connected medical devices save lives, but also raise questions about privacy, security, and oversight.

A month before turning 34, I received an unexpected birthday gift: a cloud-connected pacemaker. It sits in a tiny pocket in the left side of my chest, just above my heart. Silently and diligently, the device emits electrical pulses to make sure my heart rate never again plummets below 25 beats per minute.

The idea of a battery-equipped, internet-connected device living forever inside my chest both terrifies and fascinates me. When people say, “I’ll die if I lose my iPhone,” they never mean it literally. But I really might die without this smart gadget. I’m also at risk in other ways. A wireless pacemaker can be hacked, or, as recently happened in Ohio, become legal evidence that incriminates its user.

There is a crucial difference between my device and more ubiquitous digital technologies: I never made the choice to implant the pacemaker in my body. I’m grateful to the hardworking doctors who minimized my pain and helped me get better. At the same time, the device they installed raises questions that now haunt me. It’s not clear who might have access to data about my pulse, my health, and possibly my whereabouts—data generated by a device inside me.

Arriving at the ICU with a dangerously slow pulse, I was alarmed to find out I was suffering from a life-threatening condition called complete heart block. Learning that treatment would require a permanent pacemaker was no less of a surprise. I have nothing in common with the 76-year-old poster boy of pacemaker research, the former vice president Dick Cheney. Like Cheney, who survived five heart attacks, most pacemaker users are elderly—not grad students in their early 30s.

This might explain why the manufacturer of my pacemaker, the large medical-device company Medtronic, boasts that the device can be monitored remotely by health-care providers or worried family members. This tracking capacity could assuage anxiety, but it also raises some concerns about privacy and longevity.

Since the pacemaker was approved for Medicare reimbursement in 1966, there has been a sharp rise in the number of medical conditions that might lead to its installation. In 1984, treatment guidelines from the American College of Cardiology called pacemakers at least a “reasonable” tool for treating 56 heart conditions. By 2008, the list had expanded to 88. Between 1993 and 2009, nearly 3 million Americans had pacemakers implanted.

Despite the growing number of pacemakers, not to mention the recent introduction of wireless cardiovascular devices like mine, their long-term effects, risks, and proprietary design are rarely discussed with new patients or their family members. Lior Jankelson, a physician at New York University’s cardiac-electrophysiology center, told me that every new pacemaker implanted in the United States is cloud-connected. “As a result,” Jankelson explains, “there are at least tens of thousands of Americans with cloud-connected devices that could be monitored from afar.” First, let’s save your life, the medical establishment might surmise, and later we can chitchat about how having a wireless, subdermal implant for the rest of that life might expose you to hacking, infections, and other health hazards.

My tiny device constantly collects data, which is automatically sent to my bedside monitor whenever my doctors schedule a remote-monitoring appointment. During these appointments, which take place every four to six months, the monitor sends my metrics to a secure server. A doctor examines the transmitted data and notifies me by phone if any further action is needed. The patient manual explains it like this: “Sending heart-device information using wireless technology does not require you to interact with your monitor. The process is silent and invisible. Clinics typically schedule the automatic process to occur while you sleep.”

That language is meant to reassure me that living with a wireless pacemaker is an effortless endeavor. But to me, the idea that my hidden chest box “talks” to others in my sleep is the stuff of nightmares. What is the device sending to the cloud, and what is the cloud sending back to it? It is impossible to know for sure whether my data is protected. As the security researcher Marie Moe recently wrote in Wired, “Part of the problem with doing security research in this field is that the medical devices appear as black boxes. How can I trust the machine inside my body when it is running on proprietary code and there is no transparency?”

Moe mentions that in 2008, a group of researchers at the University of Michigan proved that it is possible to extract sensitive personal information from a pacemaker—or even to threaten the patient’s life by changing the pacing behavior or turning it off. Other medical devices are also vulnerable. In 2011, Jay Radcliffe, an independent security researcher, revealed a security vulnerability in a Medtronic insulin pump that could allow an attacker to take control of it.

Aware of these alarming scenarios, in 2013 Cheney told CBS’s 60 Minutes that his doctors disabled his wireless pacemaker to thwart hacking and to protect him from possible assassination attempts. Riffing on a fictional assassination by pacemaker depicted on the TV show Homeland, Cheney stated that he found the plotline to be “an accurate portrayal of what was possible.”

* * *

Health providers can review my data from afar, and unauthorized hackers might have access to it, too. But it proved surprisingly difficult to access these medical records myself. After calling both Medtronic and the hospital in which my pacemaker was implanted, I was told I would have to sign a release form and wait for its approval before the data could be sent to me (via postal mail, no less). The process might take several weeks, and I would have no way of knowing whether the delivered data would be partial or complete. Just as Google or Facebook retains more data than it reveals, so even gadgets inside one’s body are gradually shifting control of personal information from users to corporations.

Any downsides to this trend are repeatedly denied by the medical-device manufacturers and cardiologists I spoke with. When I asked a Medtronic representative if I had to take the monitor with me for a two-week trip to the Middle East, he tried to convince me to “sign up to our new mobile app, which lets you download the data via a small, handheld monitor.” It’s a relief that I can travel safely around the world, but the long-term risks of connected monitoring systems are not part of the doctor-patient conversation. My phone conversation with Medtronic reminded me of routine conversations with my internet or cable providers, when overworked and underpaid representatives desperately tried to sell me “our brand-new package” for a “once-in-a-lifetime deal.”   

The potential threats posed by hackers are distressing, but so is the notion that my pulse has been monetized. Medtronic is a public company with 84,000 employees in about 160 countries, serving more than 50,000 patents. The company, which moved its headquarters from Minnesota to low-tax Ireland in 2015, defines making “a fair profit” as one of the goals in its official mission statement. With revenues totaling $10.5 billion from cardiac and vascular devices in 2017 alone, it seems to be succeeding.

Data monitoring is threatening because those subject to it don’t know what information is being collected, for what reason, and by whom. And unlike iPhone or Amazon Echo users, I cannot just choose to stop using my connected pacemaker. In a way, my heart is no longer entirely mine: I share it with both Medtronic and with the U.S. hospital in which it was implanted. As an immigrant in America at a time when foreign status is uncertain, I can’t help but wonder if my pulse might one day betray me. Might it show I visited a place I was not supposed to, or dared meet someone from a hostile country?

* * *

Alongside privacy and security, other concerns are equally frightening but more macabre. At 34, my biggest fear is that my pacemaker will stubbornly continue to beat my heart after my brain ceases to function. As the writer Katy Butler movingly described in a New York Times piece about her father’s final years, “If we did nothing, his pacemaker would not stop for years. Like the tireless charmed brooms in Disney’s Fantasia, it would prompt my father’s heart to beat after he became too demented to speak, sit up, or eat. It would keep his heart pulsing after he drew his last breath.”

As Butler reported, the Heart Rhythm Society and the American Heart Association have issued guidelines declaring that “patients or their legal surrogates have the moral and legal right to request the withdrawal of any medical treatment, including an implanted cardiac device.” Deactivating a pacemaker, the groups concluded, amounted neither to euthanasia nor assisted suicide. And yet, the notion of not being able to choose when to die haunts me. Even if a medical professional can non-intrusively deactivate my pacemaker, the thought that this decision might be left to my loved ones is heartbreaking. The connected nature of my device makes this fear even darker. Will my body continue to send data to the cloud even if my brain ceases to function? In the future, will it be possible to “deactivate” me from afar?

Given all the questions, an open, honest conversation about the real and possible impacts of connected medical devices is needed. Transparency from cardiologists, computer scientists, medical companies, and law makers is especially crucial since legislation on the matter has languished. Writing in Modern Health Care, Rachel Z. Arndt recently warned that cybersecurity vulnerabilities in networked medical devices could “wreak havoc” on health systems. Faced with growing security threats, many in the medical industry now call for a “software bill of materials” that would list all the software components in any wireless device.

Despite a 2014 bill requiring government agencies to get a complete list of the software components for new products, these efforts have not yet been implemented. Instead, according to Arndt, “the FDA recommends that manufacturers take cybersecurity into account when designing devices and continue to do so after the devices have been introduced.”

In the meantime, patients are left without answers. I woke up to a life that depends on a fancy metronome and the invisible infrastructure sustaining it: replaceable batteries, bedside monitors, secure servers, Wi-Fi connectivity. There are millions more people who depend on wireless medical implants, our bodies talking constantly to medical companies and data brokers. If our bodies can talk to them, it shouldn’t be outlandish to imagine they might return the favor.

NEXT STORY: Can election security be fixed in time for the 2018 vote?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.