Are Defibrillators Vulnerable to Hacks Dangerous?

On March 12th the Wall Street Journal reported on the vulnerability of Medtronic implantable defibrillators to hacking by rogue programmers. In a bench test conducted by clinicians and IT specialists, the defibrillator security firewall was breached and the programming information was changed. The question is “Does this really present a significant risk to patients?”
Well, the answer is both “Yes” and “No.” No doubt, Medtronic should beef up their security on these implantable devices, assuming that doing so does not negatively impact the ability of clinicians to access the device in emergency situations and that the cost of improving security is not excessive. There are many ways evil individuals can hurt others without going through the trouble of hacking defibrillators. Intuitively, the risk of someone doing this is quite remote. And even if it does happen, it does not mean the risk values an expensive response. With our healthcare system delivering at least 100,000 unnecessary deaths due to medical errors, there surely are much greater problems that we need to address to make patient care safe.
Therefore, I strongly encourage Medtronic to focus on how they can make their implantable defibrillators more secure, but my focus will continue to be on promoting efforts that work to reduce the bigger threat of medication and medical errors.