Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

The security of medical devices is critical to good patient care, especially when the devices are implanted. In light of recent developments in information security, there is reason to be concerned that medical implants are vulnerable to attack. The ability of attackers to exert malicious control over brain implants ("brainjacking") has unique challenges that we address in this review, with particular focus on deep brain stimulation implants. To illustrate the potential severity of this risk, we identify several mechanisms through which attackers could manipulate patients if unauthorized access to an implant can be achieved. These include blind attacks in which the attacker requires no patient-specific knowledge and targeted attacks that require patient-specific information. Blind attacks include cessation of stimulation, draining implant batteries, inducing tissue damage, and information theft. Targeted attacks include impairment of motor function, alteration of impulse control, modification of emotions or affect, induction of pain, and modulation of the reward system. We also discuss the limitations inherent in designing implants and the trade-offs that must be made to balance device security with battery life and practicality. We conclude that researchers, clinicians, manufacturers, and regulatory bodies should cooperate to minimize the risk posed by brainjacking.

Original publication

DOI

10.1016/j.wneu.2016.05.010

Type

Journal article

Journal

World Neurosurg

Publication Date

08/2016

Volume

92

Pages

454 - 462

Keywords

Brainjacking, Cybersecurity, Deep brain stimulation, Hacking, Implantable medical device, Implantable pulse generator, Medical device security, Neurosecurity, Neurosurgery, Brain Injuries, Computer Security, Deep Brain Stimulation, Equipment Failure, Equipment Safety, Humans, Patient Safety, Prostheses and Implants