Can’t get you out of my head: Telemetric hacking of medical deep brain stimulators
2022-07-22, 22:30–23:30, Gear ⚙️

Help protect deep brain implants from malicious attacks! Following a case in our own hospital of a patient with a malfunctioning Deep Brain Stimulator (DBS), we want to improve our understanding of these technologies and their susceptibility to malicious hacks. This workshop will describe the medical case of a patient with a failing DBS, we will present the DBS system and we will ask you to hack into it! Help us improve patient neurosecruity by suggesting possible exploits and vulnerabilities.

The security of telemetric medical devices is critical to good patient care [3]. Recent research has described security breaches of implanted medical devices in the context of diabetes (insulin pumps) and cardiology (cardiac defibrillators), however this has not been described in the field of neurology [1-2]. In our workshop we discuss the security vulnerabilities of ‘Deep Brain Stimulator’ (DBS) devices that are currently used in healthcare practice for a range of medical conditions.

Our work revolves around a recent clinical case that we encountered in our hospital. A patient presented to our Emergency Department with acute neurological symptoms, which were found to be related to his malfunctioning Deep Brain Stimulator (DBS). As doctors, this was our first encounter with such a case and it posed difficult medical and technological challenges. A number of similar cases, in which patients with malfunctioning DBS devices have presented with abnormal medical symptoms, have been reported in the wider literature. Increasingly, these devices are being monitored remotely by specialists centers and the telemetric nature of these devices leaves them open to malicious hacks.

More than 100,000 patients worldwide have received Deep Brain Stimulation (DBS) for neurological conditions. The adoption of ‘neurotechnology’ or ‘brain-computer interfaces’ has increased across the medical domain for neurological conditions (e.g. Parkinsons), but also for ‘emerging indications’ including OCD, Depression and Bipolar disorder. Additionally, beyond the healthcare space, ‘brain chips’ are receiving increasing attention for their promise to enhance cognition, augment reality and manage emotions.

Hacking brain stimulators (‘brain jacking’) has so far only been reported in theory [1-3]. Targeted attacks of telemetric DBS devices to affect voltage/current and frequency settings could induce impairment of motor function, alteration of impulse control, induction of pain and manipulation of emotions [1-3]. The ability of hackers to exert malicious control over brain implants has dangerous and potentially life threatening consequences. For our patients and the wider community, we want to understand these threats and develop protective measures to secure the neuro-integrity of our patients.

Recognising and responding to hacks of deep brain devices requires an interdisciplinary response. We need data scientists and hackers who understand the vulnerabilities of telemetric systems and potential routes of tech-induced harm. We need medical physicians and neuroanatomists to understand the clinical syndromes that may arise from the intersection of human physiology and digital manipulation. The workshop will start with a presentation describing the medical case of DBS failure. Following this, we invite participants to brainstorm ideas for how a DBS system could be hacked and to consider the ethical issues of this research. We will divide the audience into small groups and ask them to consider the following questions:

Questions for workshop participants would include
(i) Vulnerabilities: How would you hack a telemetric DBS device? What attacks is it likely to encounter? What are its vulnerabilities?
(ii) Defense: What options could improve the security of these devices?
(iii) Ethics: What are the arguments for and against these devices being used in healthcare?

Following group discussions we will reconvene and share our thoughts and recommendations. We invite people from all disciplinary backgrounds to attend and share their thoughts on potential vulnerabilities and solutions for these systems.

**Key References
[1] Pycroft, Laurie, et al. ‘Brainjacking: Implant Security Issues in Invasive Neuromodulation’. World Neurosurgery, vol. 92, Aug. 2016, pp. 454–62. ScienceDirect,

[2] Denning, Tamara, et al. ‘Neurosecurity: Security and Privacy for Neural Devices’. Neurosurgical Focus, vol. 27, no. 1, July 2009, p. E7.,

[3] Pycroft, Laurie, et al. ‘Brainjacking: Implant Security Issues in Invasive Neuromodulation’. World Neurosurgery, vol. 92, Aug. 2016, pp. 454–62. ScienceDirect,

Isabel specialises in the intersection of Artificial Intelligence (AI), clinical medicine and healthcare inequalities. She works part-time as an emergency doctor in addition to pursuing her PhD which focuses on supervised and unsupervised machine learning methods for bias mitigation in medical algorithms. She has experience in international settings both in her clinical work, and in policy settings at the United Nations. Clinically, she has worked in humanitarian and conflict areas in adult and paediatric emergency medicine. In international policy settings she has focused on the ethics of neurotechnology, artificial intelligence, reproductive technology and the impact of climate change on human civilisation. Her interests include AI and neurotechnology, healthcare disparities, global health, and gender-based violence. She has published work that highlights bias in medical algorithms, the role of AI in psychiatry, and the impact of technology on healthcare inequalities and gender-based abuse.

This speaker also appears in: