A permanent pacemaker (PPM), a medical device implanted under the skin, controls abnormal heart rhythms by means of electrical signals directed to the heart muscle. making certain a regular pulse and rhythm. Patients with symptomatic bradycardia, heart block, or other illnesses involving irregular electrical conduction of the heart benefit from this therapy. Although PPM implantation greatly raises life expectancy and enhances quality of life, it has several possible downsides.
Pacemaker patients may experience a range of complications, which can be broadly categorized based on their location or nature. These include issues directly related to the pacemaker device, respiratory problems, cardiac complications, neurological issues, vascular complications, tissue damage at the implantation site, and other systemic complications.
Common Complications and Their Predictors
Pacemaker-related problems are among the most frequently reported complications. These include infections, which can occur around the device or leads, lead dislodgement (where the electrode shifts from its intended position), and battery depletion. Infections are a significant concern, affecting approximately 1% of patients, usually within the first year. Risk factors for infection include long-term corticosteroid use, which can suppress the immune system and impair wound healing, and the implantation of more than two leads, which increases surgical complexity and exposure to pathogens.
Respiratory complications primarily involve pneumothorax (air leaking from the lung into the chest) and hemothorax (blood in the chest cavity). Pneumothorax occurs in about 1% of cases, often due to accidental lung puncture during the procedure.
Tissue injury at the implantation site is also common, manifesting as generator erosion (where the device erodes through the skin), hematoma (blood collection under the skin), and superficial wound infection. Hematomas requiring evacuation are a serious concern.
Cardiac complications can include heart failure, cardiac perforation (a hole in the heart wall), cardiac tamponade (compression of the heart due to fluid buildup), left bundle branch block (LBBB), endocarditis (inflammation of the heart’s inner lining), and pericarditis (inflammation of the sac surrounding the heart).
Neurological complications such as stroke or other cerebral vascular events can also occur. Vascular thrombosis, including blood clots, is another potential issue, with about 2% of patients developing a blood clot, typically in the arm where the pacemaker was fitted.
Several factors predict the likelihood of these complications:
- Demographic factors: Older age (especially over 75 years) is a significant predictor, as elderly patients may have hypercoagulability and reduced mobility, increasing the risk of complications like venous thrombosis. Male gender has also been associated with a higher risk of post-invasive pacemaker complications. Body Mass Index (BMI) also plays a role, with patients having a BMI <21 showing lower cumulative survival, indicating poor nutrition and increased risk.
- Pre-existing clinical conditions: Patients with Left Bundle Branch Block (LBBB), Atrial Fibrillation (AF) with slow ventricular response, Left Ventricular Ejection Fraction (LVEF) <50%, estimated Glomerular Filtration Rate (eGFR) <30% (indicating kidney dysfunction), and complete heart block are at higher risk. Major presenting dyspnea (shortness of breath) before implantation is also linked to worse long-term survival.
- Comorbid diseases: Conditions like Chronic Kidney Disease (CKD), Chronic Obstructive Pulmonary Disease (COPD), hypertension, and Acute Coronary Syndrome (ACS) are associated with increased complication rates. CKD, in particular, significantly increases the risk of infection, bleeding, and impaired wound healing.
- Procedural factors: Longer extracorporeal circulation (ECC) time, vasopressor use during the procedure, elective unit replacement (replacing an existing pacemaker), previous cardiac surgery, and the implantation of more than two leads are all linked to a higher complication rate. The use of corticosteroids can also increase infection risk.
- Operator experience and activity: The experience level of the implanting physician and the surgical team significantly impacts complication rates. Operators with more experience (e.g., >10 years or >40 cases/year) tend to have fewer complications.
Pacemaker Malfunction and Interference
A pacemaker can malfunction if the lead gets dislodged, the battery fails, or its circuits are damaged by strong electromagnetic fields. Signs of malfunction include changes in heart rate, dizziness, persistent hiccups, or fainting.
Patients with pacemakers must be aware of devices and environments that can cause electromagnetic interference (EMI), potentially affecting the pacemaker’s function. While modern pacemakers are designed with shielding, caution is still advised.
Devices and situations to approach with caution or avoid:
- Strong magnets and magnetic fields: These can interfere with the pulse generator. Examples include large motors (cars, trucks, boats, aircraft), welding and construction equipment (arc welders, electric drills, power saws), high-voltage power lines, and certain medical devices. Items with magnets, like CPAP masks with magnetic clips, some smartwatches, and earbud charging cases, should be kept at least 6 inches away from the pacemaker.
- Medical procedures:
- Magnetic Resonance Imaging (MRI): While newer pacemakers are often MRI-conditional, older models may not be safe due to strong magnetic fields and radiofrequency pulses that can heat leads or affect programming.
- Extracorporeal Shock-Wave Lithotripsy (ESWL): This procedure for kidney stones can interfere with pacemaker function and may require reprogramming.
- Transcutaneous Electrical Nerve/Muscle Stimulators (TENS): The electrical currents can interfere with the pacemaker’s pulse generator.
- Diathermy: High-frequency electromagnetic currents used in physical therapy can interfere with and potentially permanently damage the pacemaker.
- Radiation therapy: Used for cancer treatment, radiation can damage pacemaker circuitry, and shielding or relocation may be necessary.
- Electrocautery: While generally safe, it has been reported to interfere with pacemaker function.
- Security systems: Walk-through metal detectors and anti-theft detectors (EAS) at airports or stores can momentarily interfere. It’s best to walk through them quickly without lingering and inform security personnel about the pacemaker. Handheld scanners should not be held directly over the device for prolonged periods.
- Portable electronic devices:
- Cellphones: Should be kept at least 6 inches away from the pacemaker, avoiding placement in a breast pocket.
- Headphones: Most contain magnets and should be kept at least 6 inches away from the device.
- E-cigarettes: Isolated reports suggest magnetic components in e-cigarettes can disrupt pacemakers if held close to the device.
Post-Implantation Care and Lifestyle
Immediately after implantation, patients are advised to avoid heavy lifting (over 10 pounds), pushing, pulling, twisting, and lifting the arm nearest the device above shoulder height for several weeks to allow the incision site to heal and prevent lead dislodgement. Monitoring for signs of bleeding or infection (swelling, redness, worsening pain) is crucial.
Once healed, most daily activities can be resumed. While strenuous exercise should be avoided initially, patients can generally return to an active lifestyle, though contact sports may be discouraged to prevent direct impact on the device.
Scott Tanner has an implanted defibrillator that monitors his heart rate and can intervene when necessary. Although he jokes about the device, his experience raises serious questions about the potential for cyberattacks on medical devices.
These battery-powered devices, like Tanner’s defibrillator, continuously monitor heart rates and can deliver electric shocks to restore normal rhythm during emergencies. Tanner describes how, during a routine test, his heart rate was remotely increased by doctors, leading him to ponder the security of such technology.
“They were testing its responsiveness,” Tanner recounted, describing how medical staff, from a distance, remotely increased his heart rate to ensure the defibrillator would react as intended. “It’s quite a feeling to have someone else in control of your heartbeat.”
His lighthearted remark, however, quickly led to a more serious contemplation. If his doctors could remotely manipulate his heart rate, what – or who – else could potentially do the same? This experience has inadvertently shone a spotlight on a growing concern among cybersecurity experts and medical professionals: the vulnerability of implantable medical devices (IMDs) to cyberattacks.
The increasing connectivity of these life-sustaining technologies, which often communicate wirelessly with external programmers, remote monitoring systems, and even patient-facing apps, creates potential entry points for malicious actors. Experts warn that a successful cyberattack on a device like Tanner’s defibrillator could have catastrophic consequences.
The ongoing evolution of medical technology, including the increasing integration of artificial intelligence (AI) in device management and risk stratification, introduces new layers of cybersecurity considerations.
Cybersecurity Concerns in Cardiac Implantable Electronic Devices (CIEDs)
Cardiac Implantable Electronic Devices (CIEDs), including pacemakers and implantable cardioverter defibrillators (ICDs), present potential cybersecurity vulnerabilities, despite documented instances of patient harm being rare. Their increasing connectivity through wireless technologies raises concerns about unauthorized access by malicious actors.
Cybersecurity Threats
- Nature of CIED Connectivity: CIEDs function as sophisticated mini-computers that can be monitored and programmed remotely. This capability, while enhancing patient care, also introduces weaknesses that could be exploited in cyberattacks.
- Demonstrated Vulnerabilities: Research has identified methods of compromising CIEDs, including:
- Interception of device communications.
- Access through USB ports.
- Insertion of malware during firmware updates.
- Initiating telemetry sessions to drain batteries.
- Potential Consequences: Risks include accessing sensitive patient data, altering device behavior (e.g., inappropriate pacing), or delivering harmful electric shocks.
Notable Incidents
- In 2017, the U.S. Food and Drug Administration (FDA) recalled 465,000 Abbott pacemakers after vulnerabilities were uncovered by cybersecurity firm MedSec. Although no incidents of unauthorized access occurred, the recall led to firmware updates to mitigate risks.
- Similar vulnerabilities were identified in Medtronic devices, including pacemakers and insulin pumps, prompting researchers to demonstrate the potential for malicious firmware installation.
Risk Assessment
Experts maintain that while the theoretical possibility of hacking CIEDs exists, the probability of individual patient-targeted attacks is low. The complexity of executing such attacks deters malicious actors, who typically prefer easier targets. The primary concern is the “network effect,” where compromised devices could serve as entry points into hospital IT systems, leading to broader attacks like data breaches or ransomware.
Mitigation Strategies
A comprehensive approach involving multiple stakeholders is crucial for strengthening cybersecurity:
- Manufacturers: They are urged to incorporate robust security protocols (encryption, authentication, secure updates) into design and development processes.
- Regulatory Bodies: Agencies such as the FDA emphasize the need for ongoing surveillance and premarket scrutiny of device cybersecurity.
- Healthcare Providers: Hospitals must implement secure network practices and stay informed about potential threats.
- Patients: Individuals should discuss device risks with their doctors and ensure their home networks are secure, particularly for devices using remote monitoring.
Continued Vigilance
While acknowledging the benefits of CIEDs vastly outweigh the cybersecurity risks, ongoing vigilance is vital in maintaining these devices’ integrity. The FDA has issued multiple warnings urging the medical community to remain alert to potential threats.
Legacy of Security Advocates
Dr. Marie Moe, a cybersecurity researcher, successfully demonstrated vulnerabilities in her own implanted pacemaker, highlighting the critical need for improved security in medical devices. Her research, which began in 2015, involved reverse engineering the communication protocols of her pacemaker to understand how it interacts with external programmers and monitors. This allowed her to identify potential attack vectors that could be exploited by malicious actors.
Watch: https://www.weforum.org/videos/this-woman-hacked-her-own-pacemaker-to-show-how-vulnerable-we-are-to-cyberattacks/
Can hackers break my heart? | Marie Moe | TEDxVicenza
Moe’s work revealed that pacemakers, like many other implanted medical devices, often lack robust security features such as encryption and authentication, making them susceptible to unauthorized access and manipulation. She was able to demonstrate how an attacker could potentially drain the device’s battery, deliver incorrect electrical impulses, or even disable the device entirely. Her findings have been instrumental in raising awareness among medical device manufacturers, regulatory bodies, and the public about the cybersecurity risks associated with these life-sustaining technologies. Her research has contributed to ongoing efforts to develop and implement stronger security standards for medical devices globally.
Barnaby Jack could hack pacemakers and cause them to deliver a deadly electric shock, effectively “exploding” them in a functional sense by causing a fatal malfunction
Barnaby Jack, a renowned New Zealand hacker and computer security expert, demonstrated the ability to hack pacemakers and other medical devices, potentially leading to fatal outcomes. His work significantly influenced the medical and financial security fields, prompting changes in regulations by the United States Food and Drug Administration (FDA) regarding wireless medical devices
Barnaby Jack has passed away in San Francisco just days before his scheduled lecture at the Black Hat conference. The circumstances surrounding his death remain under investigation. Jack was set to present on the vulnerabilities of implantable medical devices, specifically pacemakers, during his talk titled “Implantable Medical Devices: Hacking Humans.”
Barnaby Jack, a renowned hacker, famously known for his groundbreaking demonstrations of hacking techniques, has passed away in San Francisco just days before his scheduled lecture at the Black Hat conference. The circumstances surrounding his death remain under investigation. Jack was set to present on the vulnerabilities of implantable medical devices, specifically pacemakers, during his talk titled “Implantable Medical Devices: Hacking Humans.”
Major Contributions
Jack achieved prominence for two notable hacking exploits:
- ATM Jackpotting: In 2010, he demonstrated a method to manipulate ATMs to dispense cash without authorization, a technique that garnered significant media attention and has been viewed millions of times online. His research highlighted security flaws within the ATM systems, compelling manufacturers to enhance their software safeguards.
- Wireless Medical Device Vulnerabilities: In recent years, he shifted focus to hacking medical devices, including insulin pumps and pacemakers, while affiliated with McAfee. His findings led major medical device manufacturers, such as Medtronic, to revisit their product designs and security measures. Jack had claimed he could attack a pacemaker from a distance of up to 300 feet.
Industry Impact
Jack’s work was recognized as transformative within both the cybersecurity and medical fields. The U.S. Food and Drug Administration (FDA) acknowledged the significant impact of his research in enhancing device safety. William Maisel, deputy director for science at the FDA’s Center for Devices and Radiological Health, emphasized Jack’s contributions to identifying and addressing vulnerabilities.
His approach often involved finding bugs in embedded systems, pushing manufacturers to update their security protocols, and raising awareness about the inherent risks of technology in healthcare settings.
Personal Anecdotes and Recognition
Jack’s passion for hacking also led him into controversy. Notably, during a 2010 incident at a casino in Abu Dhabi, Jack attempted to hack a gold bullion dispensing machine under the belief that he had permission, which led to complications involving security personnel and the American embassy.
Despite this, his status within the hacking community remained largely positive, as he was seen as a pioneer advocating for better security practices across various industries.
Barnaby Jack leaves behind a legacy as a trailblazer in the hacking community, with significant advancements in cybersecurity practices that aim to protect consumers from potential harm associated with modern medical devices. His untimely death is a reminder of the urgent need to continuously engage with the ethical implications of technology.
Ref:
- Sugiharto, F., et al. (2025). Complications and Predictors in Patients Undergoing Permanent Pacemaker Implantation: A Systematic Review. PMC NCBI. [ https://pmc.ncbi.nlm.nih.gov/articles/PMC11735829/ ]
- Verywell Health. (2024). Living With a Pacemaker. [ https://www.verywellhealth.com/living-with-a-pacemaker-1746228 ]
- Heart Rhythm Consultants. (n.d.). Seven Signs Your Pacemaker Might Be Failing. [ https://heartrhythmdoc.com/seven-signs-your-pacemaker-might-be-failing/ ]
- HSE. (n.d.). Pacemaker: Risks and Complications. [ https://www2.hse.ie/conditions/pacemaker/risks-and-complications/ ]
- American Heart Association. (n.d.). Devices That May Interfere With ICDs and Pacemakers. [ https://www.heart.org/en/health-topics/arrhythmia/prevention–treatment-of-arrhythmia/devices-that-may-interfere-with-icds-and-pacemakers ]
- Top Doctors. (n.d.). What Can Affect a Pacemaker? [ https://www.topdoctors.co.uk/medical-articles/what-can-affect-a-pacemaker/ ]
- Image- https://www.reddit.com/r/scottthewoz/comments/xeorjh/heart_rate_monitors_scott_the_woz/
- Image- https://www.aarp.org/health/conditions-treatments/fda-recalls-pacemakers-09-2017/
- Hacking risk prompts recall of pacemakers over patient death fears. [ https://www.theguardian.com/technology/2017/aug/31/hacking-risk-recall-pacemakers-patient-death-fears-fda-firmware-update ]
- Heart Hacking: Is Your Pacemaker at Risk? [ https://www.kansashealthsystem.com/news-room/blog/0001/01/pacemaker-benefits-risks]
- Exposing vulnerabilities: How hackers could target your medical devices. [ https://www.aamc.org/news/exposing-vulnerabilities-how-hackers-could-target-your-medical-devices ]
- Hacking pacemakers, insulin pumps, and patients’ vital signs in real time. [ https://www.csoonline.com/article/566025/hacking-pacemakers-insulin-pumps-and-patients-vital-signs-in-real-time.html ]
- Cybersecurity for cardiac implantable electronic devices: A review. [ https://pmc.ncbi.nlm.nih.gov/articles/PMC7136318/ ]
- Cybersecurity Vulnerabilities Identified in St. Jude Medical’s Implantable Cardiac Devices and Merlin@home Transmitter. [https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-identified-st-jude-medicals-implantable-cardiac-devices-and-merlinhome
- Security researchers say they can hack Medtronic pacemakers. [https://www.cnbc.com/2018/08/17/security-researchers-say-they-can-hack-medtronic-pacemakers.html ]
- Cybersecurity Vulnerabilities Affecting Medtronic Implantable Cardiac Devices, Programmers, and Home Monitors. [ https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-affecting-medtronic-implantable-cardiac-devices-programmers-and-home ]
Also Read: