Endpoint Security , Governance & Risk Management , Hardware / Chip-level Security

Study: iPhone 12 Magnets Can Deactivate Cardiac Devices

But Are There Also Data Security Risks?
Study: iPhone 12 Magnets Can Deactivate Cardiac Devices
Henry Ford Health System researchers found that strong magnets contained in Apple's iPhone12 can deactivate certain implantable cardiac defibrillators.

Powerful magnets contained in Apple’s iPhone 12 can potentially deactivate certain implantable cardiac devices, a Henry Ford Health System study shows.

See Also: Microsoft Vulnerabilities Report 2020

Meanwhile, some health technology safety and security experts say potential data security risks posed by strong magnets in phones also need to be assessed.

The study, released Thursday, found that when Henry Ford doctors put the iPhone 12 close to a patient’s chest, the individual’s implanted cardiac defibrillator deactivated.

The iPhone 12 contains a circular array of strong magnets around a central charging coil that helps align the phone on Apple’s MagSafe accessory to maximize charging, the study notes.

"We saw on the external defibrillator programmer that the functions of the device were suspended and remained suspended" when the iPhone 12 was brought close to the patient’s chest, says cardiac electrophysiology expert Gurjit Singh, M.D.

Singh is one of the physicians who set out to investigate whether the iPhone 12’s powerful magnets would potentially affect the performance of implanted cardiac devices.

"When we took the phone away from the patient’s chest, the defibrillator immediately returned to its normal function, " Singh says.

Implantable cardiac devices have switches that respond to an external magnet to change how the device functions, Henry Ford Health System explains in its report.

"For a defibrillator, a magnet can be used to turn the device off. For a pacemaker, a strong magnet can make the device deliver electrical impulses that cause the heart to beat out of sync, which can bring about a potentially lethal condition called ventricular fibrillation."

Electromagnetic interference with medical devices “is a known issue, especially in instances where the source – such as a strong magnet - is close to a medical device,” says Juuso Leinonen, a senior project engineer at the device evaluation group at ECRI, a patient safety organization.

"While there are shielding requirements for medical equipment, it does not eliminate the impact of electromagnetic interference.

"If a disruption caused by electromagnetic interference disables a cardiac device for a prolonged period, "it could result in harm," he notes.

More Research to Come

The Henry Ford Health System study tested the magnets’ impact on a Medtronic implanted defibrillator. Singh and his colleagues are preparing to launch a more comprehensive study of all major brands of cardiac defibrillators and pacemakers to determine if they are also affected by the strong magnets in the iPhone 12 and other portable devices.

In the meantime, the doctors advise patients with implantable cardiac devices who use these iPhone 12 devices - as well as some smartphone cases that also contain magnets - to keep these products at least 6 inches away from their chests.

Apple Responds

In a statement provided to Information Security Media Group, Apple says: "Though all iPhone 12 models contain more magnets than prior iPhone models, they're not expected to pose a greater risk of magnetic interference to medical devices than prior iPhone models."

An Apple spokeswoman also notes that on Jan. 23, the company issued a statement on its support page noting that medical devices such as implanted pacemakers and defibrillators “might contain sensors that respond to magnets and radios when in close contact.”

Apple says: “To avoid any potential interactions with these devices, keep your iPhone and MagSafe accessories a safe distance away from your device - more than 6 inches apart or more than 12 inches apart if wirelessly charging.”

Medtronic Statement

Medtronic, the maker of the defibrillator tested by the Henry Ford researchers, tells ISMG that it has analyzed iPhone technology and found "that it presents no increased risk of interference with Medtronic implantable cardiac rhythm devices, such as pacemakers, implantable defibrillators and cardiac resynchronization therapy defibrillators, when used according to labeling."

As a precaution, Medtronic – like Apple - advises patients implanted with cardiac devices to maintain a distance of 6 inches between all cellphones and their implanted devices, "consistent with recommendations for other low-wattage electromagnetic devices."

Medtronic notes that the recently published Henry Ford Health System study “did not follow this advice or the approved labeling for these devices in their methodology. When used as directed, there is no increased risk of interference.”

Medtronic says it has built “safeguards” into its implantable cardiac devices to allow for normal daily interference. “These safeguards include electronic filters that distinguish between natural heartbeat signals and other potential interference.”

Potential Security Implications

Singh tells ISMG that his team is not aware of any cybersecurity issues - such as threats to data integrity - posed by the iPhone 12.

But some health technology safety and security experts call for assessments of whether strong magnets in consumer gear pose cybersecurity risks.

Former Boston Medical Center CISO Sumit Sehgal, who is strategic product marketing director at device security firm Armis, notes that the standards for hardware design and the embedded software that runs on them have evolved greatly in the last decade.

"Situations involving electromagnetic, radio frequency, bluetooth interference and their effect on device software can have a security impact, " he says.

"First, it can create instabilities in the code that creates potential data integrity challenges and downstream can have an effect on deviation of the desired output of the device," he notes.

This can potentially result in invalid data from the device entering the patient's medical record, leading to a clinician making misinformed patient treatment decisions, he says.

Also, when these affected medical devices are integrated in networks, the situation can create potential vectors for unauthorized access to either “raw data” that can have privacy implications or compromise intellectual property, says Sehgal, who is also former chief technology officer of healthcare security at McAfee.

Consumer health devices must be carefully assessed for risk, he adds.

“There is a security element that needs to account for how the data flow between the device and its final resting place occurs, and how the transit between that is secured,” he says.

Chad Waters, a senior cybersecurity engineer in the device evaluation group at ECRI, says: "The nature and function of an implanted medical device presents the patient with unique threats.

“As we identify and assess what can go wrong with a device, it is important that the information is properly communicated to clinicians and their patients so that they can make informed clinical decisions.”

FDA Statement

The Food and Drug Administration, in a statement to ISMG says it is aware of the study by Henry Ford researchers." It is important that patients keep any devices that may create electromagnetic interference, including iPhones, at least 6 inches away from implanted cardiac defibrillators. FDA-approved patient labeling already caution patients to keep all cell phones at least 6 inches from the implanted ICD. If significant new information becomes available, we will inform patients and healthcare providers."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.