Dick Cheney's Cardiologist Disabled His Pacemaker's Wi-Fi

When Medicine Becomes a Weapon

Dick Cheney's doctor disabled the wireless function on his pacemaker — not because it was malfunctioning, but because a hacker could use it to kill him. This was not a movie plot. It was a medical decision.

In 2007, Vice President Cheney was one of the most high-value targets on Earth. His cardiologist, Dr. Jonathan Reiner, made an unprecedented choice: he ordered the wireless telemetry features on Cheney's implantable cardioverter-defibrillator (ICD) permanently disabled. The fear wasn't theoretical. Intelligence agencies had raised concerns that a sophisticated attacker could remotely trigger a fatal arrhythmia — a kill switch planted inside the Vice President's chest.

The Anatomy of an Implantable Kill Switch

Modern pacemakers and ICDs are not simple electrical stimulators. They are sophisticated computers running millions of lines of code, equipped with wireless telemetry, and connected to monitoring networks. An ICD continuously monitors cardiac rhythm and can deliver high-energy shocks — typically 30 to 40 joules — to terminate ventricular fibrillation.

Here's the critical engineering detail: that same life-saving energy delivery system can be weaponized.

The Attack Surface

Barnaby Jack, a legendary security researcher at IOActive, demonstrated in 2012 that ICDs from multiple manufacturers were vulnerable to remote exploitation. Standing 90 meters away from his target device, Jack showed how an attacker could:

1. Commandeer the device: Exploit unencrypted wireless protocols to gain root access
2. Disable therapeutic functions: Prevent the device from responding to cardiac events
3. Deliver malicious shocks: Trigger the capacitor discharge sequence, delivering potentially fatal electrical impulses to a beating heart

The mathematical reality is stark. A typical ICD capacitor charges to approximately 800V, storing energy according to:

$$E = \frac{1}{2}CV^2$$

Where C ≈ 100-200 μF, yielding 32-64 joules of stored energy. Delivered through transvenous leads directly into the myocardium, this energy can induce ventricular fibrillation in a normally functioning heart.

[!INSIGHT] The wireless range of most ICD telemetry systems extends 2-5 meters for legitimate programming, but Jack demonstrated that with directional antennas and signal amplification, exploitation from 90+ meters was entirely feasible.

The Security Vacuum

Why were these vulnerabilities so pervasive? The answer lies in the fundamental design philosophy of medical devices.

Cardiac devices prioritize reliability and battery longevity over security. Most ICDs run on proprietary real-time operating systems with codebases dating back decades. Security protocols like authentication and encryption require computational overhead — overhead that reduces battery life.

The FDA's regulatory framework exacerbated the problem. Any software modification requires extensive clinical validation, creating massive disincentives for manufacturers to implement security patches. Devices approved in the early 2000s remain implanted today, running vulnerable code with no practical update mechanism.

The Barnaby Jack Demonstration

In 2012, Jack was scheduled to present his findings at the Black Hat security conference in Las Vegas. His presentation, titled "Implantable Medical Devices: Hacking Humans," was expected to be a watershed moment for the industry.

Jack had developed a custom hardware platform he called an "ICD programmer" that could scan for vulnerable devices, compromise them wirelessly, and deliver arbitrary commands — including shock delivery. His demonstration used a simulated human torso with real medical hardware.

The implications were immediate. An attacker with similar equipment could walk through a crowd, identify vulnerable devices, and theoretically deliver fatal shocks to multiple victims simultaneously.

[!INSIGHT] Jack's research revealed that some ICDs transmitted patient data — including real-time ECG readings — without any encryption. An eavesdropper with basic radio equipment could intercept sensitive medical information from passersby.

Seven days before his scheduled presentation, Barnaby Jack was found dead in his San Francisco apartment. The official cause was an accidental drug overdose. Conspiracy theories proliferated, though no evidence of foul play was ever substantiated.

Regulatory Response and Ongoing Vulnerabilities

The FDA responded to these revelations with increasingly stringent cybersecurity requirements. The 2014 guidance document "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices" established that manufacturers must:

• Conduct threat modeling during design
• Implement authentication for wireless interfaces
• Provide mechanisms for security updates
• Document all cybersecurity risks and mitigations

[!NOTE] Despite regulatory progress, the average lifespan of an implanted ICD is 5-10 years, meaning devices with legacy vulnerabilities remain in patients throughout the 2020s. No mass recall or replacement program has been implemented for security reasons alone.

The cybersecurity firm WhiteScope conducted a 2017 audit of cardiac device ecosystems and found that the programmers used by physicians to configure ICDs contained an average of 8,000 known vulnerabilities each. The supply chain itself was compromised.

Quantifying the Threat Landscape

As of 2023, approximately 1.5 million Americans have implanted cardiac devices with wireless capabilities. The installed base includes:

Each device represents a potential attack surface. The likelihood of exploitation remains low — but the impact of a successful attack could be catastrophic.

Clinical Innovation Meets Cybersecurity Reality

Dr. Jonathan Reiner's 2007 decision was prescient. In interviews years later, he confirmed that the threat assessment came from intelligence briefings, not paranoia. For a Vice President who had survived multiple heart attacks and whose cardiac history was publicly known, the attack vector was obvious.

The medical device industry has since embraced the concept of "security by design." Leading manufacturers like Medtronic, Abbott, and Boston Scientific now employ dedicated cybersecurity teams and conduct penetration testing on new devices.

However, fundamental tensions remain:

$$\text{Security Investment} = f(\text{Regulatory Pressure}, \text{Liability Risk}, \text{Reputational Cost})$$

Without mandatory security standards and clear liability frameworks, investment in cybersecurity remains suboptimal from a societal perspective.

Implications for the Future of Bio-Electronics

The Cheney case represents an early example of what will become an increasingly common problem: the convergence of biological systems with networked electronics creates novel attack surfaces.

Next-generation devices — deep brain stimulators for Parkinson's disease, cochlear implants, retinal prosthetics, insulin pumps — all incorporate wireless connectivity. The stakes extend beyond cardiac rhythm to neurological function, sensory perception, and metabolic regulation.

The concept of "medical device assassination" has entered the threat models of intelligence agencies worldwide. Protective details now include technical specialists capable of assessing electromagnetic vulnerabilities around protected principals.

Sources: Barnaby Jack, IOActive Research (2012); FDA Guidance on Medical Device Cybersecurity (2014, updated 2023); WhiteScope Cardiac Device Security Audit (2017); Dr. Jonathan Reiner interviews, CBS 60 Minutes (2013); FDA MAUDE Database on Adverse Events; Journal of the American College of Cardiology, "Cybersecurity for Cardiac Implantable Electronic Devices" (2021).