Medical systems, such as implantable medical systems, typically comprise one or more implantable medical devices and an external telemetry controller capable of controlling operation of the implanted medical device(s) and acquiring physiological data or operational status data from the implanted medical device(s). Implantable medical systems may further comprise an external programmer, such as a clinician programmer or patient programmer, that may download operating parameters or programs into the telemetry controller to set or otherwise modify the operating configuration of the implantable medical system and/or upload information, such as the physiological data or operational status data, from the telemetry controller.
Communication between such an external programmer and telemetry controller of an implantable medical system may be conveniently accomplished through wireless means, such as radio frequency (RF) communication. One method of wirelessly communicating between an external programmer and a telemetry controller uses a short-range RF communications in accordance with Bluetooth technology. The external programmer and telemetry controller can be paired by exchanging or otherwise storing a shared secret key (referred to as a “link key”) that is used to subsequently authenticate the external programmer and encrypt data and commands sent between the external programmer and telemetry controller. Thus, by design, only the external programmer and any previously paired external programmer are permitted to communicate with the telemetry controller.
However, present telemetry controllers that communicate with external programmers over a Bluetooth communications link may be susceptible to inadvertent or intentional hijacking by unauthorized users, because the link key may be surreptitiously acquired or otherwise generated as a default in some operational systems, such as Linux. Once acquired, the shared link key can be used by any device to communication with the telemetry controller. As such, a potential vulnerability from undesired modification of the operating configuration of medical equipment may arise.
There, thus, remains a need for preventing or otherwise deterring unauthorized programming of medical equipment, such as telemetry controllers used in implantable medical systems.