It's been difficult to turn on the news over the past couple of weeks without hearing some new news about electronic systems being compromised. From Sony to RSA to CitiBank, some of the largest systems in the world have proven themselves vulnerable to security threats.

But what about some of the smallest?

As implantable medical devices such as pacemakers and insulin pumps have become more common, one innovative feature has been the addition of the ability to control the devices wirelessly via the internet. This approach has enabled doctors to improve the well-being of their patients through additional data monitoring and control without the need for additional surgery.

But it's also opened the door for security threats.

Security experts have noted that implantable medical devices, such as pacemakers, are vulnerable to attack. It's even possible, in theory, that a hacker could actually manipulate a pacemaker wirelessly to kill its patient. And for a number of reasons, many of these medical devices don't have much in the way of security, either because it wasn't contemplated at time of manufacture or it wasn't possible due to power and/or form factor requirements.

Thankfully, there hasn't yet been a documented attack on a wireless medical device. But as security threats become more ubiquitous, it makes sense to prepare for the possibility and head off attacks before they happen. And a team of researchers at MIT shares that philosophy. They're currently developing an external encryption device to secure wireless medical devices. The shield would, ideally, be small enough to wear on a watch or necklace. It works by jamming all nearby transmissions at the operating frequency of the medical device, except for those signals that were authorized to use the device. The shield would have built in encryption and authentication to protect the medical device.

An external device such as this shield by MIT has a number of advantages over securing the devices themselves. For one, since it's external, it's easier to upgrade or replace without surgery. For another, as the researchers point out, it's easier for a paramedic or emergency room doctor to treat in the event the patient is incapacitated. Rather than wait for a code from the patient's family or primary physician, they can just take the shield off and work.

For those reasons, I suspect that an external device will turn out to be the preferred method of encrypting medical devices, even if the MIT approach in particular isn't what ends up dominating the field. It is good, though, that securing medical devices is moving proactively. This is one time you don't want to be developing defences after an attack.