SEATTLE -- Can you hack a heartbeat? Researchers at the University of Washington say you can. New technology allows implanted defibrillators to be monitored wirelessly. The devices can deliver a lifesaving shock but the researchers also believe the devices are vulnerable to hacking.

"We asked, is it possible for a bad person to build their own radio hardware and communicate with someone's implantable defribulator," said Tadayohsi Kohno, assistant professor of computer science and engineering. "We found the answer to that question is yes."

Researchers found transmissions from the defibrillator, often called a pacemaker were not encrypted, which means that someone intercepting the transmissions could retrieve such data as the patient's birth date, medical ID number and alter the functions of the defibrillator.

"We were able to make the device lie about the patient name, the type of treatments the patient was getting and we were also able to disable some of the functionality" said Dan Halperin, a graduate student in the department who was part of the research team.

As the technology spreads to more medical devices, including pacemakers, spinal cord stimulators and hearing implants - and as the range of the devices' radio signals increase - the researchers predict patients' data will face increasing risks.

A Food and Drug Administration spokeswoman acknowledged a hacker could use specialized software and a small antenna to intercept transmissions from a defibrillator.

But she said the chance of that happening - or of a defibrillator being maliciously reprogrammed using a technique similar to the one a doctor would use to program it - was "remote."

"The benefits clearly outweigh the risks," said FDA spokeswoman Peper Long.

Defibrillators use electrical shocks to restore a normal heart beat when they detect arrhythmia or other abnormalities.

Bruce Lindsay, an electro physiologist at the Cleveland Clinic and president of the Heart Rhythm Society, said defibrillator transmissions are "not designed to withstand terrorist attacks."

"But I don't think the findings have any great clinical significance," Lindsay said. "To hack the system, you have to get the programmer right up against the patient's chest. It's not as if somebody could do this from down the street."

A Medtronic's Maximo defibrillator was used in the study. Medtronic spokesman Rob Clark said the risk of any "deliberate, malicious or unauthorized manipulation of a device is extremely low." Future versions capable of transmitting signals as far as 30 feet from a patient will incorporate stronger security, he said.

Both Kohno and Halperin admit there as been no evidence of anyone hacking into a wireless defibrillator.

"Again the actual risk to patients is still extremely small, but a risk exists and our goal is to make sure that risk does not increase as technology evolves," said Kohno.

Kohno was also part of a team of University of Washington researchers that allegedly exposed security flaws with a wireless device produced by Nike worn by runners. The device is intended to help in training but Kohno had claimed it could also be used by stalkers to track someone. In 2003, he also presented evidence that electronic voting machines could be compromised.

Their study is to be presented and published May 19 at a conference of the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy.