Is brainjacking different from medjacking?

Yes. Medjacking is the broader category - hijacking any medical device, often network-connected hospital equipment - while brainjacking specifically targets implanted neurostimulators where the attacked organ is the brain. The mitigations overlap (authenticated sessions, encrypted links, signed firmware), but the harm model and human-factors expectations are different.

Which standards apply to neurostimulator cybersecurity?

FDA's 2023 cybersecurity guidance, Section 524B of the FD&C Act, AAMI TIR57, IEC 81001-5-1, and ISO 14971 for risk management. For the programming link itself, IEEE 11073 and Bluetooth SIG security mode requirements are commonly referenced.

All terms

CybersecurityConnected & Cyber-Physical Devices

Brainjacking

Unauthorized remote control of an implanted neurostimulator (e.g., DBS) to alter stimulation parameters and harm a patient.

Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026

Definition

Brainjacking is the term coined by Oxford researchers Pugh, Pycroft, Maslen, Aziz, and Savulescu (2017) for the malicious, unauthorized control of implanted neurostimulation devices - most notably deep brain stimulators (DBS) used to treat Parkinson's disease, essential tremor, dystonia, depression, and OCD. Modern DBS systems are programmed wirelessly through a clinician programmer or, increasingly, a patient remote and a smartphone app communicating over Bluetooth or proprietary RF. An attacker who can reach those programming interfaces could alter stimulation amplitude, frequency, pulse width, or contact configuration, or simply switch the device off. Documented research-level attacks against neurostimulator programming protocols (Marin et al., 2016; Halperin et al., 2008 on ICDs as a precedent) show that the underlying class of attack - eavesdropping and command injection on poorly authenticated implant telemetry - is well within reach of motivated adversaries. Because the targeted organ is the brain, the harm potential ranges from subtle behavioral and motor effects to seizures, severe pain, or cognitive change.

What the regulation says

FDA's 2023 premarket cybersecurity guidance and Section 524B of the FD&C Act apply directly to neurostimulators that meet the cyber-device definition - they have software, can connect (Bluetooth/RF/programmer link), and have technological characteristics vulnerable to threats. FDA expects a documented threat model that explicitly considers unauthorized modification of therapy parameters, authenticated and encrypted programming sessions, and a postmarket vulnerability monitoring plan. ICS-CERT/CISA medical-device advisories have addressed comparable implant telemetry weaknesses (e.g., Medtronic CareLink/Conexus advisories, ICSMA-19-080-01) and set the regulatory expectation that implant programming links be cryptographically authenticated.

What this means in practice

In practice, brainjacking risk is mitigated by treating the implant-to-programmer link as untrusted by default: mutual authentication using device-unique keys provisioned at manufacture, encrypted sessions, replay protection, bounded parameter ranges enforced in firmware, and clinician-confirmed parameter changes with audible/visible feedback. Patient remotes and companion apps should hold no fleet-wide secrets and should mediate, not replace, clinician authority over therapy boundaries.

Common pitfalls

•Relying on the obscurity of a proprietary RF protocol instead of cryptographic authentication.
•Allowing the patient remote or companion app to set stimulation parameters outside clinician-defined safe ranges.
•Leaving the inductive or Bluetooth programming interface open whenever the device is in range, rather than requiring an explicit clinician-initiated session.
•Treating brainjacking as a purely theoretical risk and omitting it from the device threat model.

Frequently asked questions

There is no publicly confirmed case of a patient harmed by a brainjacking attack in the wild. The term describes a credible, well-characterized threat class demonstrated in academic security research against implant telemetry, not a documented clinical incident. Regulators treat it as a risk to be designed against, not a hypothetical to be ignored.

Primary references

5 sources

Link health: 2 verified 3 bot-blocked· last checked 2026-05-09

Springer·1World Neurosurgery·1ACM·1CISA·1FDA·1

Inline markers like [1] jump to the matching reference above.

On this term

Category: Cybersecurity
Sources: 5
Updated: 5/5/2026

Compare with another term

Learn in 60 seconds

Unauthorized remote control of an implanted neurostimulator (e.g., DBS) to alter stimulation parameters and harm a patient.

·Patient remotes and companion apps should hold no fleet-wide secrets and should mediate, not replace, clinician authority over therapy boundaries.
·Modern DBS systems are programmed wirelessly through a clinician programmer or, increasingly, a patient remote and a smartphone app communicating over Bluetooth or proprietary RF.
·An attacker who can reach those programming interfaces could alter stimulation amplitude, frequency, pulse width, or contact configuration, or simply switch the device off.

Remember this

Watch out: Relying on the obscurity of a proprietary RF protocol instead of cryptographic authentication.

Related terms

You may also need

Auto-suggested from Cybersecurity and shared keywords.

All Cybersecurity terms

From the Blue Goat network

Related resources and services on this topic.