Radio-controlled implanted devices used to shock a stopped heart back to life may be at risk of attack from hackers, researchers said. The finding, to be presented at a meeting in May, raises concerns about the vulnerability of medical equipment to hackers armed with commercially available products, according to scientists at the universities of Washington and Massachusetts and Harvard University.

Doctors use radio frequencies to monitor the function and reprogram defibrillators without having to re-operate. About 25 million Americans have implants, and the risk may include other devices such as pacemakers and drug-delivery products, the researchers said.

"Our investigation shows that an implantable cardioverter defibrillator is potentially susceptible to malicious attacks,"' researchers including Washington's Kevin Fu and Harvard's William Maisel said in the study. Hackers could gain medical information about the patient or change how shocks are administered, they said.

They also stress "we do not know of a single case where an implanted medical device patient has ever been harmed by a malicious security attack."

The study looked at a Medtronic Inc. Maximo defibrillator. Boston Scientific Corp. and St. Jude Medical Inc. also make the devices. Hackers might be limited because the radio controllers need to be close to the patient to change the product's settings, the researchers said.

The study used an antenna, radio hardware and a computer to turn off or modify the device. It will be published at the IEEE Symposium on Security and Privacy in May.