A. J. Burns
M. Eric Johnson
Peter Honeyman
Skip Abstract Section
Abstract
With the implantation of software-driven devices comes unique privacy and security threats to the human body.
- Applegate, S.D. The dawn of kinetic cyber. In Proceedings of the 5th International Conference on Cyber Conflict. IEEE, 2013, 1--15.Google Scholar
- Bellissimo, A. et al. Secure software updates: Disappointments and new challenges. In Proceedings of the USENIX Summit on Hot Topics in Security, 2006. Google ScholarDigital Library
- Burleson, W. et al. Design challenges for secure implantable medical devices. In Proceedings of the 49th Annual Design Automation Conference. ACM, 2012, 12--17. Google ScholarDigital Library
- Chenok, D.J. ISPAB Letter to U.S. Office of Management and Budget (2012); http://csrc.nist.gov/groups/SMA/ispab/documents/correspondence/ispab-ltr-to-omb_med_device.pdf.Google Scholar
- Curfman, G.D. et al. The medical device safety act of 2009. New Eng. J. Med. 360, 15 (2009), 1550--1551.Google ScholarCross Ref
- Faris, T.H. Safe and Sound Software: Creating an Efficient and Effective Quality System for Software Medical Device Organizations. ASQ Quality Press, 2006. Google ScholarDigital Library
- Food and Drug Administration. Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; Guidance for Industry and Food and Drug Administration Staff (2014); http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM356190.pdf.Google Scholar
- Food and Drug Administration. Postmarket Management of Cybersecurity in Medical Devices; Draft Guidance for Industry and Food and Drug Administration Staff (2016); http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf.Google Scholar
- Fu, K. Trustworthy medical device software. Workshop Report on Public Health Effectiveness of the FDA 510 (k) Clearance Process: Measuring Postmarket Performance and Other Select Topics. National Academies Press. Washington, D.C. (2011), 102.Google Scholar
- Gollakota, S. et al. They can hear your heartbeats: Non-invasive security for implantable medical devices. ACM SIGCOMM Computer Communication Review 41, 4 (2011), 2--13. Google ScholarDigital Library
- Hafemeister, T.L. and Spinos, S. Lean on me: A physician's fiduciary duty to disclose an emergent medical risk to the patient. Washington University Law Review 86, 5 (2009).Google Scholar
- Halperin, D. et al. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of IEEE Symposium on Security and Privacy. IEEE, 2008, 129--142. Google ScholarDigital Library
- Hauser, R.G. and Maron, B.J. Lessons from the failure and recall of an implantable cardioverter-defibrillator. Circulation 112, 13 (2005), 2040--2042.Google ScholarCross Ref
- Kilbridge, P. Computer crash-lessons from a system failure. New Eng. J. Medicine 348, 10 (2003), 881--882.Google ScholarCross Ref
- Lee, I. et al. High-confidence medical device software and systems. Computer 39, 4 (2006), 33--38. Google ScholarDigital Library
- Leveson, N.G. and Turner, C.S. An investigation of the Therac-25 accidents. Computer 26, 7 (1993), 18--41. Google ScholarDigital Library
- Li, C. et al. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In Proceedings of the 13th IEEE International Conference on e-Health Networking Applications and Services. IEEE, 2011, 150--156.Google Scholar
- Maisel, W.H. et al. Recalls and safety alerts involving pacemakers and implantable cardioverter-defibrillator generators. JAMA 286, 7 (2001), 793--799.Google ScholarCross Ref
- Meier, B. Maker of heart device kept flaw from doctors. New York Times, 2005.Google Scholar
- National Institute of Standards and Technology (NIST). Framework for Improving Critical Infrastructure Cybersecurity (Ver. 1.0) Feb. 12, 2014; http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf. Google ScholarDigital Library
- Perrow, C. Normal Accidents: Living with High Risk Technologies. Princeton University Press, 2011.Google Scholar
- Rushanan, M. et al. SoK: Security and privacy in implantable medical devices and body area networks. In Proceedings of the 2014 IEEE Symposium on Security and Privacy. IEEE CS, 524--539. Google ScholarDigital Library
- Vladeck, D.C. Medical Device Safety Act of 2009: Hearing before the Subcomm. on Health of the Comm. on Energy and Commerce (111th Cong., May 12, 2009); http://scholarship.law.georgetown.edu/cong/45.Google Scholar
- Zhang, M. et al. MedMon: Securing medical devices through wireless monitoring and anomaly detection. IEEE Trans. Biomedical Circuits and Systems 7, 6 (2013), 871--881; DOI 10.1109/TBCAS.2013.2245664.Google ScholarCross Ref
- Zhang, M. et al. Towards trustworthy medical devices and body area networks. In Proceedings of the 50th Annual Design Automation Conference. ACM, 2013, 1--6. Google ScholarDigital Library
Index Terms
- A brief chronology of medical device security
Recommendations
An analysis method for medical device security
HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of SecurityThis paper is a proposal for a poster. In it we describe a medical device security approach that researchers at Fraunhofer used to analyze different kinds of medical devices for security vulnerabilities. These medical devices were provided to Fraunhofer ...
A Security Argument Pattern for Medical Device Assurance Cases
ISSREW '14: Proceedings of the 2014 IEEE International Symposium on Software Reliability Engineering WorkshopsMedical device security is a growing concern for medical device manufacturers, healthcare delivery organisations and regulators in the industry. Increasingly, researchers are demonstrating exactly how vulnerable these devices are. In many cases, ...
Comments