Abstract
Implantable devices, often dependent on software, save countless lives. But how secure are they?
- Alemzadeh, H., Iyer, R.K. and Kalbarczyk, Z. Analysis of safety-critical computer failures in medical devices. IEEE Security & Privacy 11, 4, (July-Aug. 2013), 14--26. Google ScholarDigital Library
- Boston Scientific. PACEMAKER System Specification. 2007.Google Scholar
- Denning, T., Fu, K. and Kohno, T. Absence makes the heart grow fonder: New directions for implantable medical device security. In Proceedings of USENIX Workshop on Hot Topics in Security, July 2008. Google ScholarDigital Library
- Denning, T., Matsuoka, Y. and Kohno, T. Neurosecurity: Security and privacy for neural devices. Neurosurgical Focus 27, 1 (July 2009).Google ScholarCross Ref
- Denning, T. et al. Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of the 28th International Conference on Human Factors in Computing Systems, 2010. Google ScholarDigital Library
- Food and Drug Administration. MAUDE---Manufacturer and User Facility Device Experience; http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/search.CFMGoogle Scholar
- Food and Drug Administration. Is The Product A Medical Device? http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/ClassifyYourDevice/ucm051512.htmGoogle Scholar
- Food and Drug Administration. Medical Devices -- Classify Your Medical Device; http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/ClassifyYourDevice/default.htmGoogle Scholar
- Food and Drug Administration Safety Communication: Cybersecurity for Medical Devices and Hospital Networks; June 2013. http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htmGoogle Scholar
- Food and Drug Administration. Content of premarket submissions for management of cybersecurity in medical devices---Draft guidance for industry and Food and Drug administration staff, June 14, 2013; http://www.fda.gov/medicalDevices/Deviceregulationandguidance/guidanceDocuments/ucm356186.htmGoogle Scholar
- Fox News. Antivirus Program Goes Berserk, Freezes PCs. Apr. 22, 2010.Google Scholar
- Fu, K. and Blum, J. Controlling for cybersecurity risks of medical device software. Commun. ACM 56, 10 (Oct. 2013), 35--37. Google ScholarDigital Library
- Gollakota, S. et al. They can hear your heartbeats: Non-invasive security for implantable medical devices. In Proceedings from SIGCOMM'11 (Toronto, Ontario, Canada, Aug. 15--19, 2011). Google ScholarDigital Library
- Halperin, D. et al. Security and privacy for implantable medical devices. IEEE Pervasive Computing, Special Issue on Implantable Electronics, (Jan. 2008). Google ScholarDigital Library
- Halperin, D. et al. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the IEEE Symposium on Security and Privacy, May 2008. Google ScholarDigital Library
- Hansen, J.A. and Hansen, N.M. A taxonomy of vulnerabilities in implantable medical devices. In Proceedings of SPIMACS'10, (Chicago, IL, Oct. 8, 2010). Google ScholarDigital Library
- Howard, M. and Lipner, S. The Security Development Lifecycle. Microsoft Press, 2006. Google ScholarDigital Library
- International Standards Organization. Medical devices---Application of risk management to medical devices. ISO 14971:2007.Google Scholar
- Jee, E. et al. A safety-assured development approach for real-time software, Proc. IEEE Int. Conf. Embed. Real-time Comput. Syst. Appl. (Aug. 2010), 133--142. Google ScholarDigital Library
- Kaplan, D. Black Hat: Insulin pumps can be hacked. SC Magazine, (Aug. 04, 2011).Google Scholar
- King, S.T. et al. Designing and implementing malicious hardware. In Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. Fabian Monrose, ed. USENIX Association, Berkeley, CA. Google ScholarDigital Library
- Kolata, G. Of fact, fiction and Cheney's defibrillator. New York Times, (Oct. 27, 2013).Google Scholar
- Kramer, D.B. et al. Security and privacy qualities of medical devices: An analysis of fda postmarket surveillance. PLoS ONE 7, 7 (2012), e40200; doi:10.1371/journal.pone.0040200Google ScholarCross Ref
- Li, C., Raghunathan, A. and Jha, N.K. Improving the trustworthiness of medical device software with formal verification methods. IEEE Embedded Systems Letters 5, 3 (Sept. 2013), 50--53.Google ScholarCross Ref
- McGraw, G. Software security. IEEE Security & Privacy 2, 2 (Mar-Apr 2004), 80--83. Google ScholarDigital Library
- Nixon, C. et al. Academic Dual Chamber Pacemaker. University of Minnesota, 2008.Google Scholar
- Ross, R.S. Guide for Conducting Risk Assessments. NIST Special Publication 800-30 Rev. 1, Sept. 2012.Google Scholar
- Rostami, M., Juels, A. and Koushanfar F. Heart-to-Heart (H2H): Authentication for implanted medical devices. In Proceedings for ACM SIGSAC Conference on Computer & Communications Security. ACM, New York, NY, 1099--1112. Google ScholarDigital Library
- Sanger, D.E. and Shanker, T. N.S.A. devises radio pathway into computers. New York Times (Jan. 14, 2014).Google Scholar
- Skorobogatov, S. and Woods, C. Breakthrough silicon scanning discovers backdoor in military chip, cryptographic hardware and embedded systems. Lecture Notes in Computer Science 7428 (2012), 23--40. Google ScholarDigital Library
- Sorber, J. et al. An amulet for trustworthy wearable mHealth. In Proceedings of the 12th Workshop on Mobile Computing Systems & Applications. ACM, New York, NY. Google ScholarDigital Library
- Venere, E. New firewall to safeguard against medical-device hacking. Purdue University News Service, Apr. 12, 2012.Google Scholar
- Vockley, M. Safe and Secure? Healthcare in the cyberworld. AAMI (Advancing Safety in Medical Technology) BI&T -- Biomedical Instrumentation & Technology, May/June 2012.Google Scholar
- Weaver, C. Patients put at risk by computer viruses. Wall Street Journal (June 13, 2013).Google Scholar
- Wei, S., Potkonjak, M. The undetectable and unprovable hardware Trojan horse. In Proceedings of the ACM Design Automation Conference (Austin, TX, May 29-June 07, 2013). Google ScholarDigital Library
- Wirth, A. Cybercrimes pose growing threat to medical devices. Biomed Instrum Technol. 45, 1 (Jan/Feb 2011), 26--34.Google ScholarCross Ref
- World Health Organization. Medical device regulations: Global overview and guiding principles. 2003.Google Scholar
Index Terms
- Security challenges for medical devices
Recommendations
Security Scores for Medical Devices
BIOSTEC 2016: Proceedings of the International Joint Conference on Biomedical Engineering Systems and TechnologiesMedical devices are indispensable for millions of patients worldwide. They increasingly depend on software
and hardware components, and interoperate with other devices wirelessly and through the Internet. The sensitive
nature of health records, the ...
Cyber Security for Personal Medical Devices Internet of Things
DCOSS '14: Proceedings of the 2014 IEEE International Conference on Distributed Computing in Sensor SystemsPersonal Medical Devices (PMDs) are attached to the patient's body to assist his physiological processes and to monitor his medical condition. These PMDs communicate with programming devices for various reasons like monitoring, firmware update, and ...
Multi-layer security scheme for implantable medical devices
AbstractInternet of Medical Things (IoMTs) is fast emerging, thereby fostering rapid advances in the areas of sensing, actuation and connectivity to significantly improve the quality and accessibility of health care for everyone. Implantable medical ...
Comments