Skip to main content
Springer Nature Link
Log in

An Investigation of Vulnerabilities in Internet of Health Things

  • Conference paper
  • First Online:
Cognitive Radio Oriented Wireless Networks and Wireless Internet (CROWNCOM 2021, WiCON 2021)

  • 572 Accesses

Abstract

Medical devices are the machines or instruments that play a vital role in diagnosis or treatment for patients in a healthcare ecosystem. As technologies advances so are these medical devices, and with time they are getting smarter and interconnected to themselves and other devices. These smarter devices attract attracts hackers to launch cyber-attack against these machines targeting vulnerabilities that exist within them. In this paper, we provide a brief description of medical devices in relation to different regulatory bodies, through which we try to understand the need to make the medical device safe for the users. We explore the vulnerabilities of medical devices and how they may be exploited to infiltrate the full healthcare system and other devices in the network. The paper covers three recent incidents of medical device vulnerabilities and explores the concept of blockchain that may be used to limit the vulnerabilities and their limitation. To ensure patient safety and privacy, it is essential that all relevant bodies including manufacturers, regulators, healthcare providers, etc. understand the risk and take proper steps to limit the threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cybersecurity vulnerabilities in certain GE healthcare clinical information central stations and telemetry servers: Safety communication. https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-ge-healthcare-clinical-information-central-stations-and. Accessed on 04 Oct 2021

  2. Healthcare cyberattacks doubled in 2020, with 28% tied to ransomware. https://healthitsecurity.com/news/healthcare-cyberattacks-doubled-in-2020-with-28-tied-to-ransomware. Accessed on 04 Oct 2021

  3. How fda medical device cybersecurity guidance affects providers. https://healthitsecurity.com/features/how-fda-medical-device-cybersecurity-guidance-affects-providers. Accessed on 04 Oct 2021

  4. Making the case for medical device cybersecurity. https://www.darkreading.com/edge-articles/making-the-case-for-medical-device-cybersecurity. Accessed on 04 Oct 2021

  5. Medical device cyber security guidance for industry. https://www.tga.gov.au/publication/medical-device-cyber-security-guidance-industry. Accessed on 04 Oct 2021

  6. Medtech and the internet of medical things. https://www2.deloitte.com/global/en/pages/life-sciences-and-healthcare/articles/medtech-internet-of-medical-things.html. Accessed on 04 Oct 2021

  7. Mysignals. http://www.my-signals.com/. Accessed on 04 Oct 2021

  8. Urgent/11 cybersecurity vulnerabilities safety communciation. https://www.fda.gov/medical-devices/safety-communications/urgent11-cybersecurity-vulnerabilities-widely-used-third-party-software-component-may-introduce. Accessed on 04 Oct 2021

  9. Va, ul collaboration advances case for medical device security standards. https://www.healthcareitnews.com/news/va-ul-collaboration-advances-case-medical-device-security-standards. Accessed on 04 Oct 2021

  10. Agbo, C.C., Mahmoud, Q.H., Eklund, J.M.: Blockchain technology in healthcare: a systematic review. Healthcare 7(2) (2019)

    Google Scholar 

  11. Ahmed, M.: False image injection prevention using ichain. Appl. Sci. 9(20) (2019). https://doi.org/10.3390/app9204328

  12. Ahmed, M., Barkat Ullah, A.S.S.M.: False data injection attacks in healthcare. In: Boo, Y.L., Stirling, D., Chi, L., Liu, L., Ong, K.L., Williams, G. (eds.) Data Mining, pp. 192–202. Springer Singapore, Singapore (2018). https://doi.org/10.1007/978-981-13-0292-3_12

  13. Ahmed, M., Byreddy, S., Nutakki, A., Sikos, L.F., Haskell-Dowland, P.: Ecu-ioht: a dataset for analyzing cyberattacks in internet of health things. Ad Hoc Netw. 122, 102621 (2021)

    Google Scholar 

  14. Ahmed, M., Pathan, A.S.K.: False data injection attack (fdia): an overview and new metrics for fair evaluation of its countermeasure. Compl. Adap. Syst. Model. 8, 1–14 (2020)

    Google Scholar 

  15. Attia, O., Khoufi, I., Laouiti, A., Adjih, C.: An IoT-blockchain architecture based on hyperledger framework for healthcare monitoring application. In: 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5 (2019)

    Google Scholar 

  16. Bostami, B., Ahmed, M., Choudhury, S.: False Data Injection Attacks in Internet of Things, pp. 47–58. Springer International Publishing, Cham (2019). https://doi.org/10.48550/arXiv.1910.01716

  17. Burleson, W., Clark, S.S., Ransford, B., Fu, K.: Design challenges for secure implantable medical devices. In: DAC Design Automation Conference 2012, pp. 12–17 (2012). https://doi.org/10.1145/2228360.2228364

  18. Chase, P., et al.: The evolving state of medical device cybersecurity. Biomed. Inst. Technol. 52 (2018). https://doi.org/10.2345/0899-8205-52.2.103

  19. Clark, S.S., Fu, K.: Recent results in computer security for medical devices. In: Nikita, K.S., Lin, J.C., Fotiadis, D.I., Arredondo Waldmeyer, M.T. (eds.) Wireless Mobile Communication and Healthcare, pp. 111–118. Springer, Berlin, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29734-2_16

  20. Dwivedi, A.D., Srivastava, G., Dhar, S., Singh, R.: A decentralized privacy-preserving healthcare blockchain for IoT. Sensors 19(2) (2019)

    Google Scholar 

  21. Ellouze, F., Fersi, G., Jmaiel, M.: Blockchain for internet of medical things: a technical review. In: Jmaiel, M., Mokhtari, M., Abdulrazak, B., Aloulou, H., Kallel, S. (eds.) The Impact of Digital Technologies on Public Health in Developed and Developing Countries, pp. 259–267. Springer International Publishing, Cham (2020). https://doi.org/10.1007/978-3-030-51517-1_22

  22. Garbelini, M.E., Wang, C., Chattopadhyay, S., Sumei, S., Kurniawan, E.: Sweyntooth: unleashing mayhem over bluetooth low energy. In: 2020 USENIX Annual Technical Conference (USENIX ATC 20), pp. 911–925. USENIX Association (2020). https://www.usenix.org/conference/atc20/presentation/garbelini

  23. Kumar, S., Hu, Y., Andersen, M.P., Popa, R.A., Culler, D.E.: JEDI: Many-to-many end-to-end encryption and key delegation for IoT. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1519–1536. USENIX Association, Santa Clara, CA (2019). https://www.usenix.org/conference/usenixsecurity19/presentation/kumar-sam

  24. McCauley, V., Williams, P.: Trusted interoperability and the patient safety issues of parasitic health care software. In: 9th Australian Information Security Management Conference, AISM; Conference date: 05–12-2011 Through 07–12-2011, pp. 189–195 (2011)

    Google Scholar 

  25. Sametinger., J., Rozenblit., J.: Security scores for medical devices. In: Proceedings of the 9th International Joint Conference on Biomedical Engineering Systems and Technologies - SmartMedDev, (BIOSTEC 2016), pp. 533–541. INSTICC, SciTePress (2016). https://doi.org/10.5220/0005838805330541

  26. Uddin, M.A., Stranieri, A., Gondal, I., Balasubramanian, V.: A patient agent to manage blockchains for remote patient monitoring. Stud. Health Technol. Inform. 254, 105–115 (2018)

    Google Scholar 

  27. Uddin, M.A., Stranieri, A., Gondal, I., Balasubramanian, V.: Blockchain leveraged decentralized IoT ehealth framework. Internet of Things 9, 100159 (2020)

    Google Scholar 

  28. Williams, P.A.H., Woodward, A.: Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med. Dev. (Auckland, N.Z.) 8, 305–316 (2015)

    Google Scholar 

  29. Xu, Y., Tran, D., Tian, Y., Alemzadeh, H.: Poster abstract: Analysis of cyber-security vulnerabilities of interconnected medical devices. In: 2019 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE), pp. 23–24 (2019). https://doi.org/10.1109/CHASE48038.2019.00017

  30. Yaqoob, T., Abbas, H., Atiquzzaman, M.: Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices-a review. IEEE Commun. Surv. Tutor. 21(4), 3723–3768 (2019). https://doi.org/10.1109/COMST.2019.2914094

    Article  Google Scholar 

  31. Yip, M.: Ultra-low-power circuits and systems for wearable and implantable medical devices. Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA, USA (2013). http://hdl.handle.net/1721.1/84902

Download references

Author information

Authors and Affiliations

  1. School of Science, Edith Cowan University, Joondalup, WA, 6027, Australia

    Saifur Rahman, Tance Suleski & Mohiuddin Ahmed

  2. Department of Computer Science and Information Technology, La Trobe University, Melbourne, VIC, 3086, Australia

    A. S. M. Kayes

Authors
  1. Saifur Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tance Suleski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohiuddin Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. A. S. M. Kayes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saifur Rahman .

Editor information

Editors and Affiliations

  1. Hebei Normal University, Shijiazhuang, China

    Huilong Jin

  2. Hebei Normal University, Shijiazhuang, China

    Chungang Liu

  3. United International University, Dhaka, Bangladesh

    Al-Sakib Khan Pathan

  4. Lakehead University, Thunder Bay, ON, Canada

    Zubair Md. Fadlullah

  5. Lakehead University, Thunder Bay, ON, Canada

    Salimur Choudhury

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rahman, S., Suleski, T., Ahmed, M., Kayes, A.S.M. (2022). An Investigation of Vulnerabilities in Internet of Health Things. In: Jin, H., Liu, C., Pathan, AS.K., Fadlullah, Z.M., Choudhury, S. (eds) Cognitive Radio Oriented Wireless Networks and Wireless Internet. CROWNCOM WiCON 2021 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 427. Springer, Cham. https://doi.org/10.1007/978-3-030-98002-3_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-98002-3_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-98001-6

  • Online ISBN: 978-3-030-98002-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics