Skip to main content

Advertisement

SpringerLink
Log in

Cyber Attacks on Healthcare Devices Using Unmanned Aerial Vehicles

  • Mobile & Wireless Health
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The growing use of wireless technology in healthcare systems and devices makes these systems particularly open to cyber-based attacks, including denial of service and information theft via sniffing (eaves-dropping) and phishing attacks. Evolving technology enables wireless healthcare systems to communicate over longer ranges, which opens them up to greater numbers of possible threats. Unmanned aerial vehicles (UAV) or drones present a new and evolving attack surface for compromising wireless healthcare systems. An enumeration of the types of wireless attacks capable via drones are presented, including two new types of cyber threats: a stepping stone attack and a cloud-enabled attack. A real UAV is developed to test and demonstrate the vulnerabilities of healthcare systems to this new threat vector. The UAV successfully attacked a simulated smart hospital environment and also a small collection of wearable healthcare sensors. Compromise of wearable or implanted medical devices can lead to increased morbidity and mortality.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Park, J., and Tyagi, A., Using power clues to hack IoT devices: The power side channel provides for instruction-level disassembly. IEEE Consum Electron Mag 6(3):92–102, 2017.

    Article  Google Scholar 

  2. Nilsen, W., Kumar, S., Shar, A., Varoquiers, C., Wiley, T., Riley, W. T., Pavel, M., and Atienza, A. A., Advancing the science of mHealth. J Health Comm 17(sup1):5–10, 2012.

    Article  Google Scholar 

  3. Steinhubl, S. R., Muse, E. D., and Topol, E. J., Can mobile health technologies transform health care? JAMA 310(22):2395–2396, 2013.

    Article  CAS  Google Scholar 

  4. Ullah, S., Higgins, H., Braem, B., Latre, B., Blondia, C., Moerman, I., Saleem, S., Rahman, Z., and Kwak, K. S., A comprehensive survey of wireless body area networks. J Med Syst 36(3):1065–1094, 2012.

    Article  Google Scholar 

  5. Kintzlinger, M., and Nissim, N., Keep an eye on your personal belongings! The security of personal medical devices and their ecosystems. J Biome Inform 95:103233, 2019.

    Article  Google Scholar 

  6. Piwek, L., Ellis, D. A., Andrews, S., and Joinson, A., The rise of consumer health wearables: Promises and barriers. PLoS Med 13(2):e1001953, 2016.

    Article  Google Scholar 

  7. Thibaud, M., Chi, H., Zhou, W., and Piramuthu, S., Internet of things (IoT) in high-risk environment, health and safety (EHS) industries: A comprehensive review. Decis Support Syst 108:79–95, 2018.

    Article  Google Scholar 

  8. Hiremath S, Yang G, Mankodiya K (2014) Wearable internet of things: Concept, architectural components and promises for person-centered healthcare. In EAI 4th International Conference on Wireless Mobile Communication and Healthcare (pp. 304-307), IEEE.

  9. Islam, S. R., Kwak, D., Kabir, M. H., Hossain, M., and Kwak, K. S., The internet of things for health care: A comprehensive survey. IEEE Access 3:678–708, 2015.

    Article  Google Scholar 

  10. Otto, C., Milenkovic, A., Sanders, C., and Jovanov, E., System architecture of a wireless body area sensor network for ubiquitous health monitoring. J Mobile Multimed 1(4):307–326, 2006.

    Google Scholar 

  11. Li, M., Lou, W., and Ren, K., Data security and privacy in wireless body area networks. IEEE Wireless Comm 17(1):51–58, 2010.

    Article  Google Scholar 

  12. Al, T. R., and Youssef, A. M., Security tradeoffs in cyber physical systems: A case study survey on implantable medical devices. IEEE Access 4:959–979, 2016.

    Article  Google Scholar 

  13. Camara, C., Peris-Lopez, P., and Tapiador, J. E., Security and privacy issues in implantable medical devices: A comprehensive survey. Journal of Biomedical Informatics 55:272–289, 2015.

    Article  Google Scholar 

  14. La Bella, L., UAVs and law enforcement. New York: The Rosen Publishing Group, 2016.

    Google Scholar 

  15. Loukas, G., Gan, D., and Vuong, T., A review of cyber threats and defence approaches in emergency management. Future Internet 5(2):205–236, 2013.

    Article  Google Scholar 

  16. Lidynia, C., Philipsen, R., and Ziefle, M., Droning on about UAVs—Acceptance of and perceived barriers to UAVs in civil usage contexts. In: Advances in Human Factors in Robots and Unmanned Systems. Cham: Springer, 2017, 317–329.

    Chapter  Google Scholar 

  17. Dorling, K., Heinrichs, J., Messier, G. G., and Magierowski, S., Vehicle routing problems for UAV delivery. T Syst Man Cy A 47(1):70–85, 2017.

    Google Scholar 

  18. Scott, J. E., and Scott, C. H., Models for UAV delivery of medications and other healthcare items. Int J Inform Syst Informatic 13(3):20–34, 2018.

    Article  Google Scholar 

  19. Javaid AY, Sun W, Devabhaktuni VK, Alam M (2012) Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In 2012 IEEE Conference on Technologies for Homeland Security (pp. 585-590), IEEE.

  20. Al Ameen, M., Liu, J., and Kwak, K., Security and privacy issues in wireless sensor networks for healthcare applications. J Med Syst 36(1):93–101, 2012.

    Article  Google Scholar 

  21. Leavitt, N., Researchers fight to keep implanted medical devices safe from hackers. Computer 43(8):11–14, 2010.

    Article  Google Scholar 

  22. Fu, K., and Xu, W., Risks of trusting the physics of sensors. Commun ACM 61(2):20–23, 2018.

    Article  Google Scholar 

  23. Denning T, Borning A, Friedman B, Gill BT, Kohno T, Maisel WH (2010) Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 917-926), ACM.

  24. Halperin, D., Heydt-Benjamin, T. S., Fu, K., Kohno, T., and Maisel, W. H., Security and privacy for implantable medical devices. Pervasive Comput 7(1):30–39, 2008.

    Article  Google Scholar 

  25. Sametinger, J., Rozenblit, J., Lysecky, R., and Ott, P., Security challenges for medical devices. Commun ACM 58(4):74–82, 2015.

    Article  Google Scholar 

  26. Klonoff, D. C., Cybersecurity for connected diabetes devices. J Diabetes Sci Technol 9(5):1143–1147, 2015.

    Article  CAS  Google Scholar 

  27. Li C, Raghunathan A, Jha NK (2011) Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In 13th IEEE International Conference on e-Health Networking Applications and Services (pp. 150-156), IEEE.

  28. Trippel T, Weisse O, Xu W, Honeyman P, Fu K (2017) WALNUT: Waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 3-18), IEEE.

  29. Halperin D, Heydt-Benjamin TS, Ransford B, Clark SS, Defend B, Morgan W, Fu K, Kohno T, Maisel WH (2008) Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In IEEE Symposium on Security and Privacy (pp. 129-142), IEEE.

  30. Maisel, W. H., and Kohno, T., Improving the security and privacy of implantable medical devices. New England J Med 362(13):1164–1166, 2010.

    Article  CAS  Google Scholar 

  31. Salmon, P. C., and Meissner, P. L., Mobile bot swarms: They're closer than you might think! IEEE Consum Electron Mag 4(1):58–65, 2015.

    Article  Google Scholar 

  32. Hanspach, M., and Goetz, M., On covert acoustical mesh networks in air. J Comm 8(11):758–767, 2013.

    Article  Google Scholar 

  33. Kolias, C., Kambourakis, G., Stavrou, A., and Gritzalis, S., Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Comm Surv Tutorial 18(1):184–208, 2016.

    Article  Google Scholar 

  34. Saad A, Amran AR, Hasan MNA (2016) WarBox: Portable wardriving over raspberry PI. In International Conference on Information and Communication Technology (pp. 227-235), IEEE.

  35. Gandhi, D. C., Suri, G., Golyan, R. P., Saxena, P., and Saxena, B. K., Packet sniffer–a comparative study. Int J Comput Network Info Sec 2(5):179–187, 2014.

    Google Scholar 

  36. Yu, L., Lu, Y., and Zhu, X., Smart hospital based on internet of things. J Network 7(10):1654, 2012.

    Article  Google Scholar 

  37. Catarinucci, L., De Donno, D., Mainetti, L., Palano, L., Patrono, L., Stefanizzi, M. L., and Tarricone, L., An IoT-aware architecture for smart healthcare systems. IEEE Internet Things J 2(6):515–526, 2015.

    Article  Google Scholar 

  38. Haus, M., Waqas, M., Ding, A. Y., Li, Y., Tarkoma, S., and Ott, J., Security and privacy in device-to-device (D2D) communication: A review. IEEE Comm Surv Tutorial 19(2):1054–1079, 2017.

    Article  Google Scholar 

  39. Zheng, G., Shankaran, R., Orgun, M. A., Qiao, L., and Saleem, K., Ideas and challenges for securing wireless implantable medical devices: A review. IEEE Sensor J 17(3):562–576, 2017.

    Article  Google Scholar 

Download references

Acknowledgements

This research is supported by the Department of Science and Technology under the scheme ‘DST PURSE II’. Author SCS would like to extend their sincere thanks to DST for supporting the research.

Author information

Authors and Affiliations

  1. Vellore Institute of Technology, Amaravati, India

    Sibi Chakkaravarthy Sethuraman & Vaidehi Vijayakumar

  2. School of Information & Florida Center for Cybersecurity, University of South Florida, 4202 E. Fowler Ave., CIS 1040, Tampa, FL, 33620, USA

    Steven Walczak

Authors
  1. Sibi Chakkaravarthy Sethuraman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vaidehi Vijayakumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steven Walczak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steven Walczak.

Ethics declarations

Ethical Approval

No human subjects were used outside of the researchers themselves. Informed consent was not required for this research. All procedures performed in studies involving human participants (the researchers) were in accordance with the ethical standards of the institutional and/or national research committee and with the 1964 Helsinki declaration and its later amendments or comparable ethical standards.

Conflict of Interest

SCS was partially funded for this research from an internal university grant from the Department of Science and Technology. All authors confirm that there is no conflict of interest.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection on Mobile & Wireless Health Provided

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sethuraman, S.C., Vijayakumar, V. & Walczak, S. Cyber Attacks on Healthcare Devices Using Unmanned Aerial Vehicles. J Med Syst 44, 29 (2020). https://doi.org/10.1007/s10916-019-1489-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-019-1489-9

Keywords

Search

Navigation