Abstract
The growing use of wireless technology in healthcare systems and devices makes these systems particularly open to cyber-based attacks, including denial of service and information theft via sniffing (eaves-dropping) and phishing attacks. Evolving technology enables wireless healthcare systems to communicate over longer ranges, which opens them up to greater numbers of possible threats. Unmanned aerial vehicles (UAV) or drones present a new and evolving attack surface for compromising wireless healthcare systems. An enumeration of the types of wireless attacks capable via drones are presented, including two new types of cyber threats: a stepping stone attack and a cloud-enabled attack. A real UAV is developed to test and demonstrate the vulnerabilities of healthcare systems to this new threat vector. The UAV successfully attacked a simulated smart hospital environment and also a small collection of wearable healthcare sensors. Compromise of wearable or implanted medical devices can lead to increased morbidity and mortality.
Similar content being viewed by others
References
Park, J., and Tyagi, A., Using power clues to hack IoT devices: The power side channel provides for instruction-level disassembly. IEEE Consum Electron Mag 6(3):92–102, 2017.
Nilsen, W., Kumar, S., Shar, A., Varoquiers, C., Wiley, T., Riley, W. T., Pavel, M., and Atienza, A. A., Advancing the science of mHealth. J Health Comm 17(sup1):5–10, 2012.
Steinhubl, S. R., Muse, E. D., and Topol, E. J., Can mobile health technologies transform health care? JAMA 310(22):2395–2396, 2013.
Ullah, S., Higgins, H., Braem, B., Latre, B., Blondia, C., Moerman, I., Saleem, S., Rahman, Z., and Kwak, K. S., A comprehensive survey of wireless body area networks. J Med Syst 36(3):1065–1094, 2012.
Kintzlinger, M., and Nissim, N., Keep an eye on your personal belongings! The security of personal medical devices and their ecosystems. J Biome Inform 95:103233, 2019.
Piwek, L., Ellis, D. A., Andrews, S., and Joinson, A., The rise of consumer health wearables: Promises and barriers. PLoS Med 13(2):e1001953, 2016.
Thibaud, M., Chi, H., Zhou, W., and Piramuthu, S., Internet of things (IoT) in high-risk environment, health and safety (EHS) industries: A comprehensive review. Decis Support Syst 108:79–95, 2018.
Hiremath S, Yang G, Mankodiya K (2014) Wearable internet of things: Concept, architectural components and promises for person-centered healthcare. In EAI 4th International Conference on Wireless Mobile Communication and Healthcare (pp. 304-307), IEEE.
Islam, S. R., Kwak, D., Kabir, M. H., Hossain, M., and Kwak, K. S., The internet of things for health care: A comprehensive survey. IEEE Access 3:678–708, 2015.
Otto, C., Milenkovic, A., Sanders, C., and Jovanov, E., System architecture of a wireless body area sensor network for ubiquitous health monitoring. J Mobile Multimed 1(4):307–326, 2006.
Li, M., Lou, W., and Ren, K., Data security and privacy in wireless body area networks. IEEE Wireless Comm 17(1):51–58, 2010.
Al, T. R., and Youssef, A. M., Security tradeoffs in cyber physical systems: A case study survey on implantable medical devices. IEEE Access 4:959–979, 2016.
Camara, C., Peris-Lopez, P., and Tapiador, J. E., Security and privacy issues in implantable medical devices: A comprehensive survey. Journal of Biomedical Informatics 55:272–289, 2015.
La Bella, L., UAVs and law enforcement. New York: The Rosen Publishing Group, 2016.
Loukas, G., Gan, D., and Vuong, T., A review of cyber threats and defence approaches in emergency management. Future Internet 5(2):205–236, 2013.
Lidynia, C., Philipsen, R., and Ziefle, M., Droning on about UAVs—Acceptance of and perceived barriers to UAVs in civil usage contexts. In: Advances in Human Factors in Robots and Unmanned Systems. Cham: Springer, 2017, 317–329.
Dorling, K., Heinrichs, J., Messier, G. G., and Magierowski, S., Vehicle routing problems for UAV delivery. T Syst Man Cy A 47(1):70–85, 2017.
Scott, J. E., and Scott, C. H., Models for UAV delivery of medications and other healthcare items. Int J Inform Syst Informatic 13(3):20–34, 2018.
Javaid AY, Sun W, Devabhaktuni VK, Alam M (2012) Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In 2012 IEEE Conference on Technologies for Homeland Security (pp. 585-590), IEEE.
Al Ameen, M., Liu, J., and Kwak, K., Security and privacy issues in wireless sensor networks for healthcare applications. J Med Syst 36(1):93–101, 2012.
Leavitt, N., Researchers fight to keep implanted medical devices safe from hackers. Computer 43(8):11–14, 2010.
Fu, K., and Xu, W., Risks of trusting the physics of sensors. Commun ACM 61(2):20–23, 2018.
Denning T, Borning A, Friedman B, Gill BT, Kohno T, Maisel WH (2010) Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 917-926), ACM.
Halperin, D., Heydt-Benjamin, T. S., Fu, K., Kohno, T., and Maisel, W. H., Security and privacy for implantable medical devices. Pervasive Comput 7(1):30–39, 2008.
Sametinger, J., Rozenblit, J., Lysecky, R., and Ott, P., Security challenges for medical devices. Commun ACM 58(4):74–82, 2015.
Klonoff, D. C., Cybersecurity for connected diabetes devices. J Diabetes Sci Technol 9(5):1143–1147, 2015.
Li C, Raghunathan A, Jha NK (2011) Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In 13th IEEE International Conference on e-Health Networking Applications and Services (pp. 150-156), IEEE.
Trippel T, Weisse O, Xu W, Honeyman P, Fu K (2017) WALNUT: Waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 3-18), IEEE.
Halperin D, Heydt-Benjamin TS, Ransford B, Clark SS, Defend B, Morgan W, Fu K, Kohno T, Maisel WH (2008) Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In IEEE Symposium on Security and Privacy (pp. 129-142), IEEE.
Maisel, W. H., and Kohno, T., Improving the security and privacy of implantable medical devices. New England J Med 362(13):1164–1166, 2010.
Salmon, P. C., and Meissner, P. L., Mobile bot swarms: They're closer than you might think! IEEE Consum Electron Mag 4(1):58–65, 2015.
Hanspach, M., and Goetz, M., On covert acoustical mesh networks in air. J Comm 8(11):758–767, 2013.
Kolias, C., Kambourakis, G., Stavrou, A., and Gritzalis, S., Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Comm Surv Tutorial 18(1):184–208, 2016.
Saad A, Amran AR, Hasan MNA (2016) WarBox: Portable wardriving over raspberry PI. In International Conference on Information and Communication Technology (pp. 227-235), IEEE.
Gandhi, D. C., Suri, G., Golyan, R. P., Saxena, P., and Saxena, B. K., Packet sniffer–a comparative study. Int J Comput Network Info Sec 2(5):179–187, 2014.
Yu, L., Lu, Y., and Zhu, X., Smart hospital based on internet of things. J Network 7(10):1654, 2012.
Catarinucci, L., De Donno, D., Mainetti, L., Palano, L., Patrono, L., Stefanizzi, M. L., and Tarricone, L., An IoT-aware architecture for smart healthcare systems. IEEE Internet Things J 2(6):515–526, 2015.
Haus, M., Waqas, M., Ding, A. Y., Li, Y., Tarkoma, S., and Ott, J., Security and privacy in device-to-device (D2D) communication: A review. IEEE Comm Surv Tutorial 19(2):1054–1079, 2017.
Zheng, G., Shankaran, R., Orgun, M. A., Qiao, L., and Saleem, K., Ideas and challenges for securing wireless implantable medical devices: A review. IEEE Sensor J 17(3):562–576, 2017.
Acknowledgements
This research is supported by the Department of Science and Technology under the scheme ‘DST PURSE II’. Author SCS would like to extend their sincere thanks to DST for supporting the research.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Ethical Approval
No human subjects were used outside of the researchers themselves. Informed consent was not required for this research. All procedures performed in studies involving human participants (the researchers) were in accordance with the ethical standards of the institutional and/or national research committee and with the 1964 Helsinki declaration and its later amendments or comparable ethical standards.
Conflict of Interest
SCS was partially funded for this research from an internal university grant from the Department of Science and Technology. All authors confirm that there is no conflict of interest.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection on Mobile & Wireless Health Provided
Rights and permissions
About this article
Cite this article
Sethuraman, S.C., Vijayakumar, V. & Walczak, S. Cyber Attacks on Healthcare Devices Using Unmanned Aerial Vehicles. J Med Syst 44, 29 (2020). https://doi.org/10.1007/s10916-019-1489-9
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-019-1489-9