skip to main content
review-article
Free access

Security challenges for medical devices

Published: 23 March 2015 Publication History

Abstract

Implantable devices, often dependent on software, save countless lives. But how secure are they?

References

[1]
Alemzadeh, H., Iyer, R.K. and Kalbarczyk, Z. Analysis of safety-critical computer failures in medical devices. IEEE Security & Privacy 11, 4, (July-Aug. 2013), 14--26.
[2]
Boston Scientific. PACEMAKER System Specification. 2007.
[3]
Denning, T., Fu, K. and Kohno, T. Absence makes the heart grow fonder: New directions for implantable medical device security. In Proceedings of USENIX Workshop on Hot Topics in Security, July 2008.
[4]
Denning, T., Matsuoka, Y. and Kohno, T. Neurosecurity: Security and privacy for neural devices. Neurosurgical Focus 27, 1 (July 2009).
[5]
Denning, T. et al. Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of the 28th International Conference on Human Factors in Computing Systems, 2010.
[6]
Food and Drug Administration. MAUDE---Manufacturer and User Facility Device Experience; http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/search.CFM
[7]
Food and Drug Administration. Is The Product A Medical Device? http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/ClassifyYourDevice/ucm051512.htm
[8]
Food and Drug Administration. Medical Devices -- Classify Your Medical Device; http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/ClassifyYourDevice/default.htm
[9]
Food and Drug Administration Safety Communication: Cybersecurity for Medical Devices and Hospital Networks; June 2013. http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm
[10]
Food and Drug Administration. Content of premarket submissions for management of cybersecurity in medical devices---Draft guidance for industry and Food and Drug administration staff, June 14, 2013; http://www.fda.gov/medicalDevices/Deviceregulationandguidance/guidanceDocuments/ucm356186.htm
[11]
Fox News. Antivirus Program Goes Berserk, Freezes PCs. Apr. 22, 2010.
[12]
Fu, K. and Blum, J. Controlling for cybersecurity risks of medical device software. Commun. ACM 56, 10 (Oct. 2013), 35--37.
[13]
Gollakota, S. et al. They can hear your heartbeats: Non-invasive security for implantable medical devices. In Proceedings from SIGCOMM'11 (Toronto, Ontario, Canada, Aug. 15--19, 2011).
[14]
Halperin, D. et al. Security and privacy for implantable medical devices. IEEE Pervasive Computing, Special Issue on Implantable Electronics, (Jan. 2008).
[15]
Halperin, D. et al. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the IEEE Symposium on Security and Privacy, May 2008.
[16]
Hansen, J.A. and Hansen, N.M. A taxonomy of vulnerabilities in implantable medical devices. In Proceedings of SPIMACS'10, (Chicago, IL, Oct. 8, 2010).
[17]
Howard, M. and Lipner, S. The Security Development Lifecycle. Microsoft Press, 2006.
[18]
International Standards Organization. Medical devices---Application of risk management to medical devices. ISO 14971:2007.
[19]
Jee, E. et al. A safety-assured development approach for real-time software, Proc. IEEE Int. Conf. Embed. Real-time Comput. Syst. Appl. (Aug. 2010), 133--142.
[20]
Kaplan, D. Black Hat: Insulin pumps can be hacked. SC Magazine, (Aug. 04, 2011).
[21]
King, S.T. et al. Designing and implementing malicious hardware. In Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. Fabian Monrose, ed. USENIX Association, Berkeley, CA.
[22]
Kolata, G. Of fact, fiction and Cheney's defibrillator. New York Times, (Oct. 27, 2013).
[23]
Kramer, D.B. et al. Security and privacy qualities of medical devices: An analysis of fda postmarket surveillance. PLoS ONE 7, 7 (2012), e40200;
[24]
Li, C., Raghunathan, A. and Jha, N.K. Improving the trustworthiness of medical device software with formal verification methods. IEEE Embedded Systems Letters 5, 3 (Sept. 2013), 50--53.
[25]
McGraw, G. Software security. IEEE Security & Privacy 2, 2 (Mar-Apr 2004), 80--83.
[26]
Nixon, C. et al. Academic Dual Chamber Pacemaker. University of Minnesota, 2008.
[27]
Ross, R.S. Guide for Conducting Risk Assessments. NIST Special Publication 800-30 Rev. 1, Sept. 2012.
[28]
Rostami, M., Juels, A. and Koushanfar F. Heart-to-Heart (H2H): Authentication for implanted medical devices. In Proceedings for ACM SIGSAC Conference on Computer & Communications Security. ACM, New York, NY, 1099--1112.
[29]
Sanger, D.E. and Shanker, T. N.S.A. devises radio pathway into computers. New York Times (Jan. 14, 2014).
[30]
Skorobogatov, S. and Woods, C. Breakthrough silicon scanning discovers backdoor in military chip, cryptographic hardware and embedded systems. Lecture Notes in Computer Science 7428 (2012), 23--40.
[31]
Sorber, J. et al. An amulet for trustworthy wearable mHealth. In Proceedings of the 12th Workshop on Mobile Computing Systems & Applications. ACM, New York, NY.
[32]
Venere, E. New firewall to safeguard against medical-device hacking. Purdue University News Service, Apr. 12, 2012.
[33]
Vockley, M. Safe and Secure? Healthcare in the cyberworld. AAMI (Advancing Safety in Medical Technology) BI&T -- Biomedical Instrumentation & Technology, May/June 2012.
[34]
Weaver, C. Patients put at risk by computer viruses. Wall Street Journal (June 13, 2013).
[35]
Wei, S., Potkonjak, M. The undetectable and unprovable hardware Trojan horse. In Proceedings of the ACM Design Automation Conference (Austin, TX, May 29-June 07, 2013).
[36]
Wirth, A. Cybercrimes pose growing threat to medical devices. Biomed Instrum Technol. 45, 1 (Jan/Feb 2011), 26--34.
[37]
World Health Organization. Medical device regulations: Global overview and guiding principles. 2003.

Cited By

View all
  • (2024)Prevention and Mitigation of Disruptions in Medical Device Supply Chains: A Policy PerspectiveJournal of Science Policy & Governance10.38126/JSPG24010824:01Online publication date: 29-Apr-2024
  • (2024)Implantable Medical Device SecurityCryptography10.3390/cryptography80400538:4(53)Online publication date: 15-Nov-2024
  • (2024)Telemedicine Monitoring System Based on Fog/Edge Computing: A SurveyIEEE Transactions on Services Computing10.1109/TSC.2024.3506473(1-20)Online publication date: 2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 58, Issue 4
April 2015
86 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/2749359
  • Editor:
  • Moshe Y. Vardi
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 March 2015
Published in CACM Volume 58, Issue 4

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Review-article
  • Popular
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)615
  • Downloads (Last 6 weeks)112
Reflects downloads up to 18 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Prevention and Mitigation of Disruptions in Medical Device Supply Chains: A Policy PerspectiveJournal of Science Policy & Governance10.38126/JSPG24010824:01Online publication date: 29-Apr-2024
  • (2024)Implantable Medical Device SecurityCryptography10.3390/cryptography80400538:4(53)Online publication date: 15-Nov-2024
  • (2024)Telemedicine Monitoring System Based on Fog/Edge Computing: A SurveyIEEE Transactions on Services Computing10.1109/TSC.2024.3506473(1-20)Online publication date: 2024
  • (2024)Vulnerability Analysis and Exploitation Attacks on Smart Wearable Devices2024 2nd International Conference on Advancement in Computation & Computer Technologies (InCACCT)10.1109/InCACCT61598.2024.10550999(911-916)Online publication date: 2-May-2024
  • (2024)Wireless Battery-free and Fully Implantable Organ InterfacesChemical Reviews10.1021/acs.chemrev.3c00425124:5(2205-2280)Online publication date: 21-Feb-2024
  • (2024)Penetration Testing and Security Assessment Methodology for Biomedical DevicesRecent Challenges in Intelligent Information and Database Systems10.1007/978-981-97-5937-8_28(337-348)Online publication date: 13-Aug-2024
  • (2024)Developing Dependable IoT Systems: Safety PerspectiveProceedings of the UNIfied Conference of DAMAS, IncoME and TEPEN Conferences (UNIfied 2023)10.1007/978-3-031-49421-5_61(753-766)Online publication date: 29-May-2024
  • (2023)A Comprehensive Review of the State-of-the-Art on Security and Privacy Issues in HealthcareACM Computing Surveys10.1145/357115655:12(1-38)Online publication date: 28-Mar-2023
  • (2023)A Deep Learning Approach for ECG Authentication on Implantable Medical Devices2023 32nd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN58024.2023.10230198(1-7)Online publication date: Jul-2023
  • (2023)Mapping Knowledge and Themes Trends in the Cybersecurity of Medical Devices: A Bibliometric InvestigationScience & Technology Libraries10.1080/0194262X.2023.227454743:4(368-378)Online publication date: Nov-2023
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDFChinese translation

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media