This paper discusses the efficacy of the Implantable Medical Devices (IMDs), at the same time it also highlights the possibilities of security attacks on commercially available IMDs. Keeping in mind the challenges and constraints posed by the IMDs, the paper also proposes some viable solutions to address the security threats.
8. Security for Implantable Medical Devices (IMDs) | 8
Conducted communication and NFC interface based devices are likely to be the earliest solutions that will be available to
patients in the near future. All other solutions are in the conceptual stage with the researchers still in discussion with
vendors to implement the solution in upcoming devices.
Cyber security for IMDs is a nascent technology where a lot needs to be done before the potential threats become real. It is
hoped that the reader finds this ecosystem overview helpful.
References
St. Jude Medical Announces Acquisition and CE Mark Approval of World's First Leadless Pacemaker, October 14, 2013
http://investors.sjm.com/phoenix.zhtml?c=73836&p=irol-newsArticle_Print&ID=1863989
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses by Kevin Fu et al.
http://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1067&context=cs_faculty_pubs
Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System by Jerome Radcliffe, presented at Black Hat Technical Security
Conference: USA 2011. http://cs.uno.edu/~dbilar/BH-US-2011/materials/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf
"Broken Hearts": How plausible was the Homeland pacemaker hack? bbyy BBaarrnnaabbyy JJaacckk..
http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html
FDA Should Expand Its Consideration of Information Security for Certain Types of Devices, GAO, August 2012.
http://www.gao.gov/assets/650/647767.pdf
FDA Safety Communication: Cyber security for Medical Devices and Hospital Networks, June 13, 2013
http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm
Leadless cardiac pacemaker with conducted communication,
hhttttpp::////wwwwww..ggooooggllee..ccoomm//ppaatteennttss//WWOO22001133005588995588AA11
They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices, presented at SIGCOMM ’11 by Shyamnath et al.
http://groups.csail.mit.edu/netmit/IMDShield/paper.pdf
Heart-to-Heart (H2H): Authentication for Implanted Medical Devices, by Masoud Rostami et al, to be presented at CCS’13, November 4–8, 2013, Berlin, Germany
http://www.aceslab.org/sites/default/files/H2H.pdf
In-Vivo NFC: Remote Monitoring of Implanted Medical Devices with Improved Privacy, by Kim B et al, SenSys ’12, November 6-9, 2012, Toronto, Canada
http://dl.acm.org/citation.cfm?id=2426691&dl=ACM&coll=DL&CFID=376029119&CFTOKEN=76995657
CChheenneeyy''ss ddeefifibbrriillllaattoorr wwaass mmooddiififieedd ttoo pprreevveenntt hhaacckkiinngg,, bbyy DDaannaa FFoorrdd,, CCNNNN,, OOccttoobbeerr 2244,, 22001133
http://www.cnn.com/2013/10/20/us/dick-cheney-gupta-interview/
Author Info
Ashok Kumar V
HCL Engineering and R&D Services
Designed By: Mayuri Infomedia
This whitepaper is published by HCL Engineering and R&D Services.
The views and opinions in this article are for informational purposes only and should not be considered as a substitute for professional business advice. The use herein of any
trademarks is not an assertion of ownership of such trademarks by HCL nor intended to imply any association between HCL and lawful owners of such trademarks.
For more information about HCL Engineering and R&D Services,
Please visit http://www.hcltech.com/engineering-rd-services
Copyright@ HCL Technologies
AAllll rriigghhttss rreesseerrvveedd..