SlideShare a Scribd company logo

Security for Implantable Medical Devices (IMDs)

HCL Technologies
HCL Technologies

This paper discusses the efficacy of the Implantable Medical Devices (IMDs), at the same time it also highlights the possibilities of security attacks on commercially available IMDs. Keeping in mind the challenges and constraints posed by the IMDs, the paper also proposes some viable solutions to address the security threats.

Technology
1 of 8
Download to read offline
Security for Implantable Medical Devic es (IMDs)
Abstract Market Trends Challenges / Constraints in making IMDs secure Published Solutions Threat Analysis Conclusion RReeffeerreenncceess 3 3 5 5 7 7 8 Table of Contents © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
Security for Implantable Medical Devices (IMDs) | 3 Implantable Medical Devices (IMDs) have significantly transformed the medical devices industry. Any device inserted directly into a patient’s body would be very useful in monitoring his/her vital signs, especially in certain conditions such as arrhythmias and diabetes. Such constant monitoring helps relay real-time information in case of life-threatening situations. It also ensures that the patient receives medical attention quickly. Active IMDs are devices that need a power source for their functioning. They connect with the external world wwiirreelleessssllyy aanndd help in monitoring a patient’s condition, remotely. This presents a great advantage for patients, as these devices help to extend and enhance the quality of life. For physicians this means real-time tracking of the patient’s condition. This helps the doctor to change the course of therapy based on the patient’s current condition, and reduces response time. This way the doctor need not wait for the patient to come to him/her for a checkup. However, active IMDs come with an expensive caveat – security. RReesseeaarrcchheerrss hhaavvee ddeemmoonnssttrraatteedd tthhaatt sseeccuurriittyy iiss hhiigghhllyy ccoommpprroommiisseedd iinn tthhee ccaassee ooff IIMMDDss.. AAnnyy hhaacckkeerr wwiitthh mmaalliicciioouuss iinntteenntt can gain access to this device and cause great damage to the life of the person wearing the IMD. Hence, it is imperative that security is inbuilt and that an ecosystem is created to protect human lives. IInn tthhiiss wwhhiitteeppaappeerr,, tthhee ccoonntteexxtt iiss sseett wwiitthh tthhee ttyyppeess ooff ppootteennttiiaall sseeccuurriittyy aattttaacckkss aanndd gguuiiddaannccee ffrroomm vvaarriioouuss rreegguullaattoorryy bodies. It then discusses the challenges and constraints in securing IMDs, followed by solutions that address security threats. The whitepaper also covers factors, such as hackers’ challenges and the advantages that influence the threat impact. As security for IMDs is a niche field, there is a lot of scope for innovation. The role of active IMDs is critical in providing timely medical care whenever a patient needs it. It relays vital information to physicians about the patient’s condition. This, in turn, allows doctors to take proactive action and thus help save lives. An IMD’s primary interface with the external world is through a device called the IMD Programmer. This device is responsible for gathering a patient’s medical information from the IMD and providing commands for therapy to the IMD. With the introduction of Medical Implant Communication Services (MICS) in 1999, the FCC allocated the 402-405 MHz band for this purpose. The latest range of IMDs also makes use of telemetry to beam long-range, high-bandwidth data across remote locations. © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. Abstract Market Trends Why IMDs? Artificial Cardiac Pacemakers, Implantable Cardioverter Defibrillators (ICDs), Neurostimulators and Insulin Pumps are some of the popular active IMDs. Active IMDs equipped with a wireless interface helps in monitoring a patient’s condition remotely while adjusting the therapy based on the patient’s condition at any given time. Using these wireless IMDs, physicians can get real-time data on the patient’s condition and administer the therapy remotely. The major benefit for a patient lies in effort, time and cost savings due to a reduction in planned or unplanned hospital visits. How do IMDs work? Problems in the current context The benefits of wireless connectivity and remote monitoring come with associated security risks. The devices meant to protect people’s lives, if compromised by hackers, can cause security breaches and severe damage to the patients. It can even cause their death under certain circumstances. Some of the ways the security and efficacy of IMDs being breached are listed below:
Security for Implantable Medical Devices (IMDs) | 4 Confidentiality: A hacker can use custom equipment to mimic an IMD Programmer, interface with the IMD and access any patient’s personal details and up-to-date health information. These details run the risk of being altered to disastrous effect, and hence should be accessible only by authorized personnel. Integrity: A hacker can connect with the IMD and modify the health information stored in the device, raising false alarms or making the physicians diagnose the situation wrongly. The hacker can also send prescriptive commands to the device to disrupt and degrade the therapy. Availability: In the DOS (Denial of Service) form of attack, a hacker can keep sending queries to the device repeatedly in order to drain the battery quickly, severely impacting/nullifying the device’s functioning. Typically, an IMD’s battery life spans a few years. DOS attacks can drain the battery in a few hours. There has been no reported attack on any medical device so far. However, several researchers have demonstrated in separate instances, the possibilities of such attacks using commercially available IMDs. Daniel Halperin, from the University of Washington, along with other researchers, published a paper in the IEEE Symposium on Security and Privacy, in 2008. They established the possibilities of cyber attacks on IMDs with pacemaker technology. They demonstrated cyber attack aspects such as breaching confidentiality (unauthorized access to patient data) and integrity (wrong therapy settings). At the Black Hat Conference in Las Vegas in 2011, security researcher Jerome Radcliffe, a diabetic himself, demonstrated the vulnerability of the insulin pump by taking complete control of his own IMD, remotely. He could command the pump to deliver insulin every three minutes or stop insulin delivery at will just from a distance of 100 feet. At the Breakpoint conference in Melbourne in October 2012, Barnaby Jack of security vendor IOActive demonstrated the ways in which IMDs could be compromised. He used a laptop 50 feet away from the patient to deliver a deadly, 830-volt shock. He said that there was also a possibility of infecting the vendor’s servers, which in turn could infect the vendor’s implanted IMDs, and thus enable the opportunity to commit mass murder. The U.S. Government Accountability Office (GAO) did a study to determine whether wireless IMDs are protected against information security risks that could affect their safety and effectiveness. In its August 2012 report, the GAO recommended that the Food and Drug Administration (FDA) develop and implement a plan expanding its focus on information security risks. As per FDA reports, there has been no real security attack. However, the FDA came up with a safety communication in June 2013. Cyber security is a focus area for the medical device industry as it concerns potential loss of human lives and sensitive health information. As of today, it is still a nascent technology. © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
Challenges to make IMDs secure There are several unique challenges / constraints in securing IMDs against cyber attacks. The scenario is different from securing networks, servers and computers. The major challenge in making IMDs secure is the resource constraint with regard to the processing power, battery, and memory. The situation becomes more complex with the varying mix of security, privacy, efficacy and safety associated with different types of IMDs. Any solution should take care of these constraints. A typical solution attempting to prevent unauthorized access to an IMD may involve a complex encryption / decryption algorithm. Typically, such algorithms require significant processing power. Similarly, if algorithms to detect iinnttrruussiioonnss rruunn on the IMDs on a continual basis, the battery will drain quickly. Replacing the battery necessitates another surgery, which involves money, effort, pain, and even a risk to life itself. Such algorithms can be executed on the IMD programmers. However, the programmer itself may not have a powerful CPU. TThhee sseeccoonndd cchhaalllleennggee iiss ttoo sseeccuurree aallrreeaaddyy iimmppllaanntteedd IIMMDDss.. SSeeccuurriittyy ccaann bbee ddeessiiggnneedd iinnttoo nneeww ddeevviicceess aass tteecchhnnoollooggiieess evolve, even with the constraints stated above. However, over 4 million IMDs (pacemakers and CRM devices alone) have already been implanted in patients’ bodies, worldwide. Another 700,000 devices are implanted every year [1]. As most of these devices were designed several years ago, the required security features relevant in today’s context were not built in at that time. There needs to be a solution to protect already implanted IMDs and the patients. AAnnootthheerr uunniiqquuee cchhaalllleennggee iiss tthhaatt tthhee sseeccuurriittyy ffeeaattuurree bbuuiilltt aarroouunndd IIMMDDss,, sshhoouulldd hhaavvee tthhee aabbiilliittyy ttoo bbee ddiissaabblleedd bbyy pprreevviioouussllyy unauthorized yet competent people such as doctors of a different hospital. Imagine a scenario where the patient is in a critical situation, unable to communicate, and is admitted to a different hospital. The doctors there should be able to use their IMD Programmers and communicate with the device. If the device prevents unauthorized access at that time, the doctor cannot provide the necessary treatment, thus presenting a real danger to the patient. Security designers have to take these kinds of emergency scenarios into account while designing a solution. Published Solutions Security for Implantable Medical Devices (IMDs) | 5 Several solutions have been reported in the literature. These solutions take into account the challenges and constraints posed by IMDs. An external device is a part of many of these solutions. Such external devices can be worn by the patient or kept near the IMD that it is protecting. The following solutions are covered in this section. IMD Shield H2H (Heart-to-Heart) NFC Interface Conducted Communication through Surface ECG Electrodes In SIGCOMM ’11, researchers from MIT and the University of Massachusetts-Amherst presented an innovative solution [8], which does not require any modifications to already implanted IMDs. They used commercially available IMDs and IMD PPrrooggrraammmmeerrss ffoorr tthhee ssttuuddyy.. TThheeyy pprrooppoosseedd aann eexxtteerrnnaall ddeevviiccee ccaalllleedd tthhee ““IIMMDD SShhiieelldd”” tthhaatt aaccttss aass aa ggaatteewwaayy ffoorr tthhee IIMMDD.. IItt can be worn by the patient, like a necklace, ensuring proximity to the device it would be protecting. Communication from IMD to IMD Programmer and vice versa is handled by the shield. The IMD continues to operate the way it was originally designed, and the shield is built with two antennas – one to receive and the other to jam. It receives the patient’s health info from the IMD to forward to the IMD Programmer. It simultaneously jams signals from the IMD, thus © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. IMD Shield
Security for Implantable Medical Devices (IMDs) | 6 preventing an intruder device from accessing the patient’s medical information. It jams signals coming from an intruder device, thereby corrupting the info and preventing the IMD from responding to unauthorized commands. Since the shield and IMD Programmer are external devices, their design can be modified as the threat scenario evolves in the future. Heart-to-Heart: Secure Communication ,MD Shield ProΑrammer Figure 1: IMD Shield Researchers at Rice University along with a team at RSA Securities have come up with a solution [9], called “Heart-to-Heart” (H2H). This solution will address the challenge related to medical emergencies. It involves using the patient’s heartbeat as the password. In this method, a special type of IMD Programmer authenticates itself with the IMD by touching the patient’s body and taking the reading of the heartbeat. It also asks the IMD to take the reading of the heartbeat. The IMD Programmer and IMD take independent, time-synchronous ECG readings. The IMD compares the two results. If the results are nearly equal, it grants access to the IMD Programmer. Since the readings are taken in real-time, a hacker will not be able to replay and trick the IMD into getting the access. This solution can be applicable only to new IMDs or to already implanted IMDs that allow a wireless firmware upgrade. NFC Interface: ,MD ProΑrammer ,MD ProΑrammer Figure 2: Heart - to - heart protocol B Kim et al [10] have proposed the use of NFC interface (13.56 MHz frequency band) for all communications between the IMD and the external world through a smart phone with NFC. They proposed a passive NFC tag that harvests energy from the reader’s magnetic field. The major advantage of the NFC interface is its short communication range, limited to about 4-5 cm in free space. They used pork as a substitute to emulate human-like tissue and found that the communication range was reduced by 5-8 mm due to absorption, but still the range was over 4 cm. This ensures that a hacker cannot unleash the attack from a distance of a few meters, which is possible with other interfaces such as MICS or Bluetooth. TThhee oonnllyy disadvantage of the NFC based solution is that it will be available only in the new IMDs under development. Some vendors have started making use of NFC technology for the interface between the IMD and the Programmer. IMDs with NFC are expected to arrive in the market in a couple of years. Conducted Communication through Surface ECG Electrodes: In a remarkable breakthrough in pacemaking, the St. Jude Medical Nanostim Leadless Pacemaker can be implanted inside the heart using a minimally invasive procedure, thereby eliminating the need for surgery [7]. In addition, there is no wireless interface. The communication with the external world is by way of conducted communication through Surface ECG Electrodes [7]. Electrodes will be placed on the chest of the patient and through ECG monitoring, the readings will be taken and the settings will be adjusted, if required. This ensures that a hacker cannot attack remotely. Leadless Pacemaker ,nside Heart Figure 3: Leadless Pacemaker © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
Security for Implantable Medical Devices (IMDs) | 7 Threat Analysis If there has been no real attack so far, it could be due to the challenges that hackers may be facing. The following factors lead one to believe that the researchers’ concerns may be far-fetched and that the probability of threats may be low. Proximity: In typical non-IMD cyber attacks, a hacker can be far away from the victim, from the comfort of their workplace at the time of their choice. In the case of an IMD attack, the hacker or the equipment they use to hack should be close to the victim. This requires meticulous preparation, such as visiting the area and identifying the hiding place for the attack. This limitation could act as a major deterrent, thereby reducing the number of hackers who will “invest” in this area. Geographic Spread: The usage of wireless IMDs is concentrated in a few developed countries. When compared to non-IMD cyber attacks, the geographic spread of IMD attack is quite limited. Ethical Aspect: A typical non-IMD hacker derives pride, pleasure and money in hacking the victim’s email accounts or bank accounts. While their acts are legally crimes, they may not consider themselves criminals. However, when it comes to hacking IMDs, they know that they are playing with the victim’s life. Only those hackers with atrociously criminal intent would be getting into this field, thereby limiting the IMD hacker population. However, the following factors paint a different picture. Advantage Hackers: Any solution against cyber attacks has to go through the rigorous compliance testing mandated by regulatory bodies such as the FDA. This results in delaying the deployment by around 5-7 years. Hackers do not have this limitation and they can deploy newly found attacks immediately. High Value Targets: Due to the cost of an IMD, and surgery and maintenance expenses, the rich and famous are more likely to be implanted, making them high-value targets. For instance, the doctors who replaced former U.S. Vice President Dick Cheney's heart defibrillator in 2007 asked the manufacturer to disable the wireless feature, fearing that terrorists might hack the device and try to kill him [11]. From these perspectives, it is imperative that IMDs are adequately secured. Conclusion With the growing usage and complexity of IMDs, there are associated vulnerabilities that compromise the confidentiality, integrity, and availability aspects of these gadgets. The FDA has recognized the issue. Vendors have started taking care of security issues in their new implementations. In this paper, the various possible types of attack and their impact on the patient’s life have been presented. The unique challenges in securing IMDs due to their inherent nature and the usage scenarios have also been explained. Though there have been no reported vulnerabilities, regulatory bodies have taken note of the possibilities and started working with manufacturers and security experts to strengthen cyber security in IMDs. A few solutions taking care ooff CCIIAA aassppeeccttss published in the literature have been presented. In addition, the challenges and advantages from the hackers’ point of view have been presented. © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
Security for Implantable Medical Devices (IMDs) | 8 Conducted communication and NFC interface based devices are likely to be the earliest solutions that will be available to patients in the near future. All other solutions are in the conceptual stage with the researchers still in discussion with vendors to implement the solution in upcoming devices. Cyber security for IMDs is a nascent technology where a lot needs to be done before the potential threats become real. It is hoped that the reader finds this ecosystem overview helpful. References St. Jude Medical Announces Acquisition and CE Mark Approval of World's First Leadless Pacemaker, October 14, 2013 http://investors.sjm.com/phoenix.zhtml?c=73836&p=irol-newsArticle_Print&ID=1863989 Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses by Kevin Fu et al. http://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1067&context=cs_faculty_pubs Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System by Jerome Radcliffe, presented at Black Hat Technical Security Conference: USA 2011. http://cs.uno.edu/~dbilar/BH-US-2011/materials/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf "Broken Hearts": How plausible was the Homeland pacemaker hack? bbyy BBaarrnnaabbyy JJaacckk.. http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html FDA Should Expand Its Consideration of Information Security for Certain Types of Devices, GAO, August 2012. http://www.gao.gov/assets/650/647767.pdf FDA Safety Communication: Cyber security for Medical Devices and Hospital Networks, June 13, 2013 http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm Leadless cardiac pacemaker with conducted communication, hhttttpp::////wwwwww..ggooooggllee..ccoomm//ppaatteennttss//WWOO22001133005588995588AA11 They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices, presented at SIGCOMM ’11 by Shyamnath et al. http://groups.csail.mit.edu/netmit/IMDShield/paper.pdf Heart-to-Heart (H2H): Authentication for Implanted Medical Devices, by Masoud Rostami et al, to be presented at CCS’13, November 4–8, 2013, Berlin, Germany http://www.aceslab.org/sites/default/files/H2H.pdf In-Vivo NFC: Remote Monitoring of Implanted Medical Devices with Improved Privacy, by Kim B et al, SenSys ’12, November 6-9, 2012, Toronto, Canada http://dl.acm.org/citation.cfm?id=2426691&dl=ACM&coll=DL&CFID=376029119&CFTOKEN=76995657 CChheenneeyy''ss ddeefifibbrriillllaattoorr wwaass mmooddiififieedd ttoo pprreevveenntt hhaacckkiinngg,, bbyy DDaannaa FFoorrdd,, CCNNNN,, OOccttoobbeerr 2244,, 22001133 http://www.cnn.com/2013/10/20/us/dick-cheney-gupta-interview/ Author Info Ashok Kumar V HCL Engineering and R&D Services Designed By: Mayuri Infomedia This whitepaper is published by HCL Engineering and R&D Services. The views and opinions in this article are for informational purposes only and should not be considered as a substitute for professional business advice. The use herein of any trademarks is not an assertion of ownership of such trademarks by HCL nor intended to imply any association between HCL and lawful owners of such trademarks. For more information about HCL Engineering and R&D Services, Please visit http://www.hcltech.com/engineering-rd-services Copyright@ HCL Technologies AAllll rriigghhttss rreesseerrvveedd..

Recommended

EC8072 UNIT V .pptx
EC8072 UNIT V .pptxEC8072 UNIT V .pptx
EC8072 UNIT V .pptxponni2
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up ICS
 
Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.Pavan Kumar MT
 
Biometrics
BiometricsBiometrics
BiometricsRajan Kumar
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical DevicesSheersha Pramanik 🇮🇳
 

Recommended

EC8072 UNIT V .pptx
EC8072 UNIT V .pptxEC8072 UNIT V .pptx
EC8072 UNIT V .pptxponni2
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up ICS
 
Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.Pavan Kumar MT
 
Biometrics
BiometricsBiometrics
BiometricsRajan Kumar
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical DevicesSheersha Pramanik 🇮🇳
 
Graphical Password Authentication using Cued click point technique with zero ...
Graphical Password Authentication using Cued click point technique with zero ...Graphical Password Authentication using Cued click point technique with zero ...
Graphical Password Authentication using Cued click point technique with zero ...NurrulHafizza
 
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMC
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMCElectromagnetic Interference and Electromagnetic Compatibility (EMI/EMC
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMCAishwary Singh
 
Understanding IEC 62304
Understanding IEC 62304Understanding IEC 62304
Understanding IEC 62304MethodSense, Inc.
 
On Relaying NFC Payment Transactions using Android devices
On Relaying NFC Payment Transactions using Android devicesOn Relaying NFC Payment Transactions using Android devices
On Relaying NFC Payment Transactions using Android devicescgvwzq
 
Utilization of Medical Devices Standards to Demonstrate Safety
Utilization of Medical Devices Standards to Demonstrate SafetyUtilization of Medical Devices Standards to Demonstrate Safety
Utilization of Medical Devices Standards to Demonstrate SafetyUN SPHS
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Medical image processing studies
Medical image processing studiesMedical image processing studies
Medical image processing studiesBằng Nguyễn Kim
 
Wireless Body Area Network
Wireless Body Area Network Wireless Body Area Network
Wireless Body Area Network vaishnavibrhm
 
Wireless signal jamming
Wireless signal jammingWireless signal jamming
Wireless signal jammingMahmoud Abdeen
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Dr. Ahmed Al Zaidy
 
Mobile protection
Mobile protection Mobile protection
Mobile protection preetpatel72
 
Ppt 3 - IOT logic design
Ppt 3 - IOT logic designPpt 3 - IOT logic design
Ppt 3 - IOT logic designudhayakumarc1
 
Human Error- Data breaches/Cyber Security
Human Error- Data breaches/Cyber SecurityHuman Error- Data breaches/Cyber Security
Human Error- Data breaches/Cyber Securitykommieni divya
 
Introduction to Operational Technology 0.1
Introduction to Operational Technology 0.1Introduction to Operational Technology 0.1
Introduction to Operational Technology 0.1Richard Hudson
 
Ppt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasactionPpt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasactionDevyani Vaidya
 
3D Password
3D Password3D Password
3D PasswordShubham Rungta
 
Biometrics
BiometricsBiometrics
Biometricssenejug
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Palm vein Technology
Palm vein TechnologyPalm vein Technology
Palm vein TechnologySrinivasa Rao Gurram
 
Health Informatics and implantable medical devices
Health Informatics and implantable medical devicesHealth Informatics and implantable medical devices
Health Informatics and implantable medical devicesMyron Finseth, MSc
 
Corporate Presentation
Corporate PresentationCorporate Presentation
Corporate Presentationtanejamanmeet
 

More Related Content

What's hot

Graphical Password Authentication using Cued click point technique with zero ...
Graphical Password Authentication using Cued click point technique with zero ...Graphical Password Authentication using Cued click point technique with zero ...
Graphical Password Authentication using Cued click point technique with zero ...NurrulHafizza
 
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMC
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMCElectromagnetic Interference and Electromagnetic Compatibility (EMI/EMC
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMCAishwary Singh
 
On Relaying NFC Payment Transactions using Android devices
On Relaying NFC Payment Transactions using Android devicesOn Relaying NFC Payment Transactions using Android devices
On Relaying NFC Payment Transactions using Android devicescgvwzq
 
Utilization of Medical Devices Standards to Demonstrate Safety
Utilization of Medical Devices Standards to Demonstrate SafetyUtilization of Medical Devices Standards to Demonstrate Safety
Utilization of Medical Devices Standards to Demonstrate SafetyUN SPHS
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Medical image processing studies
Medical image processing studiesMedical image processing studies
Medical image processing studiesBằng Nguyễn Kim
 
Wireless Body Area Network
Wireless Body Area Network Wireless Body Area Network
Wireless Body Area Network vaishnavibrhm
 
Wireless signal jamming
Wireless signal jammingWireless signal jamming
Wireless signal jammingMahmoud Abdeen
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Dr. Ahmed Al Zaidy
 
Mobile protection
Mobile protection Mobile protection
Mobile protection preetpatel72
 
Ppt 3 - IOT logic design
Ppt 3 - IOT logic designPpt 3 - IOT logic design
Ppt 3 - IOT logic designudhayakumarc1
 
Human Error- Data breaches/Cyber Security
Human Error- Data breaches/Cyber SecurityHuman Error- Data breaches/Cyber Security
Human Error- Data breaches/Cyber Securitykommieni divya
 
Introduction to Operational Technology 0.1
Introduction to Operational Technology 0.1Introduction to Operational Technology 0.1
Introduction to Operational Technology 0.1Richard Hudson
 
Ppt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasactionPpt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasactionDevyani Vaidya
 
Biometrics
BiometricsBiometrics
Biometricssenejug
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 

What's hot (20)

Graphical Password Authentication using Cued click point technique with zero ...
Graphical Password Authentication using Cued click point technique with zero ...Graphical Password Authentication using Cued click point technique with zero ...
Graphical Password Authentication using Cued click point technique with zero ...
 
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMC
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMCElectromagnetic Interference and Electromagnetic Compatibility (EMI/EMC
Electromagnetic Interference and Electromagnetic Compatibility (EMI/EMC
 
Understanding IEC 62304
Understanding IEC 62304Understanding IEC 62304
Understanding IEC 62304
 
On Relaying NFC Payment Transactions using Android devices
On Relaying NFC Payment Transactions using Android devicesOn Relaying NFC Payment Transactions using Android devices
On Relaying NFC Payment Transactions using Android devices
 
Utilization of Medical Devices Standards to Demonstrate Safety
Utilization of Medical Devices Standards to Demonstrate SafetyUtilization of Medical Devices Standards to Demonstrate Safety
Utilization of Medical Devices Standards to Demonstrate Safety
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Medical image processing studies
Medical image processing studiesMedical image processing studies
Medical image processing studies
 
Wireless Body Area Network
Wireless Body Area Network Wireless Body Area Network
Wireless Body Area Network
 
Wireless signal jamming
Wireless signal jammingWireless signal jamming
Wireless signal jamming
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
 
Ppt 3 - IOT logic design
Ppt 3 - IOT logic designPpt 3 - IOT logic design
Ppt 3 - IOT logic design
 
Human Error- Data breaches/Cyber Security
Human Error- Data breaches/Cyber SecurityHuman Error- Data breaches/Cyber Security
Human Error- Data breaches/Cyber Security
 
Introduction to Operational Technology 0.1
Introduction to Operational Technology 0.1Introduction to Operational Technology 0.1
Introduction to Operational Technology 0.1
 
Ppt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasactionPpt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasaction
 
3D Password
3D Password3D Password
3D Password
 
Biometrics
BiometricsBiometrics
Biometrics
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 
Mobile security
Mobile securityMobile security
Mobile security
 
Palm vein Technology
Palm vein TechnologyPalm vein Technology
Palm vein Technology
 

Viewers also liked

Health Informatics and implantable medical devices
Health Informatics and implantable medical devicesHealth Informatics and implantable medical devices
Health Informatics and implantable medical devicesMyron Finseth, MSc
 
Corporate Presentation
Corporate PresentationCorporate Presentation
Corporate Presentationtanejamanmeet
 
Working @ EASI
Working @ EASIWorking @ EASI
Working @ EASILauDelime
 
Tata Elxsi RoHS 2 Compliance Service
Tata Elxsi RoHS 2 Compliance Service Tata Elxsi RoHS 2 Compliance Service
Tata Elxsi RoHS 2 Compliance Service Vishal Garg
 
EASI implements an end-to-end enterprise resources planning solution at Moute...
EASI implements an end-to-end enterprise resources planning solution at Moute...EASI implements an end-to-end enterprise resources planning solution at Moute...
EASI implements an end-to-end enterprise resources planning solution at Moute...EASI
 
Tata elxsi firstcall_300415
Tata elxsi firstcall_300415Tata elxsi firstcall_300415
Tata elxsi firstcall_300415Sumit Roy
 
Innovation in Medical Devices: Using Magneto-Rheological Fluid in the Forearm...
Innovation in Medical Devices: Using Magneto-Rheological Fluid in the Forearm...Innovation in Medical Devices: Using Magneto-Rheological Fluid in the Forearm...
Innovation in Medical Devices: Using Magneto-Rheological Fluid in the Forearm...HCL Technologies
 
PLM Implementation services
PLM Implementation servicesPLM Implementation services
PLM Implementation servicesGeometric Ltd.
 
Noise Control of Vacuum Cleaners
Noise Control of Vacuum CleanersNoise Control of Vacuum Cleaners
Noise Control of Vacuum CleanersHCL Technologies
 
Aerotek Profile_2016
Aerotek Profile_2016Aerotek Profile_2016
Aerotek Profile_2016Tom Jacobs
 
Innovation in Medical Devices – Embedded Blood Glucose Meter in Smartphones
Innovation in Medical Devices – Embedded Blood Glucose Meter in SmartphonesInnovation in Medical Devices – Embedded Blood Glucose Meter in Smartphones
Innovation in Medical Devices – Embedded Blood Glucose Meter in SmartphonesHCL Technologies
 
Aerotek Professional Services Information
Aerotek Professional Services InformationAerotek Professional Services Information
Aerotek Professional Services Informationadwood
 
HCL Medical Device Practice
HCL Medical Device PracticeHCL Medical Device Practice
HCL Medical Device PracticeHCL Technologies
 
Healthcare Services Sector Update - January 2017
Healthcare Services Sector Update - January 2017Healthcare Services Sector Update - January 2017
Healthcare Services Sector Update - January 2017Duff & Phelps
 
"Can You Hear Me Out There?" The Power of Public Speaking
"Can You Hear Me Out There?" The Power of Public Speaking"Can You Hear Me Out There?" The Power of Public Speaking
"Can You Hear Me Out There?" The Power of Public SpeakingCareer Communications Group
 
How the Traditional Utility Model is Being Challenged by Disruptive Technolog...
How the Traditional Utility Model is Being Challenged by Disruptive Technolog...How the Traditional Utility Model is Being Challenged by Disruptive Technolog...
How the Traditional Utility Model is Being Challenged by Disruptive Technolog...Career Communications Group
 
Aerotek Presentation
Aerotek PresentationAerotek Presentation
Aerotek Presentationshouser
 

Viewers also liked (19)

Health Informatics and implantable medical devices
Health Informatics and implantable medical devicesHealth Informatics and implantable medical devices
Health Informatics and implantable medical devices
 
Corporate Presentation
Corporate PresentationCorporate Presentation
Corporate Presentation
 
brochure_-_medical_devices
brochure_-_medical_devicesbrochure_-_medical_devices
brochure_-_medical_devices
 
auto_brochure
auto_brochureauto_brochure
auto_brochure
 
Working @ EASI
Working @ EASIWorking @ EASI
Working @ EASI
 
Tata Elxsi RoHS 2 Compliance Service
Tata Elxsi RoHS 2 Compliance Service Tata Elxsi RoHS 2 Compliance Service
Tata Elxsi RoHS 2 Compliance Service
 
EASI implements an end-to-end enterprise resources planning solution at Moute...
EASI implements an end-to-end enterprise resources planning solution at Moute...EASI implements an end-to-end enterprise resources planning solution at Moute...
EASI implements an end-to-end enterprise resources planning solution at Moute...
 
Tata elxsi firstcall_300415
Tata elxsi firstcall_300415Tata elxsi firstcall_300415
Tata elxsi firstcall_300415
 
Innovation in Medical Devices: Using Magneto-Rheological Fluid in the Forearm...
Innovation in Medical Devices: Using Magneto-Rheological Fluid in the Forearm...Innovation in Medical Devices: Using Magneto-Rheological Fluid in the Forearm...
Innovation in Medical Devices: Using Magneto-Rheological Fluid in the Forearm...
 
PLM Implementation services
PLM Implementation servicesPLM Implementation services
PLM Implementation services
 
Noise Control of Vacuum Cleaners
Noise Control of Vacuum CleanersNoise Control of Vacuum Cleaners
Noise Control of Vacuum Cleaners
 
Aerotek Profile_2016
Aerotek Profile_2016Aerotek Profile_2016
Aerotek Profile_2016
 
Innovation in Medical Devices – Embedded Blood Glucose Meter in Smartphones
Innovation in Medical Devices – Embedded Blood Glucose Meter in SmartphonesInnovation in Medical Devices – Embedded Blood Glucose Meter in Smartphones
Innovation in Medical Devices – Embedded Blood Glucose Meter in Smartphones
 
Aerotek Professional Services Information
Aerotek Professional Services InformationAerotek Professional Services Information
Aerotek Professional Services Information
 
HCL Medical Device Practice
HCL Medical Device PracticeHCL Medical Device Practice
HCL Medical Device Practice
 
Healthcare Services Sector Update - January 2017
Healthcare Services Sector Update - January 2017Healthcare Services Sector Update - January 2017
Healthcare Services Sector Update - January 2017
 
"Can You Hear Me Out There?" The Power of Public Speaking
"Can You Hear Me Out There?" The Power of Public Speaking"Can You Hear Me Out There?" The Power of Public Speaking
"Can You Hear Me Out There?" The Power of Public Speaking
 
How the Traditional Utility Model is Being Challenged by Disruptive Technolog...
How the Traditional Utility Model is Being Challenged by Disruptive Technolog...How the Traditional Utility Model is Being Challenged by Disruptive Technolog...
How the Traditional Utility Model is Being Challenged by Disruptive Technolog...
 
Aerotek Presentation
Aerotek PresentationAerotek Presentation
Aerotek Presentation
 

Similar to Security for Implantable Medical Devices (IMDs)

security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devicesAjay Ohri
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devicesFlaskdata.io
 
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...IJCI JOURNAL
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsEMMAIntl
 
Securing the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical DevicesSecuring the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical DevicesTandhy Simanjuntak
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxMarket iT
 
Challenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesChallenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesPEPGRA Healthcare
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfSparity1
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Acus intel medical_devices
Acus intel medical_devicesAcus intel medical_devices
Acus intel medical_devicesatlanticcouncil
 
The Healthcare Internet of Things: Rewards and Risks
The Healthcare Internet of Things: Rewards and RisksThe Healthcare Internet of Things: Rewards and Risks
The Healthcare Internet of Things: Rewards and Risksatlanticcouncil
 
Security in Medical Devices using Wireless Monitoring and Detection of Anomalies
Security in Medical Devices using Wireless Monitoring and Detection of AnomaliesSecurity in Medical Devices using Wireless Monitoring and Detection of Anomalies
Security in Medical Devices using Wireless Monitoring and Detection of AnomaliesIJMTST Journal
 
The FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
The FDA and BYOD, Mobile and Fixed Medical Device CybersecurityThe FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
The FDA and BYOD, Mobile and Fixed Medical Device CybersecurityValdez Ladd MBA, CISSP, CISA,
 
The fda and byod mobile and fixed medical device cybersecurity[1]
The fda and byod mobile and fixed medical device cybersecurity[1]The fda and byod mobile and fixed medical device cybersecurity[1]
The fda and byod mobile and fixed medical device cybersecurity[1]Pam Gilmore
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoGlen Koskela
 

Similar to Security for Implantable Medical Devices (IMDs) (20)

security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devices
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devices
 
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and Applications
 
Securing the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical DevicesSecuring the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical Devices
 
Secret key generation
Secret key generationSecret key generation
Secret key generation
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicaux
 
Challenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesChallenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciences
 
journal papers.pdf
journal papers.pdfjournal papers.pdf
journal papers.pdf
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
 
Acus intel medical_devices
Acus intel medical_devicesAcus intel medical_devices
Acus intel medical_devices
 
The Healthcare Internet of Things: Rewards and Risks
The Healthcare Internet of Things: Rewards and RisksThe Healthcare Internet of Things: Rewards and Risks
The Healthcare Internet of Things: Rewards and Risks
 
Security in Medical Devices using Wireless Monitoring and Detection of Anomalies
Security in Medical Devices using Wireless Monitoring and Detection of AnomaliesSecurity in Medical Devices using Wireless Monitoring and Detection of Anomalies
Security in Medical Devices using Wireless Monitoring and Detection of Anomalies
 
The FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
The FDA and BYOD, Mobile and Fixed Medical Device CybersecurityThe FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
The FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
 
The fda and byod mobile and fixed medical device cybersecurity[1]
The fda and byod mobile and fixed medical device cybersecurity[1]The fda and byod mobile and fixed medical device cybersecurity[1]
The fda and byod mobile and fixed medical device cybersecurity[1]
 
Securing Wearable Device Data
Securing Wearable Device DataSecuring Wearable Device Data
Securing Wearable Device Data
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
 

More from HCL Technologies

Emergence of ITOA: An Evolution in IT Monitoring and Management
Emergence of ITOA: An Evolution in IT Monitoring and ManagementEmergence of ITOA: An Evolution in IT Monitoring and Management
Emergence of ITOA: An Evolution in IT Monitoring and ManagementHCL Technologies
 
USING FACTORY DESIGN PATTERNS IN MAP REDUCE DESIGN FOR BIG DATA ANALYTICS
USING FACTORY DESIGN PATTERNS IN MAP REDUCE DESIGN FOR BIG DATA ANALYTICSUSING FACTORY DESIGN PATTERNS IN MAP REDUCE DESIGN FOR BIG DATA ANALYTICS
USING FACTORY DESIGN PATTERNS IN MAP REDUCE DESIGN FOR BIG DATA ANALYTICSHCL Technologies
 
HCL HELPS A US BASED WIRELINE TELECOM OPERATOR FOR BETTER LEAD-TO-CASH AND TH...
HCL HELPS A US BASED WIRELINE TELECOM OPERATOR FOR BETTER LEAD-TO-CASH AND TH...HCL HELPS A US BASED WIRELINE TELECOM OPERATOR FOR BETTER LEAD-TO-CASH AND TH...
HCL HELPS A US BASED WIRELINE TELECOM OPERATOR FOR BETTER LEAD-TO-CASH AND TH...HCL Technologies
 
HCL HELPS A LEADING US TELECOM PROTECT ITS MARKET SHARE AND MAINTAIN HIGH LEV...
HCL HELPS A LEADING US TELECOM PROTECT ITS MARKET SHARE AND MAINTAIN HIGH LEV...HCL HELPS A LEADING US TELECOM PROTECT ITS MARKET SHARE AND MAINTAIN HIGH LEV...
HCL HELPS A LEADING US TELECOM PROTECT ITS MARKET SHARE AND MAINTAIN HIGH LEV...HCL Technologies
 
Cost-effective Video Analytics in Smart Cities
Cost-effective Video Analytics in Smart CitiesCost-effective Video Analytics in Smart Cities
Cost-effective Video Analytics in Smart CitiesHCL Technologies
 
A novel approach towards a Smarter DSLR Camera
A novel approach towards a Smarter DSLR CameraA novel approach towards a Smarter DSLR Camera
A novel approach towards a Smarter DSLR CameraHCL Technologies
 
Security framework for connected devices
Security framework for connected devicesSecurity framework for connected devices
Security framework for connected devicesHCL Technologies
 
Connected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian ScenarioConnected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian ScenarioHCL Technologies
 
A Sigh of Relief for Patients with Chronic Diseases
A Sigh of Relief for Patients with Chronic DiseasesA Sigh of Relief for Patients with Chronic Diseases
A Sigh of Relief for Patients with Chronic DiseasesHCL Technologies
 
Painting a Social & Mobile Picture in Real Time
Painting a Social & Mobile Picture in Real TimePainting a Social & Mobile Picture in Real Time
Painting a Social & Mobile Picture in Real TimeHCL Technologies
 
A Novel Design Approach for Electronic Equipment - FEA Based Methodology
A Novel Design Approach for Electronic Equipment - FEA Based MethodologyA Novel Design Approach for Electronic Equipment - FEA Based Methodology
A Novel Design Approach for Electronic Equipment - FEA Based MethodologyHCL Technologies
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)HCL Technologies
 
Manufacturing Automation and Digitization
Manufacturing Automation and DigitizationManufacturing Automation and Digitization
Manufacturing Automation and DigitizationHCL Technologies
 
Managing Customer Care in Digital
Managing Customer Care in DigitalManaging Customer Care in Digital
Managing Customer Care in DigitalHCL Technologies
 
Digital Customer Care Solutions, Smart Customer Care Solutions, Next Gen Cust...
Digital Customer Care Solutions, Smart Customer Care Solutions, Next Gen Cust...Digital Customer Care Solutions, Smart Customer Care Solutions, Next Gen Cust...
Digital Customer Care Solutions, Smart Customer Care Solutions, Next Gen Cust...HCL Technologies
 
The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...
The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...
The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...HCL Technologies
 
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...HCL Technologies
 
Transform and Modernize -UK's leading specialists in Pension and Employee Ben...
Transform and Modernize -UK's leading specialists in Pension and Employee Ben...Transform and Modernize -UK's leading specialists in Pension and Employee Ben...
Transform and Modernize -UK's leading specialists in Pension and Employee Ben...HCL Technologies
 
"Cost Savings Enabled for European Financial Services company "
"Cost Savings Enabled for European Financial Services company ""Cost Savings Enabled for European Financial Services company "
"Cost Savings Enabled for European Financial Services company "HCL Technologies
 

More from HCL Technologies (20)

Emergence of ITOA: An Evolution in IT Monitoring and Management
Emergence of ITOA: An Evolution in IT Monitoring and ManagementEmergence of ITOA: An Evolution in IT Monitoring and Management
Emergence of ITOA: An Evolution in IT Monitoring and Management
 
USING FACTORY DESIGN PATTERNS IN MAP REDUCE DESIGN FOR BIG DATA ANALYTICS
USING FACTORY DESIGN PATTERNS IN MAP REDUCE DESIGN FOR BIG DATA ANALYTICSUSING FACTORY DESIGN PATTERNS IN MAP REDUCE DESIGN FOR BIG DATA ANALYTICS
USING FACTORY DESIGN PATTERNS IN MAP REDUCE DESIGN FOR BIG DATA ANALYTICS
 
HCL HELPS A US BASED WIRELINE TELECOM OPERATOR FOR BETTER LEAD-TO-CASH AND TH...
HCL HELPS A US BASED WIRELINE TELECOM OPERATOR FOR BETTER LEAD-TO-CASH AND TH...HCL HELPS A US BASED WIRELINE TELECOM OPERATOR FOR BETTER LEAD-TO-CASH AND TH...
HCL HELPS A US BASED WIRELINE TELECOM OPERATOR FOR BETTER LEAD-TO-CASH AND TH...
 
HCL HELPS A LEADING US TELECOM PROTECT ITS MARKET SHARE AND MAINTAIN HIGH LEV...
HCL HELPS A LEADING US TELECOM PROTECT ITS MARKET SHARE AND MAINTAIN HIGH LEV...HCL HELPS A LEADING US TELECOM PROTECT ITS MARKET SHARE AND MAINTAIN HIGH LEV...
HCL HELPS A LEADING US TELECOM PROTECT ITS MARKET SHARE AND MAINTAIN HIGH LEV...
 
Comply
Comply Comply
Comply
 
Cost-effective Video Analytics in Smart Cities
Cost-effective Video Analytics in Smart CitiesCost-effective Video Analytics in Smart Cities
Cost-effective Video Analytics in Smart Cities
 
A novel approach towards a Smarter DSLR Camera
A novel approach towards a Smarter DSLR CameraA novel approach towards a Smarter DSLR Camera
A novel approach towards a Smarter DSLR Camera
 
Security framework for connected devices
Security framework for connected devicesSecurity framework for connected devices
Security framework for connected devices
 
Connected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian ScenarioConnected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian Scenario
 
A Sigh of Relief for Patients with Chronic Diseases
A Sigh of Relief for Patients with Chronic DiseasesA Sigh of Relief for Patients with Chronic Diseases
A Sigh of Relief for Patients with Chronic Diseases
 
Painting a Social & Mobile Picture in Real Time
Painting a Social & Mobile Picture in Real TimePainting a Social & Mobile Picture in Real Time
Painting a Social & Mobile Picture in Real Time
 
A Novel Design Approach for Electronic Equipment - FEA Based Methodology
A Novel Design Approach for Electronic Equipment - FEA Based MethodologyA Novel Design Approach for Electronic Equipment - FEA Based Methodology
A Novel Design Approach for Electronic Equipment - FEA Based Methodology
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)
 
Manufacturing Automation and Digitization
Manufacturing Automation and DigitizationManufacturing Automation and Digitization
Manufacturing Automation and Digitization
 
Managing Customer Care in Digital
Managing Customer Care in DigitalManaging Customer Care in Digital
Managing Customer Care in Digital
 
Digital Customer Care Solutions, Smart Customer Care Solutions, Next Gen Cust...
Digital Customer Care Solutions, Smart Customer Care Solutions, Next Gen Cust...Digital Customer Care Solutions, Smart Customer Care Solutions, Next Gen Cust...
Digital Customer Care Solutions, Smart Customer Care Solutions, Next Gen Cust...
 
The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...
The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...
The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...
 
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
 
Transform and Modernize -UK's leading specialists in Pension and Employee Ben...
Transform and Modernize -UK's leading specialists in Pension and Employee Ben...Transform and Modernize -UK's leading specialists in Pension and Employee Ben...
Transform and Modernize -UK's leading specialists in Pension and Employee Ben...
 
"Cost Savings Enabled for European Financial Services company "
"Cost Savings Enabled for European Financial Services company ""Cost Savings Enabled for European Financial Services company "
"Cost Savings Enabled for European Financial Services company "
 

Recently uploaded

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Security for Implantable Medical Devices (IMDs)

  • 1. Security for Implantable Medical Devic es (IMDs)
  • 2. Abstract Market Trends Challenges / Constraints in making IMDs secure Published Solutions Threat Analysis Conclusion RReeffeerreenncceess 3 3 5 5 7 7 8 Table of Contents © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
  • 3. Security for Implantable Medical Devices (IMDs) | 3 Implantable Medical Devices (IMDs) have significantly transformed the medical devices industry. Any device inserted directly into a patient’s body would be very useful in monitoring his/her vital signs, especially in certain conditions such as arrhythmias and diabetes. Such constant monitoring helps relay real-time information in case of life-threatening situations. It also ensures that the patient receives medical attention quickly. Active IMDs are devices that need a power source for their functioning. They connect with the external world wwiirreelleessssllyy aanndd help in monitoring a patient’s condition, remotely. This presents a great advantage for patients, as these devices help to extend and enhance the quality of life. For physicians this means real-time tracking of the patient’s condition. This helps the doctor to change the course of therapy based on the patient’s current condition, and reduces response time. This way the doctor need not wait for the patient to come to him/her for a checkup. However, active IMDs come with an expensive caveat – security. RReesseeaarrcchheerrss hhaavvee ddeemmoonnssttrraatteedd tthhaatt sseeccuurriittyy iiss hhiigghhllyy ccoommpprroommiisseedd iinn tthhee ccaassee ooff IIMMDDss.. AAnnyy hhaacckkeerr wwiitthh mmaalliicciioouuss iinntteenntt can gain access to this device and cause great damage to the life of the person wearing the IMD. Hence, it is imperative that security is inbuilt and that an ecosystem is created to protect human lives. IInn tthhiiss wwhhiitteeppaappeerr,, tthhee ccoonntteexxtt iiss sseett wwiitthh tthhee ttyyppeess ooff ppootteennttiiaall sseeccuurriittyy aattttaacckkss aanndd gguuiiddaannccee ffrroomm vvaarriioouuss rreegguullaattoorryy bodies. It then discusses the challenges and constraints in securing IMDs, followed by solutions that address security threats. The whitepaper also covers factors, such as hackers’ challenges and the advantages that influence the threat impact. As security for IMDs is a niche field, there is a lot of scope for innovation. The role of active IMDs is critical in providing timely medical care whenever a patient needs it. It relays vital information to physicians about the patient’s condition. This, in turn, allows doctors to take proactive action and thus help save lives. An IMD’s primary interface with the external world is through a device called the IMD Programmer. This device is responsible for gathering a patient’s medical information from the IMD and providing commands for therapy to the IMD. With the introduction of Medical Implant Communication Services (MICS) in 1999, the FCC allocated the 402-405 MHz band for this purpose. The latest range of IMDs also makes use of telemetry to beam long-range, high-bandwidth data across remote locations. © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. Abstract Market Trends Why IMDs? Artificial Cardiac Pacemakers, Implantable Cardioverter Defibrillators (ICDs), Neurostimulators and Insulin Pumps are some of the popular active IMDs. Active IMDs equipped with a wireless interface helps in monitoring a patient’s condition remotely while adjusting the therapy based on the patient’s condition at any given time. Using these wireless IMDs, physicians can get real-time data on the patient’s condition and administer the therapy remotely. The major benefit for a patient lies in effort, time and cost savings due to a reduction in planned or unplanned hospital visits. How do IMDs work? Problems in the current context The benefits of wireless connectivity and remote monitoring come with associated security risks. The devices meant to protect people’s lives, if compromised by hackers, can cause security breaches and severe damage to the patients. It can even cause their death under certain circumstances. Some of the ways the security and efficacy of IMDs being breached are listed below:
  • 4. Security for Implantable Medical Devices (IMDs) | 4 Confidentiality: A hacker can use custom equipment to mimic an IMD Programmer, interface with the IMD and access any patient’s personal details and up-to-date health information. These details run the risk of being altered to disastrous effect, and hence should be accessible only by authorized personnel. Integrity: A hacker can connect with the IMD and modify the health information stored in the device, raising false alarms or making the physicians diagnose the situation wrongly. The hacker can also send prescriptive commands to the device to disrupt and degrade the therapy. Availability: In the DOS (Denial of Service) form of attack, a hacker can keep sending queries to the device repeatedly in order to drain the battery quickly, severely impacting/nullifying the device’s functioning. Typically, an IMD’s battery life spans a few years. DOS attacks can drain the battery in a few hours. There has been no reported attack on any medical device so far. However, several researchers have demonstrated in separate instances, the possibilities of such attacks using commercially available IMDs. Daniel Halperin, from the University of Washington, along with other researchers, published a paper in the IEEE Symposium on Security and Privacy, in 2008. They established the possibilities of cyber attacks on IMDs with pacemaker technology. They demonstrated cyber attack aspects such as breaching confidentiality (unauthorized access to patient data) and integrity (wrong therapy settings). At the Black Hat Conference in Las Vegas in 2011, security researcher Jerome Radcliffe, a diabetic himself, demonstrated the vulnerability of the insulin pump by taking complete control of his own IMD, remotely. He could command the pump to deliver insulin every three minutes or stop insulin delivery at will just from a distance of 100 feet. At the Breakpoint conference in Melbourne in October 2012, Barnaby Jack of security vendor IOActive demonstrated the ways in which IMDs could be compromised. He used a laptop 50 feet away from the patient to deliver a deadly, 830-volt shock. He said that there was also a possibility of infecting the vendor’s servers, which in turn could infect the vendor’s implanted IMDs, and thus enable the opportunity to commit mass murder. The U.S. Government Accountability Office (GAO) did a study to determine whether wireless IMDs are protected against information security risks that could affect their safety and effectiveness. In its August 2012 report, the GAO recommended that the Food and Drug Administration (FDA) develop and implement a plan expanding its focus on information security risks. As per FDA reports, there has been no real security attack. However, the FDA came up with a safety communication in June 2013. Cyber security is a focus area for the medical device industry as it concerns potential loss of human lives and sensitive health information. As of today, it is still a nascent technology. © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
  • 5. Challenges to make IMDs secure There are several unique challenges / constraints in securing IMDs against cyber attacks. The scenario is different from securing networks, servers and computers. The major challenge in making IMDs secure is the resource constraint with regard to the processing power, battery, and memory. The situation becomes more complex with the varying mix of security, privacy, efficacy and safety associated with different types of IMDs. Any solution should take care of these constraints. A typical solution attempting to prevent unauthorized access to an IMD may involve a complex encryption / decryption algorithm. Typically, such algorithms require significant processing power. Similarly, if algorithms to detect iinnttrruussiioonnss rruunn on the IMDs on a continual basis, the battery will drain quickly. Replacing the battery necessitates another surgery, which involves money, effort, pain, and even a risk to life itself. Such algorithms can be executed on the IMD programmers. However, the programmer itself may not have a powerful CPU. TThhee sseeccoonndd cchhaalllleennggee iiss ttoo sseeccuurree aallrreeaaddyy iimmppllaanntteedd IIMMDDss.. SSeeccuurriittyy ccaann bbee ddeessiiggnneedd iinnttoo nneeww ddeevviicceess aass tteecchhnnoollooggiieess evolve, even with the constraints stated above. However, over 4 million IMDs (pacemakers and CRM devices alone) have already been implanted in patients’ bodies, worldwide. Another 700,000 devices are implanted every year [1]. As most of these devices were designed several years ago, the required security features relevant in today’s context were not built in at that time. There needs to be a solution to protect already implanted IMDs and the patients. AAnnootthheerr uunniiqquuee cchhaalllleennggee iiss tthhaatt tthhee sseeccuurriittyy ffeeaattuurree bbuuiilltt aarroouunndd IIMMDDss,, sshhoouulldd hhaavvee tthhee aabbiilliittyy ttoo bbee ddiissaabblleedd bbyy pprreevviioouussllyy unauthorized yet competent people such as doctors of a different hospital. Imagine a scenario where the patient is in a critical situation, unable to communicate, and is admitted to a different hospital. The doctors there should be able to use their IMD Programmers and communicate with the device. If the device prevents unauthorized access at that time, the doctor cannot provide the necessary treatment, thus presenting a real danger to the patient. Security designers have to take these kinds of emergency scenarios into account while designing a solution. Published Solutions Security for Implantable Medical Devices (IMDs) | 5 Several solutions have been reported in the literature. These solutions take into account the challenges and constraints posed by IMDs. An external device is a part of many of these solutions. Such external devices can be worn by the patient or kept near the IMD that it is protecting. The following solutions are covered in this section. IMD Shield H2H (Heart-to-Heart) NFC Interface Conducted Communication through Surface ECG Electrodes In SIGCOMM ’11, researchers from MIT and the University of Massachusetts-Amherst presented an innovative solution [8], which does not require any modifications to already implanted IMDs. They used commercially available IMDs and IMD PPrrooggrraammmmeerrss ffoorr tthhee ssttuuddyy.. TThheeyy pprrooppoosseedd aann eexxtteerrnnaall ddeevviiccee ccaalllleedd tthhee ““IIMMDD SShhiieelldd”” tthhaatt aaccttss aass aa ggaatteewwaayy ffoorr tthhee IIMMDD.. IItt can be worn by the patient, like a necklace, ensuring proximity to the device it would be protecting. Communication from IMD to IMD Programmer and vice versa is handled by the shield. The IMD continues to operate the way it was originally designed, and the shield is built with two antennas – one to receive and the other to jam. It receives the patient’s health info from the IMD to forward to the IMD Programmer. It simultaneously jams signals from the IMD, thus © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. IMD Shield
  • 6. Security for Implantable Medical Devices (IMDs) | 6 preventing an intruder device from accessing the patient’s medical information. It jams signals coming from an intruder device, thereby corrupting the info and preventing the IMD from responding to unauthorized commands. Since the shield and IMD Programmer are external devices, their design can be modified as the threat scenario evolves in the future. Heart-to-Heart: Secure Communication ,MD Shield ProΑrammer Figure 1: IMD Shield Researchers at Rice University along with a team at RSA Securities have come up with a solution [9], called “Heart-to-Heart” (H2H). This solution will address the challenge related to medical emergencies. It involves using the patient’s heartbeat as the password. In this method, a special type of IMD Programmer authenticates itself with the IMD by touching the patient’s body and taking the reading of the heartbeat. It also asks the IMD to take the reading of the heartbeat. The IMD Programmer and IMD take independent, time-synchronous ECG readings. The IMD compares the two results. If the results are nearly equal, it grants access to the IMD Programmer. Since the readings are taken in real-time, a hacker will not be able to replay and trick the IMD into getting the access. This solution can be applicable only to new IMDs or to already implanted IMDs that allow a wireless firmware upgrade. NFC Interface: ,MD ProΑrammer ,MD ProΑrammer Figure 2: Heart - to - heart protocol B Kim et al [10] have proposed the use of NFC interface (13.56 MHz frequency band) for all communications between the IMD and the external world through a smart phone with NFC. They proposed a passive NFC tag that harvests energy from the reader’s magnetic field. The major advantage of the NFC interface is its short communication range, limited to about 4-5 cm in free space. They used pork as a substitute to emulate human-like tissue and found that the communication range was reduced by 5-8 mm due to absorption, but still the range was over 4 cm. This ensures that a hacker cannot unleash the attack from a distance of a few meters, which is possible with other interfaces such as MICS or Bluetooth. TThhee oonnllyy disadvantage of the NFC based solution is that it will be available only in the new IMDs under development. Some vendors have started making use of NFC technology for the interface between the IMD and the Programmer. IMDs with NFC are expected to arrive in the market in a couple of years. Conducted Communication through Surface ECG Electrodes: In a remarkable breakthrough in pacemaking, the St. Jude Medical Nanostim Leadless Pacemaker can be implanted inside the heart using a minimally invasive procedure, thereby eliminating the need for surgery [7]. In addition, there is no wireless interface. The communication with the external world is by way of conducted communication through Surface ECG Electrodes [7]. Electrodes will be placed on the chest of the patient and through ECG monitoring, the readings will be taken and the settings will be adjusted, if required. This ensures that a hacker cannot attack remotely. Leadless Pacemaker ,nside Heart Figure 3: Leadless Pacemaker © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
  • 7. Security for Implantable Medical Devices (IMDs) | 7 Threat Analysis If there has been no real attack so far, it could be due to the challenges that hackers may be facing. The following factors lead one to believe that the researchers’ concerns may be far-fetched and that the probability of threats may be low. Proximity: In typical non-IMD cyber attacks, a hacker can be far away from the victim, from the comfort of their workplace at the time of their choice. In the case of an IMD attack, the hacker or the equipment they use to hack should be close to the victim. This requires meticulous preparation, such as visiting the area and identifying the hiding place for the attack. This limitation could act as a major deterrent, thereby reducing the number of hackers who will “invest” in this area. Geographic Spread: The usage of wireless IMDs is concentrated in a few developed countries. When compared to non-IMD cyber attacks, the geographic spread of IMD attack is quite limited. Ethical Aspect: A typical non-IMD hacker derives pride, pleasure and money in hacking the victim’s email accounts or bank accounts. While their acts are legally crimes, they may not consider themselves criminals. However, when it comes to hacking IMDs, they know that they are playing with the victim’s life. Only those hackers with atrociously criminal intent would be getting into this field, thereby limiting the IMD hacker population. However, the following factors paint a different picture. Advantage Hackers: Any solution against cyber attacks has to go through the rigorous compliance testing mandated by regulatory bodies such as the FDA. This results in delaying the deployment by around 5-7 years. Hackers do not have this limitation and they can deploy newly found attacks immediately. High Value Targets: Due to the cost of an IMD, and surgery and maintenance expenses, the rich and famous are more likely to be implanted, making them high-value targets. For instance, the doctors who replaced former U.S. Vice President Dick Cheney's heart defibrillator in 2007 asked the manufacturer to disable the wireless feature, fearing that terrorists might hack the device and try to kill him [11]. From these perspectives, it is imperative that IMDs are adequately secured. Conclusion With the growing usage and complexity of IMDs, there are associated vulnerabilities that compromise the confidentiality, integrity, and availability aspects of these gadgets. The FDA has recognized the issue. Vendors have started taking care of security issues in their new implementations. In this paper, the various possible types of attack and their impact on the patient’s life have been presented. The unique challenges in securing IMDs due to their inherent nature and the usage scenarios have also been explained. Though there have been no reported vulnerabilities, regulatory bodies have taken note of the possibilities and started working with manufacturers and security experts to strengthen cyber security in IMDs. A few solutions taking care ooff CCIIAA aassppeeccttss published in the literature have been presented. In addition, the challenges and advantages from the hackers’ point of view have been presented. © 2014, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
  • 8. Security for Implantable Medical Devices (IMDs) | 8 Conducted communication and NFC interface based devices are likely to be the earliest solutions that will be available to patients in the near future. All other solutions are in the conceptual stage with the researchers still in discussion with vendors to implement the solution in upcoming devices. Cyber security for IMDs is a nascent technology where a lot needs to be done before the potential threats become real. It is hoped that the reader finds this ecosystem overview helpful. References St. Jude Medical Announces Acquisition and CE Mark Approval of World's First Leadless Pacemaker, October 14, 2013 http://investors.sjm.com/phoenix.zhtml?c=73836&p=irol-newsArticle_Print&ID=1863989 Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses by Kevin Fu et al. http://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1067&context=cs_faculty_pubs Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System by Jerome Radcliffe, presented at Black Hat Technical Security Conference: USA 2011. http://cs.uno.edu/~dbilar/BH-US-2011/materials/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf "Broken Hearts": How plausible was the Homeland pacemaker hack? bbyy BBaarrnnaabbyy JJaacckk.. http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html FDA Should Expand Its Consideration of Information Security for Certain Types of Devices, GAO, August 2012. http://www.gao.gov/assets/650/647767.pdf FDA Safety Communication: Cyber security for Medical Devices and Hospital Networks, June 13, 2013 http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm Leadless cardiac pacemaker with conducted communication, hhttttpp::////wwwwww..ggooooggllee..ccoomm//ppaatteennttss//WWOO22001133005588995588AA11 They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices, presented at SIGCOMM ’11 by Shyamnath et al. http://groups.csail.mit.edu/netmit/IMDShield/paper.pdf Heart-to-Heart (H2H): Authentication for Implanted Medical Devices, by Masoud Rostami et al, to be presented at CCS’13, November 4–8, 2013, Berlin, Germany http://www.aceslab.org/sites/default/files/H2H.pdf In-Vivo NFC: Remote Monitoring of Implanted Medical Devices with Improved Privacy, by Kim B et al, SenSys ’12, November 6-9, 2012, Toronto, Canada http://dl.acm.org/citation.cfm?id=2426691&dl=ACM&coll=DL&CFID=376029119&CFTOKEN=76995657 CChheenneeyy''ss ddeefifibbrriillllaattoorr wwaass mmooddiififieedd ttoo pprreevveenntt hhaacckkiinngg,, bbyy DDaannaa FFoorrdd,, CCNNNN,, OOccttoobbeerr 2244,, 22001133 http://www.cnn.com/2013/10/20/us/dick-cheney-gupta-interview/ Author Info Ashok Kumar V HCL Engineering and R&D Services Designed By: Mayuri Infomedia This whitepaper is published by HCL Engineering and R&D Services. The views and opinions in this article are for informational purposes only and should not be considered as a substitute for professional business advice. The use herein of any trademarks is not an assertion of ownership of such trademarks by HCL nor intended to imply any association between HCL and lawful owners of such trademarks. For more information about HCL Engineering and R&D Services, Please visit http://www.hcltech.com/engineering-rd-services Copyright@ HCL Technologies AAllll rriigghhttss rreesseerrvveedd..