Securing the Internet of Healthcare

Cybersecurity, which includes the security of information technology (IT), is critical to ensuring that society trusts, and therefore can benefit from, modern technology. Problematically, though, rarely a day goes by without a news story related to how critical data has been exposed, exfiltrated, or otherwise inappropriately used or accessed as a result of supply chain vulnerabilities. From the Russian government’s campaign to influence the 2016 U.S. presidential election to the September 2017 Equifax breach of more than 140 million Americans’ credit reports, cyber risk has become a topic of conversation in boardrooms and the White House, on Wall Street and main street. But these discussions often miss the problems replete in the expansive supply chains on which many of these products and services we depend on are built; this is particularly true in the medical device context. The problem recently made national news with the voluntary recall of more than 400,000 pacemakers that were found to be vulnerable to hackers, necessitating a firmware update. This Article explores the myriad vulnerabilities in the supply chain for medical devices, investigates existing FDA cybersecurity and privacy regulations to identify any potential governance gaps, and suggests a path forward to boost cybersecurity due diligence for manufacturers by making use of new approaches and technologies, including blockchain

Wireless body sensor networks for health-monitoring applications

This is an author-created, un-copyedited version of an article accepted for publication in Physiological Measurement. The publisher is not responsible for any errors or omissions in this version of the manuscript or any version derived from it. The Version of Record is available online at http://dx.doi.org/10.1088/0967-3334/29/11/R01

Security and privacy issues in implantable medical devices: A comprehensive survey

Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices

Wireless communication has become an intrinsic part of modern implantable medical devices (IMDs). Recent work, however, has demonstrated that wireless connectivity can be exploited to compromise the confidentiality of IMDs' transmitted data or to send unauthorized commands to IMDs---even commands that cause the device to deliver an electric shock to the patient. The key challenge in addressing these attacks stems from the difficulty of modifying or replacing already-implanted IMDs. Thus, in this paper, we explore the feasibility of protecting an implantable device from such attacks without modifying the device itself. We present a physical-layer solution that delegates the security of an IMD to a personal base station called the shield. The shield uses a novel radio design that can act as a jammer-cum-receiver. This design allows it to jam the IMD's messages, preventing others from decoding them while being able to decode them itself. It also allows the shield to jam unauthorized commands---even those that try to alter the shield's own transmissions. We implement our design in a software radio and evaluate it with commercial IMDs. We find that it effectively provides confidentiality for private data and protects the IMD from unauthorized commands.National Science Foundation (U.S.). (Grant number CNS-0831244)National Science Foundation (U.S.). Graduate Research Fellowship ProgramAlfred P. Sloan Foundation. FellowshipUnited States. Dept. of Health and Human Services. Cooperative Agreement (90TR0003/01