Implantable longer ”invisible”, as its presence could be

Implantable
medical devices (IMDs) have advanced considerably in the last few decades ,
promising unprecedented access to the human body to gather personal health data
anytime and anywhere. These devices—including pacemakers, implantable cardiac
defibrillators (ICDs), drug delivery systems, and neurostimulators—can help
manage a broad range of ailments, such as cardiac arrhythmia, diabetes, and
Parkinson’s disease (see the “Pacemakers and Implantable Cardiac Defibrillators”.

IMD’s pervasiveness continues to swell, with upward of 25 million US citizens
currently reliant on them for life critical functions. Moreover, the latest
IMDs support delivery of telemetry for remote monitoring over long-range,
high-bandwidth wireless links, and emerging devices will communicate with other
interoperating IMDs. The devices are extremely reliable, capable of operating
for years if not decades inside the body of a patient, but on the other hand
there is a distinct lack in security features such as encryption and
authentication, which seem to be poorly planned for.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Careful
designing choices need to be made when security features are implemented so
that doctors can have the possibility of accessing their patient’s devices
easily whilst keeping at bay potential attackers. The provision of security
guarantees is imperative as the complexity and the intrusiveness of the devices
grows.

 The wireless communication capabilities
present in many modern IMDs are a major source of security risks, particularly
while the patient is in open (i.e., non-medical) environments. To begin with,
the implant becomes no longer ”invisible”, as its presence could be remotely
detected. Furthermore, it facilitates the access to transmitted data by
eavesdroppers who simply listen to the (insecure) channel. This could result in
a major privacy breach, as IMDs store sensitive information such as vital
signals, diagnosed conditions, therapies, and a variety of personal data (e.g.,
birth date, name, and other medically relevant identifiers). A vulnerable
communication channel also makes it easier to attack the implant in ways
similar to those used against more common computing devices, i.e., by forging,
altering, or replying previously captured messages. This could potentially
allow an adversary to monitor and modify the implant without necessarily being
close to the victim. In this regard, the concerns of former U.S. vice-president
Dick Cheney constitute an excellent example: he had his Implantable
Cardioverter Defibrillator (ICD) replaced by another without WIFI capability.

Security
vulnerabilities are widespread and severe in wireless-connected medical
devices. Not only the confidentiality of patients’ data is at risk, but also
involve the processing of unauthorized commands, which can turn out to be
fatal. Several pacemakers have little to no security in wireless communication,
although they allow for control commands to be transmitted wirelessly. This
implies that a malicious attacker could spoof a command in order to send shocks
to a patient. Insulin pumps can be commanded to manipulate dosage and other
settings without the patients’ knowledge (Mills, 2011). Given the vast number
of these critical vulnerabilities, the security of wireless communication in
current medical devices is clearly inadequate.

 

The greatest data-security
risks for medical devices

The
network-attached group far outnumbers the IMD group, but both have one thing in
common—a very long life span! No one wants a pacemaker that needs to be
replaced every year or two, and hospitals simply can’t afford to rip and
replace their multimillion-dollar investment in x-ray machines and PET and CT
scanners if they still work perfectly. Many current medical devices are 15 or
20 years old already, placed into service when the rest of us were deploying
Windows 95 and dial-up modems.

The
greatest
risk to medical devices, however, is that
they lack even the basic security protections that a $200 home PC has—things
like antivirus software and a host firewall. The danger is that when a malware
worm gets into a hospital and spreads its way laterally across the network to
reach highly vulnerable medical devices, it either quickly infects them (many
of the newer models run a form of Windows XP), or the malware multicast traffic
storm causes the medical device to crash or just stop working. It’s not that
someone hacked and changed a parameter—although that is a distinct
possibility—but it’s more likely that its battery becomes quickly drained and
powers off, or the system blue screens and ceases to provide life-sustaining
care.

                 In order to prevent attacks,
it is imperative that the new generation of IMDs will be equipped with strong
mechanisms guaranteeing basic security properties such as confidentiality,
integrity, and availability. For example, mutual authentication between the IMD
and medical personnel is essential, as both parties must be confident that the
other end is who claims to be. In the case of the IMD, only commands coming
from authenticated parties should be considered, while medical personnel should
not trust any message claiming to come from the IMD unless sufficient
guarantees are given.

Preserving
the confidentiality of the information stored in and transmitted by the IMD is
another mandatory aspect. The device must implement appropriate security
policies that restrict what entities can reconfigure the IMD or get access to
the information stored in it, ensuring that only authorized operations are
executed. Similarly, security mechanisms have to be implemented to protect the
content of messages exchanged through an insecure wireless channel.

 Integrity protection is equally important to
ensure that information has not been modified in transit. For example, if the
information sent by the implant to the Programmer is altered, the doctor might
make a wrong decision. Conversely, if a command sent to the implant is forged,
modified, or simply contains errors, its execution could result in a compromise
of the patient’s physical integrity.

Technical
security mechanisms should be incorporated in the design phase and complemented
with appropriate legal and administrative measures. Current legislation is
rather permissive in this regard, allowing the use of implants like ICDs that
do not incorporate any security mechanisms. Regulatory authorities like the FDA
in the U.S or the EMA (European Medicines Agency) in Europe should promote
metrics and frameworks for assessing the security of IMDs. These assessments
should be mandatory by law, requiring an adequate security level for an implant
before approving its use. Moreover, both the security measures supported on
each IMD and the security assessment results should be made public.

In
this paper we choosed St. Jude pacemaker because its the world’s smallest,
longest-lasting wireless MRI pacemaker, the Assurity MRI™ pacemaker offers
premium features in a wireless device designed specifically to allow full-body
1.5T MRI scans.

x

Hi!
I'm Mack!

Would you like to get a custom essay? How about receiving a customized one?

Check it out