Advanced Cryptography Research Project

Security in Medical Devices

Abstract:

With the digitalization of many of today's devices, including medical equipment, many customers are worried about the security of their medical devices, especially those whose lives depend on them. Such devices include electronic pacemakers, insulin pumps, and life support machinery. These patients worry that hackers can gain access to these devices and compromise them or steal medical data. People's identification, privacy, and even their lives are threatened if hackers can gain access and control of these devices, especially with cyber-attacks potentially weaponizing such devices. While many individuals and companies have begun finding methods to secure their medical information and devices, there are many who still lack adequate protection.

This report will take a closer look into the efforts placed into securing medical devices and information, known vulnerabilities and cybercrime statistics against medical devices and data, practical measures that can be taken to improve security of a medical device, and algorithms currently deployed or in development to improve their security.

Contents

  1. Overview
    1. Introduction
    2. Early Security Concerns for Medical devices
  2. 2008 UMass/UWashingon study on Implantable Cardioverter Defibrillator security
    1. Finding vulnerabilities
    2. Zero-power defenses
    3. Further work based on or similar to this paper
  3. Other Practical Security Measures
    1. Self-implemented measures for Insulin Pumps and Glucose Monitors
  4. Conclusion
  5. Further reading

Definitions

Presentation

Phase 3 Powerpoint
Final Presentation

Paper

Final report

Selected References

  1. S. Noimanee, K. Noimanee, S. Krisanachinda and W. Senavongse, "Study of cybercrime and security in medical devices," 2016 Biomedical Engineering International Conference (BMEiCon-2016)
  2. S. Jagannathan and A. Sorini, "A cybersecurity risk analysis methodology for medical devices," 2015 IEEE Symposium on Product Compliance Engineering (ISPCE), pp. 1-6
  3. "Postmarket Management of Cybersecurity in Medical Devices - Guidance for Industry and Food and Drug Administration Staff" - Food and Drug Administration. December 28, 2016
  4. OpenAPS.org, an open source project that allows those with Type I Diabetes to program their own insulin pumps
  5. Lewis, D., Leibrand, S., & OpenAPS Community, "Real-World Use of Open Source Artificial Pancreas Systems," Journal of Diabetes Science and Technology, 10(6), 1411.
  6. D. Halperin, T.S. Heyd-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu and W.H. Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," 2008 IEEE Symposium on Security and Privacy.
  7. Nightscout, another diabetes-related open source project focusing on making glucose data available online

Return home
Return to Cryptography