review-article

Public Access

A brief chronology of medical device security

Authors:

A. J. Burns,

M. Eric Johnson,

Peter HoneymanAuthors Info & Claims

Communications of the ACM, Volume 59, Issue 10

Pages 66 - 72

https://doi.org/10.1145/2890488

Published: 22 September 2016 Publication History

All formats PDF

Abstract

With the implantation of software-driven devices comes unique privacy and security threats to the human body.

References

[1]

Applegate, S.D. The dawn of kinetic cyber. In Proceedings of the 5^th International Conference on Cyber Conflict. IEEE, 2013, 1--15.

Google Scholar

[2]

Bellissimo, A. et al. Secure software updates: Disappointments and new challenges. In Proceedings of the USENIX Summit on Hot Topics in Security, 2006.

Digital Library

Google Scholar

[3]

Burleson, W. et al. Design challenges for secure implantable medical devices. In Proceedings of the 49^th Annual Design Automation Conference. ACM, 2012, 12--17.

Digital Library

Google Scholar

[4]

Chenok, D.J. ISPAB Letter to U.S. Office of Management and Budget (2012); http://csrc.nist.gov/groups/SMA/ispab/documents/correspondence/ispab-ltr-to-omb_med_device.pdf.

Google Scholar

[5]

Curfman, G.D. et al. The medical device safety act of 2009. New Eng. J. Med. 360, 15 (2009), 1550--1551.

Crossref

Google Scholar

[6]

Faris, T.H. Safe and Sound Software: Creating an Efficient and Effective Quality System for Software Medical Device Organizations. ASQ Quality Press, 2006.

Digital Library

Google Scholar

[7]

Food and Drug Administration. Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; Guidance for Industry and Food and Drug Administration Staff (2014); http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM356190.pdf.

Google Scholar

[8]

Food and Drug Administration. Postmarket Management of Cybersecurity in Medical Devices; Draft Guidance for Industry and Food and Drug Administration Staff (2016); http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf.

Google Scholar

[9]

Fu, K. Trustworthy medical device software. Workshop Report on Public Health Effectiveness of the FDA 510 (k) Clearance Process: Measuring Postmarket Performance and Other Select Topics. National Academies Press. Washington, D.C. (2011), 102.

Google Scholar

[10]

Gollakota, S. et al. They can hear your heartbeats: Non-invasive security for implantable medical devices. ACM SIGCOMM Computer Communication Review 41, 4 (2011), 2--13.

Digital Library

Google Scholar

[11]

Hafemeister, T.L. and Spinos, S. Lean on me: A physician's fiduciary duty to disclose an emergent medical risk to the patient. Washington University Law Review 86, 5 (2009).

Google Scholar

[12]

Halperin, D. et al. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of IEEE Symposium on Security and Privacy. IEEE, 2008, 129--142.

Digital Library

Google Scholar

[13]

Hauser, R.G. and Maron, B.J. Lessons from the failure and recall of an implantable cardioverter-defibrillator. Circulation 112, 13 (2005), 2040--2042.

Crossref

Google Scholar

[14]

Kilbridge, P. Computer crash-lessons from a system failure. New Eng. J. Medicine 348, 10 (2003), 881--882.

Crossref

Google Scholar

[15]

Lee, I. et al. High-confidence medical device software and systems. Computer 39, 4 (2006), 33--38.

Digital Library

Google Scholar

[16]

Leveson, N.G. and Turner, C.S. An investigation of the Therac-25 accidents. Computer 26, 7 (1993), 18--41.

Digital Library

Google Scholar

[17]

Li, C. et al. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In Proceedings of the 13^th IEEE International Conference on e-Health Networking Applications and Services. IEEE, 2011, 150--156.

Google Scholar

[18]

Maisel, W.H. et al. Recalls and safety alerts involving pacemakers and implantable cardioverter-defibrillator generators. JAMA 286, 7 (2001), 793--799.

Crossref

Google Scholar

[19]

Meier, B. Maker of heart device kept flaw from doctors. New York Times, 2005.

Google Scholar

[20]

National Institute of Standards and Technology (NIST). Framework for Improving Critical Infrastructure Cybersecurity (Ver. 1.0) Feb. 12, 2014; http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf.

Digital Library

Google Scholar

[21]

Perrow, C. Normal Accidents: Living with High Risk Technologies. Princeton University Press, 2011.

Google Scholar

[22]

Rushanan, M. et al. SoK: Security and privacy in implantable medical devices and body area networks. In Proceedings of the 2014 IEEE Symposium on Security and Privacy. IEEE CS, 524--539.

Digital Library

Google Scholar

[23]

Vladeck, D.C. Medical Device Safety Act of 2009: Hearing before the Subcomm. on Health of the Comm. on Energy and Commerce (111^th Cong., May 12, 2009); http://scholarship.law.georgetown.edu/cong/45.

Google Scholar

[24]

Zhang, M. et al. MedMon: Securing medical devices through wireless monitoring and anomaly detection. IEEE Trans. Biomedical Circuits and Systems 7, 6 (2013), 871--881; DOI 10.1109/TBCAS.2013.2245664.

Crossref

Google Scholar

[25]

Zhang, M. et al. Towards trustworthy medical devices and body area networks. In Proceedings of the 50^th Annual Design Automation Conference. ACM, 2013, 1--6.

Digital Library

Google Scholar

Cited By

View all

Goswami ABaveja AMelamed BRoberts F(2024)Prevention and Mitigation of Disruptions in Medical Device Supply Chains: A Policy PerspectiveJournal of Science Policy & Governance10.38126/JSPG24010824:01Online publication date: 29-Apr-2024
https://doi.org/10.38126/JSPG240108
Ewoh PVartiainen T(2024)Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic ReviewJournal of Medical Internet Research10.2196/4690426(e46904)Online publication date: 31-May-2024
https://doi.org/10.2196/46904
Mejía-Granda CFernández-Alemán JCarrillo-de-Gea JGarcía-Berná J(2023)Security vulnerabilities in healthcare: an analysis of medical devices and softwareMedical & Biological Engineering & Computing10.1007/s11517-023-02912-062:1(257-273)Online publication date: 4-Oct-2023
https://doi.org/10.1007/s11517-023-02912-0
Show More Cited By

Index Terms

A brief chronology of medical device security

Recommendations

An analysis method for medical device security
HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security

This paper is a proposal for a poster. In it we describe a medical device security approach that researchers at Fraunhofer used to analyze different kinds of medical devices for security vulnerabilities. These medical devices were provided to Fraunhofer ...
A Security Argument Pattern for Medical Device Assurance Cases
ISSREW '14: Proceedings of the 2014 IEEE International Symposium on Software Reliability Engineering Workshops

Medical device security is a growing concern for medical device manufacturers, healthcare delivery organisations and regulators in the industry. Increasingly, researchers are demonstrating exactly how vulnerable these devices are. In many cases, ...
Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Communications of the ACM Volume 59, Issue 10

October 2016

85 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/3001840

Editor:
Moshe Y. Vardi
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 September 2016

Published in CACM Volume 59, Issue 10

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Review-article
Popular
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
26,860
Total Downloads

Downloads (Last 12 months)890
Downloads (Last 6 weeks)133

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Goswami ABaveja AMelamed BRoberts F(2024)Prevention and Mitigation of Disruptions in Medical Device Supply Chains: A Policy PerspectiveJournal of Science Policy & Governance10.38126/JSPG24010824:01Online publication date: 29-Apr-2024
https://doi.org/10.38126/JSPG240108
Ewoh PVartiainen T(2024)Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic ReviewJournal of Medical Internet Research10.2196/4690426(e46904)Online publication date: 31-May-2024
https://doi.org/10.2196/46904
Mejía-Granda CFernández-Alemán JCarrillo-de-Gea JGarcía-Berná J(2023)Security vulnerabilities in healthcare: an analysis of medical devices and softwareMedical & Biological Engineering & Computing10.1007/s11517-023-02912-062:1(257-273)Online publication date: 4-Oct-2023
https://doi.org/10.1007/s11517-023-02912-0
Gopalakrishnan KBalakrishnan AGovardhanan KSelvarasu S(2022)Propositional Inference for IoT Based Dosage Calibration System Using Private Patient-Specific Prescription against Fatal DosagesSensors10.3390/s2301033623:1(336)Online publication date: 28-Dec-2022
https://doi.org/10.3390/s23010336
Riegler MSametinger JRozenblit J(2022)Context-Aware Security Modes For Medical Devices2022 Annual Modeling and Simulation Conference (ANNSIM)10.23919/ANNSIM55834.2022.9859283(372-382)Online publication date: 18-Jul-2022
https://doi.org/10.23919/ANNSIM55834.2022.9859283
Ahouanmenou SVan Looy APoels G(2022)Information security and privacy in hospitals: a literature mapping and review of research gapsInformatics for Health and Social Care10.1080/17538157.2022.204927448:1(30-46)Online publication date: 17-Mar-2022
https://doi.org/10.1080/17538157.2022.2049274
Bai XHu XWang CLim MVilela AGhadimi PYao CStanley HXu H(2022)Most influential countries in the international medical device trade: Network-based analysisPhysica A: Statistical Mechanics and its Applications10.1016/j.physa.2022.127889604(127889)Online publication date: Oct-2022
https://doi.org/10.1016/j.physa.2022.127889
Pavlík LChytilová EZimmermannová J(2021)Security Aspects of Healthcare Organization from the Perspective of Digitization of Facility ManagementWSEAS TRANSACTIONS ON BUSINESS AND ECONOMICS10.37394/23207.2021.18.3618(360-366)Online publication date: 25-Jan-2021
https://doi.org/10.37394/23207.2021.18.36
Oh SSeo YLee EKim Y(2021)A Comprehensive Survey on Security and Privacy for Electronic Health DataInternational Journal of Environmental Research and Public Health10.3390/ijerph1818966818:18(9668)Online publication date: 14-Sep-2021
https://doi.org/10.3390/ijerph18189668
Zendehdel GKaur RChopra IStakhanova NScheme E(2021)Automated Security Assessment Framework for Wearable BLE-enabled Health Monitoring DevicesACM Transactions on Internet Technology10.1145/344864922:1(1-31)Online publication date: 14-Sep-2021
https://dl.acm.org/doi/10.1145/3448649
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

An analysis method for medical device security

A Security Argument Pattern for Medical Device Assurance Cases

Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Funding Sources

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Digital Edition

Magazine Site

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations