SECURITY AND SAFETY issues in the medical domain
take many different forms. Examples range from
purposely contaminated medicine to recalls of
vascular stents, and health data breaches. Risks
resulting from unintentional threats have long
been known, for example, interference from
Security risks resulting from intentional threats
have only recently been confirmed, as medical devices
increasingly use newer technologies such as wireless
communication and Internet access. Intentional
threats include unauthorized access of a medical
device or unauthorized change of settings of such a
device. A senior official in the device unit of the U.S.
Food and Drug Administration (FDA) has often been
cited with the following statement: “We are aware
of hundreds of medical devices that
have been infected by malware.”
Even though deaths and injuries have
not yet been reported from such intru-
sions, it is not difficult to imagine that
someday they will. There is no doubt
that health care will increasingly be
digitized in the future. Medical devic-
es will increasingly become smarter
and more interconnected. The risk
of computer viruses in hospitals and
clinics is one side effect of this trend.
Without suitable countermeasures,
more data breaches and even mali-
cious attacks threatening the lives of
patients may result.
Security is about protecting infor-
mation and information systems from
unauthorized access and use. As men-
tioned, medical devices have more and
more embedded software with com-
munication mechanisms that now
qualify them as information systems.
Confidentiality, integrity, and avail-
ability of information are core design
and operational goals. Secure software
is supposed to continue to function
correctly under a malicious attack.
this sense, medical device security is
the idea of engineering these devices
so they continue to function correctly
even if under a malicious attack. This
includes internal hardware and soft-
ware aspects as well as intentional and
unintentional external threats.
Medical devices comprise a broad
range of instruments and implements.
Implantable devices, often dependent
on software, save countless lives.
But how secure are they?
BY JOHANNES SAMETINGER, JERZY ROZENBLIT,
ROMAN LYSECKY, AND PETER OTT
˽ Healthcare poses security challenges
due to the sensitivity of health records,
the increasing interoperability of medical
devices, and simply the fact that human
well-being and life are at stake.
˽ Implantable devices are especially
critical, as they may potentially put
patients in life-threatening situations
when not properly secured.
˽ Medical devices are becoming noticeably
important for millions of patients
worldwide. Their increasing dependence
on software and interoperability
with other devices via wireless
communication and the Internet has
put security at the forefront.