Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices—A review

Tahreem Yaqoob, Haider Abbas, Mohammed Atiquzzaman

Research output: Contribution to journalReview articlepeer-review

162 Citations (Scopus)

Abstract

Over the last few years, healthcare administrations have been digitizing their provision of care that led to an increased number of networked medical devices and medical telemetry. Due to such digitization, medical devices have made phenomenal strides in the course of the last half-century. These networked medical devices have enhanced the quality and accessibility of health treatments by achieving pervasive healthcare vision. Moreover, these devices have transformed the canvas of medical treatments and improved the lives of the masses. Such innovation, as a result, assisted in paving the way for reliable
healthcare facilities through the introduction of new areas of therapeutic and diagnostic treatments. Medical devices, nowadays, are portable, networked, and capable enough to facilitate human lives. The refined quality and variety of these devices put forward a promising future. However, on the other hand, the healthcare sector is experiencing the greatest amount of security breaches due to the presence of security flaws in medical devices. As these devices are no longer standalone systems and are network-connected, the attack surface has increased profoundly. Actually, devices in practice were designed, developed, and disseminated long ago. Therefore, they were not developed from the ground up with security as a vital design constraint. The flaws present in these devices have acquired the consideration of researchers from both industry and academia. In this paper, we studied security vulnerabilities present in state-of-the-art medical devices by studying security tests and the attacks demonstrated by the researchers on more than a hundred devices. Finally, some state-of-the-art solutions and countermeasures along with applicable regulations in literature were also studied and analyzed. Since these devices are life-critical and can even cause the death of a patient, therefore, this survey is significant as it can assist researchers to get an overview of loopholes present in medical devices and existing countermeasures. We concluded this survey paper with some open research areas that should be properly considered in order to secure these life-critical medical devices.
Original languageEnglish
Pages (from-to)3723-3768
Number of pages46
JournalIEEE Communications Surveys and Tutorials
Volume21
Issue number4
Early online date30 Apr 2019
DOIs
Publication statusPublished - 25 Nov 2019
Externally publishedYes

Funder

This work was supported by the Higher Education Commission, Pakistan, through its initiative of National Center for Cyber Security for the affiliated laboratory National Cyber Security Auditing and Evaluation Lab under Grant 2(1078)/HEC/M&E/2018/707.

Funding

This work was supported by the Higher Education Commission, Pakistan, through its initiative of National Center for Cyber Security for the affiliated laboratory National Cyber Security Auditing and Evaluation Lab under Grant 2(1078)/HEC/M&E/2018/707.

FundersFunder number
Higher Education Commission of Pakistan2(1078)/HEC/M&E/2018/707

    Keywords

    • Medical devices
    • security vulnerabilities
    • wearables
    • implantable devices
    • on-site medical equipment
    • FDA
    • HIPAA

    Fingerprint

    Dive into the research topics of 'Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices—A review'. Together they form a unique fingerprint.

    Cite this