Software-based medical devices enable fast product-development cycles, constructive information sharing, and configurable therapy delivery, resulting in better patient outcomes overall. An unfortunate drawback is that software is complicated and difficult to maintain correctly. Devices with inadequate software maintenance may pose operational risks to network security and patient safety and privacy. This paper describes a noninvasive approach to medical-device monitoring that can address some of the shortcomings of conventional approaches.

Protecting software-based medical devices from malware infections or network-based mischief is a growing concern for clinical engineers and healthcare information technology (IT) practitioners. Unlike desktop PCs and laptops, medical devices often lack support for antivirus systems or operating-system patches, despite running off-the-shelf operating systems and commercial third-party software. Manufacturers have cited previous regulatory approval as a reason not to support software updates [1], despite the Food and Drug Administration's clarifications to the contrary [...

References

References
1.
Baxa
,
2012
, “
Preventing Cyber Attacks
,” Baxa Corp., Englewood, CO, accessed Oct. 15, 2012, http://blog.secure-medicine.org/2012/06/baxas-non-approved-software-policy.html
2.
U.S. FDA, 2009, “
Cybersecurity for Networked Medical Devices is a Shared Responsibility: FDA Safety Reminder
,” U.S. Food and Drug Administration, Silver Spring, MD, accessed April 8, 2016, http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm189111.htm
3.
Talbot
,
D.
,
2012
, “
Computer Viruses are ‘Rampant’ on Medical Devices in Hospitals
,”
MIT Technology Review
, Oct. 17 (epub), accessed Nov. 9, 2015.
4.
Kandek, W., 2014, “Windows XP Usage Lower Across Industries,” Qualys Inc., Redwood City, CA (epub), accessed Nov. 9, 2015, https://community.qualys.com/blogs/laws-of-vulnerabilities/2014/04/02/windows-xp-usage-lower-across-industries
5.
O'Brien, G., and Khanna, G., 2014, “Wireless Medical Infusion Pumps—Medical Device Security,” National Cybersecurity Center of Excellence (NCCoE), U.S. National Institute of Standards and Technology, Gaithersburg, MD, accessed Dec. 18, 2014, http://nccoe.nist.gov/sites/default/files/nccoe/NCCOE_HIT-Medical-Device-Use-Case.pdf
6.
Durumeric
,
Z.
,
Kasten
,
J.
,
Adrian
,
D.
,
Halderman
,
J. A.
,
Bailey
,
M.
,
Li
,
F.
,
Weaver
,
N.
,
Amann
,
J.
,
Beekman
,
J.
,
Payer
,
M.
, and
Paxson
,
V.
,
2014
, “
The Matter of Heartbleed
,”
Internet Measurement Conference
(
IMC'14
), Vancouver, BC, Canada, Nov. 5–7, pp.
475
488
.
7.
Zetter
,
K.
,
2015
, “
Hacker Can Send Fatal Dose to Hospital Drug Pumps
,” Wired Magazine, Boone, IA, accessed Nov. 9, 2015, http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/
8.
TrapX Labs
,
2015
, “
Anatomy of an Attack: MedJack (Medical Device Hijack)—Anatomy of an Attack
,” TrapX Security, Inc., San Mateo, CA, accessed Nov. 9, 2015, http://deceive.trapx.com/rs/929-JEW-675/images/AOA_Report_TrapX_AnatomyOfAttack-MEDJACK.pdf
9.
Williams
,
P. A.
, and
Woodward
,
A. J.
,
2015
, “
Cybersecurity Vulnerabilities in Medical Devices: A Complex Environment and Multifaceted Problem
,”
Med. Devices
,
8
, pp.
305
316
.
10.
Clark
,
S.
,
Mustafa
,
H.
,
Ransford
,
B.
,
Sorber
,
J.
,
Fu
,
K.
, and
Xu
,
W.
,
2013
, “
Current Events: Identifying Webpages by Tapping the Electrical Outlet
,”
18th European Symposium on Research in Computer Security
(
ESORICS
), Egham, UK, Sept. 9–13, pp.
700
717
.
11.
Clark
,
S. S.
,
Ransford
,
B.
,
Rahmati
,
A.
,
Guineau
,
S.
,
Sorber
,
J.
,
Fu
,
K.
, and
Xu
,
W.
,
2013
, “
WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices
,”
USENIX
Workshop on Health Information Technologies
, Washington, DC, Aug. 12.
You do not currently have access to this content.