JIA Ling-xiao,ZHOU Yong-zhong,ZHU Wei-xing,MA Hao

DOI: https://doi.org/10.3969/j.issn.1001-4551.2007.07.012

2007-01-01

Abstract:Remote power-supply technology and its states and foreground in modern application on network communication facilities were introduced.A new surveillant block design strategy with high compatibility and modularized was proposed.The structure of remote power-supply system,the hardware design scheme and software strategy on power-management of the power-distribution manager were presented.Experimental results indicate that the new design improves the efficiency of surveillance on the facilities under control,and realizes power distribution with accuracy and intelligence.

YANG Jun,PAN Qi-ming,JIN Wei

2012-01-01

Abstract:Objective:Regulations and requirements of application security and quality assurance will merged into software module design,and then guide and develop the medical equipment detect and risk assessment.Methods:We compiled software by C/S architecture,SQL Server 2000 database,Delphi 7 and windows operating system.Results:It could provide guarantee by the software which is integrated by maintenance,measurement and quality control.Conclusion:The development and application of medical equipment information management system promote the management,construction and improve the security.

Haotian Chi,Longfei Wu,Xiaojiang Du,Qiang Zeng,Paul Ratazzi

DOI: https://doi.org/10.1109/cns.2018.8433213

2018-05-01

Abstract:To facilitate monitoring and management, modern Implantable Medical Devices (IMDs) are often equipped with wireless capabilities, which raise the risk of malicious access to IMDs. Although schemes are proposed to secure the IMD access, some issues are still open. First, pre-sharing a long-term key between a patient’s IMD and a doctor’s programmer is vulnerable since once the doctor’s programmer is compromised, all of her patients suffer; establishing a temporary key by leveraging proximity gets rid of pre-shared keys, but as the approach lacks real authentication, it can be exploited by nearby adversaries or through man-in-the-middle attacks. Second, while prolonging the lifetime of IMDs is one of the most important design goals, few schemes explore to lower the communication and computation overhead all at once. Finally, how to safely record the commands issued by doctors for the purpose of forensics, which can be the last measure to protect the patients’ rights, is commonly omitted in the existing literature. Motivated by these important yet open problems, we propose an innovative scheme e-SAFE, which significantly improves security and safety, reduces the communication overhead and enables IMD-access forensics. We present a novel lightweight compressive sensing based encryption algorithm to encrypt and compress the IMD data simultaneously, reducing the data transmission overhead by over 50% while ensuring high data confidentiality and usability. Furthermore, we provide a suite of protocols regarding device pairing, dual-factor authentication, and accountability-enabled access. The security analysis and performance evaluation show the validity and efficiency of the proposed scheme.

Zhangtan Li,Liang Cheng,Yang Zhang,Dengguo Feng

DOI: https://doi.org/10.1007/978-3-030-86130-8_10

2021-01-01

Abstract:The Medical Cyber-Physical System (MCPS) holds the promise of reducing human errors and optimizing healthcare by integrating medical devices, applications and network. MCPS utilizes high-level supervisory and low-level communication middleware to enable medical devices to interoperate efficiently. Despite the benefits provided by MCPS, the integration of clinical information also brings new threats for the clinical data. In this paper, we performed a study on security and safety risks in MCPS's networks. We systematically analyzed different attack surfaces on MCPS's networks based on misuse and abuse of clinical data. We successfully performed end-to-end attacks based on OpenICE, a popular MCPS prototype, and demonstrated the clinical risks of these attacks and the design flaws in OpenICE. We further proposed a Topic-based access control model with Break-The-Glass feature to provide fine-grained access control for clinical data. We implemented the model in two MCPS prototypes, and evaluated its effectiveness and efficiency.

Matan Kintzlinger,Nir Nissim

DOI: https://doi.org/10.1016/j.jbi.2019.103233

Abstract:Today, personal medical devices (PMDs) play an increasingly important role in healthcare ecosystems as patient life support equipment. As a result of technological advances, PMDs now encompass many components and functionalities that open the door to a variety of cyber-attacks. In this paper we present a taxonomy of ten widely-used PMDs based on the five diseases they were designed to treat. We also provide a comprehensive survey that covers 17 possible attacks aimed at PMDs, as well as the attacks' building blocks. For each PMD type, we create an ecosystem and data and attack flow diagram, which comprehensively describes the roles and interactions of the players associated with the PMD and presents the most vulnerable vectors and components within the PMDs' ecosystems; such knowledge can increase security awareness among PMD users and their healthcare providers. We also present the basic, yet important, building blocks that constitute the steps by which each of the attacks presented is carried out. Doing so allowed us to establish the foundations for the future development of a novel risk analysis methodology for medical devices. For each attack we mapped the building blocks required to carry out the attack and found that 50% of the attacks rely upon the ability to remotely connect to the PMD, while 61% of them rely on the physical proximity of the attacker to the PMD. Finally, by surveying 21 existing security mechanisms and mapping their coverage for the attacks, we identify the gaps between PMDs' security mechanisms and the possible attacks. We show that current security mechanisms generally fail to provide protection from all of the attacks against PMDs and suggest the development of a comprehensive framework to secure PMDs and protect the patients that rely upon them.

Diana Berbecaru,Antonio Lioy,Marius Marian,Diana Marano

DOI: https://doi.org/10.48550/arXiv.1910.09027

2019-10-17

Abstract:The efficiency and service quality in a medical environment can be improved by using electronic documents (or e-docs) and digital signatures to speed up both doctors' activity and to provide in the same time easy retrieval and use of needed data without loosing convenience. Our proposed solution satisfies these needs by making use of the AIDA system and many cutting-edge techniques to build a digitalized management system. To be more specific, we present firstly the AIDA document exchange framework for the management (creation, search, storage) of e-docs expressed in XML format. The framework provides security services, like privacy, authorization, authentication and non-repudiation. We describe next the use of AIDA in a real world medical service, namely the creation of electronic medical records (e- MRs). Doctors can use mobile devices that embed a secure trustworthy environment defined also in AIDA for digitally signing the e-MRs. Technically speaking a handheld PC equipped with a smart-card reader and integrating What You See Is What You Sign (WYSIWYS) features will be used for viewing and signing the e-MRs. Furthermore the proposed system is easily integrated with the infrastructure (e.g., database system) already in use at hospital's administration site and allows easy handling and updating of data processed on the mobile devices. The use of web interface for the operations to be executed on the mobile device or for those executed on the remote part of the system makes the whole application homogeneous and easy to use.

Cryptography and Security

Benjamin Ransford,Daniel B. Kramer,Denis Foo Kune,Chen Yan,Wenyuan Xu,Thomas Crawford,Kevin Fu

DOI: https://doi.org/10.1111/pace.13102

2017-01-01

PACE - Pacing and Clinical Electrophysiology

Abstract:Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent high-profile case example to outline a proactive approach to security awareness that incorporates a scientific, risk-based analysis of security concerns that supports ongoing discussions with patients about their medical devices.

Yas Vaseghi,Behnaz Behara,Mehdi Delrobaei

2023-12-13

Abstract:The Internet of Medical Things (IoMT) offers a promising solution to improve patient health and reduce human error. Wearable smart infusion pumps that accurately administer medication and integrate with electronic health records are an example of technology that can improve healthcare. They can even alert healthcare professionals or remote servers during operational failure, preventing distressing incidents. However, as the number of connected medical devices increases, the risk of cyber threats also increases. Wearable medication devices based on IoT attached to patients' bodies are prone to significant cyber threats. Being connected to the Internet exposes these devices to potential harm, which could disrupt or degrade device performance and harm patients. To ensure patient safety and well-being, it is crucial to establish secure data authentication for internet-connected medical devices. It is also important to note that the wearability option of such devices might downgrade the computational resources, making them more susceptible to security risks. This paper implements a security approach to a wearable infusion pump. We discuss practical challenges in implementing security-enabled devices and propose initial solutions to mitigate cyber threats.

Cryptography and Security,Systems and Control

Mu Sun,José Meseguer

DOI: https://doi.org/10.48550/arXiv.1009.4266

2010-09-22

Logic in Computer Science

Abstract:Safety of medical devices and of their interoperation is an unresolved issue causing severe and sometimes deadly accidents for patients with shocking frequency. Formal methods, particularly in support of highly reusable and provably safe patterns which can be instantiated to many device instances can help in this regard. However, this still leaves open the issue of how to pass from their formal specifications in logical time to executable emulations that can interoperate in physical time with other devices and with simulations of patient and/or doctor behaviors. This work presents a specification-based methodology in which virtual emulation environments can be easily developed from formal specifications in Real-Time Maude, and can support interactions with other real devices and with simulation models. This general methodology is explained in detail and is illustrated with two concrete scenarios which are both instances of a common safe formal pattern: one scenario involves the interaction of a provably safe pacemaker with a simulated heart; the other involves the interaction of a safe controller for patient-induced analgesia with a real syringe pump.

Yas Vaseghi,Behnaz Behara,Mehdi Delrobaei

2024-06-21

Abstract:The Internet of Medical Things (IoMT) has the potential to revolutionize healthcare by reducing human error and improving patient health. For instance, wearable smart infusion pumps can accurately administer medication and integrate with electronic health records. These pumps can alert healthcare professionals or remote servers when an operation fails, preventing distressing incidents. However, as the number of connected medical devices increases, so does the risk of cyber threats. Wearable medication devices based on IoT attached to patients' bodies are particularly vulnerable to significant cyber threats. Since they are connected to the internet, these devices can be exposed to potential harm, which can disrupt or degrade device performance and harm patients. Therefore, it is crucial to establish secure data authentication for internet-connected medical devices to ensure patient safety and well-being. It is also important to note that the wearability option of such devices might downgrade the computational resources, making them more susceptible to security risks. We propose implementing a security approach for a wearable infusion pump to mitigate cyber threats. We evaluated the proposed architecture with 20, 50, and 100 users for 10 minutes and repeated the evaluation 10 times with two infusion settings, each repeated five times. The desired volumes and rates for the two settings were 2 ml and 4 ml/hr and 5 ml and 5 ml/hr, respectively. The maximum error in infusion rate was measured to be 2.5%. We discuss the practical challenges of implementing such a security-enabled device and suggest initial solutions.

Cryptography and Security,Systems and Control

Carlos M. Mejía-Granda,José L. Fernández-Alemán,Juan M. Carrillo-de-Gea,José A. García-Berná

DOI: https://doi.org/10.1007/s11517-023-02912-0

2023-10-05

Medical & Biological Engineering & Computing

Abstract:The integration of IoT in healthcare has introduced vulnerabilities in medical devices and software, posing risks to patient safety and system integrity. This study aims to bridge the research gap and provide valuable insights for addressing healthcare vulnerabilities and their mitigation mechanisms. Software vulnerabilities related to health systems from 2001 to 2022 were collected from the National Vulnerability Database (NVD) systematized by software developed by the researchers and assessed by a medical specialist for their impact on patient well-being. The analysis revealed electronic health records, wireless infusion pumps, endoscope cameras, and radiology information systems as the most vulnerable. In addition, critical vulnerabilities were identified, including poor credential management and hard-coded credentials. The investigation provides some insights into the consequences of vulnerabilities in health software products, projecting future security issues by 2025, offers mitigation suggestions, and highlights trends in attacks on life support and health systems are also provided. The healthcare industry needs significant improvements in protecting medical devices from cyberattacks. Securing communication channels and network schema and adopting secure software practices is necessary. In addition, collaboration, regulatory adherence, and continuous security monitoring are crucial. Industries, researchers, and stakeholders can utilize these findings to enhance security and safeguard patient safety.

engineering, biomedical,computer science, interdisciplinary applications,mathematical & computational biology,medical informatics

Mohammadreza Begli,Farnaz Derakhshan

DOI: https://doi.org/10.48550/arXiv.2104.06498

2021-04-13

Cryptography and Security

Abstract:Since the number of elderly and patients who are in hospitals and healthcare centers are growing, providing efficient remote healthcare services seems very important. Currently, most such systems benefit from the distribution and autonomy features of multiagent systems and the structure of wireless sensor networks. On the one hand, securing the data of remote healthcare systems is one of the most significant concerns; particularly recent types of research about the security of remote healthcare systems keep them secure from eavesdropping and data modification. On the other hand, existing remote healthcare systems are still vulnerable against other common attacks of healthcare networks such as Denial of Service (DoS) and User to Root (U2R) attacks, because they are managed remotely and based on the Internet. Therefore, in this paper, we propose a secure framework for remote healthcare systems that consists of two phases. First, we design a healthcare system base on multiagent technology to collect data from a sensor network. Then, in the second phase, a layered architecture of intrusion detection systems that uses Support Vector Machine to learn the behavior of network traffic is applied. Based on our framework, we implement a secure remote healthcare system and evaluate this system against the frequent attacks of healthcare networks such as Smurf, Buffer overflow, Neptune, and Pod attacks. In the end, evaluation parameters of the layered architecture of intrusion detection systems prove the efficiency and correctness of our proposed framework.

Alexandra Hadar,Natan Levy,Michael Winokur

DOI: https://doi.org/10.48550/arXiv.2211.02351

2022-11-04

Systems and Control

Abstract:Retained surgical bodies (RSB) are any foreign bodies left inside the patient after a medical procedure. RSB is often caused by human mistakes or miscommunication between medical staff during the procedure. Infection, medical complications, and even death are possible consequences of RSB, and it is a significant risk for patients, hospitals, and surgical staff. In this paper. we describe the engineering process we have done to explore the design space, define a feasible solution, and simulate, verify, and validate a state-of-the-art Cyber-Physical System that can significantly decrease the incidence of RSB and thus increase patients' survivability rate. This system might save patients' suffering and lives and reduce medical staff negligence lawsuits while improving the hospital's reputation. The paper illustrates each step of the process with examples and describes the chosen solution in detail.

Xiyao Liu,Yuesheng Zhu,Yu Ge,Dajun Wu,Beiji Zou

DOI: https://doi.org/10.3837/tiis.2016.01.013

2016-01-01

KSII Transactions on Internet and Information Systems

Abstract:The wireless body area networks (WBANs) consist of wearable computing devices and can support various healthcare-related applications. There exist two crucial issues when WBANs are utilized for healthcare applications. One is the protection of the sensitive biometric data transmitted over the insecure wireless channels. The other is the design of effective medical management mechanisms. In this paper, a secure medical information management system is proposed and implemented on a TinyOS-based WBAN test bed to simultaneously address these two issues. In this system, the electronic medical record (EMR) is bound to the biometric data with a novel fragile zero-watermarking scheme based on the modified visual secret sharing (MVSS). In this manner, the EMR can be utilized not only for medical management but also for data integrity checking. Additionally, both the biometric data and the EMR are encrypted, and the EMR is further protected by the MVSS. Our analysis and experimental results demonstrate that the proposed system not only protects the confidentialities of both the biometric data and the EMR but also offers reliable patient information authentication, explicit healthcare operation verification and undeniable doctor liability identification for WBANs.

Emmanuel Kwarteng,Mumin Cebe

DOI: https://doi.org/10.1016/j.smhl.2022.100295

2022-09-01

Smart Health

Abstract:Implantable Medical Devices (IMD) is a fast pace growing medical field and continues to grow in the foreseeable future. Advancement in science and technology has led to the IMD devices offering advanced medical treatments. Modern IMDs can automatically monitor and manage different patients’ health conditions without any manual intervention from medical professionals. While IMDs are also becoming more connected to enhance the delivery of care remotely and provide the means for both patients and physicians to adjust therapy at the comfort of their homes, it also increases security-related concerns. Adversaries could take advantage and exploit device vulnerabilities to manipulate device settings remotely from any-where around the world. This manuscript reviews the current threats, security goals, and proposed solutions by comparing them with their strengths and limitations. We also highlight the emerging IMD technologies and innovative ideas for new designs and implementations to improve the security of IMDs. Finally, we conclude the article with future research directions toward securing IMD systems to light the way for researchers.

English Else

Vladimir Vakhter,Betul Soysal,Patrick Schaumont,Ulkuhan Guler

DOI: https://doi.org/10.1109/JIOT.2022.3144130

2021-05-13

Abstract:The landscape of miniaturized wireless biomedical devices (MWBDs) is rapidly expanding as proactive mobile healthcare proliferates. MWBDs are diverse and include various injectable, ingestible, implantable, and wearable devices. While the growth of MWBDs increases the flexibility of medical services, the adoption of these technologies brings privacy and security risks for their users. MWBDs can operate with sensitive, private information and affect patients through the use of stimulation and drug delivery. Therefore, these devices require trust and need to be secure. Embedding protective mechanisms into MWBDs is challenging because they are restricted in size, power budget, as well as processing and storage capabilities. Nevertheless, MWBDs need to be at least minimally securable in the face of evolving threats. The main intent of this work is to make the primary stakeholders of MWBDs aware of associated risks and to help the architects and the manufacturers of MWBDs protect their emerging designs in a repeatable and structured manner. Making MWBDs securable begins with performing threat modeling. This paper introduces a domain-specific qualitative-quantitative threat model dedicated to MWBDs. The proposed model is then applied to representative case studies from each category of MWBDs.

Cryptography and Security

Yang Cao,Chunhua Hu,Bozhi Ma,Hongwei Hao,Luming Li,Weiming Wang

DOI: https://doi.org/10.1016/s1007-0214(10)70095-x

2010-01-01

Tsinghua Science & Technology

Abstract:A non-invasive software upgrade method for permanent implantable medical devices was developed to alleviate patients' suffering due to malfunctions because of software faults, which may cause serious adverse health consequences or require enhancements with new software. The programs distributed to the internal implantable pulse generator (IPG) from the external programmer have been developed so that the upgrade service program in the IPG is simplified with most complex functions executed by the external programmer. A bidirectional protocol including frame definition and transmission mode was designed to insure secure upgrades. A neuro-stimulator was used to verify the upgrade solution with no additional elements, to maintain the hardware reliability. This study emphasizes how to insure a secure and stable upgrade process and reduce power consumption for special wireless and life safety-critical applications. Tests on rhesus monkeys to evaluate the feasibility of the approach for an IPG used for brain stimulation evaluation show that the software upgrade can be implemented stably with good tolerance to the wireless data transmissions.

L. Rajesh,Penke Satyanarayana

DOI: https://doi.org/10.1007/s11277-023-10738-0

IF: 2.017

2023-09-21

Wireless Personal Communications

Abstract:Industrial control systems (ICS) like supervisory control and data acquisition (SCADA) systems play a crucial role in monitoring and controlling various process industries in national critical infrastructures. They are connecting to internet and highly inter-connected corporate networks for sharing the field data to third party heterogeneous systems like enterprise resource planning, third party SCADA systems etc. Even though it helps to share the data for monitoring and control of systems, it also opens the doors for cyber-attacks. It needs to strengthen the cyber security of these SCADA systems. There are various components in SCADA systems which requires to build security in these components. Generally, most of the SCADA systems uses MODBUS communication protocol for scanning the PLC devices to acquire the field data. The communication protocol security is one of the main components which was little addressed. The MODBUS protocol was developed without security in mind because security aspect was not a concern in closed environments of industrial control systems. It is highly vulnerable to cyber-attacks. There are some methods already developed by scholars to implement security in MODBUS protocol, but the existing methods modified the MODBUS frame formats. Hence, they are not suitable to the existing legacy systems because they do not support interoperability between various industry manufacturer’s products. Another critical problem in existing methods is all the required security features were not implemented in a single method which would satisfy the security features like integrity, confidentiality, non-repudiation, authorization and authentication. In this paper, we designed and developed a new method by developing Secure Modbus Gateway Server and Client modules to provide secure data transfer between data acquisition servers and PLCs. In this methodology, the modules were developed using RSA and AES algorithms for achieving confidentiality and non-repudiation, SHA algorithm to provide integrity of the message. These modules also support authorization and authentication features. The time stamp in the Modbus frame was also included and transmitted to prevent replay attacks. The advantages of these modules/methodology are, it supports all required features for secure data transfer like integrity, confidentiality, non-repudiation, authorization and authentication. They also provide time stamp, frame filtering and exception response alarm triggering features. These modules also support interoperability and they can be easily installed in existing legacy systems. We measured performance metrics like attack resilience rate (ARP), attack penetration rate (APR) and overheads. This method protects the ICS system for 97% of attacks. The overhead on protocol was also calculated and it is found that 3.5% extra delay in round trip time which is very minor and can be tolerated in exchange of the important security benefits offered.

telecommunications

Lemana Spahić,Luka Jeremić,Ivana Lalatović,Tatjana Muratović,Amra Džuho,Lejla Gurbeta Pokvić,Almir Badnjević

DOI: https://doi.org/10.1177/09287329241290944

IF: 1.6

2024-12-13

Technology and Health Care

Abstract:Background Poorly regulated and insufficiently maintained medical devices (MDs) carry high risk on safety and performance parameters impacting the clinical effectiveness and efficiency of patient diagnosis and treatment. After the MD directive (MDD) had been in force for 25 years, in 2017 the new MD Regulation (MDR) was introduced. One of the more stringent requirement is a need for better control of MD safety and performance post-market surveillance mechanisms. Objective To address this, we have developed an automated system for management of MDs, based on their safety and performance measurement parameters, that use machine learning algorithm as a core of its functioning. Methods In total, 1997 samples were collected during the inspection process of defibrillator inspections performed by an ISO 17020 accredited laboratory at various healthcare institutions in Bosnia and Herzegovina. This paper presents solution developed for defibrillators, but proposed system is scalable to any other type of MDs, both diagnostic and therapeutic. Results Various machine learning algorithms were considered, including Decision Tree (DT), Random Forest (RF), Naïve Bayes (NB) and Logistic Regression (LR). In addition, random forest regressor and XG Boost algorithms were tested for their predictive capabilities in the field of defibrillator output error prediction. These algorithms were selected because of their ability to handle large datasets and their potential for achieving high prediction accuracy. The highest accuracy achieved on this dataset was 94.8% using the Naive Bayes algorithm. The XGBoost Regressor with its r 2 of 0.99 emerged as a powerful tool, showcasing exceptional predictive accuracy and the ability to capture a substantial portion of the dataset's variability. Conclusion The results of this study demonstrate that clinical engineering (CE) and health technology management (HTM) departments in healthcare institutions can benefit from proposed automatization of defibrillator maintenance scheduling in terms of increased safety and treatment of patients, on one side, and cost optimization in MD management departments, on the other side.

engineering, biomedical,health care sciences & services

Tom Mahler,Yuval Elovici,Yuval Shahar

DOI: https://doi.org/10.48550/arXiv.2002.06938

2020-02-17

Abstract:As technology advances towards more connected and digital environments, medical devices are becoming increasingly connected to hospital networks and to the Internet, which exposes them, and thus the patients using them, to new cybersecurity threats. Currently, there is a lack of a methodology dedicated to information security risk assessment for medical devices. In this study, we present the Threat identification, ontology-based Likelihood, severity Decomposition, and Risk integration (TLDR) methodology for information security risk assessment for medical devices. The TLDR methodology uses the following steps: (1) identifying the potentially vulnerable components of medical devices, in this case, four different medical imaging devices (MIDs); (2) identifying the potential attacks, in this case, 23 potential attacks on MIDs; (3) mapping the discovered attacks into a known attack ontology - in this case, the Common Attack Pattern Enumeration and Classifications (CAPECs); (4) estimating the likelihood of the mapped CAPECs in the medical domain with the assistance of a panel of senior healthcare Information Security Experts (ISEs); (5) computing the CAPEC-based likelihood estimates of each attack; (6) decomposing each attack into several severity aspects and assigning them weights; (7) assessing the magnitude of the impact of each of the severity aspects for each attack with the assistance of a panel of senior Medical Experts (MEs); (8) computing the composite severity assessments for each attack; and finally, (9) integrating the likelihood and severity of each attack into its risk, and thus prioritizing it. The details of steps six to eight are beyond the scope of the current study; in the current study, we had replaced them by a single step that included asking the panel of MEs [in this case, radiologists], to assess the overall severity for each attack and use it as its severity...

Cryptography and Security,Computers and Society