Bryce Alexander,Sohaib Haseeb,Adrian Baranchuk

DOI: https://doi.org/10.1016/j.tcm.2018.11.011

IF: 8.049

2019-11-01

Trends in Cardiovascular Medicine

Abstract:Medical devices have become increasingly connected in recent years. While this added interconnectivity has provided capabilities for wireless communication and remote monitoring, it has also introduced possible risks for cybersecurity vulnerabilities. Lately, there has been an increased awareness of the potential for cybersecurity breaches in implanted cardiac devices (pacemakers and defibrillators) among patients, healthcare providers, and the media. In this article, we review the current perspective on cybersecurity in implanted medical devices, including a recent high-profile case example of a cybersecurity threat. We outline the actions taken by all the involved stakeholders in response to the disclosure of potential vulnerabilities in medical devices and summarize the positions of major societies in response to these events.

cardiac & cardiovascular systems

Benjamin Ransford,Daniel B. Kramer,Denis Foo Kune,Chen Yan,Wenyuan Xu,Thomas Crawford,Kevin Fu

DOI: https://doi.org/10.1111/pace.13102

2017-01-01

PACE - Pacing and Clinical Electrophysiology

Abstract:Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent high-profile case example to outline a proactive approach to security awareness that incorporates a scientific, risk-based analysis of security concerns that supports ongoing discussions with patients about their medical devices.

Bhakti Patel,Amgad N. Makaryus

DOI: https://doi.org/10.1080/14737167.2024.2361076

2024-05-31

Expert Review of Pharmacoeconomics & Outcomes Research

Abstract:Introduction As digital health expands, reliance on digital endpoints is rapidly increasing to improve diagnostic accuracy and management in the healthcare field. Digital endpoints are beneficial to monitor how patient's clinical information is processed outside of a clinical setting.

pharmacology & pharmacy,health care sciences & services,health policy & services

K Mahtani,E Maclean,R J Schilling

DOI: https://doi.org/10.1016/j.hlc.2022.06.690

Abstract:Cardiac implantable electronic device (CIED) infection is an increasingly common complication of device therapy. CIED infection confers significant patient morbidity and health care expenditure, hence it is essential that clinicians recognise the contemporary strategies for predicting, reducing and treating these events. Recent technological advances-in particular, the development of antimicrobial envelopes, leadless devices and validated risk scores-present decision-makers with novel strategies for managing this expanding patient population. This review summarises the key issues facing CIED patients and their physicians, and explores the supporting evidence for the latest therapeutic developments in this field.

Catherine G Bielick,Christopher J Arnold,Vivian H Chu

DOI: https://doi.org/10.1016/j.idc.2024.07.004

Abstract:Infections associated with cardiac implantable electronic devices (CIEDs) are increasing and are a cause of significant morbidity and mortality. This article summarizes the latest updates with respect to the epidemiology, microbiology, and risk factors for CIED-related infections. It also covers important considerations regarding the diagnosis, management, and prevention of these infections. Newer technologies such as leadless pacemakers and subcutaneous implantable cardioverters and defibrillators are discussed.

Emmanuel Kwarteng,Mumin Cebe

DOI: https://doi.org/10.1016/j.smhl.2022.100295

2022-09-01

Smart Health

Abstract:Implantable Medical Devices (IMD) is a fast pace growing medical field and continues to grow in the foreseeable future. Advancement in science and technology has led to the IMD devices offering advanced medical treatments. Modern IMDs can automatically monitor and manage different patients’ health conditions without any manual intervention from medical professionals. While IMDs are also becoming more connected to enhance the delivery of care remotely and provide the means for both patients and physicians to adjust therapy at the comfort of their homes, it also increases security-related concerns. Adversaries could take advantage and exploit device vulnerabilities to manipulate device settings remotely from any-where around the world. This manuscript reviews the current threats, security goals, and proposed solutions by comparing them with their strengths and limitations. We also highlight the emerging IMD technologies and innovative ideas for new designs and implementations to improve the security of IMDs. Finally, we conclude the article with future research directions toward securing IMD systems to light the way for researchers.

English Else

Agnieszka Kotalczyk,Zbigniew Kalarus,David Justin Wright,Giuseppe Boriani,Gregory Y H Lip

DOI: https://doi.org/10.2147/MDER.S245625

2020-09-25

Abstract:Cardiovascular implantable electronic devices (CIEDs) are essential management options for patients with brady- and tachyarrhythmias or heart failure with concomitant optimal pharmacotherapy. Despite increasing technological advances, there are still gaps in the management of CIED patients, eg, the growing number of lead- and pocket-related long-term complications, including cardiac device-related infective endocarditis, requires the greatest care. Likewise, patients with CIEDs should be monitored remotely as a part of a comprehensive, holistic management approach. In addition, novel technologies used in smartwatches may be a convenient tool for long-term atrial fibrillation (AF) screening, especially in high-risk populations. Early detection of AF may reduce the risk of stroke and other AF-related complications. The objective of this review article was to provide an overview of novel technologies in cardiac rhythm-management devices and future challenges related to CIEDs.

Andrea Matteucci,Carlo Pignalberi,Claudio Pandozi,Barbara Magris,Antonella Meo,Maurizio Russo,Marco Galeazzi,Giammarco Schiaffini,Stefano Aquilani,Stefania Angela Di Fusco,Furio Colivicchi

DOI: https://doi.org/10.3390/jcm13092707

IF: 3.9

2024-05-05

Journal of Clinical Medicine

Abstract:The implantation of cardiac electronic devices (CIEDs), including pacemakers and defibrillators, has become increasingly prevalent in recent years and has been accompanied by a significant rise in cardiac device infections (CDIs), which pose a substantial clinical and economic burden. CDIs are associated with hospitalizations and prolonged antibiotic therapy and often necessitate device removal, leading to increased morbidity, mortality, and healthcare costs worldwide. Approximately 1–2% of CIED implants are associated with infections, making this a critical issue to address. In this contemporary review, we discuss the burden of CDIs with their risk factors, healthcare costs, prevention strategies, and clinical management.

medicine, general & internal

Riham Altawy,Amr M. Youssef

DOI: https://doi.org/10.1109/access.2016.2521727

IF: 3.9

2016-01-01

IEEE Access

Abstract:The new culture of networked systems that offer everywhere accessible services has given rise to various types of security tradeoffs. In fact, with the evolution of physical systems that keep getting integrated with cyber frameworks, cyber threats have far more critical effects as they get reflected on the physical environment. As a result, the issue of security of cyber physical systems requires a special holistic treatment. In this paper, we study the tradeoff between security, safety, and availability in such systems and demonstrate these concepts on implantable medical devices as a case study. We discuss the challenges and constraints associated with securing such systems and focus on the tradeoff between security measures required for blocking unauthorized access to the device and the safety of the patient in emergency situations where such measures must be dropped to allow access. We analyze the up to date proposed solutions and discuss their strengths and limitations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Carlos M. Mejía-Granda,José L. Fernández-Alemán,Juan M. Carrillo-de-Gea,José A. García-Berná

DOI: https://doi.org/10.1007/s11517-023-02912-0

2023-10-05

Medical & Biological Engineering & Computing

Abstract:The integration of IoT in healthcare has introduced vulnerabilities in medical devices and software, posing risks to patient safety and system integrity. This study aims to bridge the research gap and provide valuable insights for addressing healthcare vulnerabilities and their mitigation mechanisms. Software vulnerabilities related to health systems from 2001 to 2022 were collected from the National Vulnerability Database (NVD) systematized by software developed by the researchers and assessed by a medical specialist for their impact on patient well-being. The analysis revealed electronic health records, wireless infusion pumps, endoscope cameras, and radiology information systems as the most vulnerable. In addition, critical vulnerabilities were identified, including poor credential management and hard-coded credentials. The investigation provides some insights into the consequences of vulnerabilities in health software products, projecting future security issues by 2025, offers mitigation suggestions, and highlights trends in attacks on life support and health systems are also provided. The healthcare industry needs significant improvements in protecting medical devices from cyberattacks. Securing communication channels and network schema and adopting secure software practices is necessary. In addition, collaboration, regulatory adherence, and continuous security monitoring are crucial. Industries, researchers, and stakeholders can utilize these findings to enhance security and safeguard patient safety.

engineering, biomedical,computer science, interdisciplinary applications,mathematical & computational biology,medical informatics

Antonia Molloy,Kirsten Beaumont,Ali Alyami,Mahmut Kirimi,Daniel Hoare,Nosrat Mirzai,Hadi Heidari,Srinjoy Mitra,Steve L Neale,John R Mercer

DOI: https://doi.org/10.1109/RBME.2021.3110084

Abstract:Cardiovascular disease (CVD) is a group of heart and vasculature conditions which are the leading form of mortality worldwide. Blood vessels can become narrowed, restricting blood flow, and drive the majority of hearts attacks and strokes. Reactive surgical interventions are frequently required; including percutaneous coronary intervention (PCI) and coronary artery bypass grafting (CABG). Despite successful opening of vessels and restoration of blood flow, often in-stent restenosis (ISR) and graft failure can still occur, resulting in subsequent patient morbidity and mortality. A new generation of cardiovascular implants that have sensors and real-time monitoring capabilities are being developed to combat ISR and graft failure. Self-reporting stent/graft technology could enable precision medicine-based and predictive healthcare by detecting the earliest features of disease, even before symptoms occur. Bringing an implantable medical device with wireless electronic sensing capabilities to market is complex and often obstructive undertaking. This critical review analyses the obstacles that need to be overcome for self-reporting stents/grafts to be developed and provide a precision-medicine based healthcare for cardiovascular patients. Here we assess the latest research and technological advancement in the field, the current devices; including smart cardiovascular implantable biosensors and associated wireless data and power transfer solutions. We include an evaluation of devices that have reached clinical trials and the market potential for their end-user implementation.

George W. Jackson Jr.,Shawon Rahman

DOI: https://doi.org/10.48550/arXiv.1908.00666

2019-08-02

Abstract:As device interconnectivity and ubiquitous computing continues to proliferate healthcare, the Medical Internet of Things (MIoT), also well known as the, Internet of Medical Things (IoMT) or the Internet of Healthcare Things (IoHT), is certain to play a major role in the health, and well-being of billions of people across the globe. When it comes to issues of cybersecurity risks and threats connected to the IoT in all of its various flavors the emphasis has been on technical challenges and technical solution. However, especially in the area of healthcare there is another substantial and potentially grave challenge. It is the challenge of thoroughly and accurately communicating the nature and extent of cybersecurity risks and threats to patients who are reliant upon these interconnected healthcare technologies to improve and even preserve their lives. This case study was conducted to assess the scope and depth of cybersecurity risk and threat communications delivered to an extremely vulnerable patient population, semi-structured interviews were held with cardiac medical device specialists across the United States. This research contributes scientific data in the field of healthcare cybersecurity and assists scholars and practitioners in advancing education and research in the field of MIoT patient communications.

Computers and Society,Cryptography and Security

Cartwright, Anthony James

DOI: https://doi.org/10.1007/s10877-023-01013-5

IF: 1.977

2023-04-24

Journal of Clinical Monitoring and Computing

Abstract:Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient—the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.

anesthesiology

Alyssa J. Pyun,Philip P. Goodney,Jens Eldrup‐Jorgensen,James Wadzinski,Eric A. Secemsky,Joaquin E. Cigarroa

DOI: https://doi.org/10.1002/ccd.31053

IF: 2.3

2024-04-21

Catheterization and Cardiovascular Interventions

Abstract:Cardiovascular devices are essential for the treatment of cardiovascular diseases including cerebrovascular, coronary, valvular, congenital, peripheral vascular and arrhythmic diseases. The regulation and surveillance of vascular devices in real‐world practice, however, presents challenges during each individual product's life cycle. Four examples illustrate recent challenges and questions regarding safety, appropriate use and efficacy arising from FDA approved devices used in real‐world practice. We outline potential pathways wherein providers, regulators and payors could potentially provide high‐quality cardiovascular care, identify safety signals, ensure equitable device access, and study potential issues with devices in real‐world practice.

cardiac & cardiovascular systems

Niraj Varma,Frieder Braunschweig,Haran Burri,Gerhard Hindricks,Dominik Linz,Yoav Michowitz,Renato Pietro Ricci,Jens Cosedis Nielsen

DOI: https://doi.org/10.1093/europace/euad233

2023-08-02

Abstract:This reviews the transition of remote monitoring of patients with cardiac electronic implantable devices from curiosity to standard of care. This has been delivered by technology evolution from patient-activated remote interrogations at appointed intervals to continuous monitoring that automatically flags clinically actionable information to the clinic for review. This model has facilitated follow-up and received professional society recommendations. Additionally, continuous monitoring has provided a new level of granularity of diagnostic data enabling extension of patient management from device to disease management. This ushers in an era of digital medicine with wider applications in cardiovascular medicine.

Matan Kintzlinger,Nir Nissim

DOI: https://doi.org/10.1016/j.jbi.2019.103233

Abstract:Today, personal medical devices (PMDs) play an increasingly important role in healthcare ecosystems as patient life support equipment. As a result of technological advances, PMDs now encompass many components and functionalities that open the door to a variety of cyber-attacks. In this paper we present a taxonomy of ten widely-used PMDs based on the five diseases they were designed to treat. We also provide a comprehensive survey that covers 17 possible attacks aimed at PMDs, as well as the attacks' building blocks. For each PMD type, we create an ecosystem and data and attack flow diagram, which comprehensively describes the roles and interactions of the players associated with the PMD and presents the most vulnerable vectors and components within the PMDs' ecosystems; such knowledge can increase security awareness among PMD users and their healthcare providers. We also present the basic, yet important, building blocks that constitute the steps by which each of the attacks presented is carried out. Doing so allowed us to establish the foundations for the future development of a novel risk analysis methodology for medical devices. For each attack we mapped the building blocks required to carry out the attack and found that 50% of the attacks rely upon the ability to remotely connect to the PMD, while 61% of them rely on the physical proximity of the attacker to the PMD. Finally, by surveying 21 existing security mechanisms and mapping their coverage for the attacks, we identify the gaps between PMDs' security mechanisms and the possible attacks. We show that current security mechanisms generally fail to provide protection from all of the attacks against PMDs and suggest the development of a comprehensive framework to secure PMDs and protect the patients that rely upon them.

Carolina Hoyos,Xiaoxiao Qian,Carlos D. Matos,Mohamed Gabr,Daniela Hincapie,John B. Cadigan,Nathaniel Steiger,Juan C. Diaz,William Sauer,Jorge E. Romero

DOI: https://doi.org/10.31083/j.rcm2501019

2024-01-10

Reviews in Cardiovascular Medicine

Abstract:Cardiac implantable electronic device (CIED) infections represent one of the most threatening complications associated with device implantation, due to an increase in morbidity and mortality rates, as well as healthcare costs. Besides, it is important to highlight that when compared to the initial implantation of a device, the risks associated with procedures like generator changes, lead and pocket revisions, or device upgrades double. Consequently, to address this issue, various scoring systems, like the PADIT (Prior Procedures, Age, Depressed Renal Function, Immunocompromised Status, Type of Procedure), the RI-AIAC (Ricerca Sulle Infezioni Associate a ImpiAnto o Sostituzione di CIED), and the Shariff score, along with predictive models, have been developed to identify patients at a greater risk of infection. Moreover, several interventions have been assessed to evaluate their role in infection prevention ranging from improving skin preparation and surgical techniques to considering alternative strategies such as the subcutaneous Implantable Cardioverter-Defibrillator (ICD). Methods like antimicrobial prophylaxis, pocket irrigation, chlorhexidine gluconate pocket lavage, capsulectomy, and the use of antibacterial envelopes have been also explored as preventive measures. In this review, we provide a comprehensive assessment of CIED infections in patients undergoing repeat procedures and the strategies designed to reduce the risk of these infections.

cardiac & cardiovascular systems

Zhihao Jiang,Miroslav Pajic,Rahul Mangharam

DOI: https://doi.org/10.1109/JPROC.2011.2161241

IF: 20.6

2012-01-01

Proceedings of the IEEE

Abstract:The design of bug-free and safe medical device software is challenging, especially in complex implantable devices that control and actuate organs in unanticipated contexts. Safety recalls of pacemakers and implantable cardioverter defibrillators between 1990 and 2000 affected over 600 000 devices. Of these, 200 000 or 41% were due to firmware issues and their effect continues to increase in frequency. There is currently no formal methodology or open experimental platform to test and verify the correct operation of medical device software within the closed-loop context of the patient. To this effect, a real-time virtual heart model (VHM) has been developed to model the electrophysiological operation of the functioning and malfunctioning (i.e., during arrhythmia) heart. By extracting the timing properties of the heart and pacemaker device, we present a methodology to construct a timed-automata model for functional and formal testing and verification of the closed-loop system. The VHM's capability of generating clinically relevant response has been validated for a variety of common arrhythmias. Based on a set of requirements, we describe a closed-loop testing environment that allows for interactive and physiologically relevant model-based test generation for basic pacemaker device operations such as maintaining the heart rate, atrial-ventricle synchrony, and complex conditions such as pacemaker-mediated tachycardia. This system is a step toward a testing and verification approach for medical cyber-physical systems with the patient in the loop.

Maria Lai-Ling Lam,Kei Wing Wong

DOI: https://doi.org/10.4018/978-1-7998-8954-0.ch100

2021-01-01

Abstract:The promises of Industry 4.0 in the medical device industry needs to be built on sound cybersecurity infrastructures, polices, and practices. During 2011-2017, the authors interviewed many manufacturers of medical devices in China, Germany, Israel, Japan, Taiwan, and U.S. about their attitude towards cybersecurity. Many manufacturers are not committed to cybersecurity risk management because they pursue lower cost and shorter product life cycles; do not have sufficient knowledge of operating environments of hospitals; have defensive attitude toward vulnerability disclosure; and reap quick benefits from the low-trust level among stakeholders and unequal power between manufacturers and distributors. Only a few large U.S. manufacturers of medical devices have set up robust secure platforms and interoperable optimal standards which benefit the users. As cybersecurity is a shared responsibility, many small and medium-sized enterprises need to be empowered through the support of international organizations and local government policies.

Yas Vaseghi,Behnaz Behara,Mehdi Delrobaei

2023-12-13

Abstract:The Internet of Medical Things (IoMT) offers a promising solution to improve patient health and reduce human error. Wearable smart infusion pumps that accurately administer medication and integrate with electronic health records are an example of technology that can improve healthcare. They can even alert healthcare professionals or remote servers during operational failure, preventing distressing incidents. However, as the number of connected medical devices increases, the risk of cyber threats also increases. Wearable medication devices based on IoT attached to patients' bodies are prone to significant cyber threats. Being connected to the Internet exposes these devices to potential harm, which could disrupt or degrade device performance and harm patients. To ensure patient safety and well-being, it is crucial to establish secure data authentication for internet-connected medical devices. It is also important to note that the wearability option of such devices might downgrade the computational resources, making them more susceptible to security risks. This paper implements a security approach to a wearable infusion pump. We discuss practical challenges in implementing security-enabled devices and propose initial solutions to mitigate cyber threats.

Cryptography and Security,Systems and Control