Advertisement

Recent Cyber Attacks and Vulnerabilities in Medical Devices and Healthcare Institutions

  • Jake Beavers
  • Sina PournouriEmail author
Chapter
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)

Abstract

Cyber-attacks are targeting different businesses including medical sectors. From medical devices such as pace makers to medical institutions like hospitals and clinics are all vulnerable targets for cyber criminals. Cyber breaches in medical area not only can risk patients’ life but also can lead to leakage of sensitive and confidential data. Due to the nature of medical targets and their importance and sensitivity, there is a significant need to review and investigate the current and past vulnerabilities and weaknesses within the devices and medical institutions. This research aims to investigate recent and current vulnerabilities of medical devices and institutions and highlight the importance of cyber security issues in this area.

Keywords

Medical IoT Medical institutions Cyber attack cyber security medical devices confidential data vulnerabilities 

References

  1. BBC (2013) Dick Cheney: heart implant attack was credible. Retrieved from http://www.bbc.co.uk/news/technology-24608435
  2. BBC (2017) Ethical hackers to boost NHS cyber-defences. Retrieved from http://www.bbc.co.uk/news/technology-42137409
  3. Callaham J (2014) A (very) brief history of Windows XP. Retrieved from https://www.neowin.net/news/a-very-brief-history-of-windows-xp
  4. Cunningham D, Cunningham M, Donkor A, Linker N, Murgatroyd F (2017) National audit of cardiac rhythm management devices. Retrieved from http://www.ucl.ac.uk/nicor/audits/cardiacrhythm/documents/annual-reports/crm-devices-national-audit-report-2015-16_v2
  5. DMCA Exemption Granted for Med Device Research, Patient Access to Data (2015.) Retrieved from https://clinic.cyber.harvard.edu/2015/10/27/dmca-exception-granted-for-medical-device-research-patient-access-to-data/
  6. Erdogan O (2002) Electromagnetic interference on pacemakers. Indian Pacing Electrophysiol J 2(3):74–78. PMCID: PMC1564060Google Scholar
  7. EU Directive 95/46/EC – The Data Protection Directive (n.d..) Retrieved from https://www.dataprotection.ie/docs/EU-Directive-95-46-EC-Chapter-2/93.htm
  8. Fatal flaws in ten pacemakers make for Denial of Life attacks (2016.) Retrieved from https://www.theregister.co.uk/2016/12/01/denial_of_life_attacks_on_pacemakers/
  9. Finkle J (2016) J&J warns diabetic patients: Insulin pump vulnerable to hacking. Reuters. Retrieved from https://www.reuters.com/article/us-johnson-johnson-cyber-insulin-pumps-e/jj-warns-diabetic-patients-insulin-pump-vulnerable-to-hacking-idUSKCN12411L
  10. Fu K, Blum J (2013) Controlling for cybersecurity risks of medical device software. Commun ACM 56(10):35–37CrossRefGoogle Scholar
  11. Gillard D (2017) Living with a Pacemaker. British Heart Foundation, pp 4–20Google Scholar
  12. Giry D (2017) Keylength. Retrieved May 19, 2018, from https://www.keylength.com/en/4/
  13. Glisson WB, Andel T, McDonald T, Jacobs M, Campbell M, Mayr J (2015) Compromising a medical Mannequin. Comput Res Repository arXiv:1509.00065
  14. Goode L (2015) Anonymous and the political ethos of hacktivism. Pop Commun 13(1):74–86CrossRefGoogle Scholar
  15. Halperin D, Heydt-Benjamin TS, Ransford B, Clark SS, Defend B, Morgan W, Fu K, Kohno T, Maisel WH (2008) Pacemakers and implantable Cardiac Defibrillators: software radio attacks and zero-power defenses. IEEE Symp Secur PrivGoogle Scholar
  16. Hatmaker T (2016) FDA issues new security guidelines so that your pacemaker won’t get hacked. Retrieved from https://techcrunch.com/2016/12/28/fda-issues-new-security-guidelines-so-that-your-pacemaker-wont-get-hacked/?guccounter=1#
  17. Horton H (2016) Contactless card owners warned against public transport scanner hack. The Telegraph. Retrieved from https://www.telegraph.co.uk/technology/2016/02/17/if-you-have-a-contactless-card-watch-out-for-this-scam/
  18. Implantable cardioverter defibrillator (n.d.). Retrieved from https://www.bhf.org.uk/heart-health/treatments/implantable-cardioverter-defibrillator
  19. Barnaby Jack (2017.) Retrieved from https://en.wikipedia.org/wiki/Barnaby_Jack
  20. Jamming & Radio Interference: Understanding the impact. (n.d.) The Institute of Engineering and Technology.  https://doi.org/10.1049/etr.2012.9002
  21. Kobie N (2017) The quantum clock is ticking on encryption – and your data is under threat. Retrieved from http://www.wired.co.uk/article/quantum-computers-quantum-security-encryption
  22. Lam B (2017) NHS cyber attack: views from the front line. Pharm J. Retrieved from https://www.pharmcaceutical-journal.com/opinion/qa/nhs-cyber-attack-views-from-the-front-line/20202794.article
  23. New York Post (2016) Yes, pacemakers can get hacked. Retrieved from http://nypost.com/2016/12/29/yes-pacemakers-can-get-hacked
  24. Nitta Y (2013) Japan’s approach towards international strategy on cyber security cooperation. Retrieved September, 13, p 2014Google Scholar
  25. Nohe P (2018) FDA: 465,000 Pacemakers need a firmware update. Retrieved https://www.thesslstore.com/blog/fda-465000-pacemakers-need-a-firmware-update/
  26. O’Connor MC (2010) Study finds RFID readers may affect pacemakers, but pose no urgent risk. Retrieved from http://www.rfidjournal.com/articles/view?7307
  27. Oh I (2015) Anti-Abortion hackers claim to have stolen data that could take down planned parenthood. Mother JonesGoogle Scholar
  28. Pournouri S, Craven M (2014) E-business, recent threats and security countermeasures. Int J Electron Secur Digit Forensics 6(3):169–184CrossRefGoogle Scholar
  29. Saini H, Rao YS, Panda TC (2012) Cyber-crimes and their impacts: a review. Int J Eng Res Appl 2(2):202–209Google Scholar
  30. Seals T (2018) Abbott addresses life-threatening flaw in a half-million pacemakers. Retrieved May 19, 2018, from https://threatpost.com/abbott-addresses-life-threatening-flaw-in-a-half-million-pacemakers/131709/
  31. Secure by Design: Improving the cyber security of consumer Internet of Things Report (pp. 4–27, Rep.) (2018). Department for Digital, Culture, Media & Sport. Retrieved from https://www.gov.uk/government/publications/secure-by-design
  32. Spring T (2017) Wireless ‘BlueBorne’ attacks target billions of bluetooth devices. Retrieved May 15, 2018, from https://threatpost.com/wireless-blueborne-attacks-target-billions-of-bluetooth-devices/127921/
  33. Wendling P (2017) Abbott hit with $9.9 million class-Action over St Jude devices. Medscape. Retrieved from https://www.medscape.com/viewarticle/886026
  34. Yuce MR, Islam MN (2016) Review of medical implant communication system (MICS) band and network. ICT Express 2(4):188–194.  https://doi.org/10.1016/j.icte.2016.08.010 CrossRefGoogle Scholar
  35. Zetter K (2015) Medical devices that are vulnerable to life-threatening hacks. Retrieved from https://www.wired.com/2015/11/medical-devices-that-are-vulnerable-to-life-threatening-hacks/

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Sheffield Hallam UniversitySheffieldUK

Personalised recommendations