Recent Cyber Attacks and Vulnerabilities in Medical Devices and Healthcare Institutions

  • Jake Beavers
  • Sina PournouriEmail author
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Cyber-attacks are targeting different businesses including medical sectors. From medical devices such as pace makers to medical institutions like hospitals and clinics are all vulnerable targets for cyber criminals. Cyber breaches in medical area not only can risk patients’ life but also can lead to leakage of sensitive and confidential data. Due to the nature of medical targets and their importance and sensitivity, there is a significant need to review and investigate the current and past vulnerabilities and weaknesses within the devices and medical institutions. This research aims to investigate recent and current vulnerabilities of medical devices and institutions and highlight the importance of cyber security issues in this area.


Medical IoT Medical institutions Cyber attack cyber security medical devices confidential data vulnerabilities 


  1. BBC (2013) Dick Cheney: heart implant attack was credible. Retrieved from
  2. BBC (2017) Ethical hackers to boost NHS cyber-defences. Retrieved from
  3. Callaham J (2014) A (very) brief history of Windows XP. Retrieved from
  4. Cunningham D, Cunningham M, Donkor A, Linker N, Murgatroyd F (2017) National audit of cardiac rhythm management devices. Retrieved from
  5. DMCA Exemption Granted for Med Device Research, Patient Access to Data (2015.) Retrieved from
  6. Erdogan O (2002) Electromagnetic interference on pacemakers. Indian Pacing Electrophysiol J 2(3):74–78. PMCID: PMC1564060Google Scholar
  7. EU Directive 95/46/EC – The Data Protection Directive (n.d..) Retrieved from
  8. Fatal flaws in ten pacemakers make for Denial of Life attacks (2016.) Retrieved from
  9. Finkle J (2016) J&J warns diabetic patients: Insulin pump vulnerable to hacking. Reuters. Retrieved from
  10. Fu K, Blum J (2013) Controlling for cybersecurity risks of medical device software. Commun ACM 56(10):35–37CrossRefGoogle Scholar
  11. Gillard D (2017) Living with a Pacemaker. British Heart Foundation, pp 4–20Google Scholar
  12. Giry D (2017) Keylength. Retrieved May 19, 2018, from
  13. Glisson WB, Andel T, McDonald T, Jacobs M, Campbell M, Mayr J (2015) Compromising a medical Mannequin. Comput Res Repository arXiv:1509.00065
  14. Goode L (2015) Anonymous and the political ethos of hacktivism. Pop Commun 13(1):74–86CrossRefGoogle Scholar
  15. Halperin D, Heydt-Benjamin TS, Ransford B, Clark SS, Defend B, Morgan W, Fu K, Kohno T, Maisel WH (2008) Pacemakers and implantable Cardiac Defibrillators: software radio attacks and zero-power defenses. IEEE Symp Secur PrivGoogle Scholar
  16. Hatmaker T (2016) FDA issues new security guidelines so that your pacemaker won’t get hacked. Retrieved from
  17. Horton H (2016) Contactless card owners warned against public transport scanner hack. The Telegraph. Retrieved from
  18. Implantable cardioverter defibrillator (n.d.). Retrieved from
  19. Barnaby Jack (2017.) Retrieved from
  20. Jamming & Radio Interference: Understanding the impact. (n.d.) The Institute of Engineering and Technology.
  21. Kobie N (2017) The quantum clock is ticking on encryption – and your data is under threat. Retrieved from
  22. Lam B (2017) NHS cyber attack: views from the front line. Pharm J. Retrieved from
  23. New York Post (2016) Yes, pacemakers can get hacked. Retrieved from
  24. Nitta Y (2013) Japan’s approach towards international strategy on cyber security cooperation. Retrieved September, 13, p 2014Google Scholar
  25. Nohe P (2018) FDA: 465,000 Pacemakers need a firmware update. Retrieved
  26. O’Connor MC (2010) Study finds RFID readers may affect pacemakers, but pose no urgent risk. Retrieved from
  27. Oh I (2015) Anti-Abortion hackers claim to have stolen data that could take down planned parenthood. Mother JonesGoogle Scholar
  28. Pournouri S, Craven M (2014) E-business, recent threats and security countermeasures. Int J Electron Secur Digit Forensics 6(3):169–184CrossRefGoogle Scholar
  29. Saini H, Rao YS, Panda TC (2012) Cyber-crimes and their impacts: a review. Int J Eng Res Appl 2(2):202–209Google Scholar
  30. Seals T (2018) Abbott addresses life-threatening flaw in a half-million pacemakers. Retrieved May 19, 2018, from
  31. Secure by Design: Improving the cyber security of consumer Internet of Things Report (pp. 4–27, Rep.) (2018). Department for Digital, Culture, Media & Sport. Retrieved from
  32. Spring T (2017) Wireless ‘BlueBorne’ attacks target billions of bluetooth devices. Retrieved May 15, 2018, from
  33. Wendling P (2017) Abbott hit with $9.9 million class-Action over St Jude devices. Medscape. Retrieved from
  34. Yuce MR, Islam MN (2016) Review of medical implant communication system (MICS) band and network. ICT Express 2(4):188–194. CrossRefGoogle Scholar
  35. Zetter K (2015) Medical devices that are vulnerable to life-threatening hacks. Retrieved from

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Sheffield Hallam UniversitySheffieldUK

Personalised recommendations