Professional Documents
Culture Documents
Networked Medical Devices Ass2
Networked Medical Devices Ass2
Individual Assignment 2
Sara Alsaidan | 2180002161 | 20 Nov
Table of Contents
Introduction ......................................................................................................................... 2
Networked Medical Devices ............................................................................................... 3
Vulnerabilities and attacks .................................................................................................. 4
Regulations for networked medical devices ....................................................................... 5
Countermeasures ................................................................................................................. 5
Conclusion .......................................................................................................................... 6
References ........................................................................................................................... 7
Abbreviation ....................................................................................................................... 8
Table of Figure
Figure 1 Medical Devices’ Communication Architecture .................................................. 3
Figure 2 sources of vulnerabilities ...................................................................................... 4
Figure 3 Attack on Medical Devices .................................................................................. 4
PAGE 1
Introduction
Digital development provides a range of services that make health services providers
highly dependent on technology. The management of patient information, the management
of health care providers, or the use of devices to help reduce patient risk are areas where
tremendous progress has been made recently. The patient can use portable and small
devices by themselves, while large devices require specialized facilities and expert
handling. As these technologies evolve, we will need networks to prepare health facilities,
adapt these devices, and communicate remotely with patients' devices. Scientists and
researchers seek countermeasures to protect information systems from attacks by
adversaries in technologies and networks. The healthcare industry has created medical
regulations to ensure information security and verify these regulations' availability in
hospitals. This report presents a review of networked medical devices, vulnerabilities and
attacks, regulations, and countermeasures based on research carried out by Tahreem
Yaqoob, Haider Abbas, and Mohammed Atiquzzaman in [1].
PAGE 2
Networked Medical Devices
According to the World Health Organization (WHO), medical devices differ in design,
implementation, and method of work, medical devices are defined as any device, tool, or
machine used to diagnose disease, treatment, and patient monitoring [2]. It has been
classified into three sections: Hard based, Soft rebased, Software, and Hardware-based.
Most medical devices use software and hardware-based class [3] The Medical Devices'
Communication Architecture Figure 1 defines three structural levels tier 1, tier 2, and tier
3.
PAGE 3
Vulnerabilities and attacks
The network model in Figure 1 has been used to identify seven sources of
vulnerabilities. These, as in Figure 2.
Each medical device is vulnerable to different attacks depending on the attack methodology
(Reverse engineering, communication protocol, static or dynamic analysis, traffic analysis,
communication channel exploitation, FTP server exploitation, Network analysis, malicious
command, and others). The attack exploited depends on the device and its vulnerability, a
common attack on medical devices in Figure 3.
PAGE 4
Regulations for networked medical devices
HIPPA, GDPR, EU, and FDA Policies developed by international agencies due to the
renaissance in medical devices to be followed when manufacturing medical devices to
overcome security challenges. Each institution has its categories and regulatory boards to
obtain medical device accreditation. The FDA classified the medical device into low to
medium risk, medium to high risk, and High to very high risk. The low to medium risk
have most devices. All other policies have a classification, but the FDA was obvious
compared to them. The importance of providing security to the patient makes the control
of the vulnerability affect the privacy and safety of the patient since they have common
interests. Transparency Challenges this is critical if the developers of the device want it to
go worldwide because of other different countries with different regulations. Furthermore,
some limitations of existing regulations: Nevertheless, most agency regulation does not
control privacy [4]. Each regulation has Fines and Penalties for Non-Compliance.
Countermeasures
The medical device should be protected because the information detected and analyzed
from the human body should be accurate. The researcher finds countermeasures in both
Software and Hardware-based, so the scientists implement different techniques to solve the
vulnerability found in some technology such as software protocols and hardware chipset
embedded in legacy equipment. This technique has advantages and disadvantages.
However, the disadvantage can be ignored since the techniques are beneficial. Some
technique requires costly chip or algorithms that can't apply to the small wearable device.
however, the on-site device can be protected very well because it is large and can adopt
security techniques. The cost can be tolerated because it helps many patients, not one
person. Attestation-Based Architecture can protect the on-site device, Isolation-Based
Mechanisms, Bio-Cryptographic Key schema and other schemes, different protocols, CIA
Mechanisms.
PAGE 5
Conclusion
The success of wearable technologies and devices is very significant, especially with
the COVID-19. It has become not only required protection by manufacturers and the health
sector, the user's knowledge, and awareness of how to use these technologies and the
protection of his data and its accuracy affects the protection. Therefore, the time that the
data needs to transfer and processed and then acted in case of danger requires an efficient
process. The developer should consider the speed of the Internet and the algorithms used
to process this data with adequate quality. Social, cultural, and cost problems are also
challenging as some people view them as untrustworthy or costly and privacy issues and
explaining to the patient the risk of medical device exploitation in plain terms. Moreover,
small size, lack of resources in the devices, movement of the devices, and importance of
data require a power source for a long time and avoid interruption if possible, which
consider as a challenge to the medical and security experts.
Cybersecurity should be applied in the manufacturing and procurement of medical devices.
Healthcare IT departments should focus on mitigating and preventing risk before exploiting
medical devices. As an acritical review, the reviewed paper should focus on awareness and
a new technology path such as defending healthcare supply chains, artificial intelligence,
and increased vulnerability disclosure from manufacturers [5].
PAGE 6
References
[1] T. Yaqoob, H. Abbas and M. Atiquzzaman, "Security Vulnerabilities, Attacks,
Countermeasures, and Regulations of Networked Medical Devices—A Review," in IEEE
Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3723-3768, Fourthquarter 2019,
doi: 10.1109/COMST.2019.2914094.
[2] G. Syringe. (2013). Overview: FDA Regulation of Medical Devices. Accessed: Mar. 2,
2018. [Online]. Available: http://www.qrasupport.com/FDA-MED-DEVICE.html
[4] B. Macfarlane. FDA Regulation of Mobile Medical Apps. Accessed: Dec. 10, 2018.
[Online].Available:https://www.namsa.com/wpcontent/uploads/2015/10/WP.006FDARe
gulationofMobileMedical Apps_a06.pdf.
[5] Lauver, M. (2021, October 26). Five new trends in Healthcare Cybersecurity. Security
Magazine RSS. Retrieved November 20, 2021, from
https://www.securitymagazine.com/articles/96391-five-new-trends-in-healthcare-
cybersecurity.
PAGE 7
Abbreviation
PAGE 8