skip to main content
research-article
Public Access

A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses

Published:21 July 2021Publication History
Skip Abstract Section

Abstract

Recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices, body area networks, and Internet of Things technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems because any security or privacy violation can lead to severe effects on patients’ treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this article, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the article with future research directions toward securing healthcare systems against common vulnerabilities.

References

  1. Alexandros Pantelopoulos and Nikolaos G. Bourbakis. 2010. A survey on wearable sensor-based systems for health monitoring and prognosis.IEEE Transactions on Systems, Man, and Cybernetics, Part C 40, 1 (2010), 1–12.Google ScholarGoogle Scholar
  2. Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2014. Trustworthiness of medical devices and body area networks.Proceedings of the IEEE 102, 8 (2014), 1174–1188.Google ScholarGoogle Scholar
  3. Aravind Kailas and Mary Ann Ingram. 2009. Wireless communications technology in telehealth systems. In Proceedings of the 2009 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory, and Aerospace & Electronic Systems Technology.IEEE, Los Alamitos, CA, 926–930.Google ScholarGoogle Scholar
  4. Agusti Solanas, Constantinos Patsakis, Mauro Conti, Ioannis S. Vlachos, Victoria Ramos, Francisco Falcone, Octavian Postolache, et al. 2014. Smart health: A context-aware health paradigm within smart cities. IEEE Communications Magazine 52, 8 (2014), 74–81.Google ScholarGoogle ScholarCross RefCross Ref
  5. Abdul Razaque, Fathi Amsaad, Meer Jaro Khan, Salim Hariri, Shujing Chen, Chen Siting, and Xingchen Ji. 2019. Survey: Cybersecurity vulnerabilities, attacks and solutions in the medical domain. IEEE Access 7 (2019), 168774–168797.Google ScholarGoogle ScholarCross RefCross Ref
  6. Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger, and A. Selcuk Uluagac. 2018. A survey on sensor-based threats to Internet-of-Things (IoT) devices and applications. arxiv:1802.02041.Google ScholarGoogle Scholar
  7. Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2019. A context-aware framework for detecting sensor-based threats on smart devices. IEEE Transactions on Mobile Computing 19, 2 (2019), 245–261.Google ScholarGoogle ScholarCross RefCross Ref
  8. Xiaoyu Zhang, Hanjun Jiang, Xinkai Chen, Lingwei Zhang, and Zhihua Wang. 2009. An energy efficient implementation of on-demand MAC protocol in medical Wireless Body Sensor Networks. In Proceedings of the International Symposium on Circuits and Systems. IEEE, Los Alamitos, CA.Google ScholarGoogle Scholar
  9. 24x7. 2018. Global Medical Device Market to Grow 4.5%. Retrieved May 25, 2021 from https://www.24x7mag.com/medical-equipment/global-medical-device-market-grow-4-5/Google ScholarGoogle Scholar
  10. Jay G. Ronquillo and Diana M. Zuckerman. 2017. Software-related recalls of health information technology and other medical devices: Implications for FDA regulation of digital health. Milbank Quarterly 95, 3 (2017), 535–553.Google ScholarGoogle ScholarCross RefCross Ref
  11. Lisa Vaas. 2013. Doctors disabled wireless in Dick Cheney’s pacemaker to thwart hacking. Naked Security by SOPHOS. Retrieved May 25, 2021 fromhttps://nakedsecurity.sophos.com/2013/10/22/doctors-disabled-wireless-in-dick-cheneys-pacemaker-to-thwart-hacking/Google ScholarGoogle Scholar
  12. Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the IEEE Symposium on Security and Privacy.Google ScholarGoogle Scholar
  13. Ahmed Hasnain Jalal, Amit Kumar Sikder, Fahmida Alam, Sharraf Samin, Sharmin S. Rahman, Md Morshed A. Khan, and Masudur R. Siddiquee. Early diagnosis with alternative approaches: Innovation in lung cancer care. Shanghai Chest 5 (2021), 1–14.Google ScholarGoogle Scholar
  14. Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2011. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In Proceedings of the Conference on e-Health Networking Applications and Services (Healthcom’11). IEEE, Los Alamitos, CA, 150–156.Google ScholarGoogle Scholar
  15. D. Benessa, M. Salajegheh, K. Fu, and S. Inoue. 2008. Protecting Global Medical Telemetry Infrastructure. Technical Report. Institute of Information Infrastructure Protection (I3P), Hanover, NH.Google ScholarGoogle Scholar
  16. Michael Rushanan, Aviel D. Rubin, Denis Foo Kune, and Colleen M. Swanson. 2014. Sok: Security and privacy in implantable medical devices and body area networks. In Proceedings of the IEEE Symposium on Security and Privacy (SP’14). IEEE, Los Alamitos, CA, 524–539.Google ScholarGoogle Scholar
  17. Nourhene Ellouze, Mohamed Allouche, Habib Ben Ahmed, Slim Rekhis, and Noureddine Boudriga. 2014. Security of implantable medical devices: Limits, requirements, and proposals. Security and Communication Networks 7, 12 (2014), 2475–2491.Google ScholarGoogle ScholarCross RefCross Ref
  18. Riham Altawy and Amr M. Youssef. 2016. Security tradeoffs in cyber physical systems: A case study survey on implantable medical devices. IEEE Access 4 (2016), 1.Google ScholarGoogle Scholar
  19. Heena Rathore, Amr Mohamed, Abdulla Al-Ali, Xiaojiang Du, and Mohsen Guizani. 2017. A review of security challenges, attacks and resolutions for wireless medical devices. In Proceedings of the 13th International Wireless Communications and Mobile Computing Conference. IEEE, Los Alamitos, CA, 1495–1501.Google ScholarGoogle Scholar
  20. Carmen Camara, Pedro Peris-Lopez, and Juan E. Tapiador. 2015. Security and privacy issues in implantable medical devices: A comprehensive survey. Journal of Biomedical Informatics 55 (2015), 272–289.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Younghyun Kim, Woosuk Lee, Anand Raghunathan, Vijay Raghunathan, and Niraj K. Jha. 2015. Reliability and security of implantable and wearable medical devices. In Implantable Biomedical Microsystems. Elsevier, 167–199.Google ScholarGoogle Scholar
  22. Hande Alemdar and Cem Ersoy. 2010. Wireless sensor networks for healthcare: A survey. Computer Networks 54, 15 (2010), 2688–2710.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. Stalin David and A. Jeyachandran. 2016. A comprehensive survey of security mechanisms in healthcare applications. In Proceedings of the 2016 IEEE International Conference on Communications and Electronics Systems (ICCES’16).Google ScholarGoogle Scholar
  24. Harsh Kupwade Patil and Ravi Seshadri. 2014. Big data security and privacy issues in healthcare. In Proceedings of the 2014 IEEE International Congress on Big Data.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Adnan Qayyum, Junaid Qadir, Muhammad Bilal, and Ala Al-Fuqaha. 2020. Secure and robust machine learning for healthcare: A survey. arxiv:2001.08103.Google ScholarGoogle Scholar
  26. Johannes Sametinger, Jerzy W. Rozenblit, Roman L. Lysecky, and Peter Ott. 2015. Security challenges for medical devices.Communications of the ACM 58, 4 (2015), 74–82.Google ScholarGoogle Scholar
  27. Pijush Kanti Dutta Pramanik, Saurabh Pal, and Moutan Mukhopadhyay. 2019. Healthcare big data: A comprehensive overview. In Intelligent Systems for Healthcare Management and Delivery. IGI Global, 72–100.Google ScholarGoogle Scholar
  28. Karim Abouelmehdi, Abderrahim Beni-Hessane, and Hayat Khaloufi. 2018. Big healthcare data: Preserving security and privacy. Journal of Big Data 5 (2018), Article 1.Google ScholarGoogle Scholar
  29. Hadi Habibzadeh and Tolga Soyata. 2020. Toward uniform smart healthcare ecosystems: A survey on prospects, security, and privacy considerations. In Connected Health in Smart Cities. Springer, 75–112.Google ScholarGoogle Scholar
  30. S. M. Riazul Islam, Daehan Kwak, M. D. Humaun Kabir, Mahmud Hossain, and Kyung-Sup Kwak. 2015. The Internet of Things for health care: A comprehensive survey. IEEE Access 3 (2015), 678–708.Google ScholarGoogle Scholar
  31. Clemens Scott Kruse, Benjamin Frederick, Taylor Jacobson, and D. Kyle Monticone. 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care 25, 1 (2017), 1–10.Google ScholarGoogle ScholarCross RefCross Ref
  32. Tehreem Yaqoob, Haider Abbas, and Mohammed Atiquzzaman. 2019. Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices—A review. IEEE Communications Surveys & Tutorials 21, 4 (2019), 3723–3768.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Somayeh Nasiri, Farahnaz Sadoughi, Mohammad Hesam Tadayon, and Afsaneh Dehnad. 2019. Security requirements of Internet of Things-based healthcare system: A survey study. Acta Informatica Medica 27, 4 (2019), 253.Google ScholarGoogle Scholar
  34. European Commission. 2010. MEDICAL DEVICES: Guidance Document—Classification of Medical Devices. Retrieved May 25, 2021 from https://ec.europa.eu/docsroom/documents/10337/attachments/1/translations/en/renditions/pdf.Google ScholarGoogle Scholar
  35. Kenneth A. Townsend, James W. Haslett, Tommy Kwong-Kin Tsang, Mourad N. El-Gamal, and Krzysztof Iniewski. 2005. Recent advances and future trends in low power wireless systems for medical applications. In Proceedings of the IEEE Workshop on System-on-Chip for Real-Time Applications (IWSOC’05).Google ScholarGoogle Scholar
  36. Min Chen, Sergio Gonzalez, Athanasios Vasilakos, Huasong Cao, and Victor C. Leung. 2011. Body area networks: A survey. Mobile Networks and Applications 16 (2011), 171–193.Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Gerhard Tröster. 2005. The agenda of wearable healthcare. Yearbook of Medical Informatics 14, 1 (2005), 125–138.Google ScholarGoogle Scholar
  38. Zigbee Alliance. n.d. Home Page. Retrieved May 25, 2021 from https://www.zigbee.org/Google ScholarGoogle Scholar
  39. Mehmet R. Yuce, Steven W. P. Ng, Naung L. Myo, Chin K. Lee, Jamil Y. Khan, and Wentai Liu. 2007. A MICS band wireless body sensor network. In Proceedings of the 2007 IEEE Wireless Communications and Networking Conference. IEEE, Los Alamitos, CA, 2473–2478.Google ScholarGoogle Scholar
  40. Wenyi Liu, A. Selcuk Uluagac, and Raheem Beyah. 2014. MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data. In Proceedings of the Conference on Computer Communications Workshops (INFOCOM WKSHPS’14). IEEE, Los Alamitos, CA, 518–523.Google ScholarGoogle Scholar
  41. Steve Hanna, Rolf Rolles, Andrés Molina-Markham, Pongsin Poosankam, Jeremiah Blocki, Kevin Fu, and Dawn Song. 2011. Take two software updates and see me in the morning: The case for software security evaluations of medical devices. In Proceedings of the 2nd USENIX Conference on Health Security and Privacy (HealthSec’11).Google ScholarGoogle Scholar
  42. Vinu Moses and Ipeson Korah. 2015. Lack of security of networked medical equipment in radiology. American Journal of Roentgenology 204, 2 (2015), 343–353.Google ScholarGoogle Scholar
  43. Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, and Kemal Akkaya. 2018. WACA: Wearable-assisted continuous authentication. In Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW’18).Google ScholarGoogle Scholar
  44. Imprivata. 2018. Getting Authentication—Right Considerations for Medical Device Security. Retrieved May 25, 2021 from https://www.imprivata.com/blog/getting-authentication-right-%E2%80%93-considerations-medical-device-security#: :text=%20Getting%20authentication%20right%20%E2%80%93%20considerations%20for%20medical,One%20of%20the%20largest%20roadblocks%20to...%20More%20.Google ScholarGoogle Scholar
  45. Melanie R. Rieback, Bruno Crispo, and Andrew S. Tanenbaum. 2006. Is your cat infected with a computer virus? In Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications. IEEE, Los Alamitos, CA, 10.Google ScholarGoogle Scholar
  46. Kelvin Ly and Yier Jin. 2016. Security studies on wearable fitness trackers. In Proceedings of the 38th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.Google ScholarGoogle Scholar
  47. Eric Clausing, Michael Schiefer, Ulf Lösche, and Maik Morgenstern. 2015. Security Evaluation of Nine Fitness Trackers. Independent IT–Security Institute.Google ScholarGoogle Scholar
  48. Mahmudur Rahman, Bogdan Carbunar, and Madhusudan Banik. 2013. Fit and vulnerable: Attacks and defenses for a health monitoring device. arxiv:1304.5672.Google ScholarGoogle Scholar
  49. Becker’s Clinical Leadership & Infection Control. 2016. Medical Devices at Risk of DoS Attacks—5 Insights. Retrieved May 26, 2021 from https://www.beckersasc.com/asc-quality-infection-control/medical-devices-at-risk-of-denial-of-service-attacks-5-insights.htmlGoogle ScholarGoogle Scholar
  50. Sasikanth Avancha, Amit Baxi, and David Kotz. 2012. Privacy in mobile technology for personal healthcare. ACM Computing Surveys 45, 1 (2012), Article 3.Google ScholarGoogle Scholar
  51. Ding Ding, Mauro Conti, and Agusti Solanas. 2016. A smart health application and its related privacy issues. In Proceedings of the IEEE SCSP Workshop.Google ScholarGoogle Scholar
  52. Linke Guo, Chi Zhang, Jinyuan Sun, and Yuguang Fang. 2014. A privacy-preserving attribute-based authentication system for mobile health networks. IEEE Transactions on Mobile Computing 13, 9 (2014), 1927–1941.Google ScholarGoogle ScholarCross RefCross Ref
  53. Peter Mell, Karen Scarfone, and Sasha Romanosky. 2007. A Complete Guide to the Common Vulnerability Scoring System Version 2.0, Vol. 1. FIRST.Google ScholarGoogle Scholar
  54. Taimour Wehbe, Vincent J. Mooney, Abdul Qadir Javaid, and Omer T. Inan. 2017. A novel physiological features-assisted architecture for rapidly distinguishing health problems from hardware Trojan attacks and errors in medical devices. In Proceedings of the 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST’17).Google ScholarGoogle Scholar
  55. IEEE Cybersecurity. 2016. WearFit: Security Design Analysis of a Wearable Fitness Tracker. Retrieved May 25, 2021 from https://cybersecurity.ieee.org/blog/2016/02/17/wearfit-security-design-analysis-of-a-wearable-fitness-tracker/Google ScholarGoogle Scholar
  56. U.S. Food and Drug Administration. 2016. Postmarket Management of Cybersecurity in Medical Devices Draft Guidance for Industry and Food and Drug Administration Staff. U.S. Food and Drug Administration, Silver Spring, MD.Google ScholarGoogle Scholar
  57. Taimour Wehbe, Vincent J. Mooney, Omer T. Inan, and David C. Keezer. 2018. Securing medical devices against hardware trojan attacks through analog-, digital-, and physiological-based signatures. Journal of Hardware and Systems Security 2 (2018), 251–265.Google ScholarGoogle ScholarCross RefCross Ref
  58. Kevin Fu and James Blum. 2014. Controlling for cybersecurity risks of medical device software. Biomedical Instrumentation & Technology 2014 (2014), 38–41.Google ScholarGoogle Scholar
  59. Christopher Weaver. 2013. Patients Put at Risk By Computer Viruses. Retrieved May 25, 2021 from https://www.wsj.com/articles/SB10001424127887324188604578543162744943762/Google ScholarGoogle Scholar
  60. AAMI. 2018. Orangeworm Cyberattack Group Puts Healthcare Industry in the Crosshairs. Retrieved May 25, 2021 from http://www.aami.org/newsviews/newsdetail.aspx?ItemNumber=6205/Google ScholarGoogle Scholar
  61. Guy Martin, Paul Martin, Chris Hankin, Ara Darzi, and James Kinross. 2017. Cybersecurity and healthcare: How safe are we?BMJ 358 (2017), j3179.Google ScholarGoogle Scholar
  62. Steve Mansfield-Devine. 2016. Ransomware: Taking businesses hostage. Network Security 2016, 10 (2016), 8–17.Google ScholarGoogle Scholar
  63. Broadcom. 2018. 4 Emerging Threats to Healthcare Providers. Retrieved May 25, 2021 from https://www.symantec.com/blogs/expert-perspectives/4-emerging-threats-healthcare-providers/Google ScholarGoogle Scholar
  64. Hacker News. 2019. New Zeppelin Ransomware Targeting Tech and Health Companies. Retrieved May 25, 2021 from https://thehackernews.com/2019/12/zeppelin-ransomware-attacks.htmlGoogle ScholarGoogle Scholar
  65. 2019. LifeLabs Paid Hackers to Recover Stolen Medical Data of 15 Million Canadians. https://thehackernews.com/2019/12/lifelabs-data-breach.htmlGoogle ScholarGoogle Scholar
  66. Health IT Security. 2019. 56% of Health Providers Still Rely on Legacy Windows 7 Systems. Retrieved May 25, 2021 from https://healthitsecurity.com/news/56-of-health-providers-still-rely-on-legacy-windows-7-systems/Google ScholarGoogle Scholar
  67. Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros, and Dawn Song. 2012. On the feasibility of side-channel attacks with brain-computer interfaces. In Proceedings of the 2012 USENIX Security Symposium. 143–158.Google ScholarGoogle Scholar
  68. Billy Rios and Jonathan Butts. 2017. Security Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies. Retrieved May 25, 2021 from https://www.ledecodeur.ch/wp-content/uploads/2017/05/Pacemaker-Ecosystem-Evaluation.pdfGoogle ScholarGoogle Scholar
  69. Jakob Rieck. 2016. Attacks on fitness trackers revisited: A case-study of unfit firmware security. arxiv:1604.03313.Google ScholarGoogle Scholar
  70. Dongkwan Kim, Suwan Park, Kibum Choi, and Yongdae Kim. 2015. BurnFit: Analyzing and exploiting wearable devices. In Proceedings of the International Workshop on Information Security Applications. 227–239.Google ScholarGoogle Scholar
  71. Jaewoo Shim, K. H. Lim, J. M. Jung, S. J. Cho, M. K. Park, and S. C. Han. 2017. A case study on vulnerability analysis and firmware modification attack for a wearable fitness tracker. IT Convergence Practice 5, 4 (2017), 25–33.Google ScholarGoogle Scholar
  72. Jiska Classen, Daniel Wegemer, Paul Patras, Tom Spink, and Matthias Hollick. 2018. Anatomy of a vulnerable fitness tracking system: Dissecting the Fitbit cloud, app, and firmware. In Proceedings of the ACM on Interactive, Mobile, and Ubiquitous Technologies. Article 5.Google ScholarGoogle Scholar
  73. Orlando Arias, Jacob Wurm, Khoa Hoang, and Yier Jin. 2015. Privacy and security in Internet of Things and wearable devices. IEEE Transactions on Multi-Scale Computing Systems 1, 2 (2015), 99–109.Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. Yinhao Xiao, Yizhen Jia, Xiuzhen Cheng, Jiguo Yu, Zhenkai Liang, and Zhi Tian. 2019. I can see your brain: Investigating home-use electroencephalography system security. IEEE Internet of Things Journal 6, 4 (2019), 6681–6691.Google ScholarGoogle Scholar
  75. U.S. Food and Drug Administration. 2018. Most Dangerous Hacked Medical Devices. Retrieved May 25, 2021 from https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htmGoogle ScholarGoogle Scholar
  76. CISION. 2019. Vulnerabilities Disclosed by CyberMDX Allow Attackers to Take Over Infusion Pumps. Retrieved May 25, 2021 from https://www.prnewswire.com/il/news-releases/vulnerabilities-disclosed-by-cybermdx-allow-attackers-to-take-over-infusion-pumps-300867517.htmlGoogle ScholarGoogle Scholar
  77. Cybersecurity & Infrastructure Security Agency. 2019. GE Aestiva and Aespire Anesthesia Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/icsma-19-190-01/Google ScholarGoogle Scholar
  78. Emma McMahon, Ryan Williams, Malaka El, Sagar Samtani, Mark Patton, and Hsinchun Chen. 2017. Assessing medical device vulnerabilities on the Internet of Things. In Proceedings of the International Conference on Intelligence and Security Informatics (ISI’17). IEEE, Los Alamitos, CA, 176–178.Google ScholarGoogle Scholar
  79. Cybersecurity & Infrastructure Security Agency. 2019. Change Healthcare McKesson and Horizon Cardiology Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/icsma-19-241-01/Google ScholarGoogle Scholar
  80. Cybersecurity & Infrastructure Security Agency. 2020. Medtronic Conexus Radio Frequency Protocol Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/ICSMA-19-080-01/Google ScholarGoogle Scholar
  81. Cybersecurity & Infrastructure Security Agency. 2018. Philips iSite/IntelliSpace PACS Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/ICSMA-18-088-01/Google ScholarGoogle Scholar
  82. Tom Mahler, Nir Nissim, Erez Shalom, Israel Goldenberg, Guy Hassman, Arnon Makori, Itzik Kochav, Yuval Elovici, and Yuval Shahar. 2018. Know your enemy: Characteristics of cyber-attacks on medical imaging devices. arxiv:1801.05583.Google ScholarGoogle Scholar
  83. Talos Intelligence. 2018. Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities. Retrieved May 25, 2021 from https://blog.talosintelligence.com/2018/04/vulnerability-spotlight-natus.html.Google ScholarGoogle Scholar
  84. Christian D’Orazio and Kim-Kwang Raymond Choo. 2015. A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps. In Proceedings of the 2015 48th Hawaii International Conference on System Sciences. IEEE, Los Alamitos, CA, 5175–5184.Google ScholarGoogle Scholar
  85. vpnMentor. 2019. Thousands of Pharmaceutical Records Leaked in Possible HIPAA Violation. Retrieved May 25, 2021 from https://www.vpnmentor.com/blog/report-vascepa-leak/Google ScholarGoogle Scholar
  86. UpGuard. 2019. Medical Procedure: How a Misconfigured Storage Bucket Exposed Medical Data. Retrieved May 25, 2021 from https://www.upguard.com/breaches/data-leak-hipaa-medico-s3/Google ScholarGoogle Scholar
  87. Renchi Yan, Teng Xu, and Miodrag Potkonjak. 2014. Semantic attacks on wireless medical devices. In Proceedings of the 2014 IEEE SENSORS Conference. IEEE, Los Alamitos, CA.Google ScholarGoogle Scholar
  88. Denis Foo Kune, John Backes, Shane S. Clark, Daniel Kramer, Matthew Reynolds, Kevin Fu, Yongdae Kim, and Wenyuan Xu. 2013. Ghost talk: Mitigating EMI signal injection attacks against analog sensors. In In Proceedings of the IEEE Conference on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 145–159.Google ScholarGoogle Scholar
  89. David L. Hayes, Paul J. Wang, Dwight W. Reynolds, N. A. Mark Estes, John L. Griffith, Rebecca A. Steffens, George L. Carlo, Gretchen K. Findlay, and Claudine M. Johnson. 1997. Interference with cardiac pacemakers by cellular telephones. New England Journal of Medicine 336, 21 (1997), 1473–1479.Google ScholarGoogle ScholarCross RefCross Ref
  90. Clemens Jilek, Stylianos Tzeis, Tilko Reents, Heidi-Luise Estner, Stephanie Fichtner, Sonia Ammar, Jinjin Wu, Gabriele Hessling, Isabel Deisenhofer, and Christof Kolb. 2010. Safety of implantable pacemakers and cardioverter defibrillators in the magnetic field of a novel remote magnetic navigation system. Journal of Cardiovascular Electrophysiology 21, 10 (2010), 1136–1141.Google ScholarGoogle ScholarCross RefCross Ref
  91. Youngseok Park, Yunmok Son, Hocheol Shin, Dohyun Kim, and Yongdae Kim. 2016. This ain’t your dose: Sensor spoofing attack on medical infusion pump. In Proceedings of the 10th USENIX Workshop on Offensive Technologies.Google ScholarGoogle Scholar
  92. Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2013. Towards trustworthy medical devices and body area networks. In Proceedings of the 50th Annual Design Automation Conference. 1–6.Google ScholarGoogle Scholar
  93. Threat Post. 2011. Blind Attack on Wireless Insulin Pumps Could Deliver Lethal Dose. Retrieved May 25, 2021 from https://threatpost.com/blind-attack-wireless-insulin-pumps-could-deliver-lethal-dose-102711/75808/Google ScholarGoogle Scholar
  94. Tod Beardsley. 2016. R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump. Retrieved May 25, 2021 from https://blog.rapid7.com/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump/Google ScholarGoogle Scholar
  95. Jenny Knackmuß, Thomas Möller, Wilfried Pommerien, and Reiner Creutzburg. 2015. Security risk of medical devices in IT networks: The case of an infusion pump unit. In Proceedings of the 2015 SPIE Conference. 9411.Google ScholarGoogle Scholar
  96. Brian Cusack, Bryce Antony, Gerard Ward, and Shaunak Mody. 2017. Assessment of security vulnerabilities in wearable devices. In Proceedings of the Australian Information Security Management Conference.Google ScholarGoogle Scholar
  97. Eduard Marin, Dave Singelée, Flavio D. Garcia, Tom Chothia, Rik Willems, and Bart Preneel. 2016. On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them. In Proceedings of the 32nd Annual Conference on Computer Security Applications. 226.Google ScholarGoogle ScholarDigital LibraryDigital Library
  98. Tamara Bonaci, Jeffrey Herron, Charlie Matlack, and Howard Jay Chizeck. 2014. Securing the exocortex: A twenty-first century cybernetics challenge. In Proceedings of the Conference on Norbert Wiener in the 21st Century (21CW’14). IEEE, Los Alamitos, CA, 1–8.Google ScholarGoogle Scholar
  99. Tamara Bonaci, Ryan Calo, and Howard Jay Chizeck. 2014. App stores for the brain: Privacy & security in Brain-Computer Interfaces. In Proceedings of the International Symposium on Ethics in Science, Technology, and Engineering. IEEE, Los Alamitos, CA, 1–7.Google ScholarGoogle Scholar
  100. Qiaoyang Zhang and Zhiyao Liang. 2017. Security analysis of bluetooth low energy based smart wristbands. In Proceedings of the 2017 2nd International Conference on Frontiers of Sensors Technologies (ICFST’17).Google ScholarGoogle Scholar
  101. Younghyun Kim, Woo Suk Lee, Vijay Raghunathan, Niraj K. Jha, and Anand Raghunathan. 2015. Vibration-based secure side channel for medical devices. In Proceedings of the 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). IEEE, Los Alamitos, CA, 1–6.Google ScholarGoogle Scholar
  102. Kassem Fawaz, Kyu-Han Kim, and Kang G. Shin. 2016. Protecting privacy of BLE device users. In Proceedings of the 25th USENIX Security Symposium.Google ScholarGoogle Scholar
  103. Tzipora Halevi and Nitesh Saxena. 2010. On pairing constrained wireless devices based on secrecy of auxiliary channels: The case of acoustic eavesdropping. In Proceedings of the 17th ACM Conference on Computer and Communications Security.Google ScholarGoogle ScholarDigital LibraryDigital Library
  104. Kerolos Lotfy and Matthew L. Hale. 2016. Assessing pairing and data exchange mechanism security in the wearable Internet of Things. In Proceedings of the International Conference on Mobile Services (MS’16). IEEE, Los Alamitos, CA, 25–32.Google ScholarGoogle Scholar
  105. Daniel Wood, Noah Apthorpe, and Nick Feamster. 2017. Cleartext data transmissions in consumer IoT medical devices. In Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. 7–12.Google ScholarGoogle Scholar
  106. QianQian Li, Ding Ding, and Mauro Conti. 2015. Brain-computer interface applications: Security and privacy challenges. In Proceedings of the 2015 IEEE Conference on Communications and Network Security (CNS’15).Google ScholarGoogle Scholar
  107. Jerome Radcliffe. 2011. Hacking medical devices for fun and insulin: Breaking the human SCADA system. In Proceedings of the Black Hat Conference.Google ScholarGoogle Scholar
  108. Talon Flynn, George Grispos, William Glisson, and William Mahoney. 2020. Knock! Knock! Who is there? Investigating data leakage from a medical Internet of Things hijacking attack. In Proceedings of the 53rd Hawaii International Conference on System Sciences.Google ScholarGoogle Scholar
  109. Benjamin Ransford, Daniel B. Kramer, Denis Foo Kune, Julio Auto de Medeiros, Chen Yan, Wenyuan Xu, Thomas Crawford, and Kevin Fu. 2017. Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists. Pacing and Clinical Electrophysiology 40, 8 (2017), 913–917.Google ScholarGoogle Scholar
  110. Hacker News. 2020. A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices. Retrieved May 25, 2021 from https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.htmlGoogle ScholarGoogle Scholar
  111. Faisal Alsubaei, Abdullah Abuhussein, and Sajjan Shiva. 2017. Security and privacy in the Internet of Medical Things: Taxonomy and risk assessment. In Proceedings of the 42nd Conference on Local Computer Networks Workshops (LCN Workshops’17). IEEE, Los Alamitos, CA, 112–120.Google ScholarGoogle Scholar
  112. Zhiqiang Wang, Pingchuan Ma, Xiaoxiang Zou, and Tao Yang. 2019. Security of medical cyber-physical systems: An empirical study on imaging devices. arxiv:1904.00224.Google ScholarGoogle Scholar
  113. Nils Ole Tippenhauer, Luka Malisa, Aanjhan Ranganathan, and Srdjan Capkun. 2013. On limitations of friendly jamming for confidentiality. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 160–173.Google ScholarGoogle ScholarDigital LibraryDigital Library
  114. Cas Cremers, Kasper B. Rasmussen, Benedikt Schmidt, and Srdjan Capkun. 2012. Distance hijacking attacks on distance bounding protocols. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). IEEE, Los Alamitos, CA, 113–127.Google ScholarGoogle ScholarDigital LibraryDigital Library
  115. Vahab Pournaghshband, Majid Sarrafzadeh, and Peter Reiher. 2012. Securing legacy mobile medical devices. In Proceedings of the International Conference on Wireless Mobile Communication and Healthcare. 163–172.Google ScholarGoogle Scholar
  116. Xiali Hei, Xiaojiang Du, Shan Lin, Insup Lee, and Oleg Sokolsky. 2014. Patient infusion pattern based access control schemes for wireless insulin pump system. IEEE Transactions on Parallel and Distributed Systems 26, 11 (2014), 3108–3121.Google ScholarGoogle ScholarDigital LibraryDigital Library
  117. Jagmohan Chauhan, Suranga Seneviratne, Mohamed Ali Kaafar, Anirban Mahanti, and Aruna Seneviratne. 2016. Characterization of early smartwatch apps. In Proceedings of the International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops’16). IEEE, Los Alamitos, CA.Google ScholarGoogle Scholar
  118. Nicola Paoletti, Zhihao Jiang, Md Ariful Islam, Houssam Abbas, Rahul Mangharam, Shan Lin, Zachary Gruber, and Scott A. Smolka. 2019. Synthesizing stealthy reprogramming attacks on cardiac devices. In Proceedings of the 10th International Conference on Cyber-Physical Systems. IEEE, Los Alamitos, CA.Google ScholarGoogle Scholar
  119. A. K. M. Iqtidar Newaz, Amit Kumar Sikder, Leonardo Babun, and A. Selcuk Uluagac. 2020. Heka: A novel intrusion detection system for attacks to personal medical devices. In Proceedings of the 2020 IEEE Conference on Communications and Network Security (CNS’20). IEEE, Los Alamitos, CA, 1–9.Google ScholarGoogle Scholar
  120. David R. Raymond, Randy C. Marchany, Michael I. Brownfield, and Scott F. Midkiff. 2009. Effects of denial-of-sleep attacks on wireless sensor network MAC protocols. IEEE Transactions on Vehicular Technology 58, 1 (2009), 367–380.Google ScholarGoogle ScholarCross RefCross Ref
  121. Xiali Hei and Xiaojiang Du. 2013. Security for Wireless Implantable Medical Devices. Springer.Google ScholarGoogle Scholar
  122. Seyedmostafa Saf. and Zarina Shuk.2014. Improving Google glass security and privacy by changing the software structure. Life Science Journal 11, 5 (2014), 109–117.Google ScholarGoogle Scholar
  123. Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Design & Test of Computers 27, 1 (2010), 10–25.Google ScholarGoogle ScholarDigital LibraryDigital Library
  124. Becker’s Health IT. 2019. Patient Medical Records Sell for $1K on Dark Web. Retrieved May 25, 2021 from https://www.beckershospitalreview.com/cybersecurity/patient-medical-records-sell-for-1k-on-dark-web.htmlGoogle ScholarGoogle Scholar
  125. Tony F. Wu, Karthik Ganesan, Yunqing Alexander Hu, H.-S. Philip Wong, S. Simon Wong, and Subhasish Mitra. 2016. TPAD: Hardware Trojan prevention and detection for trusted integrated circuits.IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 35, 4 (2016), 521–534.Google ScholarGoogle Scholar
  126. Julien Francq and Florian Frick. 2015. Introduction to hardware Trojan detection methods. In Proceedings of the Automation & Test in Europe Conference.Google ScholarGoogle Scholar
  127. Charles Herder, Meng-Day Yu, Farinaz Koushan., and Srinivas Dev.2014. Physical unclonable functions and applications: A tutorial. Proceedings of the IEEE 102, 8 (2014), 1126–1141.Google ScholarGoogle ScholarCross RefCross Ref
  128. Najwa Aaraj, Anand Raghunathan, and Niraj K. Jha. 2008. Analysis and design of a hardware/software trusted platform module for embedded systems. ACM Transactions on Embedded Computing Systems 8, 1 (2008), 8.Google ScholarGoogle Scholar
  129. Jacob M. Sorber, Minho Shin, Ron Peterson, and David Kotz. 2012. Plug-n-Trust: Practical trusted sensing for mhealth. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, New York, NY, 309–322.Google ScholarGoogle Scholar
  130. Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2010. Secure virtual machine execution under an untrusted management OS. In Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD’10). IEEE, Los Alamitos, CA, 172–179.Google ScholarGoogle Scholar
  131. Raoul Praful Jetley, Paul L. Jones, and Paul Anderson.2008. Static analysis of medical device software using CodeSonar. In Proceedings of the ACM Workshop on Static Analysis.Google ScholarGoogle Scholar
  132. Najwa Aaraj, Anand Raghunathan, and Niraj K. Jha. 2008. Dynamic binary instrumentation-based framework for malware defense. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment.Google ScholarGoogle Scholar
  133. Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2013. Improving the trustworthiness of medical device software with formal verification methods. IEEE Embedded Systems Letters 5, 3 (2013), 50–53.Google ScholarGoogle ScholarCross RefCross Ref
  134. Lucas Cordeiro, Bernd Fischer, Huan Chen, and Joao Marques-Silva. 2009. Semiformal verification of embedded software in medical devices considering stringent hardware constraints. In Proceedings of the 2009 International Conference on Embedded Software and Systems. IEEE, Los Alamitos, CA, 396–403.Google ScholarGoogle ScholarDigital LibraryDigital Library
  135. Raoul Jetley, S. Purushothaman Iyer, Paul L. Jones, and William Spees. 2006. A formal approach to pre-market review for medical device software. In Proceedings of the 30th Annual InternationalComputer Software and Applications Conference, Vol. 1. IEEE, Los Alamitos, CA, 169–177.Google ScholarGoogle Scholar
  136. Tamara Denning, Alan Borning, Batya Friedman, Brian T. Gill, Tadayoshi Kohno, and William H. Maisel. 2010. Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, New York, NY, 917–926.Google ScholarGoogle Scholar
  137. Stuart Schechter. 2010. Security that is meant to be skin deep using ultraviolet micropigmentation to store emergency-access keys for implantable medical devices. Microsoft. Retrieved May 25, 2021 from https://www.microsoft.com/en-us/research/publication/security-that-is-meant-to-be-skin-deep-using-ultraviolet-micropigmentation-to-store-emergency-access-keys-for-implantable-medical-devicesGoogle ScholarGoogle Scholar
  138. Christophe De Canniere, Orr Dunkelman, and Miroslav Knežević. 2009. KATAN and KTANTAN—A family of small and efficient hardware-oriented block ciphers. In Cryptographic Hardware and Embedded Systems—CHES 2009. Springer, 272–288.Google ScholarGoogle Scholar
  139. Nachiketh R. Potlapally, Srivaths Ravi, Anand Raghunathan, and Niraj K. Jha. 2003. Analyzing the energy consumption of security protocols. In Proceedings of the 2003 International Symposium on Low Power Electronics and Design. ACM, New York, NY, 30–35.Google ScholarGoogle Scholar
  140. Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin, and Charlotte Vikkelsoe. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems.Google ScholarGoogle Scholar
  141. David L Donoho. 2006. Compressed sensing. IEEE Transactions on Information Theory 52, 4 (2006), 1289–1306.Google ScholarGoogle ScholarDigital LibraryDigital Library
  142. Simon Heron. 2009. Advanced encryption standard (AES). Network Security 2009, 12 (2009), 8–12.Google ScholarGoogle ScholarDigital LibraryDigital Library
  143. Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. 2013. Keccak. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. 313–314.Google ScholarGoogle Scholar
  144. Lu Shi, Jiawei Yuan, Shucheng Yu, and Ming Li. 2013. ASK-BAN: Authenticated secret key extraction utilizing channel characteristics for body area networks. In Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, New York, NY.Google ScholarGoogle Scholar
  145. Syed Taha Ali, Vijay Sivaraman, and Diethelm Ostry. 2012. Zero reconciliation secret key generation for body-worn health monitoring devices. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, New York, NY, 39–50.Google ScholarGoogle ScholarDigital LibraryDigital Library
  146. Suman Jana, Sriram Nandha Premnath, Mike Clark, Sneha K. Kasera, Neal Patwari, and Srikanth V. Krishnamurthy. 2009. On the effectiveness of secret key extraction from wireless signal strength in real environments. In Proceedings of the ACM International Conference on Mobile Computing and Networking.Google ScholarGoogle Scholar
  147. Suhas Mathur, Wade Trappe, Narayan Mandayam, Chunxuan Ye, and Alex Reznik. 2008. Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel. In Proceedings of the 14th ACM International Conference on Mobile Computing and Networking.Google ScholarGoogle Scholar
  148. Saied Hosseini-Khayat. 2011. A lightweight security protocol for ultra-low power ASIC implementation for wireless implantable medical devices. In Proceedings of the 5th International Symposium on Medical Information and Communication Technology. IEEE, Los Alamitos, CA.Google ScholarGoogle Scholar
  149. Masoud Rostami, Wayne Burleson, Farinaz Koushanfar, and Ari Juels. 2013. Balancing security and utility in medical devices? In Proceedings of the 50th Annual Design Automation Conference. ACM, New York, NY, 13.Google ScholarGoogle ScholarDigital LibraryDigital Library
  150. Christoph Beck, Daniel Masny, Willi Geiselmann, and Georg Bretthauer. 2011. Block cipher based security for severely resource-constrained implantable medical devices. In Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies. ACM, New York, NY, Article 62, 5 pages.Google ScholarGoogle ScholarDigital LibraryDigital Library
  151. Meng Zhang, Mehran Mozaffari Kermani, Anand Raghunathan, and Niraj K. Jha. 2013. Energy-efficient and secure sensor data transmission using encompression. In Proceedings of the 26th International Conference on VLSI Design. IEEE, Los Alamitos, CA, 31–36.Google ScholarGoogle Scholar
  152. Lake Bu, Mark G. Karpovsky, and Michel A. Kinsy. 2019. Bulwark: Securing implantable medical devices communication channels. Computers & Security 86 (2019), 498–511.Google ScholarGoogle ScholarDigital LibraryDigital Library
  153. Kubra Saeedi. 2019. Machine Learning for Ddos Detection in Packet Core Network for IoT. Retrieved May 25, 2021 from https://www.diva-portal.org/smash/get/diva2:1360486/FULLTEXT02.pdfGoogle ScholarGoogle Scholar
  154. Sudip Vhaduri and Christian Poellabauer. 2017. Wearable device user authentication using physiological and behavioral metrics. In Proceedings of the 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC’17). IEEE, Los Alamitos, CA.Google ScholarGoogle Scholar
  155. A. K. M. Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A. Selcuk Uluagac. 2019. Healthguard: A machine learning-based security framework for smart healthcare systems. In Proceedings of the 2019 6th International Conference on Social Networks Analysis, Management, and Security (SNAMS’19). IEEE, Los Alamitos, CA, 389–396.Google ScholarGoogle Scholar
  156. Heena Rathore, Amr Mohamed, and Mohsen Guizani. 2020. Deep learning-based security schemes for implantable medical devices. In Energy Efficiency of Medical Devices and Healthcare Applications. Elsevier, 109–130.Google ScholarGoogle Scholar
  157. Jinyuan Sun, Xiaoyan Zhu, Chi Zhang, and Yuguang Fang. 2011. HCPP: Cryptography based secure EHR system for patient privacy and emergency healthcare. In Proceedings of the 2011 31st International Conference on Distributed Computing Systems. IEEE, Los Alamitos, CA, 373–382.Google ScholarGoogle Scholar
  158. Huang Lin, Jun Shao, Chi Zhang, and Yuguang Fang. 2013. CAM: Cloud-assisted privacy preserving mobile health monitoring. IEEE Transactions on Information Forensics and Security 8, 6 (2013), 985–997.Google ScholarGoogle ScholarDigital LibraryDigital Library
  159. Ming Li, Wenjing Lou, and Kui Ren. 2010. Data security and privacy in wireless body area networks. IEEE Wireless Communications 17, 1 (2010), 51–58.Google ScholarGoogle ScholarDigital LibraryDigital Library
  160. Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. 2012. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems 24, 1 (2012), 131–143.Google ScholarGoogle ScholarDigital LibraryDigital Library
  161. Zhitao Guan, Tingting Yang, and Xiaojiang Du. 2015. Achieving secure and efficient data access control for cloud-integrated body sensor networks. International Journal of Distributed Sensor Networks 11, 8 (2015), 101287.Google ScholarGoogle Scholar
  162. Xiali Hei, Xiaojiang Du, Jie Wu, and Fei Hu. 2010. Defending resource depletion attacks on implantable medical devices. In Proceedings of the 2010 IEEE Global Telecommunications Conference (GLOBECOM’10).Google ScholarGoogle Scholar
  163. Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2013. MedMon: Securing medical devices through wireless monitoring and anomaly detection. IEEE Transactions on Biomedical Circuits and Systems 7, 6 (2013), 871–881.Google ScholarGoogle ScholarCross RefCross Ref
  164. Chenglong Fu, Xiaojiang Du, Longfei Wu, Qiang Zeng, Amr Mohamed, and Mohsen Guizani. 2019. POKs based secure and energy-efficient access control for implantable medical devices. In Security and Privacy in Communication Systems. Springer, 105–125.Google ScholarGoogle Scholar
  165. Yi Chen, Shuai Ding, Zheng Xu, Handong Zheng, and Shanlin Yang. 2019. Blockchain-based medical records secure storage and medical service framework. Journal of Medical Systems 43, 1 (2019), 5.Google ScholarGoogle ScholarDigital LibraryDigital Library
  166. Ashutosh Dhar Dwivedi, Gautam Srivastava, Shalini Dhar, and Rajani Singh. 2019. A decentralized privacy-preserving healthcare blockchain for IoT. Sensors (Basel) 19, 2 (2019), 326.Google ScholarGoogle Scholar
  167. Gautam Srivastava, Jorge Crichigno, and Shalini Dhar. 2019. A light and secure healthcare blockchain for IoT medical devices. In Proceedings of the 2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE’19). IEEE, Los Alamitos, CA, 1–5.Google ScholarGoogle Scholar
  168. Gautam Srivastava, Reza M. Parizi, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2019. Data sharing and privacy for patient IoT devices using blockchain. In Proceedings of the International Conference on Smart City and Informatization. 334–348.Google ScholarGoogle Scholar
  169. Swarup Bhunia, Michael S. Hsiao, Mainak Banga, and Seetharam Narasimhan. 2014. Hardware Trojan attacks: Threat analysis and countermeasures. Proceedings of the IEEE 102, 8 (2014), 1229–1247.Google ScholarGoogle ScholarCross RefCross Ref
  170. Jim Aarestad, Dhruva Acharyya, Reza Rad, and Jim Plusquellic. 2010. Detecting Trojans through leakage current analysis using multiple supply pads. IEEE Transactions on Information Forensics and Security 5, 4 (2010), 893–904.Google ScholarGoogle ScholarDigital LibraryDigital Library
  171. Sheng Wei and Miodrag Potkonjak. 2013. The undetectable and unprovable hardware Trojan horse. In Proceedings of the 50th Annual Design Automation Conference. ACM, New York, NY, 144.Google ScholarGoogle ScholarDigital LibraryDigital Library
  172. Charles Lamech and Jim Plusquellic. 2012. Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure. In Proceedings of the 2012 Conference on Hardware-Oriented Security and Trust (HOST’12). IEEE, Los Alamitos, CA, 75–82.Google ScholarGoogle Scholar
  173. Sheng Wei, Kai Li, Farinaz Koushanfar, and Miodrag Potkonjak. 2012. Hardware Trojan horse benchmark via optimal creation and placement of malicious circuitry. In Proceedings of the 49th Annual Design Automation Conference. ACM, New York, NY, 90–95.Google ScholarGoogle ScholarDigital LibraryDigital Library
  174. Jie Li and John Lach. 2008. At-speed delay characterization for IC authentication and Trojan horse detection. In Proceedings of the International Workshop on Hardware-Oriented Security and Trust. IEEE, Los Alamitos, CA, 8–14.Google ScholarGoogle Scholar
  175. Kyung Sup Kwak, Sana Ullah, and Niamat Ullah. 2010. An overview of IEEE 802.15. 6 standard. In Proceedings of the Applied Sciences in Biomedical and Communication Technologies (ISABEL’10). IEEE, Los Alamitos, CA, 1–6.Google ScholarGoogle Scholar
  176. Kris Tiri, Moonmoon Akmal, and Ingrid Verbauwhede. 2002. A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards. In Proceedings of the 2020 Solid-State Circuits Conference. IEEE, Los Alamitos, CA.Google ScholarGoogle Scholar
  177. Kris Tiri and Ingrid Verbauwhede. 2004. Charge recycling sense amplifier based logic: Securing low power security ICs against DPA. In Proceedings of the 30th European Conference on Solid-State Circuits. 179–182.Google ScholarGoogle Scholar
  178. Muhammad Ali Siddiqi, Christian Doerr, and Christos Strydis. 2020. IMDfence: Architecting a secure protocol for implantable medical devices. arxiv:2002.09546.Google ScholarGoogle Scholar
  179. Muhammad Ali Siddiqi and Christos Strydis. 2019. Towards realistic battery-DoS protection of implantable medical devices. In Proceedings of the 16th ACM International Conference on Computing Frontiers. 42–49.Google ScholarGoogle ScholarDigital LibraryDigital Library
  180. Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Wenyuan Xu, Kevin Fu, et al. 2013. WattsUpDoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In Proceedings of the 2013 USENIX Conference on Safety, Security, Privacy, and Interoperability of Health Information Technologies (HealthTech’13).Google ScholarGoogle Scholar
  181. Jean-Jacques Quisquater and David Samyde. 2001. Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In Smart Card Programming and Security. Springer, 200–210.Google ScholarGoogle Scholar
  182. Girish B. Ratanpal, Ronald D. Williams, and Travis N. Blalock. 2004. An on-chip signal suppression countermeasure to power analysis attacks. IEEE Transactions on Dependable and Secure Computing 1, 3 (2004), 179–189.Google ScholarGoogle ScholarDigital LibraryDigital Library
  183. M. Anwarul Hasan. 2001. Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. IEEE Transactions on Computers10 (2001), 1071–1083.Google ScholarGoogle Scholar
  184. Radu Muresan and Stefano Gregori. 2008. Protection circuit against differential power analysis attacks for smart cards. IEEE Transactions on Computers 57, 11 (2008), 1540.Google ScholarGoogle ScholarDigital LibraryDigital Library
  185. Po-Chun Liu, Hsie-Chia Chang, and Chen-Yi Lee. 2010. A low overhead DPA countermeasure circuit based on ring oscillators. IEEE Transactions on Circuits and Systems II: Express Briefs 57, 7 (2010), 546–550.Google ScholarGoogle ScholarDigital LibraryDigital Library
  186. Carmen C. Y. Poon, Yuan-Ting Zhang, and Shu-Di Bao. 2006. A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. IEEE Communications Magazine 44, 4 (2006), 73–81.Google ScholarGoogle ScholarDigital LibraryDigital Library
  187. Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, and David Kotz. 2012. Who wears me? Bioimpedance as a passive biometric. In Proceedings of the 3rd USENIX Conference on Health Security and Privacy (HealthSec’12).Google ScholarGoogle ScholarDigital LibraryDigital Library
  188. Chunqiang Hu, Xiuzhen Cheng, Fan Zhang, Dengyuan Wu, Xiaofeng Liao, and Dechang Chen. 2013. OPFKA: Secure and efficient ordered-physiological-feature-based key agreement for wireless body area networks. In Proceedings of the 2013 IEEE INFOCOM Conference. IEEE, Los Alamitos, CA, 2274–2282.Google ScholarGoogle Scholar
  189. Krishna K. Venkatasubramanian, Ayan Banerjee, and Sandeep Kumar S. Gupta. 2010. PSKA: Usable and secure key agreement scheme for body area networks. IEEE Transactions on Information Technology in Biomedicine 14, 1 (2010), 60–68.Google ScholarGoogle ScholarDigital LibraryDigital Library
  190. Sang-Yoon Chang, Yih-Chun Hu, Hans Anderson, Ting Fu, and Evelyn Y. L. Huang. 2012. Body area network security: Robust key establishment using human body channel. In Proceedings of the 3rd USENIX Conference on Health Security and Privacy (HealthSec’12). 5.Google ScholarGoogle Scholar
  191. Masoud Rostami, Ari Juels, and Farinaz Koushanfar. 2013. Heart-to-heart (H2H): Authentication for implanted medical devices. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). 1099–1112.Google ScholarGoogle ScholarDigital LibraryDigital Library
  192. Andrew D. Jurik and Alfred C. Weaver. 2011. Securing mobile devices with biotelemetry. In Proceedings of the 20th International Conference on Computer Communications and Networks (ICCCN’11).Google ScholarGoogle Scholar
  193. Sriram Cherukuri, Krishna K. Venkatasubramanian, and Sandeep K. S. Gupta. 2003. Biosec: A biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In Proceedings of the International Conference on Parallel Processing Workshops. IEEE, Los Alamitos, CA.Google ScholarGoogle Scholar
  194. Hassan Chizari and Emil C. Lupu. 2019. Extracting randomness from the trend of IPI for cryptographic operators in implantable medical devices. IEEE Transactions on Dependable and Secure Computing 18, 2 (2019), 875–888.Google ScholarGoogle Scholar
  195. Taha Belkhouja, Xiaojiang Du, Amr Mohamed, Abdulla K. Al-Ali, and Mohsen Guizani. 2019. Biometric-based authentication scheme for Implantable Medical Devices during emergency situations. Future Generation Computer Systems 98 (2019), 109–119.Google ScholarGoogle ScholarDigital LibraryDigital Library
  196. Hang Cai and Krishna K. Venkatasubramanian. 2019. Data-driven detection of sensor-hijacking attacks on electrocardiogram sensors. In Mission-Oriented Sensor Networks and Systems: Art and Science. Springer, 757–781.Google ScholarGoogle Scholar
  197. Hang Cai and Krishna K. Venkatasubramanian. 2016. Detecting signal injection attack-based morphological alterations of ECG measurements. In Proceedings of the International Conference on Distributed Computing in Sensor Systems (DCOSS’16). IEEE, Los Alamitos, CA, 127–135.Google ScholarGoogle Scholar
  198. Ming Li, Shucheng Yu, Joshua D. Guttman, Wenjing Lou, and Kui Ren. 2013. Secure ad hoc trust initialization and key management in wireless body area networks. ACM Transactions on Sensor Networks 9, 2 (2013), 18.Google ScholarGoogle Scholar
  199. Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, and Ersin Uzun. 2006. Loud and clear: Human-verifiable authentication based on audio. In Proceedings of the IEEE International Conference on Distributed Computing Systems. IEEE, Los Alamitos, CA, 10.Google ScholarGoogle Scholar
  200. Carsten W. Israel and S. Serge Barold. 2001. Pacemaker systems as implantable cardiac rhythm monitors. American Journal of Cardiology 88, 4 (2001), 442–445.Google ScholarGoogle ScholarCross RefCross Ref
  201. Eric Freudenthal, David Herrera, Frederick Kautz, Carlos Natividad, Alexandria Ogrey, Justin Sipla, Abimael Sosa, Carlos Betancourt, and Leonardo Estevez. 2007. Suitability of NFC for medical device communication and power delivery. In Proceedings of the 2007 Engineering in Medicine and Biology Workshop. IEEE, Los Alamitos, CA, 51–54.Google ScholarGoogle Scholar
  202. Heribert Baldus, Steven Corroy, Alberto Fazzi, Karin Klabunde, and Tim Schenk. 2009. Human-centric connectivity enabled by body-coupled communications. IEEE Communications Magazine 47, 6 (2009), 172–178.Google ScholarGoogle ScholarDigital LibraryDigital Library
  203. Priyanka Bagade, Ayan Banerjee, Joseph Milazzo, and Sandeep K. S. Gupta. 2013. Protect your BSN: No handshakes, just namaste! In In Proceedings of the 2013 IEEE International Conference on Body Sensor Networks.Google ScholarGoogle Scholar
  204. Kasper Bonne Rasmussen, Claude Castelluccia, Thomas S. Heydt-Benjamin, and Srdjan Capkun. 2009. Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, New York, NY.Google ScholarGoogle ScholarDigital LibraryDigital Library
  205. Lu Shi, Ming Li, Shucheng Yu, and Jiawei Yuan. 2013. BANA: Body area network authentication exploiting channel characteristics. IEEE Journal on Selected Areas in Communications 31, 9 (2013), 1803–1816.Google ScholarGoogle ScholarCross RefCross Ref
  206. Tamara Denning, Kevin Fu, and Tadayoshi Kohno. 2008. Absence makes the heart grow fonder: New directions for implantable medical device security. In Proceedings of the 3rd Conference on Hot Topics in Security (HOTSEC’08). Article 5, 7 pages.Google ScholarGoogle Scholar
  207. Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu. 2011. They can hear your heartbeats: Non-invasive security for implantable medical devices. ACM SIGCOMM Computer Communication Review 41, 4 (2011), 1–12.Google ScholarGoogle Scholar
  208. Fengyuan Xu, Zhengrui Qin, Chiu C. Tan, Baosheng Wang, and Qun Li. 2011. IMDGuard: Securing IMD with the external wearable guardian. In Proceedings of the 2011 IEEE INFOCOM Conference.Google ScholarGoogle Scholar
  209. Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. 6thSense: A context-aware sensor-based attack detector for smart devices. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). 397–414.Google ScholarGoogle Scholar
  210. Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A. Selcuk Uluagac. 2019. Aegis: A context-aware security framework for smart home systems. In Proceedings of the 35th Annual Computer Security Applications Conference. 28–41.Google ScholarGoogle Scholar
  211. Yana Petlovana. 2018. Privacy and Security in Healthcare: A Must-Read for Healthtech Entrepreneurs. Retrieved May 25, 2021 from https://steelkiwi.com/blog/privacy-and-security-in-healthcare/Google ScholarGoogle Scholar
  212. Kriangsiri Malasri and Lan Wang. 2009. Design and implementation of a securewireless mote-based medical sensor network. Sensors (Basel) 9, 8 (2009), 6273–6297.Google ScholarGoogle Scholar
  213. Mandeep Khera. 2017. Think like a hacker: Insights on the latest attack vectors (and security controls) for medical device applications. Journal of Diabetes Science and Technology 11, 2 (2017), 207–212.Google ScholarGoogle Scholar
  214. Patricia A. H. Williams and Andrew J. Woodward. 2015. Cybersecurity vulnerabilities in medical devices: A complex environment and multifaceted problem. Medical Devices (Auckland, NZ) 8 (2015), 305.Google ScholarGoogle Scholar
  215. Brian Randell. 1975. System structure for software fault tolerance. IEEE Transactions on Software Engineering 1, 2 (1975), 220–232.Google ScholarGoogle ScholarDigital LibraryDigital Library
  216. Robert E. Lyons and Wouter Vanderkulk. 1962. Use of triple-modular redundancy to improve reliability. IBM Journal of Research and Development 6, 2 (1962), 200–209.Google ScholarGoogle ScholarDigital LibraryDigital Library
  217. Ioannis Chatzigiannakis and Andreas Strikos. 2007. A decentralized intrusion detection system for increasing security of wireless sensor networks. In Proceedings of the 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA’17). IEEE, Los Alamitos, CA, 1408–1411.Google ScholarGoogle Scholar
  218. Md Hasan Shahriar, Nur Imtiazul Haque, Mohammad Ashiqur Rahman, and Miguel Alonso. 2020. G-IDS: Generative adversarial networks assisted intrusion detection system. In Proceedings of the 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC’20). IEEE, Los Alamitos, CA, 376–385.Google ScholarGoogle Scholar
  219. Amit Kumar Sikder, Leonardo Babun, Z. Berkay Celik, Abbas Acar, Hidayet Aksu, Patrick McDaniel, Engin Kirda, and A. Selcuk Uluagac. 2020. Kratos: Multi-user multi-device-aware access control system for the smart home. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’20). 1–12.Google ScholarGoogle Scholar
  220. Min Chen, Yixue Hao, Kai Hwang, Lu Wang, and Lin Wang. 2017. Disease prediction by machine learning over big data from healthcare communities. IEEE Access 5 (2017), 8869–8879.Google ScholarGoogle ScholarCross RefCross Ref
  221. Samuel G. Finlayson, Hyung Won Chung, Isaac S. Kohane, and Andrew L. Beam. 2018. Adversarial attacks against medical deep learning systems. arxiv:1804.05296.Google ScholarGoogle Scholar
  222. A. K. M. Newaz, Nur Imtiazul Haque, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A. Selcuk Uluagac. 2020. Adversarial attacks to machine learning-based smart healthcare systems. In Proceedings of the IEEE Global Communications Conference (GLOBECOM’20).Google ScholarGoogle Scholar

Index Terms

  1. A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Computing for Healthcare
          ACM Transactions on Computing for Healthcare  Volume 2, Issue 3
          Survey Paper
          July 2021
          226 pages
          ISSN:2691-1957
          EISSN:2637-8051
          DOI:10.1145/3476113
          Issue’s Table of Contents

          Copyright © 2021 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 21 July 2021
          • Accepted: 1 February 2021
          • Revised: 1 October 2020
          • Received: 1 April 2020
          Published in health Volume 2, Issue 3

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!