Implantable devices, often dependent on software, save countless lives. But how secure are they?


Security risks resulting from intentional threats have only recently been confirmed, as medical devices increasingly use newer technologies such as wireless communication and Internet access. Embedded software and communication mechanisms now often qualify medical devices as information systems. Confidentiality, integrity, and availability of information are core design and operational goals. Secure software is supposed to continue to function correctly under a malicious attack. In this sense, medical device security is the idea of engineering these devices so they continue to function correctly even if under a malicious attack.
Key insights

  • Healthcare poses security challenges due to the sensitivity of health records, the increasing interoperability of medical devices, and simply the fact that human well-being and life are at stake.
  • Implantable devices are especially critical, as they may potentially put patients in life-threatening situations when not properly secured.
  • Medical devices are becoming noticeably important for millions of patients worldwide. Their increasing dependence on software and interoperability with other devices via wireless communication and the Internet has put security at the forefront.

cardiac pacemakerFor example, in a pacemaker scenario, we distinguish different risks according to the CIA triad, i.e., confidentiality, integrity and availability. First, confidentiality, i.e., sensitive data about the patient and her pacemaker may be disclosed. Second, integrity, i.e., data on a device may be altered, resulting in more or less severe impacts on the patient. Third, availability, i.e., a device may become inoperable. An architectural overview of the pacemaker environment is given on the left. While the pacemaker itself is communicating wirelessly, other communication is done via the Internet, a phone line, and sometimes by means of a USB stick. Even if programming devices may not yet have a direct connection to the clinic, sooner or later, they will.