TY - JOUR
T1 - Security challenges for medical devices
AU - Sametinger, Johannes
AU - Rozenblit, Jerzy
AU - Lysecky, Roman
AU - Ott, Peter
PY - 2015/4/1
Y1 - 2015/4/1
N2 - Security is about protecting information and information systems from unauthorized access and use. Secure software is supposed to continue to function correctly under a malicious attack. In this sense, medical device security is the idea of engineering these devices so they continue to function correctly even if under a malicious attack. Securing medical devices means protecting human life, human health, and human well-being. It is also about protecting and securing the privacy of sensitive health information. Each of the FDA's generic device types is assigned to one of three regulatory classes: I, II, and III. The classes are based on the level of control necessary to ensure the safety and effectiveness of a device; the higher the risk, the higher the class. Besides the functionality, software developers of medical devices must take measures to ensure the safety as well as the security of their code. Both secure development and secure update mechanisms are needed. Surveillance strategies must be reconsidered in order to effectively and efficiently collect data on security and privacy problems in medical devices. For medical devices, we need malware detection methods that are nonintrusive with very low power consumption, as power is a precious resource, especially in implantable devices. Formal methods play an important role in ensuring the hardware and software for medical devices operate as designed. In order to protect medical devices, the surrounding IT environment must be secured as well.
AB - Security is about protecting information and information systems from unauthorized access and use. Secure software is supposed to continue to function correctly under a malicious attack. In this sense, medical device security is the idea of engineering these devices so they continue to function correctly even if under a malicious attack. Securing medical devices means protecting human life, human health, and human well-being. It is also about protecting and securing the privacy of sensitive health information. Each of the FDA's generic device types is assigned to one of three regulatory classes: I, II, and III. The classes are based on the level of control necessary to ensure the safety and effectiveness of a device; the higher the risk, the higher the class. Besides the functionality, software developers of medical devices must take measures to ensure the safety as well as the security of their code. Both secure development and secure update mechanisms are needed. Surveillance strategies must be reconsidered in order to effectively and efficiently collect data on security and privacy problems in medical devices. For medical devices, we need malware detection methods that are nonintrusive with very low power consumption, as power is a precious resource, especially in implantable devices. Formal methods play an important role in ensuring the hardware and software for medical devices operate as designed. In order to protect medical devices, the surrounding IT environment must be secured as well.
UR - http://www.scopus.com/inward/record.url?scp=84925779811&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84925779811&partnerID=8YFLogxK
U2 - 10.1145/2667218
DO - 10.1145/2667218
M3 - Review article
AN - SCOPUS:84925779811
SN - 0001-0782
VL - 58
SP - 74
EP - 82
JO - Communications of the ACM
JF - Communications of the ACM
IS - 4
ER -