Security challenges for medical devices

Johannes Sametinger, Jerzy Rozenblit, Roman Lysecky, Peter Ott

Research output: Contribution to journalReview articlepeer-review

122 Scopus citations


Security is about protecting information and information systems from unauthorized access and use. Secure software is supposed to continue to function correctly under a malicious attack. In this sense, medical device security is the idea of engineering these devices so they continue to function correctly even if under a malicious attack. Securing medical devices means protecting human life, human health, and human well-being. It is also about protecting and securing the privacy of sensitive health information. Each of the FDA's generic device types is assigned to one of three regulatory classes: I, II, and III. The classes are based on the level of control necessary to ensure the safety and effectiveness of a device; the higher the risk, the higher the class. Besides the functionality, software developers of medical devices must take measures to ensure the safety as well as the security of their code. Both secure development and secure update mechanisms are needed. Surveillance strategies must be reconsidered in order to effectively and efficiently collect data on security and privacy problems in medical devices. For medical devices, we need malware detection methods that are nonintrusive with very low power consumption, as power is a precious resource, especially in implantable devices. Formal methods play an important role in ensuring the hardware and software for medical devices operate as designed. In order to protect medical devices, the surrounding IT environment must be secured as well.

Original languageEnglish (US)
Pages (from-to)74-82
Number of pages9
JournalCommunications of the ACM
Issue number4
StatePublished - Apr 1 2015

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'Security challenges for medical devices'. Together they form a unique fingerprint.

Cite this