Implantable Medical Devices – IMDs
Few decades back, it was thought that there was no replacement of internal body parts that could prolong life span of human beings. However the concept was clear that after complete analysis that if certain body parts could be replaced with other functional parts then the life span of a human being can be prolonged. The need for such implantation rose when the number of people facing such issues rose to a higher level. The technology in medical sciences is today able to perform replacement of body parts with some human designed body parts that can function almost in the same way or can help other body parts to perform their functions (Shyamnath Gollakota, 2011). It is reported that every year on earth millions of people are improving their health with the help of implantation of medical devices with surgical procedures. The implantation of medical devices has helped millions of people on earth to cure their disease and find a new way to live as a replacement of their original body parts.
The need for implantable medical devices was felt with increasing aging diseases and problems that more and more people were faces. The medical science was not able to cure such disease with use of only drugs. However the drugs are pertinent to be taken with surgical implantation of medical devices. A common disease that is found in 90% of population is suffering from degenerative joint disease after the age of 40. This disease happens in joints of body mostly due to absence of cartilage that can happen in hands, spines and other body parts having joints. Another example of surgical implantation of medical device is coronary via angioplasty procedure. In 2004, the number of drug-eluting stunts have been recorded more than 2 million (Wahid Khan, 2014). There are different kinds of implantable medical devices that are being used.
The advancement in medical science focused on providing better health solutions to people suffering from different disease also bring some dangers that have to be tackled at the same time. In this paper we will focus on different kinds of implantable medical devices and the threats to use of these devices. When there is use of technology in every field of life, it has accompanied with threats that could lead to a disaster and when it comes to its implantation within a body of living human being it can be alarming. This paper will focus on threats and to what level those threats can be mitigated. On the other hand paper will also find out loop holes in security of medical devices and to what extent those threats can be used by hackers. Even the criminals can impose a serious threat to number of people who have implanted medical devices by hacking into the communication system of implantable medical devices (Leavitt, 2011).
The implantable medical devices are divided into different classes based on their uses, characteristics and potential harms. This classification is also different in different countries and regions. We will discuss about classification done by FDA on the basis of control that is required to assure safety and effectiveness of devices (Wahid Khan, 2014). There are three classes for implantable medical devices: Class I, Class II and Class III.
Class I devices are considered to be least regulatory control that are not intended for sustaining life or have importance for preventing any impairment to the health of human beings. The example of Class I devices are examination gloves, elastic bandages and other hand held mostly used surgical instruments. On the other hand Class II devices are not sufficient for general control but they need some proper labelling. Some of examples of Class II devices are surgical drapes, powered wheelchairs and infusion pumps. Lastly Class III devices are the ones that sustain human life and have their importance as they also prevent impairment to human health. Some of Class III devices are Pulse generator, endosseous implants, HIV diagnostic tests, pacemaker, and automated external defibrillators (Wahid Khan, 2014). This paper will focus only on Class III implantable medical devices and are categorized into three categories depending upon their usages in human beings that are: orthopedic implants, cardiovascular implants and implants for other uses.
Orthopedic implants is ever increasing implants that directly reflects the increasing number of patients suffering from degenerative musculoskeletal disorder. This implants is making its progressive to durability that will surely increase its products and demand in medical science market. Joints are replaced with implantable medical devices and is considered to be one of the most admirable achievement in orthopedic implants.
The cardiovascular implants seems to be having tremendous increase in its usage as it is reducing the cost of total heart treatment and also enhancing life span of a human being. There is increase in cardiac therapy that will again bring increase in pacing devices used with surgery in human body. The cardiac diseases cover a wide range covering the heart and its vessels.
There are other implants that are being used in human beings; one of the most of such implantable medical device is cochlear implant technology being used in children for the enhancement of hearing and speech capabilities. There are many other developed implantable medical devices that have promising features like solid biocompatible devices. These devices are now able to delivery drug to posterior segment of the eyes that is a huge success and providing a way to envisioning of future of implantable medical devices.
As IMDs (Implantable Medical Devices) are becoming one of the most adaptable technology in medical sciences, it has also imposed number of threats that are really alarming for patients who are having them installed with the help of surgery. It is because those IMDs are containing information that is very sensitive and should not be shared or leaked with anyone at any cost. On the other hand, these are electronica devices if some unauthorized person gets access to these devices then the life of a person having IMD is in danger (Wahid Khan, 2014). It is expected that in future IMDs will be able to communicate with other IMDs and the server or the controlling device that is why they must be totally secure and their communication channels should be encrypted as well so that the information is not accessed by unauthorized persons. With the advent of these IMDs doctors are now able to monitor the health of patients without the patients visiting physically. On the other hand the patients could have also access to IMDs to view their performance. These devices in future might be possible however, these security issues should be considered before.
There are different purposes for enabling communication in IMDs, it will help in monitoring of parameters by external device. Once IMDs are installed in human bodies it is very dangerous to remove them, but there are times when those machines are needed to be recalibrated; here wireless communication of IMDs will be useful. It can also be used to record data during neural transmission (Tamara Denning, 2008). The last purpose of this wireless communication is to enable IMDs communicate with other IMDs in surrounding.
It is obvious that if there is wireless communication enabled in IMDs so the information stored in them will be at risk as well. The most common threats of cyber security also apply to these IMDs. The threats are authentication, integrity, non-repudiation, confidentiality, availability and authorization (Nourhene Ellouze, 2013). Each of these property of information has a threat attach as well for implantable medical devices. The threat attached to authentication of user is spoofing that could result in impersonation of programmer, IMD or the external device. The integrity of information is very important it means that information in IMD must remain in its original form and should not be altered by any unauthorized person. The threat attached to integrity of information in IMD is tampering of information, communication and malicious inputs (Carmen Camara, 2012). Non-repudiation of information in IMD should also be ensured because it can lead to deletion of access logs and repeated access attempts. Information in IMD should be confidential it means that it should not be presented to any unauthorized persons. Availability of IMD and information is very important because it can lead to denial of service causing battery drainage, flooding IMD with data causing it to crash. Lastly the authorization of IMD is important because unauthorized access to IMD will enable the person to reprogram it, update the therapy and most dangerous is to switch off IMD.
The security of these IMDs are very important and different protective measures have been proposed in order to save it from unauthorized access. The one best possible way to control its security and keeping its secure from all kinds of threats is by blocking its communication with other IMDs.
Unauthorized access to IMDs can be harmful and lethal in number of ways. If an unauthorized persons get access to IMDs then he will be able to reconfigure IMD that will totally change the medication or treatment suggested by doctor (Wayne Burleson, 2012). Another lethal attack that can be imposed on IMD is battery drainage.
It seems that wireless communication is important so another way to secure it is proposed by using Artificial Accommodation System (AAS) (Tamara Denning, 2008). There are number of ways that can be used in order to secure IMDs. Another proposed way is by the use of communication cloakers, that will block the communication of IMDs with outer world when wore but it will be open for communication and access when the band will be removed (Hansen, 2010). IMDs must be secured in every way as they contain very sensitive information so its security measure should start from its design phase. The security and safety of information should be considered in very early steps of design, and encrypt the sensitive information where possible. When there is need of communication between third party devices the authentication process should be enabled at high level (Christoph Beck, 2011). Only the industry standard source code should be used while designing. Another strategy can be implemented to secure IMDs from such lethal attacks causing the deaths of human being is with the use of radio frequency energy harvesting (Wayne Burleson, 2012). It means that only the authorized persons will be able to gain access to IMD. If we talk about security with the use of pre-installed key in IMD that is also vulnerable because that key cannot be changed. IMDs are meant to be protected in every best possible way, another solution for this is with the use of physical layer called shield solution that will jammer-cum-receiver. It will allow IMD message to be jammed for decoding by others and shield from unauthorized commands (Carmen Camara, 2012).
Considering the aforementioned reports and how the IMDs are helping the humanity to increase life span and make life easier. With the advent in medical science, there are threats attached as well. Mostly the hackers are trying to find out loopholes in larger organizations so that they can get access to information and make use of that information by sharing it with others or selling it to their competitors. Some hackers want to get attention or make money. The case in IMDs are totally different to the security of information because in this case it is attached to life of human beings. This kind of security breach can cause death of millions of people that are using IMDs. They can use it to kill people, threaten them or blackmail.
IMDs are helping humanity in improving their health and life span but it comes with a higher cost that is responsibility of companies producing those IMDs to ensure safety and security. Most of the companies are focusing on strengthening the security of IMDs but it is better to limit its communication so that the threats to its hacking are also less. However the best thing to do in this regard is to secure IMDs to the best possible limit so that no life is wasted just for a small security loop hole.
Carmen Camara, P. P.-L. (2012). Security and privacy issues in implantable medical devices: A. Journal of Biomedical Informatics, 272-289.
Christoph Beck, D. M. (2011, 10 26). Block cipher based security for severely resource-constrained implantable medical devices. ISABEL ’11 Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies, p. 6.
Hansen, J. A. (2010, 10 8). A taxonomy of vulnerabilities in implantable medical devices. SPIMACS ’10 Proceedings of the second annual workshop on Security and privacy in medical and home-care systems, pp. 13-20.
Leavitt, N. (2011). Researchers Fight to Keep Implanted Medical Devices Safe from Hackers. Computer , 11-14.
Nourhene Ellouze, M. A. (2013, 11 4). Securing implantable cardiac medical devices: use of radio frequency energy harvesting. TrustED ’13 Proceedings of the 3rd international workshop on Trustworthy embedded devices, pp. 35-42.
Shyamnath Gollakota, H. H. (2011, 8 15). They can hear your heartbeats: non-invasive security for implantable medical devices. SIGCOMM ’11 Proceedings of the ACM SIGCOMM 2011 conference, pp. 2-13.
Tamara Denning, K. F. (2008). Absence makes the heart grow fonder: new directions for implantable medical device security. HOTSEC’08 Proceedings of the 3rd conference on Hot topics in security, p. 5.
Wahid Khan, E. M. (2014). Implantable Medical Devices. Retrieved from Springer: https://www.google.com.pk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCEQFjABahUKEwjTyfW_ufnHAhXFXRoKHW6pBqY&url=http%3A%2F%2Fwww.springer.com%2Fcda%2Fcontent%2Fdocument%2Fcda_downloaddocument%2F9781461494331-c1.pdf%3FSGWID%3D0-0-45-1447
Wayne Burleson, S. S. (2012, 6 7). Design challenges for secure implantable medical devices. DAC ’12 Proceedings of the 49th Annual Design Automation Conference, pp. 12-17.