Technology Evaluation Plan – Implantable Medical Devices

1.    Introduction

Medical sciences have been successful to a greater level in providing better treatment for human life and enhancing the life span. It had been possible because of a long research in the medical field that medication for certain diseases has been developed and is available in market being taken by patients fighting against diseases. There was a time when medication was not enough to cure body organs damaged by diseases and viruses in body. Then there was a concept to replace that specific body part that was no longer functional and could not be cured as well. Technology advancement presented a new way to diagnose diseases in human body and a cure as well. It introduced implantable medical devices in human body to replace dysfunctional body parts to prolong human life and provide a chance for a better treatment.

Implantable medical devices were considered to be sole agent in a body that could communicate with environment only. These IMDs communicate with environment detecting electromagnetic fields in order to communicate with server for reconfiguration. Wireless communication in IMDs enables them to communicate with server and other IMDs in range within the bodies of human beings (Shyamnath, 2011). It can open doors for further research that in case of emergency, when one IMD is not working properly, then an alert message can be sent via other IMD in range to doctor or other person who could fix IMD. These features of IMDs open a whole new gateway to discuss about the possibilities that it could offer as service to humanity and billions of people living around the globe.

With wireless communication in IMDs there are security threats as well. It is considered to be an emerging technology and one of the most appreciated step in medical sciences that in true meaning is helping humanity in prolonging human life span. However the security concerns with IMDs is very alarming as it is directly related to the human life. The devices that are meant to save the human lives can also be a threat on the same time, if some unauthorized person gets access to IMD, then he will be able to get full control of device. He might turn off the device totally causing the death of patient in most of the cases. It draws my attention to focus on what security threats IMDs will be facing and how those threats can be mitigated in order to secure those devices that are already playing their parts in increasing human life span.

It is an emerging technology and has a great future as well. It is a new market with a huge business prospect and serving to humanity. IMDs are the best to be considered as technology evaluation as it will show how it is communicating with the environment and how it can be a threat to the people who have those implanted in their bodies after surgery. There is a lot more to discover about these devices as to ensure their security so that no unauthorized person is able to get in the system of these devices and they could perform well while securing the communication with server as well. Implementable medical devices have a lot more to discuss than prolonging human life but to ensure its safety and security so that in turn it could ensure safety of human life.

2.    Research Questions

The main focus of this technology evaluation study is to find out what the threats that IMDs are facing are and how those threats can be mitigated. The whole idea is about the security of IMDs. It is because it is the first step in problem solving methodology. In order to solve any problem, the first and most important thing is to find the real problem and the reasons causing those problems. If the reasons for the problems are not identified then there will be no possible sustainable solution. The information on IMDs should be available all the time when required so that the devices could be monitored all the time by doctors or authorized persons only. The authorized persons may be the patient as well. On the other hand, the information should be confidential as well because it contains complete medical history of patient that should only be view by the doctor operating the patient.

Here are some of research question that we will be focusing on in this technology evaluation study:
How unauthorized persons can get access to IMDs?

The wireless communication between IMDs give a way or loop hole for the hackers to get into the network and access the IMD. It is because when the data is being transferred, then the hackers can sniff those information packets and extract information from them (Leavitt, 2011). If those packets are not secure by encryption then the information in those packets could be used to het unauthorized access to IMDs.

What threats the IMDs are facing regarding the integrity of information?

The threats to IMDs are same as to the digital information stored in them. The information that is very sensitive and is meant to be shared with only few people that may include, doctor, programmer or the patient only. If some unauthorized person gains access to information in IMDs then it can cause damage to availability, integrity and confidentiality of information (Wahid 2014). As it is also a network of IMDs, so the information stolen from these devices can be used to threaten people as well.

How the availability of information in implantable medical devices can be a threat?

The main purpose of information in implantable medical devices should be available all the times so that it could be accessed whenever required. In simple cases the information is to be accessed when the patient goes to doctor and doctor wants to see the readings or information updated in device so that he could instruct programmer for further calibration of device. The availability of information all the time means that it must be totally secure as well. But in normal condition greater the availability of information means greater threats to its security.

What are security measures that could secure the confidentiality of information on IMDs?

The information in the IMDs are very confidential as the life of the people having those devices depend upon that information (NIH, 2000). That information is meant to be kept secret from everyone expect from authorized persons who can view that information.  The best way is to secure the communication channel between the IMDs and the server and the authentication procedures as well that are required to connect to IMD.

How communication between IMDs and server can be secured?

The information should be secured while it is being transferred from one IMD to other IMD or from one IMD to the server so that information is not shared with anyone or no unauthorized person gains access to this information. The authentication procedures should be very strong the information should be encrypted as well during transfer.

3.    Methods

Implantable medical devices are concerned with the safety of human life so it must be handled with adverse care. For this technology evaluation study we will be relying more on the case studies that will show the experimentation and the deduced results from them. It is because the results deducted from the experimentation are the exact information required to analyze the security threats and the impact of those implementation in human bodies. There is need to find out the security of IMDs so that it could be ensured that the human life is safe from any kind of threat.

A challenging thing in this case is that the wireless communication is also must and more important is the security of those IMDs so that the information in those devices and devices themselves are totally secure from any kind of threat. The study plan for this technology evaluation paper will start from search for case studies covering the implantation of IMD, the security threats to them, and what possible failures have been recorded. It can be said that in first step there will be literature review and collection of the relevant literature that could be helpful in this technology review.

In the next step will be the filtration process from the collected literature review. The relevant case studies will be considered and taken into account for evaluation study. In this evaluation study paper, we will be looking into main security issues that IMDs might face while they are operating in the real environment. Those security issues might involve confidentiality, integrity and availability of information on IMDs. This triad is considered to be the basic of information security; there are other as well including non-repudiation and authentication.

Main focus of this study will be to find out the treats that are mostly presented to the security of IMDs and what might be possible actions that could be taken in order to secure devices from such security threats. It will provide a better way to look inside the future of this technology and how it can be an opportunity for companies to invest in and server humanity as well.

4.    Limitation or Special Consideration

Considering the limitation or special consideration for IMDs in human bodies, there is only need for focus on the security issues that what are the serious threats presented to the technology and how those threats can be mitigated in order to secure the technology. We will be considering the basic five pillars of information security for securing implantable medical devices. Moreover we will be looking for some solutions that could be implemented to secure devices from security threats.

5.    Timeline

This technology evaluation paper will take 2 weeks for complete study.

6.    References:
  1. Christoph Beck, D. M. (2011, 10 26). Block cipher based security for severely resource-constrained implantable medical devices. ISABEL ’11 Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies, p. 6.
  2. Leavitt, N. (2011). Researchers Fight to Keep Implanted Medical Devices Safe from Hackers. Computer , 11-14.
  3. Shyamnath Gollakota, H. H. (2011, 8 15). They can hear your heartbeats: non-invasive security for implantable medical devices. SIGCOMM ’11 Proceedings of the ACM SIGCOMM 2011 conference, pp. 2-13.
  4. Wahid Khan, E. M. (2014). Implantable Medical Devices. Retrieved from Springer: https://www.google.com.pk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCEQFjABahUKEwjTyfW_ufnHAhXFXRoKHW6pBqY&url=http%3A%2F%2Fwww.springer.com%2Fcda%2Fcontent%2Fdocument%2Fcda_downloaddocument%2F9781461494331-c1.pdf%3FSGWID%3D0-0-45-1447
  5. (2000, 1 10). Improving Medical Implant Performance Through . Retrieved from NIH Consensus Development Program: https://consensus.nih.gov/2000/2000MedicalImplantsta019html.htm
  6. Aggan, W. (2015, 7 16). The cost of data security: Are cybersecurity investments worth it? Retrieved from CLOUDMASK: http://www.cloudmask.com/blog/the-cost-of-data-security-are-cybersecurity-investments-worth-it