Difference between revisions of "Talk:Smart device"

From Clinfowiki
Jump to: navigation, search
(cybersecurity)
 
(Blanked the page)
 
Line 1: Line 1:
===Cybersecurity===
 
  
High-value clinical data is easily transmitted to the hospital facilities by smart devices via mobile using Bluetooth, smartphone, or the internet after manual or automatic downloads. However, when a wireless communication mode is active, smart devices and the clinical data they store become visible to the outside healthcare environment. Simultaneously, these devices represent an unsecured channel through which attackers can tamper with previously acquired messages, steal data, disable or manipulate device functions as well as clinical data [1]. Worse, for an attacker, the smart devices provide a gateway to hospital networks to modify or monitor information stored in or connected to hospital facilities, network computers, without ever needing the attacker to be physically close to the smart devices or the devices’ carrier [2].
 
 
There are two types of cyberattacks conducted on smart devices: passive and active. A passive attack gains sensitive information by accessing the messages exchanged between the smart devices and the healthcare network during an insecure transmission. Valuable information, such as implant types, model, serial number, patient’s demographics and clinical history, electrical therapies, and battery status, as well as the devices’ hardware and software information, is transmitted. A classic example of a passive attack is interception that results in confidentiality and privacy violations. An active attack involves the attacker able to actively change diagnostic information or settings, such as activating or deactivating pacing or antiarrhythmic therapies or continuously requesting information to elicit an early discharge battery attack. Active cyber-attacks cause alternation, falsifications, sabotage, and interruption. Theoretically, an active attacker can reprogram smart devices for malicious purposes. However, the attacker will need to be armed with IT skills, device knowledge, and familiarity with human physiology. Fortunately, such a type of attacker profile is uncommon [3, 4].
 
 
Unlike smartphones and computers, smart devices do not get regular security updates because changes to the software will require the FDA's recertification. The FDA focused on reliability, user safety, and ease of use but not on protecting against malicious attacks, and therefore deferred cybersecurity responsibility to the manufacturers [5, 6]. From then forward, when a cybersecurity problem is identified, the first step is to report to the manufacture for its confirmation. Then, the manufacturer initiates risk mitigation operations in collaboration with the regulatory authorities (i.e., FDA) to develop appropriate software updates. 
 
 
References:
 
1. Halperin D, Heydt-Benjamin TS, Ransford B, et al. Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. 2008 IEEE Symposium on Security and Privacy; Computer Science Department Faculty Publication Series, 2008;68: 129–142.
 
2. Coventry L, Branley D. Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas. 2018;113:48–52. 
 
3. Camara C, Peris-Lopez P, Tapiador JE. Security and privacy issues in implantable medical devices: A comprehensive survey. J Biomed Inform; 2015. Vol. 55, 272–289. 
 
4. Fotopoulou K, Flynn BW Optimum antenna coil structure for inductive powering of passive RFID tags. 2007;71-77. IEEE International Conference on RFID; TX, USA: Grapevine. 2007 Mar 26-28. 
 
5. Tse ZT, Xu S, Fung IC, Wood BJ. Cyber-attack risk low for medical devices. Science. 2015 Mar 20;347(6228):1323-4. doi: 10.1126/science.347.6228.1323-b. Epub 2015 Mar 19. PMID: 25792321; PMCID: PMC6663473.
 
6. Clery D. The privacy arms race. Could your pacemaker be hackable? Science. 2015 Jan 30;347(6221):499. doi: 10.1126/science.347.6221.499. PMID: 25635085.
 
 
Submitted by (Emily J Kuo)
 
[[Category:BMI512-SPRING-20]]
 

Latest revision as of 21:28, 15 December 2020