CYBERSECURITY OF MEDICAL SYSTEMS: CHALLENGES AND SOLUTIONS IN THE CONTEXT OF THE INTERNET OF THINGS

Анастасія Андріївна Стрєлкина, Дмитро Дмитрович Узун

Abstract


This article reviews the main challenges and solutions in the field of cybersecurity medical systems in the context of the Internet of things. The authors identified key vulnerabilities, threats and risks of health care network devices. The paper describes in general terms the main regulatory documents in the field of cybersecurity providing, such as HIPAA privacy and security rules, FDA requirements for cybersecurity for pre- and post-market of the medical devices. Using the results of research authors systematized basic directions in providing cyber security of medical devices in the context of Internet of things

Keywords


cybersecurity threats; Internet of things; cybersecurity; medical systems; HIPAA; FDA

References


Cisco Internet Business Solutions Group. The Internet of Things. How the Next Evolution of the Internet Is Changing Everthing. Available at: http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf (accessed 26 December 2016).

Pepper, R. IoT: Using Technology for the Developing World. Available at: http://blogs. cisco.com/gov/iot-using-technology-for-the-developing-world (accessed 26 December 2016).

BI Intelligence. The global market for IoT healthcare tech will top $400 billion in 2022. Available at: http://www.businessinsider.com/the-global-market-for-iot-healthcare-tech-will-top-400-billion-in-2022-2016-5 (accessed 26 December 2016).

U.S. Department of Health and Human Services. What is a medical device? Available at: http://www.fda.gov/AboutFDA/Transparency/Basics/ ucm211822.htm (accessed 26 December 2016).

Healey, J., Pollard, N. and Woods, B. The healthcare Internet of things: rewards and risks. Available at: http://www.mcafee.com/es/resources/reports/rp-healthcare-iot-rewards-risks.pdf (accessed 20 December 2016).

Mohan, A. Cyber Security for Personal Medical Devices Internet of Things. Proceedings of the IEEE International Conference on Distributed Computing in Sensor Systems, 26-28 May, 2014, pp. 372-374.

Mohan, A., Bauer, D., Blough, D., Ahamad, M., Bamba, B., Krishnan, R., Liu, L., Mashima, D., Palanisamy, B. A Patient-centric, Attribute-based, Source-verifiable Frameworkfor Health Record Sharing. GIT CERCS Technical Report GIT-CERCS-09-11, Georgia Institute of Technology, 2009, 10 p.

St. Jude Medical, Inc. MW is Short St. Jude Medical (STJ:US). Available at: http://www. muddywatersresearch.com/research (accessed 26 December 2016).

Halperin, D., Heydt-Benjamin, T., Ransford, B., Clark, S., Defend, B., Morgan, W., Fu, K., Kohno, T., Haisel, W. Pacemakers and Implantable Cardiac Defibrillators:Software Radio Attacks and Zero-Power Defenses. Proceedings of the IEEE Symposium on Security and Privacy, 18-20 May, 2008, pp. 129-142. doi: 10.1109/SP.2008.31.

Donohue, B. Vzlamyvaya lyudey [Hacking people]. Available at: https://blog.kaspersky.ru/vzlamyvaya-lyudej/1530/ (accessed 03 January 2017). (In Russian).

Radcliffe, J. Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System, 2011. Available at: https://media.blackhat.com/bh-us-11/ Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_Slides.pdf (accessed 28 December 2016).

U.S. Department of Health & Human Services. The HIPAA Privacy Rule. Available at: www.hhs.gov/hipaa/for-professionals/privacy/ (accessed 28 December 2016).

U.S. Department of Health & Human Services. The Security Rule. Available at: http://www.hhs.gov/hipaa/for-professionals/security/ (accessed 28 December 2016).

U.S. Department of Health and Human Services, Food and Drug Administration and Center for Devices and Radiological Health. Guidance for Industry - Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software . Available at: http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077812.htm (accessed 29 December 2016).

U.S. Department of Health and Human Services, Food and Drug Administration and Center for Devices and Radiological Health. Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Available at: http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm356190.pdf (accessed 29 December 2016).

U.S. Department of Health and Human Services, Food and Drug Administration and Center for Devices and Radiological Health. Postmarket Management of Cybersecurity in Medical Devices.- Available at: http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf (accessed 29 December 2016).


Refbacks

  • There are currently no refbacks.