Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices—A Review
Abstract
Over the last few years, healthcare administrations have been digitizing their provision of care that led to an increased number of networked medical devices and medical telemetry. Due to such digitization, medical devices have made phenomenal strides in the course of the last half-century. These networked medical devices have enhanced the quality and accessibility of health treatments by achieving pervasive healthcare vision. Moreover, these devices have transformed the canvas of medical treatments and improved the lives of the masses. Such innovation, as a result, assisted in paving the way for reliable healthcare facilities through the introduction of new areas of therapeutic and diagnostic treatments. Medical devices, nowadays, are portable, networked, and capable enough to facilitate human lives. The refined quality and variety of these devices put forward a promising future. However, on the other hand, the healthcare sector is experiencing the greatest amount of security breaches due to the presence of security flaws in medical devices. As these devices are no longer standalone systems and are network-connected, the attack surface has increased profoundly. Actually, devices in practice were designed, developed, and disseminated long ago. Therefore, they were not developed from the ground up with security as a vital design constraint. The flaws present in these devices have acquired the consideration of researchers from both industry and academia. In this paper, we studied security vulnerabilities present in state-of-the-art medical devices by studying security tests and the attacks demonstrated by the researchers on more than a hundred devices. Finally, some state-of-the-art solutions and countermeasures along with applicable regulations in literature were also studied and analyzed. Since these devices are life-critical and can even cause the death of a patient, therefore, this survey is significant as it can assist researchers to get an overview of loopholes present in medical devices and existing countermeasures. We concluded this survey paper with some open research areas that should be properly considered in order to secure these life-critical medical devices.
