Getting Started

Medical Device Cybersecurity for Engineers and Manufacturers

A comprehensive guide to medical device secure lifecycle management, this is a book for engineers, managers, and regulatory specialists. Readers gain insight into the security aspects of every phase of the product lifecycle, including concept, design, implementation, supply chain, manufacturing, postmarket surveillance, maintenance, updates, and end-of-life

IEEE Xplore

Security Tradeoffs in Cyber Physical Systems: A Case Study Survey on Implantable Medical Devices

The new culture of networked systems that offer everywhere accessible services has given rise to various types of security tradeoffs. As a result, the issue of security of cyber physical systems requires a special holistic treatment…

IEEE Xplore

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks

Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions

IEEE Xplore

Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem

The increased connectivity to existing computer networks has exposed medical devices to cybersecurity vulnerabilities from which they were previously shielded. For the prevention of cybersecurity incidents, it is important to recognize the complexity of the operational environment as well as to catalog the technical vulnerabilities…

Full Article

Security issues in implantable medical devices: Fact or fiction?

Smart healthcare is an integral part of smart cities. Modern medical devices are becoming increasingly software dependent. Doctors and patients are now using their smart-phones to control and monitor implantable medical devices (IMDs) such as cardiac implants, insulin pumps, deep brain neurostimulators, etc. via the Internet or Bluetooth connections.

Science Direct

Side-Channel Attacks


Security of implantable medical devices with wireless connections: The dangers of cyber-attacks

Modern wireless implantable medical devices (IMDs) began to be widely introduced to medical practice in the early 2000s, when devices such as cardiac implants, insulin pumps, and neurological implantable pulse generators (IPGs) started featuring wireless clinician controls and monitoring functions.

Full Article

On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them

Implantable Medical Devices (IMDs) typically use proprietary protocols with no or limited security to wirelessly communicate with a device programmer. These protocols enable doctors to carry out critical functions, such as changing the IMD’s therapy or collecting telemetry data, without having to perform surgery on the patient.

Research Gate

On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces

Brain computer interfaces (BCI) are becoming increasingly popular in the gaming and entertainment industries. Consumer-grade BCI devices are available for a few hundred dollars and are used in a variety of applications, such as video games, hands-free keyboards, or as an assistant in relaxation training.

Full Article

On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping

Secure “pairing” of wireless devices based on auxiliary or out-of-band (OOB) – audio, visual or tactile – communication is a well-established research direction. Lack of good quality interfaces on or physical access to certain constrained devices (e.g., headsets, access points, medical implants) makes pairing a challenging problem in practice

Full Article

Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System

A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied.

Full Article

Attack-tree-based Threat Modeling of Medical Implants

Modern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wireless communication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually.

Full Article


Defending Resource Depletion Attacks on Implantable Medical Devices

Implantable Medical Devices (IMDs) have been widely used to treat chronic diseases such as cardiac arrhythmia and diabetes. Many IMDs are enabled with wireless communication capabilities and can communicate with an outside programmer/reader wirelessly. With the rapid growth of IMDs, IMD security becomes a critical issue since attacks on IMDs may directly harm the patient.

IEEE Xplore

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

Our study analyzes the security and privacy properties of an implantable cardioverter defibrillator (ICD). Introduced to the U.S. market in 2003, this model of ICD includes pacemaker technology and is designed to communicate wirelessly with a nearby external programmer in the 175 kHz frequency range.

IEEE Xplore

Zero-Power Defense Done Right: Shielding IMDs from Battery-Depletion Attacks

The wireless capabilities of modern Implantable Medical Devices (IMDs) make them vulnerable to security attacks. One prominent attack, which has disastrous consequences for the patient’s wellbeing, is the battery Denial-of-Service attack whereby the IMD is occupied with continuous authentication requests from an adversary with the aim of depleting its battery.

Springer – Full Article

EMI Injection

Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors

Electromagnetic interference (EMI) affects circuits by inducing voltages on conductors. Analog sensing of signals on the order of a few millivolts is particularly sensitive to interference. This work (1) measures the susceptibility of analog sensor systems to signal injection attacks by intentional, low-power emission of chosen electromagnetic waveforms, and (2) proposes defense mechanisms to reduce the risks.

IEEE Xplore

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Recent research has shown that the integrity of sensor measurements can be violated through out-of-band signal injection attacks. These attacks target the conversion process from a physical quantity to an analog property-a process that fundamentally cannot be authenticated.

IEEE Xplore


Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices—A Review

Over the last few years, healthcare administrations have been digitizing their provision of care that led to an increased number of networked medical devices and medical telemetry. Due to such digitization, medical devices have made phenomenal strides in the course of the last half-century. These networked medical devices have enhanced the quality and accessibility of health treatments by achieving pervasive healthcare vision…

IEEE Xplore