research-article

Public Access

A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses

Authors:

Akm Iqtidar Newaz,

Amit Kumar Sikder,

Mohammad Ashiqur Rahman, and

A. Selcuk UluagacAuthors Info & Claims

ACM Transactions on Computing for Healthcare , Volume 2, Issue 3

Article No.: 27, Pages 1 - 44

https://doi.org/10.1145/3453176

Published: 21 July 2021 Publication History

All formats PDF

Abstract

Recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices, body area networks, and Internet of Things technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems because any security or privacy violation can lead to severe effects on patients’ treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this article, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the article with future research directions toward securing healthcare systems against common vulnerabilities.

References

[1]

Alexandros Pantelopoulos and Nikolaos G. Bourbakis. 2010. A survey on wearable sensor-based systems for health monitoring and prognosis.IEEE Transactions on Systems, Man, and Cybernetics, Part C 40, 1 (2010), 1–12.

[2]

Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2014. Trustworthiness of medical devices and body area networks.Proceedings of the IEEE 102, 8 (2014), 1174–1188.

[3]

Aravind Kailas and Mary Ann Ingram. 2009. Wireless communications technology in telehealth systems. In Proceedings of the 2009 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory, and Aerospace & Electronic Systems Technology.IEEE, Los Alamitos, CA, 926–930.

[4]

Agusti Solanas, Constantinos Patsakis, Mauro Conti, Ioannis S. Vlachos, Victoria Ramos, Francisco Falcone, Octavian Postolache, et al. 2014. Smart health: A context-aware health paradigm within smart cities. IEEE Communications Magazine 52, 8 (2014), 74–81.

[5]

Abdul Razaque, Fathi Amsaad, Meer Jaro Khan, Salim Hariri, Shujing Chen, Chen Siting, and Xingchen Ji. 2019. Survey: Cybersecurity vulnerabilities, attacks and solutions in the medical domain. IEEE Access 7 (2019), 168774–168797.

[6]

Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger, and A. Selcuk Uluagac. 2018. A survey on sensor-based threats to Internet-of-Things (IoT) devices and applications. arxiv:1802.02041.

[7]

Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2019. A context-aware framework for detecting sensor-based threats on smart devices. IEEE Transactions on Mobile Computing 19, 2 (2019), 245–261.

[8]

Xiaoyu Zhang, Hanjun Jiang, Xinkai Chen, Lingwei Zhang, and Zhihua Wang. 2009. An energy efficient implementation of on-demand MAC protocol in medical Wireless Body Sensor Networks. In Proceedings of the International Symposium on Circuits and Systems. IEEE, Los Alamitos, CA.

[9]

24x7. 2018. Global Medical Device Market to Grow 4.5%. Retrieved May 25, 2021 from https://www.24x7mag.com/medical-equipment/global-medical-device-market-grow-4-5/

[10]

Jay G. Ronquillo and Diana M. Zuckerman. 2017. Software-related recalls of health information technology and other medical devices: Implications for FDA regulation of digital health. Milbank Quarterly 95, 3 (2017), 535–553.

[11]

Lisa Vaas. 2013. Doctors disabled wireless in Dick Cheney’s pacemaker to thwart hacking. Naked Security by SOPHOS. Retrieved May 25, 2021 fromhttps://nakedsecurity.sophos.com/2013/10/22/doctors-disabled-wireless-in-dick-cheneys-pacemaker-to-thwart-hacking/

[12]

Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the IEEE Symposium on Security and Privacy.

[13]

Ahmed Hasnain Jalal, Amit Kumar Sikder, Fahmida Alam, Sharraf Samin, Sharmin S. Rahman, Md Morshed A. Khan, and Masudur R. Siddiquee. Early diagnosis with alternative approaches: Innovation in lung cancer care. Shanghai Chest 5 (2021), 1–14.

[14]

Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2011. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In Proceedings of the Conference on e-Health Networking Applications and Services (Healthcom’11). IEEE, Los Alamitos, CA, 150–156.

[15]

D. Benessa, M. Salajegheh, K. Fu, and S. Inoue. 2008. Protecting Global Medical Telemetry Infrastructure. Technical Report. Institute of Information Infrastructure Protection (I3P), Hanover, NH.

[16]

Michael Rushanan, Aviel D. Rubin, Denis Foo Kune, and Colleen M. Swanson. 2014. Sok: Security and privacy in implantable medical devices and body area networks. In Proceedings of the IEEE Symposium on Security and Privacy (SP’14). IEEE, Los Alamitos, CA, 524–539.

[17]

Nourhene Ellouze, Mohamed Allouche, Habib Ben Ahmed, Slim Rekhis, and Noureddine Boudriga. 2014. Security of implantable medical devices: Limits, requirements, and proposals. Security and Communication Networks 7, 12 (2014), 2475–2491.

[18]

Riham Altawy and Amr M. Youssef. 2016. Security tradeoffs in cyber physical systems: A case study survey on implantable medical devices. IEEE Access 4 (2016), 1.

[19]

Heena Rathore, Amr Mohamed, Abdulla Al-Ali, Xiaojiang Du, and Mohsen Guizani. 2017. A review of security challenges, attacks and resolutions for wireless medical devices. In Proceedings of the 13th International Wireless Communications and Mobile Computing Conference. IEEE, Los Alamitos, CA, 1495–1501.

[20]

Carmen Camara, Pedro Peris-Lopez, and Juan E. Tapiador. 2015. Security and privacy issues in implantable medical devices: A comprehensive survey. Journal of Biomedical Informatics 55 (2015), 272–289.

Digital Library

[21]

Younghyun Kim, Woosuk Lee, Anand Raghunathan, Vijay Raghunathan, and Niraj K. Jha. 2015. Reliability and security of implantable and wearable medical devices. In Implantable Biomedical Microsystems. Elsevier, 167–199.

[22]

Hande Alemdar and Cem Ersoy. 2010. Wireless sensor networks for healthcare: A survey. Computer Networks 54, 15 (2010), 2688–2710.

Digital Library

[23]

D. Stalin David and A. Jeyachandran. 2016. A comprehensive survey of security mechanisms in healthcare applications. In Proceedings of the 2016 IEEE International Conference on Communications and Electronics Systems (ICCES’16).

[24]

Harsh Kupwade Patil and Ravi Seshadri. 2014. Big data security and privacy issues in healthcare. In Proceedings of the 2014 IEEE International Congress on Big Data.

Digital Library

[25]

Adnan Qayyum, Junaid Qadir, Muhammad Bilal, and Ala Al-Fuqaha. 2020. Secure and robust machine learning for healthcare: A survey. arxiv:2001.08103.

[26]

Johannes Sametinger, Jerzy W. Rozenblit, Roman L. Lysecky, and Peter Ott. 2015. Security challenges for medical devices.Communications of the ACM 58, 4 (2015), 74–82.

[27]

Pijush Kanti Dutta Pramanik, Saurabh Pal, and Moutan Mukhopadhyay. 2019. Healthcare big data: A comprehensive overview. In Intelligent Systems for Healthcare Management and Delivery. IGI Global, 72–100.

[28]

Karim Abouelmehdi, Abderrahim Beni-Hessane, and Hayat Khaloufi. 2018. Big healthcare data: Preserving security and privacy. Journal of Big Data 5 (2018), Article 1.

[29]

Hadi Habibzadeh and Tolga Soyata. 2020. Toward uniform smart healthcare ecosystems: A survey on prospects, security, and privacy considerations. In Connected Health in Smart Cities. Springer, 75–112.

[30]

S. M. Riazul Islam, Daehan Kwak, M. D. Humaun Kabir, Mahmud Hossain, and Kyung-Sup Kwak. 2015. The Internet of Things for health care: A comprehensive survey. IEEE Access 3 (2015), 678–708.

[31]

Clemens Scott Kruse, Benjamin Frederick, Taylor Jacobson, and D. Kyle Monticone. 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care 25, 1 (2017), 1–10.

[32]

Tehreem Yaqoob, Haider Abbas, and Mohammed Atiquzzaman. 2019. Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices—A review. IEEE Communications Surveys & Tutorials 21, 4 (2019), 3723–3768.

Digital Library

[33]

Somayeh Nasiri, Farahnaz Sadoughi, Mohammad Hesam Tadayon, and Afsaneh Dehnad. 2019. Security requirements of Internet of Things-based healthcare system: A survey study. Acta Informatica Medica 27, 4 (2019), 253.

[34]

European Commission. 2010. MEDICAL DEVICES: Guidance Document—Classification of Medical Devices. Retrieved May 25, 2021 from https://ec.europa.eu/docsroom/documents/10337/attachments/1/translations/en/renditions/pdf.

[35]

Kenneth A. Townsend, James W. Haslett, Tommy Kwong-Kin Tsang, Mourad N. El-Gamal, and Krzysztof Iniewski. 2005. Recent advances and future trends in low power wireless systems for medical applications. In Proceedings of the IEEE Workshop on System-on-Chip for Real-Time Applications (IWSOC’05).

[36]

Min Chen, Sergio Gonzalez, Athanasios Vasilakos, Huasong Cao, and Victor C. Leung. 2011. Body area networks: A survey. Mobile Networks and Applications 16 (2011), 171–193.

Digital Library

[37]

Gerhard Tröster. 2005. The agenda of wearable healthcare. Yearbook of Medical Informatics 14, 1 (2005), 125–138.

[38]

Zigbee Alliance. n.d. Home Page. Retrieved May 25, 2021 from https://www.zigbee.org/

[39]

Mehmet R. Yuce, Steven W. P. Ng, Naung L. Myo, Chin K. Lee, Jamil Y. Khan, and Wentai Liu. 2007. A MICS band wireless body sensor network. In Proceedings of the 2007 IEEE Wireless Communications and Networking Conference. IEEE, Los Alamitos, CA, 2473–2478.

[40]

Wenyi Liu, A. Selcuk Uluagac, and Raheem Beyah. 2014. MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data. In Proceedings of the Conference on Computer Communications Workshops (INFOCOM WKSHPS’14). IEEE, Los Alamitos, CA, 518–523.

[41]

Steve Hanna, Rolf Rolles, Andrés Molina-Markham, Pongsin Poosankam, Jeremiah Blocki, Kevin Fu, and Dawn Song. 2011. Take two software updates and see me in the morning: The case for software security evaluations of medical devices. In Proceedings of the 2nd USENIX Conference on Health Security and Privacy (HealthSec’11).

[42]

Vinu Moses and Ipeson Korah. 2015. Lack of security of networked medical equipment in radiology. American Journal of Roentgenology 204, 2 (2015), 343–353.

[43]

Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, and Kemal Akkaya. 2018. WACA: Wearable-assisted continuous authentication. In Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW’18).

[44]

Imprivata. 2018. Getting Authentication—Right Considerations for Medical Device Security. Retrieved May 25, 2021 from https://www.imprivata.com/blog/getting-authentication-right-%E2%80%93-considerations-medical-device-security#: :text=%20Getting%20authentication%20right%20%E2%80%93%20considerations%20for%20medical,One%20of%20the%20largest%20roadblocks%20to...%20More%20.

[45]

Melanie R. Rieback, Bruno Crispo, and Andrew S. Tanenbaum. 2006. Is your cat infected with a computer virus? In Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications. IEEE, Los Alamitos, CA, 10.

[46]

Kelvin Ly and Yier Jin. 2016. Security studies on wearable fitness trackers. In Proceedings of the 38th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[47]

Eric Clausing, Michael Schiefer, Ulf Lösche, and Maik Morgenstern. 2015. Security Evaluation of Nine Fitness Trackers. Independent IT–Security Institute.

[48]

Mahmudur Rahman, Bogdan Carbunar, and Madhusudan Banik. 2013. Fit and vulnerable: Attacks and defenses for a health monitoring device. arxiv:1304.5672.

[49]

Becker’s Clinical Leadership & Infection Control. 2016. Medical Devices at Risk of DoS Attacks—5 Insights. Retrieved May 26, 2021 from https://www.beckersasc.com/asc-quality-infection-control/medical-devices-at-risk-of-denial-of-service-attacks-5-insights.html

[50]

Sasikanth Avancha, Amit Baxi, and David Kotz. 2012. Privacy in mobile technology for personal healthcare. ACM Computing Surveys 45, 1 (2012), Article 3.

[51]

Ding Ding, Mauro Conti, and Agusti Solanas. 2016. A smart health application and its related privacy issues. In Proceedings of the IEEE SCSP Workshop.

[52]

Linke Guo, Chi Zhang, Jinyuan Sun, and Yuguang Fang. 2014. A privacy-preserving attribute-based authentication system for mobile health networks. IEEE Transactions on Mobile Computing 13, 9 (2014), 1927–1941.

[53]

Peter Mell, Karen Scarfone, and Sasha Romanosky. 2007. A Complete Guide to the Common Vulnerability Scoring System Version 2.0, Vol. 1. FIRST.

[54]

Taimour Wehbe, Vincent J. Mooney, Abdul Qadir Javaid, and Omer T. Inan. 2017. A novel physiological features-assisted architecture for rapidly distinguishing health problems from hardware Trojan attacks and errors in medical devices. In Proceedings of the 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST’17).

[55]

IEEE Cybersecurity. 2016. WearFit: Security Design Analysis of a Wearable Fitness Tracker. Retrieved May 25, 2021 from https://cybersecurity.ieee.org/blog/2016/02/17/wearfit-security-design-analysis-of-a-wearable-fitness-tracker/

[56]

U.S. Food and Drug Administration. 2016. Postmarket Management of Cybersecurity in Medical Devices Draft Guidance for Industry and Food and Drug Administration Staff. U.S. Food and Drug Administration, Silver Spring, MD.

[57]

Taimour Wehbe, Vincent J. Mooney, Omer T. Inan, and David C. Keezer. 2018. Securing medical devices against hardware trojan attacks through analog-, digital-, and physiological-based signatures. Journal of Hardware and Systems Security 2 (2018), 251–265.

[58]

Kevin Fu and James Blum. 2014. Controlling for cybersecurity risks of medical device software. Biomedical Instrumentation & Technology 2014 (2014), 38–41.

[59]

Christopher Weaver. 2013. Patients Put at Risk By Computer Viruses. Retrieved May 25, 2021 from https://www.wsj.com/articles/SB10001424127887324188604578543162744943762/

[60]

AAMI. 2018. Orangeworm Cyberattack Group Puts Healthcare Industry in the Crosshairs. Retrieved May 25, 2021 from http://www.aami.org/newsviews/newsdetail.aspx?ItemNumber=6205/

[61]

Guy Martin, Paul Martin, Chris Hankin, Ara Darzi, and James Kinross. 2017. Cybersecurity and healthcare: How safe are we?BMJ 358 (2017), j3179.

[62]

Steve Mansfield-Devine. 2016. Ransomware: Taking businesses hostage. Network Security 2016, 10 (2016), 8–17.

[63]

Broadcom. 2018. 4 Emerging Threats to Healthcare Providers. Retrieved May 25, 2021 from https://www.symantec.com/blogs/expert-perspectives/4-emerging-threats-healthcare-providers/

[64]

Hacker News. 2019. New Zeppelin Ransomware Targeting Tech and Health Companies. Retrieved May 25, 2021 from https://thehackernews.com/2019/12/zeppelin-ransomware-attacks.html

[65]

2019. LifeLabs Paid Hackers to Recover Stolen Medical Data of 15 Million Canadians. https://thehackernews.com/2019/12/lifelabs-data-breach.html

[66]

Health IT Security. 2019. 56% of Health Providers Still Rely on Legacy Windows 7 Systems. Retrieved May 25, 2021 from https://healthitsecurity.com/news/56-of-health-providers-still-rely-on-legacy-windows-7-systems/

[67]

Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros, and Dawn Song. 2012. On the feasibility of side-channel attacks with brain-computer interfaces. In Proceedings of the 2012 USENIX Security Symposium. 143–158.

[68]

Billy Rios and Jonathan Butts. 2017. Security Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies. Retrieved May 25, 2021 from https://www.ledecodeur.ch/wp-content/uploads/2017/05/Pacemaker-Ecosystem-Evaluation.pdf

[69]

Jakob Rieck. 2016. Attacks on fitness trackers revisited: A case-study of unfit firmware security. arxiv:1604.03313.

[70]

Dongkwan Kim, Suwan Park, Kibum Choi, and Yongdae Kim. 2015. BurnFit: Analyzing and exploiting wearable devices. In Proceedings of the International Workshop on Information Security Applications. 227–239.

[71]

Jaewoo Shim, K. H. Lim, J. M. Jung, S. J. Cho, M. K. Park, and S. C. Han. 2017. A case study on vulnerability analysis and firmware modification attack for a wearable fitness tracker. IT Convergence Practice 5, 4 (2017), 25–33.

[72]

Jiska Classen, Daniel Wegemer, Paul Patras, Tom Spink, and Matthias Hollick. 2018. Anatomy of a vulnerable fitness tracking system: Dissecting the Fitbit cloud, app, and firmware. In Proceedings of the ACM on Interactive, Mobile, and Ubiquitous Technologies. Article 5.

[73]

Orlando Arias, Jacob Wurm, Khoa Hoang, and Yier Jin. 2015. Privacy and security in Internet of Things and wearable devices. IEEE Transactions on Multi-Scale Computing Systems 1, 2 (2015), 99–109.

Digital Library

[74]

Yinhao Xiao, Yizhen Jia, Xiuzhen Cheng, Jiguo Yu, Zhenkai Liang, and Zhi Tian. 2019. I can see your brain: Investigating home-use electroencephalography system security. IEEE Internet of Things Journal 6, 4 (2019), 6681–6691.

[75]

U.S. Food and Drug Administration. 2018. Most Dangerous Hacked Medical Devices. Retrieved May 25, 2021 from https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm

[76]

CISION. 2019. Vulnerabilities Disclosed by CyberMDX Allow Attackers to Take Over Infusion Pumps. Retrieved May 25, 2021 from https://www.prnewswire.com/il/news-releases/vulnerabilities-disclosed-by-cybermdx-allow-attackers-to-take-over-infusion-pumps-300867517.html

[77]

Cybersecurity & Infrastructure Security Agency. 2019. GE Aestiva and Aespire Anesthesia Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/icsma-19-190-01/

[78]

Emma McMahon, Ryan Williams, Malaka El, Sagar Samtani, Mark Patton, and Hsinchun Chen. 2017. Assessing medical device vulnerabilities on the Internet of Things. In Proceedings of the International Conference on Intelligence and Security Informatics (ISI’17). IEEE, Los Alamitos, CA, 176–178.

[79]

Cybersecurity & Infrastructure Security Agency. 2019. Change Healthcare McKesson and Horizon Cardiology Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/icsma-19-241-01/

[80]

Cybersecurity & Infrastructure Security Agency. 2020. Medtronic Conexus Radio Frequency Protocol Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/ICSMA-19-080-01/

[81]

Cybersecurity & Infrastructure Security Agency. 2018. Philips iSite/IntelliSpace PACS Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/ICSMA-18-088-01/

[82]

Tom Mahler, Nir Nissim, Erez Shalom, Israel Goldenberg, Guy Hassman, Arnon Makori, Itzik Kochav, Yuval Elovici, and Yuval Shahar. 2018. Know your enemy: Characteristics of cyber-attacks on medical imaging devices. arxiv:1801.05583.

[83]

Talos Intelligence. 2018. Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities. Retrieved May 25, 2021 from https://blog.talosintelligence.com/2018/04/vulnerability-spotlight-natus.html.

[84]

Christian D’Orazio and Kim-Kwang Raymond Choo. 2015. A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps. In Proceedings of the 2015 48th Hawaii International Conference on System Sciences. IEEE, Los Alamitos, CA, 5175–5184.

[85]

vpnMentor. 2019. Thousands of Pharmaceutical Records Leaked in Possible HIPAA Violation. Retrieved May 25, 2021 from https://www.vpnmentor.com/blog/report-vascepa-leak/

[86]

UpGuard. 2019. Medical Procedure: How a Misconfigured Storage Bucket Exposed Medical Data. Retrieved May 25, 2021 from https://www.upguard.com/breaches/data-leak-hipaa-medico-s3/

[87]

Renchi Yan, Teng Xu, and Miodrag Potkonjak. 2014. Semantic attacks on wireless medical devices. In Proceedings of the 2014 IEEE SENSORS Conference. IEEE, Los Alamitos, CA.

[88]

Denis Foo Kune, John Backes, Shane S. Clark, Daniel Kramer, Matthew Reynolds, Kevin Fu, Yongdae Kim, and Wenyuan Xu. 2013. Ghost talk: Mitigating EMI signal injection attacks against analog sensors. In In Proceedings of the IEEE Conference on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 145–159.

[89]

David L. Hayes, Paul J. Wang, Dwight W. Reynolds, N. A. Mark Estes, John L. Griffith, Rebecca A. Steffens, George L. Carlo, Gretchen K. Findlay, and Claudine M. Johnson. 1997. Interference with cardiac pacemakers by cellular telephones. New England Journal of Medicine 336, 21 (1997), 1473–1479.

[90]

Clemens Jilek, Stylianos Tzeis, Tilko Reents, Heidi-Luise Estner, Stephanie Fichtner, Sonia Ammar, Jinjin Wu, Gabriele Hessling, Isabel Deisenhofer, and Christof Kolb. 2010. Safety of implantable pacemakers and cardioverter defibrillators in the magnetic field of a novel remote magnetic navigation system. Journal of Cardiovascular Electrophysiology 21, 10 (2010), 1136–1141.

[91]

Youngseok Park, Yunmok Son, Hocheol Shin, Dohyun Kim, and Yongdae Kim. 2016. This ain’t your dose: Sensor spoofing attack on medical infusion pump. In Proceedings of the 10th USENIX Workshop on Offensive Technologies.

[92]

Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2013. Towards trustworthy medical devices and body area networks. In Proceedings of the 50th Annual Design Automation Conference. 1–6.

[93]

Threat Post. 2011. Blind Attack on Wireless Insulin Pumps Could Deliver Lethal Dose. Retrieved May 25, 2021 from https://threatpost.com/blind-attack-wireless-insulin-pumps-could-deliver-lethal-dose-102711/75808/

[94]

Tod Beardsley. 2016. R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump. Retrieved May 25, 2021 from https://blog.rapid7.com/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump/

[95]

Jenny Knackmuß, Thomas Möller, Wilfried Pommerien, and Reiner Creutzburg. 2015. Security risk of medical devices in IT networks: The case of an infusion pump unit. In Proceedings of the 2015 SPIE Conference. 9411.

[96]

Brian Cusack, Bryce Antony, Gerard Ward, and Shaunak Mody. 2017. Assessment of security vulnerabilities in wearable devices. In Proceedings of the Australian Information Security Management Conference.

[97]

Eduard Marin, Dave Singelée, Flavio D. Garcia, Tom Chothia, Rik Willems, and Bart Preneel. 2016. On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them. In Proceedings of the 32nd Annual Conference on Computer Security Applications. 226.

Digital Library

[98]

Tamara Bonaci, Jeffrey Herron, Charlie Matlack, and Howard Jay Chizeck. 2014. Securing the exocortex: A twenty-first century cybernetics challenge. In Proceedings of the Conference on Norbert Wiener in the 21st Century (21CW’14). IEEE, Los Alamitos, CA, 1–8.

[99]

Tamara Bonaci, Ryan Calo, and Howard Jay Chizeck. 2014. App stores for the brain: Privacy & security in Brain-Computer Interfaces. In Proceedings of the International Symposium on Ethics in Science, Technology, and Engineering. IEEE, Los Alamitos, CA, 1–7.

[100]

Qiaoyang Zhang and Zhiyao Liang. 2017. Security analysis of bluetooth low energy based smart wristbands. In Proceedings of the 2017 2nd International Conference on Frontiers of Sensors Technologies (ICFST’17).

[101]

Younghyun Kim, Woo Suk Lee, Vijay Raghunathan, Niraj K. Jha, and Anand Raghunathan. 2015. Vibration-based secure side channel for medical devices. In Proceedings of the 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). IEEE, Los Alamitos, CA, 1–6.

[102]

Kassem Fawaz, Kyu-Han Kim, and Kang G. Shin. 2016. Protecting privacy of BLE device users. In Proceedings of the 25th USENIX Security Symposium.

[103]

Tzipora Halevi and Nitesh Saxena. 2010. On pairing constrained wireless devices based on secrecy of auxiliary channels: The case of acoustic eavesdropping. In Proceedings of the 17th ACM Conference on Computer and Communications Security.

Digital Library

[104]

Kerolos Lotfy and Matthew L. Hale. 2016. Assessing pairing and data exchange mechanism security in the wearable Internet of Things. In Proceedings of the International Conference on Mobile Services (MS’16). IEEE, Los Alamitos, CA, 25–32.

[105]

Daniel Wood, Noah Apthorpe, and Nick Feamster. 2017. Cleartext data transmissions in consumer IoT medical devices. In Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. 7–12.

[106]

QianQian Li, Ding Ding, and Mauro Conti. 2015. Brain-computer interface applications: Security and privacy challenges. In Proceedings of the 2015 IEEE Conference on Communications and Network Security (CNS’15).

[107]

Jerome Radcliffe. 2011. Hacking medical devices for fun and insulin: Breaking the human SCADA system. In Proceedings of the Black Hat Conference.

[108]

Talon Flynn, George Grispos, William Glisson, and William Mahoney. 2020. Knock! Knock! Who is there? Investigating data leakage from a medical Internet of Things hijacking attack. In Proceedings of the 53rd Hawaii International Conference on System Sciences.

[109]

Benjamin Ransford, Daniel B. Kramer, Denis Foo Kune, Julio Auto de Medeiros, Chen Yan, Wenyuan Xu, Thomas Crawford, and Kevin Fu. 2017. Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists. Pacing and Clinical Electrophysiology 40, 8 (2017), 913–917.

[110]

Hacker News. 2020. A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices. Retrieved May 25, 2021 from https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html

[111]

Faisal Alsubaei, Abdullah Abuhussein, and Sajjan Shiva. 2017. Security and privacy in the Internet of Medical Things: Taxonomy and risk assessment. In Proceedings of the 42nd Conference on Local Computer Networks Workshops (LCN Workshops’17). IEEE, Los Alamitos, CA, 112–120.

[112]

Zhiqiang Wang, Pingchuan Ma, Xiaoxiang Zou, and Tao Yang. 2019. Security of medical cyber-physical systems: An empirical study on imaging devices. arxiv:1904.00224.

[113]

Nils Ole Tippenhauer, Luka Malisa, Aanjhan Ranganathan, and Srdjan Capkun. 2013. On limitations of friendly jamming for confidentiality. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 160–173.

Digital Library

[114]

Cas Cremers, Kasper B. Rasmussen, Benedikt Schmidt, and Srdjan Capkun. 2012. Distance hijacking attacks on distance bounding protocols. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). IEEE, Los Alamitos, CA, 113–127.

Digital Library

[115]

Vahab Pournaghshband, Majid Sarrafzadeh, and Peter Reiher. 2012. Securing legacy mobile medical devices. In Proceedings of the International Conference on Wireless Mobile Communication and Healthcare. 163–172.

[116]

Xiali Hei, Xiaojiang Du, Shan Lin, Insup Lee, and Oleg Sokolsky. 2014. Patient infusion pattern based access control schemes for wireless insulin pump system. IEEE Transactions on Parallel and Distributed Systems 26, 11 (2014), 3108–3121.

Digital Library

[117]

Jagmohan Chauhan, Suranga Seneviratne, Mohamed Ali Kaafar, Anirban Mahanti, and Aruna Seneviratne. 2016. Characterization of early smartwatch apps. In Proceedings of the International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops’16). IEEE, Los Alamitos, CA.

[118]

Nicola Paoletti, Zhihao Jiang, Md Ariful Islam, Houssam Abbas, Rahul Mangharam, Shan Lin, Zachary Gruber, and Scott A. Smolka. 2019. Synthesizing stealthy reprogramming attacks on cardiac devices. In Proceedings of the 10th International Conference on Cyber-Physical Systems. IEEE, Los Alamitos, CA.

[119]

A. K. M. Iqtidar Newaz, Amit Kumar Sikder, Leonardo Babun, and A. Selcuk Uluagac. 2020. Heka: A novel intrusion detection system for attacks to personal medical devices. In Proceedings of the 2020 IEEE Conference on Communications and Network Security (CNS’20). IEEE, Los Alamitos, CA, 1–9.

[120]

David R. Raymond, Randy C. Marchany, Michael I. Brownfield, and Scott F. Midkiff. 2009. Effects of denial-of-sleep attacks on wireless sensor network MAC protocols. IEEE Transactions on Vehicular Technology 58, 1 (2009), 367–380.

[121]

Xiali Hei and Xiaojiang Du. 2013. Security for Wireless Implantable Medical Devices. Springer.

[122]

Seyedmostafa Saf. and Zarina Shuk.2014. Improving Google glass security and privacy by changing the software structure. Life Science Journal 11, 5 (2014), 109–117.

[123]

Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Design & Test of Computers 27, 1 (2010), 10–25.

Digital Library

[124]

Becker’s Health IT. 2019. Patient Medical Records Sell for $1K on Dark Web. Retrieved May 25, 2021 from https://www.beckershospitalreview.com/cybersecurity/patient-medical-records-sell-for-1k-on-dark-web.html

[125]

Tony F. Wu, Karthik Ganesan, Yunqing Alexander Hu, H.-S. Philip Wong, S. Simon Wong, and Subhasish Mitra. 2016. TPAD: Hardware Trojan prevention and detection for trusted integrated circuits.IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 35, 4 (2016), 521–534.

[126]

Julien Francq and Florian Frick. 2015. Introduction to hardware Trojan detection methods. In Proceedings of the Automation & Test in Europe Conference.

[127]

Charles Herder, Meng-Day Yu, Farinaz Koushan., and Srinivas Dev.2014. Physical unclonable functions and applications: A tutorial. Proceedings of the IEEE 102, 8 (2014), 1126–1141.

[128]

Najwa Aaraj, Anand Raghunathan, and Niraj K. Jha. 2008. Analysis and design of a hardware/software trusted platform module for embedded systems. ACM Transactions on Embedded Computing Systems 8, 1 (2008), 8.

[129]

Jacob M. Sorber, Minho Shin, Ron Peterson, and David Kotz. 2012. Plug-n-Trust: Practical trusted sensing for mhealth. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, New York, NY, 309–322.

[130]

Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2010. Secure virtual machine execution under an untrusted management OS. In Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD’10). IEEE, Los Alamitos, CA, 172–179.

[131]

Raoul Praful Jetley, Paul L. Jones, and Paul Anderson.2008. Static analysis of medical device software using CodeSonar. In Proceedings of the ACM Workshop on Static Analysis.

[132]

Najwa Aaraj, Anand Raghunathan, and Niraj K. Jha. 2008. Dynamic binary instrumentation-based framework for malware defense. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment.

[133]

Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2013. Improving the trustworthiness of medical device software with formal verification methods. IEEE Embedded Systems Letters 5, 3 (2013), 50–53.

[134]

Lucas Cordeiro, Bernd Fischer, Huan Chen, and Joao Marques-Silva. 2009. Semiformal verification of embedded software in medical devices considering stringent hardware constraints. In Proceedings of the 2009 International Conference on Embedded Software and Systems. IEEE, Los Alamitos, CA, 396–403.

Digital Library

[135]

Raoul Jetley, S. Purushothaman Iyer, Paul L. Jones, and William Spees. 2006. A formal approach to pre-market review for medical device software. In Proceedings of the 30th Annual InternationalComputer Software and Applications Conference, Vol. 1. IEEE, Los Alamitos, CA, 169–177.

[136]

Tamara Denning, Alan Borning, Batya Friedman, Brian T. Gill, Tadayoshi Kohno, and William H. Maisel. 2010. Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, New York, NY, 917–926.

[137]

Stuart Schechter. 2010. Security that is meant to be skin deep using ultraviolet micropigmentation to store emergency-access keys for implantable medical devices. Microsoft. Retrieved May 25, 2021 from https://www.microsoft.com/en-us/research/publication/security-that-is-meant-to-be-skin-deep-using-ultraviolet-micropigmentation-to-store-emergency-access-keys-for-implantable-medical-devices

[138]

Christophe De Canniere, Orr Dunkelman, and Miroslav Knežević. 2009. KATAN and KTANTAN—A family of small and efficient hardware-oriented block ciphers. In Cryptographic Hardware and Embedded Systems—CHES 2009. Springer, 272–288.

[139]

Nachiketh R. Potlapally, Srivaths Ravi, Anand Raghunathan, and Niraj K. Jha. 2003. Analyzing the energy consumption of security protocols. In Proceedings of the 2003 International Symposium on Low Power Electronics and Design. ACM, New York, NY, 30–35.

[140]

Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin, and Charlotte Vikkelsoe. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems.

[141]

David L Donoho. 2006. Compressed sensing. IEEE Transactions on Information Theory 52, 4 (2006), 1289–1306.

Digital Library

[142]

Simon Heron. 2009. Advanced encryption standard (AES). Network Security 2009, 12 (2009), 8–12.

Digital Library

[143]

Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. 2013. Keccak. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. 313–314.

[144]

Lu Shi, Jiawei Yuan, Shucheng Yu, and Ming Li. 2013. ASK-BAN: Authenticated secret key extraction utilizing channel characteristics for body area networks. In Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, New York, NY.

[145]

Syed Taha Ali, Vijay Sivaraman, and Diethelm Ostry. 2012. Zero reconciliation secret key generation for body-worn health monitoring devices. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, New York, NY, 39–50.

Digital Library

[146]

Suman Jana, Sriram Nandha Premnath, Mike Clark, Sneha K. Kasera, Neal Patwari, and Srikanth V. Krishnamurthy. 2009. On the effectiveness of secret key extraction from wireless signal strength in real environments. In Proceedings of the ACM International Conference on Mobile Computing and Networking.

[147]

Suhas Mathur, Wade Trappe, Narayan Mandayam, Chunxuan Ye, and Alex Reznik. 2008. Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel. In Proceedings of the 14th ACM International Conference on Mobile Computing and Networking.

[148]

Saied Hosseini-Khayat. 2011. A lightweight security protocol for ultra-low power ASIC implementation for wireless implantable medical devices. In Proceedings of the 5th International Symposium on Medical Information and Communication Technology. IEEE, Los Alamitos, CA.

[149]

Masoud Rostami, Wayne Burleson, Farinaz Koushanfar, and Ari Juels. 2013. Balancing security and utility in medical devices? In Proceedings of the 50th Annual Design Automation Conference. ACM, New York, NY, 13.

Digital Library

[150]

Christoph Beck, Daniel Masny, Willi Geiselmann, and Georg Bretthauer. 2011. Block cipher based security for severely resource-constrained implantable medical devices. In Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies. ACM, New York, NY, Article 62, 5 pages.

Digital Library

[151]

Meng Zhang, Mehran Mozaffari Kermani, Anand Raghunathan, and Niraj K. Jha. 2013. Energy-efficient and secure sensor data transmission using encompression. In Proceedings of the 26th International Conference on VLSI Design. IEEE, Los Alamitos, CA, 31–36.

[152]

Lake Bu, Mark G. Karpovsky, and Michel A. Kinsy. 2019. Bulwark: Securing implantable medical devices communication channels. Computers & Security 86 (2019), 498–511.

Digital Library

[153]

Kubra Saeedi. 2019. Machine Learning for Ddos Detection in Packet Core Network for IoT. Retrieved May 25, 2021 from https://www.diva-portal.org/smash/get/diva2:1360486/FULLTEXT02.pdf

[154]

Sudip Vhaduri and Christian Poellabauer. 2017. Wearable device user authentication using physiological and behavioral metrics. In Proceedings of the 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC’17). IEEE, Los Alamitos, CA.

[155]

A. K. M. Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A. Selcuk Uluagac. 2019. Healthguard: A machine learning-based security framework for smart healthcare systems. In Proceedings of the 2019 6th International Conference on Social Networks Analysis, Management, and Security (SNAMS’19). IEEE, Los Alamitos, CA, 389–396.

[156]

Heena Rathore, Amr Mohamed, and Mohsen Guizani. 2020. Deep learning-based security schemes for implantable medical devices. In Energy Efficiency of Medical Devices and Healthcare Applications. Elsevier, 109–130.

[157]

Jinyuan Sun, Xiaoyan Zhu, Chi Zhang, and Yuguang Fang. 2011. HCPP: Cryptography based secure EHR system for patient privacy and emergency healthcare. In Proceedings of the 2011 31st International Conference on Distributed Computing Systems. IEEE, Los Alamitos, CA, 373–382.

[158]

Huang Lin, Jun Shao, Chi Zhang, and Yuguang Fang. 2013. CAM: Cloud-assisted privacy preserving mobile health monitoring. IEEE Transactions on Information Forensics and Security 8, 6 (2013), 985–997.

Digital Library

[159]

Ming Li, Wenjing Lou, and Kui Ren. 2010. Data security and privacy in wireless body area networks. IEEE Wireless Communications 17, 1 (2010), 51–58.

Digital Library

[160]

Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. 2012. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems 24, 1 (2012), 131–143.

Digital Library

[161]

Zhitao Guan, Tingting Yang, and Xiaojiang Du. 2015. Achieving secure and efficient data access control for cloud-integrated body sensor networks. International Journal of Distributed Sensor Networks 11, 8 (2015), 101287.

[162]

Xiali Hei, Xiaojiang Du, Jie Wu, and Fei Hu. 2010. Defending resource depletion attacks on implantable medical devices. In Proceedings of the 2010 IEEE Global Telecommunications Conference (GLOBECOM’10).

[163]

Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2013. MedMon: Securing medical devices through wireless monitoring and anomaly detection. IEEE Transactions on Biomedical Circuits and Systems 7, 6 (2013), 871–881.

[164]

Chenglong Fu, Xiaojiang Du, Longfei Wu, Qiang Zeng, Amr Mohamed, and Mohsen Guizani. 2019. POKs based secure and energy-efficient access control for implantable medical devices. In Security and Privacy in Communication Systems. Springer, 105–125.

[165]

Yi Chen, Shuai Ding, Zheng Xu, Handong Zheng, and Shanlin Yang. 2019. Blockchain-based medical records secure storage and medical service framework. Journal of Medical Systems 43, 1 (2019), 5.

Digital Library

[166]

Ashutosh Dhar Dwivedi, Gautam Srivastava, Shalini Dhar, and Rajani Singh. 2019. A decentralized privacy-preserving healthcare blockchain for IoT. Sensors (Basel) 19, 2 (2019), 326.

[167]

Gautam Srivastava, Jorge Crichigno, and Shalini Dhar. 2019. A light and secure healthcare blockchain for IoT medical devices. In Proceedings of the 2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE’19). IEEE, Los Alamitos, CA, 1–5.

[168]

Gautam Srivastava, Reza M. Parizi, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2019. Data sharing and privacy for patient IoT devices using blockchain. In Proceedings of the International Conference on Smart City and Informatization. 334–348.

[169]

Swarup Bhunia, Michael S. Hsiao, Mainak Banga, and Seetharam Narasimhan. 2014. Hardware Trojan attacks: Threat analysis and countermeasures. Proceedings of the IEEE 102, 8 (2014), 1229–1247.

[170]

Jim Aarestad, Dhruva Acharyya, Reza Rad, and Jim Plusquellic. 2010. Detecting Trojans through leakage current analysis using multiple supply pads. IEEE Transactions on Information Forensics and Security 5, 4 (2010), 893–904.

Digital Library

[171]

Sheng Wei and Miodrag Potkonjak. 2013. The undetectable and unprovable hardware Trojan horse. In Proceedings of the 50th Annual Design Automation Conference. ACM, New York, NY, 144.

Digital Library

[172]

Charles Lamech and Jim Plusquellic. 2012. Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure. In Proceedings of the 2012 Conference on Hardware-Oriented Security and Trust (HOST’12). IEEE, Los Alamitos, CA, 75–82.

[173]

Sheng Wei, Kai Li, Farinaz Koushanfar, and Miodrag Potkonjak. 2012. Hardware Trojan horse benchmark via optimal creation and placement of malicious circuitry. In Proceedings of the 49th Annual Design Automation Conference. ACM, New York, NY, 90–95.

Digital Library

[174]

Jie Li and John Lach. 2008. At-speed delay characterization for IC authentication and Trojan horse detection. In Proceedings of the International Workshop on Hardware-Oriented Security and Trust. IEEE, Los Alamitos, CA, 8–14.

[175]

Kyung Sup Kwak, Sana Ullah, and Niamat Ullah. 2010. An overview of IEEE 802.15. 6 standard. In Proceedings of the Applied Sciences in Biomedical and Communication Technologies (ISABEL’10). IEEE, Los Alamitos, CA, 1–6.

[176]

Kris Tiri, Moonmoon Akmal, and Ingrid Verbauwhede. 2002. A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards. In Proceedings of the 2020 Solid-State Circuits Conference. IEEE, Los Alamitos, CA.

[177]

Kris Tiri and Ingrid Verbauwhede. 2004. Charge recycling sense amplifier based logic: Securing low power security ICs against DPA. In Proceedings of the 30th European Conference on Solid-State Circuits. 179–182.

[178]

Muhammad Ali Siddiqi, Christian Doerr, and Christos Strydis. 2020. IMDfence: Architecting a secure protocol for implantable medical devices. arxiv:2002.09546.

[179]

Muhammad Ali Siddiqi and Christos Strydis. 2019. Towards realistic battery-DoS protection of implantable medical devices. In Proceedings of the 16th ACM International Conference on Computing Frontiers. 42–49.

Digital Library

[180]

Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Wenyuan Xu, Kevin Fu, et al. 2013. WattsUpDoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In Proceedings of the 2013 USENIX Conference on Safety, Security, Privacy, and Interoperability of Health Information Technologies (HealthTech’13).

[181]

Jean-Jacques Quisquater and David Samyde. 2001. Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In Smart Card Programming and Security. Springer, 200–210.

[182]

Girish B. Ratanpal, Ronald D. Williams, and Travis N. Blalock. 2004. An on-chip signal suppression countermeasure to power analysis attacks. IEEE Transactions on Dependable and Secure Computing 1, 3 (2004), 179–189.

Digital Library

[183]

M. Anwarul Hasan. 2001. Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. IEEE Transactions on Computers10 (2001), 1071–1083.

[184]

Radu Muresan and Stefano Gregori. 2008. Protection circuit against differential power analysis attacks for smart cards. IEEE Transactions on Computers 57, 11 (2008), 1540.

Digital Library

[185]

Po-Chun Liu, Hsie-Chia Chang, and Chen-Yi Lee. 2010. A low overhead DPA countermeasure circuit based on ring oscillators. IEEE Transactions on Circuits and Systems II: Express Briefs 57, 7 (2010), 546–550.

Digital Library

[186]

Carmen C. Y. Poon, Yuan-Ting Zhang, and Shu-Di Bao. 2006. A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. IEEE Communications Magazine 44, 4 (2006), 73–81.

Digital Library

[187]

Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, and David Kotz. 2012. Who wears me? Bioimpedance as a passive biometric. In Proceedings of the 3rd USENIX Conference on Health Security and Privacy (HealthSec’12).

Digital Library

[188]

Chunqiang Hu, Xiuzhen Cheng, Fan Zhang, Dengyuan Wu, Xiaofeng Liao, and Dechang Chen. 2013. OPFKA: Secure and efficient ordered-physiological-feature-based key agreement for wireless body area networks. In Proceedings of the 2013 IEEE INFOCOM Conference. IEEE, Los Alamitos, CA, 2274–2282.

[189]

Krishna K. Venkatasubramanian, Ayan Banerjee, and Sandeep Kumar S. Gupta. 2010. PSKA: Usable and secure key agreement scheme for body area networks. IEEE Transactions on Information Technology in Biomedicine 14, 1 (2010), 60–68.

Digital Library

[190]

Sang-Yoon Chang, Yih-Chun Hu, Hans Anderson, Ting Fu, and Evelyn Y. L. Huang. 2012. Body area network security: Robust key establishment using human body channel. In Proceedings of the 3rd USENIX Conference on Health Security and Privacy (HealthSec’12). 5.

[191]

Masoud Rostami, Ari Juels, and Farinaz Koushanfar. 2013. Heart-to-heart (H2H): Authentication for implanted medical devices. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). 1099–1112.

Digital Library

[192]

Andrew D. Jurik and Alfred C. Weaver. 2011. Securing mobile devices with biotelemetry. In Proceedings of the 20th International Conference on Computer Communications and Networks (ICCCN’11).

[193]

Sriram Cherukuri, Krishna K. Venkatasubramanian, and Sandeep K. S. Gupta. 2003. Biosec: A biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In Proceedings of the International Conference on Parallel Processing Workshops. IEEE, Los Alamitos, CA.

[194]

Hassan Chizari and Emil C. Lupu. 2019. Extracting randomness from the trend of IPI for cryptographic operators in implantable medical devices. IEEE Transactions on Dependable and Secure Computing 18, 2 (2019), 875–888.

[195]

Taha Belkhouja, Xiaojiang Du, Amr Mohamed, Abdulla K. Al-Ali, and Mohsen Guizani. 2019. Biometric-based authentication scheme for Implantable Medical Devices during emergency situations. Future Generation Computer Systems 98 (2019), 109–119.

Digital Library

[196]

Hang Cai and Krishna K. Venkatasubramanian. 2019. Data-driven detection of sensor-hijacking attacks on electrocardiogram sensors. In Mission-Oriented Sensor Networks and Systems: Art and Science. Springer, 757–781.

[197]

Hang Cai and Krishna K. Venkatasubramanian. 2016. Detecting signal injection attack-based morphological alterations of ECG measurements. In Proceedings of the International Conference on Distributed Computing in Sensor Systems (DCOSS’16). IEEE, Los Alamitos, CA, 127–135.

[198]

Ming Li, Shucheng Yu, Joshua D. Guttman, Wenjing Lou, and Kui Ren. 2013. Secure ad hoc trust initialization and key management in wireless body area networks. ACM Transactions on Sensor Networks 9, 2 (2013), 18.

[199]

Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, and Ersin Uzun. 2006. Loud and clear: Human-verifiable authentication based on audio. In Proceedings of the IEEE International Conference on Distributed Computing Systems. IEEE, Los Alamitos, CA, 10.

[200]

Carsten W. Israel and S. Serge Barold. 2001. Pacemaker systems as implantable cardiac rhythm monitors. American Journal of Cardiology 88, 4 (2001), 442–445.

[201]

Eric Freudenthal, David Herrera, Frederick Kautz, Carlos Natividad, Alexandria Ogrey, Justin Sipla, Abimael Sosa, Carlos Betancourt, and Leonardo Estevez. 2007. Suitability of NFC for medical device communication and power delivery. In Proceedings of the 2007 Engineering in Medicine and Biology Workshop. IEEE, Los Alamitos, CA, 51–54.

[202]

Heribert Baldus, Steven Corroy, Alberto Fazzi, Karin Klabunde, and Tim Schenk. 2009. Human-centric connectivity enabled by body-coupled communications. IEEE Communications Magazine 47, 6 (2009), 172–178.

Digital Library

[203]

Priyanka Bagade, Ayan Banerjee, Joseph Milazzo, and Sandeep K. S. Gupta. 2013. Protect your BSN: No handshakes, just namaste! In In Proceedings of the 2013 IEEE International Conference on Body Sensor Networks.

[204]

Kasper Bonne Rasmussen, Claude Castelluccia, Thomas S. Heydt-Benjamin, and Srdjan Capkun. 2009. Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, New York, NY.

Digital Library

[205]

Lu Shi, Ming Li, Shucheng Yu, and Jiawei Yuan. 2013. BANA: Body area network authentication exploiting channel characteristics. IEEE Journal on Selected Areas in Communications 31, 9 (2013), 1803–1816.

[206]

Tamara Denning, Kevin Fu, and Tadayoshi Kohno. 2008. Absence makes the heart grow fonder: New directions for implantable medical device security. In Proceedings of the 3rd Conference on Hot Topics in Security (HOTSEC’08). Article 5, 7 pages.

[207]

Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu. 2011. They can hear your heartbeats: Non-invasive security for implantable medical devices. ACM SIGCOMM Computer Communication Review 41, 4 (2011), 1–12.

[208]

Fengyuan Xu, Zhengrui Qin, Chiu C. Tan, Baosheng Wang, and Qun Li. 2011. IMDGuard: Securing IMD with the external wearable guardian. In Proceedings of the 2011 IEEE INFOCOM Conference.

[209]

Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. 6thSense: A context-aware sensor-based attack detector for smart devices. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). 397–414.

[210]

Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A. Selcuk Uluagac. 2019. Aegis: A context-aware security framework for smart home systems. In Proceedings of the 35th Annual Computer Security Applications Conference. 28–41.

[211]

Yana Petlovana. 2018. Privacy and Security in Healthcare: A Must-Read for Healthtech Entrepreneurs. Retrieved May 25, 2021 from https://steelkiwi.com/blog/privacy-and-security-in-healthcare/

[212]

Kriangsiri Malasri and Lan Wang. 2009. Design and implementation of a securewireless mote-based medical sensor network. Sensors (Basel) 9, 8 (2009), 6273–6297.

[213]

Mandeep Khera. 2017. Think like a hacker: Insights on the latest attack vectors (and security controls) for medical device applications. Journal of Diabetes Science and Technology 11, 2 (2017), 207–212.

[214]

Patricia A. H. Williams and Andrew J. Woodward. 2015. Cybersecurity vulnerabilities in medical devices: A complex environment and multifaceted problem. Medical Devices (Auckland, NZ) 8 (2015), 305.

[215]

Brian Randell. 1975. System structure for software fault tolerance. IEEE Transactions on Software Engineering 1, 2 (1975), 220–232.

Digital Library

[216]

Robert E. Lyons and Wouter Vanderkulk. 1962. Use of triple-modular redundancy to improve reliability. IBM Journal of Research and Development 6, 2 (1962), 200–209.

Digital Library

[217]

Ioannis Chatzigiannakis and Andreas Strikos. 2007. A decentralized intrusion detection system for increasing security of wireless sensor networks. In Proceedings of the 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA’17). IEEE, Los Alamitos, CA, 1408–1411.

[218]

Md Hasan Shahriar, Nur Imtiazul Haque, Mohammad Ashiqur Rahman, and Miguel Alonso. 2020. G-IDS: Generative adversarial networks assisted intrusion detection system. In Proceedings of the 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC’20). IEEE, Los Alamitos, CA, 376–385.

[219]

Amit Kumar Sikder, Leonardo Babun, Z. Berkay Celik, Abbas Acar, Hidayet Aksu, Patrick McDaniel, Engin Kirda, and A. Selcuk Uluagac. 2020. Kratos: Multi-user multi-device-aware access control system for the smart home. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’20). 1–12.

[220]

Min Chen, Yixue Hao, Kai Hwang, Lu Wang, and Lin Wang. 2017. Disease prediction by machine learning over big data from healthcare communities. IEEE Access 5 (2017), 8869–8879.

[221]

Samuel G. Finlayson, Hyung Won Chung, Isaac S. Kohane, and Andrew L. Beam. 2018. Adversarial attacks against medical deep learning systems. arxiv:1804.05296.

[222]

A. K. M. Newaz, Nur Imtiazul Haque, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A. Selcuk Uluagac. 2020. Adversarial attacks to machine learning-based smart healthcare systems. In Proceedings of the IEEE Global Communications Conference (GLOBECOM’20).

Cited By

Tariq M(2024)Enhancing Cybersecurity Protocols in Modern Healthcare SystemsTransformative Approaches to Patient Literacy and Healthcare Innovation10.4018/979-8-3693-3661-8.ch011(223-241)Online publication date: 9-Feb-2024
https://doi.org/10.4018/979-8-3693-3661-8.ch011
Anitha DSasikala SVelmurugan ASharmila VBanupriya RMuthusamy P(2024)Advancements in Early Warning Systems and Human Factors in Lightweight Secured IoMT Ecosystems for Healthcare 4.0Social Innovations in Education, Environment, and Healthcare10.4018/979-8-3693-2569-8.ch016(318-338)Online publication date: 29-Mar-2024
https://doi.org/10.4018/979-8-3693-2569-8.ch016
Shah ILaraib AAshraf HHussain F(2024)Drone TechnologyCybersecurity Issues and Challenges in the Drone Industry10.4018/979-8-3693-0774-8.ch014(343-361)Online publication date: 26-Jan-2024
https://doi.org/10.4018/979-8-3693-0774-8.ch014
Show More Cited By

Index Terms

A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses

Recommendations

An exhaustive survey on security and privacy issues in Healthcare 4.0
Abstract
The healthcare industry has revolutionized from 1.0 to 4.0 where Healthcare 1.0 was more doctor centric and Healthcare 2.0 replaced manual records with electronic healthcare records (EHRs). Healthcare 3.0 was patient-centric and ...
Read More
eHealth Data Security and Privacy: Perspectives from Diverse Stakeholders in Malawi
CSCW

The development and adoption of eHealth in low- and middle-income countries has potential to advance the quality of care in healthcare settings that are challenged by weak infrastructure. Especially in the countries where HIV rates are high, there is ...
Read More
Healthcare systems quality: development and use
SEHS '16: Proceedings of the International Workshop on Software Engineering in Healthcare Systems

Medical Software Quality Regulations have been developed through a concern for patient safety, outcome and care. From our research on a variety of projects, which includes observation within hospitals and clinics, we can demonstrate that there are many ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Computing for Healthcare

ACM Transactions on Computing for Healthcare Volume 2, Issue 3

Survey Paper

July 2021

226 pages

EISSN:2637-8051

DOI:10.1145/3476113

Editors:
Insup Lee
University of Pennsylvania, USA
,
John A. Stankovic
University of Virginia, USA

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 July 2021

Accepted: 01 February 2021

Revised: 01 October 2020

Received: 01 April 2020

Published in HEALTH Volume 2, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

91
Total Citations
View Citations
4,794
Total Downloads

Downloads (Last 12 months)2,801
Downloads (Last 6 weeks)330

Other Metrics

View Author Metrics

Citations

Cited By

Tariq M(2024)Enhancing Cybersecurity Protocols in Modern Healthcare SystemsTransformative Approaches to Patient Literacy and Healthcare Innovation10.4018/979-8-3693-3661-8.ch011(223-241)Online publication date: 9-Feb-2024
https://doi.org/10.4018/979-8-3693-3661-8.ch011
Anitha DSasikala SVelmurugan ASharmila VBanupriya RMuthusamy P(2024)Advancements in Early Warning Systems and Human Factors in Lightweight Secured IoMT Ecosystems for Healthcare 4.0Social Innovations in Education, Environment, and Healthcare10.4018/979-8-3693-2569-8.ch016(318-338)Online publication date: 29-Mar-2024
https://doi.org/10.4018/979-8-3693-2569-8.ch016
Shah ILaraib AAshraf HHussain F(2024)Drone TechnologyCybersecurity Issues and Challenges in the Drone Industry10.4018/979-8-3693-0774-8.ch014(343-361)Online publication date: 26-Jan-2024
https://doi.org/10.4018/979-8-3693-0774-8.ch014
Shah IJhanjhi NUjjan R(2024)Use of AI Applications for the Drone IndustryCybersecurity Issues and Challenges in the Drone Industry10.4018/979-8-3693-0774-8.ch002(27-41)Online publication date: 26-Jan-2024
https://doi.org/10.4018/979-8-3693-0774-8.ch002
Alharbi ASen ABahbouh NYamin M(2024)A Steganography Approach for Hiding Data in Arabic Text based on Diacritics2024 11th International Conference on Computing for Sustainable Global Development (INDIACom)10.23919/INDIACom61295.2024.10498336(106-110)Online publication date: 28-Feb-2024
https://doi.org/10.23919/INDIACom61295.2024.10498336
Alkailani MAbdulhassan AAlnahar S(2024)Iraqi Population Trusts in Electronic Healthcare Records: A Cross-sectional StudyINQUIRY: The Journal of Health Care Organization, Provision, and Financing10.1177/0046958024124944861Online publication date: 7-May-2024
https://doi.org/10.1177/00469580241249448
Fan SJain RKankanhalli M(2024)A Comprehensive Picture of Factors Affecting User Willingness to Use Mobile Health ApplicationsACM Transactions on Computing for Healthcare10.1145/36269625:1(1-31)Online publication date: 13-Jan-2024
https://dl.acm.org/doi/10.1145/3626962
Fatima AMasood S(2024)Machine learning approaches for neurological disease prediction: A systematic reviewExpert Systems10.1111/exsy.13569Online publication date: 4-Apr-2024
https://doi.org/10.1111/exsy.13569
Yan HBilal MXu XVimal S(2024)Edge Server Deployment for Health Monitoring With Reinforcement Learning in Internet of Medical ThingsIEEE Transactions on Computational Social Systems10.1109/TCSS.2022.316199611:3(3079-3089)Online publication date: Jun-2024
https://doi.org/10.1109/TCSS.2022.3161996
Melhem HSalloum EOudeh AAnbar MMolhem MGolubtsov I(2024)Strengthening Health Care Networks: A Security Model for Enhanced Cyber Resilience Using Hybrid Honeypots2024 6th International Youth Conference on Radio Electronics, Electrical and Power Engineering (REEPE)10.1109/REEPE60449.2024.10479780(1-6)Online publication date: 29-Feb-2024
https://doi.org/10.1109/REEPE60449.2024.10479780
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents