Security Challenges for Wireless Medical Products
There was an article in the July issue of IEEE Communications magazine describing the design challenges for security in wireless medical products, specifically geared toward implantable devices. The article was actually an interesting discussion of the topic of security in wireless networks in general that was really readable by those outside of the security and encryption field of study. A lot of papers I've seen on these topics are way over my head, but this one was quite accessible for a design engineer. The article breaks down the devices into three classes:
1) Implantable identification devices (IIDs) - identify a patient
2) Implantable monitoring devices (IMDs) - provide biometric data collection from a patient
3) Implantable control devices (ICDs) - alter some physiological parameter of a patient
Each device is subject to certain types of attacks and security issues shown in the following table.
| Type of Attack | Devices Susceptible To | Description |
| Harvesting | IIDs and IMDs | The attacker tries to steal information transmitted |
| Tracking | IIDs, IMDs, and ICDs | The attacker can track a patients location based on wireless transmissions |
| Cloning | IIDs, IMDs, and ICDs | The attacker can record a message to pass themselves off as a patient in the future |
| Relay Attack | IIDs, IMDs, and ICDs | A special case attack where the attacker can extend their attack range |
| Physical Compromise | IIDs | The attacker may try to physically steal the IID to obtain the privileges it entitles the bearer to |
| Denial of Service | IMDs | The attacker floods the communication channel to prevent the system from working |
| Physical Harm to Patient | ICD | The attacker could reprogram the ICD to harm the patient |
The article points to countermeasures that have been researched for each of these attacks, areas where further research is needed, and to applicable research in the general security and encryption community. There is a lot more to think about when designing wireless medical systems than just getting the functionality of a product to work and there are a lot of ethical issues in play as well in the area of privacy.
[1] Malasri, Kriangsiri and Lan Wang. July 2009. "Securing Wireless Implantable Devices for Healthcare: Ideas and Challenges." IEEE Communications Magazine. Vol. 47, No. 4.