Implantable medical device (IMD) protection
The implant and the corresponding hardware technologies are required to employ certain security primitives in order to protect an individual’s private data communicated between the two entities. Traditionally, these security primitives and protocols consume a lot of battery. However, this is not suitable for modern IMDs since these devices are typically designed to operate up to a decade or so while implanted in the human body. Therefore, one of the challenges lies in finding lightweight security solutions specifically tailored for IMDs.
Networked medical infrastructure
The hospital IT department is informed that an MRI (Magnetic Resonance Imaging) scanner will be installed at the radiology department of the hospital. This will also include a PACS (Picture Archiving and Communication System) server and the associated medical imaging client software. The major challenge is the identification of collective vulnerabilities that are related both to the medical (e.g. taking remote control of the MRI equipment) and the non-medical operational characteristics (e.g. operating system security vulnerabilities). Identifying collectively vulnerabilities that are related both to the medical (e.g. taking remote control of the MRI equipment) and the non-medical operational characteristics (e.g. operating system security vulnerabilities) of the various devices and associated applications. [14] Currently, there are no tools known to detect vulnerabilities for networked medical devices other than the conventional ones used by network administrators and security specialists.
Portable/Wearable medical devices
Cardiovascular diseases (CVDs) are a group of disorders involving the heart and the blood vessels such as heart stroke, cardiac arrest, cardiac arrhythmias, congenital heart disease, etc. Some pathological conditions can be diagnosed at an early stage using extended electrocardiogram (ECG) recordings, which may lead to better outcomes and save lives. Such long-term ECG monitoring is a tedious task as it generates huge amounts of data that has to be analyzed by well-trained medical professionals. Therefore, there is a need for recording devices should be portable or wearable in order to improve the efficiency of the diagnosis process. The portable (or wearable) ECG device can easily have its battery recharged or replaced; therefore, power budgets can also be somewhat higher. This implies opting for lightweight security on the device, though the frequent uplink of data over the Internet is expected to be the major contributor to battery depletion. The direct security challenge in this case will, of course, be protecting the transmission of data over the Internet (to and from the hospital).
Medical-data exchange
A main challenge is guaranteeing secure operation and data privacy over a mix of 3rd-party software and online services, in some cases even of fax machines with privacy sensitive data. Because of the incompatibilities and inconsistencies among the various moving parts (and all manual information transfer) which even the doctors, pharmacists and other support personnel do not fully grasp, system reliability is at risk while existing security holes can easily go undetected.