Hacking medical devices a review - biomed 2013.

Programmable, implantable and external biomedical devices (such as pacemakers, defibrillators, insulin pumps, pain management pumps, vagus nerve stimulators and others) may be vulnerable to unauthorized access, commonly referred to as “hacking”. This intrusion may lead to compromise of confidential patient data or loss of control of the device itself, which may be deadly. Risks to health from unauthorized access is in addition to hazards from faulty (“buggy”) software or circuitry. Historically, this aspect of medical device design has been underemphasized by both manufacturers and regulatory bodies until recently. However, an insulin pump was employed as a murder weapon in 2001 and successful hacking of an implantable defibrillator was demonstrated in 2008. To remedy these problems, professional groups have announced a variety of design standards and the governmental agencies of several countries have enacted device regulations. In turn, manufacturers have developed new software products and hardware circuits to assist biomedical engineering firms to improve their commercial offerings. In this paper the author discusses these issues, reviewing known problems and zero-day threats, with potential solutions. He outlines his approach to secure software and hardware challenges using the Forth language. A plausible scenario is described in which hacking of an implantable defibrillator by terrorists results in a severe national security threat to the United States.