Implantable Medical Devices:

Similar documents
Patients First. Understanding Your ICD. An ICD can protect you against dangerous abnormal heart rhythms. Patient Education CARE AND TREATMENT

The Clinical Evaluation of Remote Notification to Reduce Time to Clinical Decision (CONNECT) Trial The Value of Remote Monitoring

When to Consider Implantable Cardioverter Defibrillator (ICD) Deactivation. A Guide for Patients and Family

When to Consider Implantable Cardioverter Defibrillator (ICD) Deactivation. A Guide for Patients and Family

CLINICAL MEDICAL POLICY

QA offers significant economic benefits!

MRI Patient Screening and History

Published by: PIONEER RESEARCH & DEVELOPMENT GROUP ( 32

What is Social Networking?

What is Social Networking?

CLINICIAN MANUAL. LATITUDE Patient Management System

Wireless Hospital Applications

CARDIAC DEVICE MONITORING

Health Management Information Systems: Computerized Provider Order Entry

TIPS AND TRICKS FOR ALERT MANAGEMENT. Reveal LINQ Insertable Cardiac Monitoring System

EMERGING TRENDS WHAT I WILL COVER INCREASED INTEREST DEVICES ARE MIGRATING SAFE AND RELIABLE DEVICES LEAD TO LIVING WELL

Generator or box changes for your implantable device

Google Cloud Technical Brief

CURRICULUM OUTLINE OF INSTRUCTION SURFACE WARFARE OFFICER DEPARTMENT HEAD COURSE CIN: A-4H-0107 CDP: 9545 VER: 2.0 CHANGE: 3

ABOUT REVEAL LINQ DURING

UNCLASSIFIED. UNCLASSIFIED Army Page 1 of 7 R-1 Line #9

Manager. 2. To establish procedures for selecting and acquiring biomedical equipment.

Teleworking and access to ECHA IT systems

Security Risk Analysis and 365 Days of Meaningful Use. Rodney Gauna & Val Tuerk, Object Health

Initial Clinic Setup Reference Guide. Merlin.net Patient Care Network (PCN)

REGISTRATION INFORMATION

Requirements for the Mentcare system

Heart Rhythm Program, St. Paul s Hospital Lead Extraction

Telehomecare Technologies for the Elderly: Milestones and challenges

Emerging Electromagnetic Spectrum Capabilities

HOUSE OF WORSHIP DRILL WORKSHEET SCENARIO: TORNADO DATE CONDUCTED. Facility should implement first phase of emergency plan and complete the following:

LATITUDE. Patient Management System

Component Description Unit Topics 1. Introduction to Healthcare and Public Health in the U.S. 2. The Culture of Healthcare

Standards for insertion, follow up and explant of implantable loop recorders [ILRs] by non-medical staff

Public Access Defibrillation

CLINICIAN MANUAL LATITUDE NXT. LATITUDE NXT Patient Management System

RFID Integrated Drug Information System to Prevent Medical Errors Leading to Drug Interactions

COMMONWEALTH OF PENNSYLVANIA OPERATIONAL PLAN

Magical Black Box: October 1, 2015, and Beyond

Optima Health Provider Manual

The Impact of New Technology in Health Care on Privacy

Facility Name: Patient Registration. Name: Address: Home: Work: Mobile: Race: Gender: Marital Status: Emergency Contact Information

Strengthening Health Systems in Resource Poor Settings through the Application of the Sana Wireless Technology

MRI Device Compliance Martin Vogel, PhD Kimberley Poling Application Engineering Team Eastern USA

STANDARD OPERATING PROCEDURE FOR GENERAL SAFETY

Cybersecurity TEMP Body Example

Guide to Enterprise Telework and Remote Access Security (Draft)

ENFIELD BOARD OF EDUCATION ENFIELD, CONNECTICUT. USE OF AUTOMATIC EXTERNAL DEFIBRILLATORS (AED s) BY SCHOOL PERSONNEL

STUDENTS First Aid/Emergency Medical Care. Use of Automatic External Defibrillators (AEDs)

SMART HEALTH MONITORING SYSTEM

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Status Check On Health IT

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Proposal for the Suicide Bomb Detector Model # RDS400

Security Risk Analysis

Auckland District Health Board Summary 1 July 2011 to 30 June 2012 Serious and Sentinel Events

Prototyping at West County Health Centers

All Out-of-Network hospitalizations, surgeries, procedures, referrals, evaluations, services and treatment require prior authorization.

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

Utkarsha Kumbhar *, Vaidehi Gadkari, Rohan Waichal, Prashant Patil ABSTRACT I. INTRODUCTION

City of Bowie Neighborhood Block Party Permits

Cardiology Published: March 2015 Review date: March 2018 Reference no: 2532v1 Imperial College Healthcare NHS Trust

Living with a pacemaker

Consulted With Post/Committee/Group Date Dr Dhillon Cardiology Consultant April Professionally Approved By 2. Clinical Effectiveness

Networks for Home Medical

INSTITUTE FOR THE GLOBAL ENTREPRENEUR

Next Steps to Revolutionary Change of Spectrum Usage

MEDICAL_MAS: an Agent-Based System for Medical Diagnosis

Medical Manager v12 includes the following features and functionalities to assist you with your ICD-10 transition:

Type: Clinical Guideline Register No: Status: Public

Smart Start. Level of cover with Australian Unity. Cover availability. Excess options. Hospital and Extras Cover Effective from 15 December 2017 $100

MEDICAL POLICY No R2 TELEMEDICINE

17/06/2018. None. Author/s: Andrea Taylor Date of issue: 17 June 2015

Physical Protection of Nuclear Installations After 11 September 2001

DOES TECHNOLOGY KEEP PATIENTS OUT OF HOSPITALS?

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

Complex example of CWW for Osteosarcoma Online

Personal Health Monitoring Services SM VITAL SIGNS TRANSMITTER MODEL: VST 3 TM. Instruction Manual

Advanced HIPAA Communications and University Relations

MOT CHARTER SCHOOL ASSIGNED SCHOOL COMPUTER USE AGREEMENT

OIG Medicare Compliance Audits: Tactical Tips for Surviving One from the Battlefield

Appendix. Final Version of the Electronic Health Record (EHR) Survey Questionnaire

Alcoa Police Department General Order Type/Action:

For some years, the automation of hospital administrative

Visiting Celebrities, VIPs and other Official Visitors

CLARK HEARING SOLUTIONS NEW CLIENT REGISTRATION FORM (Please Print Clearly)

A preliminary analysis of differences in coded data from Australia and Maryland

This document is updated quarterly. Please check this document prior to PA submission as codes may be removed or added. All codes listed require PA.

A Systems Approach to Patient Safety at the VA

Smart Choice. Level of cover with Australian Unity. Excess options. Cover availability. Hospital and Extras Cover Effective from 15 February 2018 $500

Request for Solutions: Distributed Live Virtual Constructive (dlvc) Prototype

HIPAA Privacy Regulations Governing Research

WORKPLACE VIOLENCE PREVENTION. Health Care and Social Service Workers

Technology for Combat Identification

SPRAGUE SCHOOL DISTRICT Baltic, Connecticut ADMINISTRATIVE REGULATIONS REGARDING AUTOMATIC EXTERNAL DEFIBRILLATORS

PATIENT INFORMATION: CONTACT INFORMATION: EMERGENCY CONTACT: EMERGENCY PHONE: RESPONSIBLE PARTY (IF OTHER THAN PATIENT)

UNCLASSIFIED R-1 ITEM NOMENCLATURE

Task Force on Indigent Defense Statement of Grant Award Discretionary Grant

PATIENT REGISTRATION. Street City State Zip WORK INJURY/ ACCIDENT

Follow-up guide for patients. Pacemakers. Follow-up guide for patients

Transcription:

Implantable Medical Devices: Security Privacy for Pervasive, Wireless Healthcare Presenter: Kevin Fu Yoshi Kohno & William Maisel http://www.secure-medicine.org/ CMOS Workshop, February 18, 2009 UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

Many Collaborators William H. Maisel, MD, MPH -Director, Pacemaker and Defibrillator Service, Beth Israel Deaconess Medical Center -Assistant Professor, Harvard Medical School Tadayoshi Kohno -Assistant Professor, CSE, University of Washington Students -Shane Clark, Benessa Defend, Tamara Denning, Dan Halperin, Tom Heydt-Benjamin, Andres Molina, Will Morgan, Ben Ransford, Mastooreh Salajegheh UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 2

IMD Security & Privacy is Hard Background Unintentional medical malfunctions Intentional medical malfunctions Pacemaker & Implantable Cardioverter Defibrillator (ICD) Security analysis of a pacemaker/icd Violate patient privacy Induce a fatal heart rhythm Defensive methods Protect the battery, proper use of cryptography The Future UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 3

Unintentional Malfunctions in Medical Care UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

Unintentional Accidents IEEE Computer 1993 UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 5

Is a malicious intentional malfunction a risk of real concern? UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

Bad People Do Exist UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 7

Background: Pacemaker & Defibrillator 101 UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

Photos from: Medtronic 9

Photos from: Medtronic 9

Networking + Wireless! Photos from: Medtronic 9

Pacemakers: Regulate heartbeat UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 10

Pacemakers: Regulate heartbeat UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 10

Pacemakers: Regulate heartbeat > Energy spent on radio & computing, etc. overhead! < Energy for pacing! UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 10

ICDs: Resynchronize the heart Implantable Cardioverter Defibrillator (ICD) Related to pacemaker Large shock: resync heart Monitors heart waveforms Heart UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 11

Our Tested Pacemaker + ICD Physical characteristics: ~5-year battery Waveform memory Radio interface w/ programmer Therapies:* Steady pacing shocks 35 J defibrillation shocks * detail in [Webster, 1995] UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 12

Implantation Scenario 1. Doctor sets patient info 2. Surgically implants 3. Tests defibrillation 4. Ongoing monitoring Device Programmer Photos: Medtronic; Video: or-live.com UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 13

Implantation Scenario 1. Doctor sets patient info 2. Surgically implants 3. Tests defibrillation 4. Ongoing monitoring Photos: Medtronic; Video: or-live.com UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 13

Implantation Scenario 1. Doctor sets patient info 2. Surgically implants 3. Tests defibrillation 4. Ongoing monitoring Photos: Medtronic; Video: or-live.com Home monitor UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 13

Adversaries Do Not Play by the Rules UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

802.11 WiFi Sniper Yagi UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 15

Uninvited Radio Suitcases http://eecue.com/log_archive/eecue-log-594-bluebag Mobile_Covert_Bluetooth_Attack_and_Infection_Device.html UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 16

Our Security Analysis of a Pacemaker + ICD UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

Computer Security Computer Security (Informal Definition): Study of how to design systems that behave as intended in the presence of determined, malicious third parties Security is different from reliability The malicious third party controls the probability distribution of malfunctions Security researchers focus on understanding, modeling, anticipating, and defending against these malicious third parties [This description drawn from the work of Prof. Yoshi Kohno with permission] UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 18

Build Your Own Clinic ~10 cm (un-optimized)

Method: Eavesdrop Private Info

Method: Eavesdrop Private Info Diagnosis

Method: Eavesdrop Private Info Diagnosis Hospital

Method:Implanting Eavesdrop Private Info physician Hospital Diagnosis

Method:Implanting Eavesdrop Private Info physician Hospital Diagnosis Also: Device state Patient name Date of birth Make & model Serial no.... and more

Method: Sniff Vital Signs 1 0.5 0 0.5 Eavesdropping setup 1 0 500 1000 1500 2000 2500 3000 ICD emits reconstructible vital signs Issue: Vital signs can say plenty.

Replay Traffic ~10 cm Photo: Medtronic

Method: Drain Energy Implant designed for infrequent radio use Radio decreases battery lifetime

Method: Drain Energy Implant designed for infrequent radio use Radio decreases battery lifetime Are you awake? Are you awake?

Method: Drain Energy Implant designed for infrequent radio use Radio decreases battery lifetime Are you awake? Are you awake? Now I am!

Replay: Turn Off Therapies Stop detecting fibrillation. Device programmer would warn here Issue: Can quietly change device state.

Replay: Affect Patient s Physiology Induce fibrillation which implant ignores Again, at close range In other kinds of implant: Flood patient with drugs Overstimulate nerves,... Photo: or-live.com Issue: Puts patient safety at risk.

Defensive Direction: Zero-Power (No time today. Google for pacemaker zero-power ) UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

Prototype Defenses Focus on sleep deprivation In zero power (harvested RF energy) Challenge-response authentication Patient notification mechanism Sensible key exchange Human is in the loop UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 27

Prototype defenses against some of the attacks. Main idea: defend without using battery.

B.Y.O.P. WISP = RFID + computation [Ubicomp 06] WISPer = WISP + our code Maximalist crypto [RFIDSEC 07] Prototype: 913 MHz RFID band Goal: External party pays for power.

Patient notification ICD

Patient notification Auth ICD

Patient notification BZZZZZZZZZZZZZZZ Auth Go ahead! ICD

WISPer as Gatekeeper Authenticate against WISPer WISPer to ICD: OK to use radio Acoustic patient notification How to deter enemies? (Open question!) 1 External party WISPer 2 Implant 3

Sensible key exchange Session setup Programming head Tissue 1 cm Key material Modulate ICD ~4 khz acoustic wave

Testing WISPer: Simulated Torso 1 cm bacon WISPer 6 cm chuck Energy harvesting through tissue is possible.

How WISPer Could Work Auxiliary device (possibly integrated) Audible or tactile patient alert Patient detects activity: am I in a clinic? Fail open: sensible, tactile key exchange UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 34

IMDs+Wireless+Internet: The Future (Condensed version of the future. Ask Kevin for details.) UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

Future Home Care Sacramento Bee, May 17, 2008 Yet some remarkable changes are on the horizon, said Dr. Larry Wolff, a UC Davis Medical School professor who specializes in implanting defibrillators. "I believe over time we could make programming changes on the telephone," he said, although that's not possible now. UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 36

Future Healthcare Infrastructure http://www.thei3p.org/repository/whitepaper-protecting_global_medical.pdf UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 37

Going the Distance Eventually, Vanu s [software radio] technology could be used to create a phone. UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 38

Future Threats: Viruses? Software updates? SQL injection? Buffer overflows? Radio as infection vector? Computer viruses, full circle? Image credit: Health & Development Initiative, India 39

Medical Device Trends Further computerization of care Longer range communication Tight integration with the Internet Cooperation among devices Issue: All of these bring risks. UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 40

Summary of IMD Sec. & Priv. Risks today: Unintentional interference Radio interference Threats: Metal detectors, accidents, misidentification Future risks: Intentional interference Threats from wireless and Internet connectivity Malware: Human-computer-immunodeficiency (HCI) virus? Tough problems: Software updates, remote monitoring,... UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 41

Challenging Technology Landscape! Auditability Safety (open access) Patient Usability High Impact Psychological Effects Security (closed access) IMD Response Time Storage Constraints Battery Life

Wireless + Internet Can Improve Healthcare But not without fully understanding security and privacy Insulin pump Artificial pancreas Neurostimulators Artificial vision Obesity control Programmable Vasectomy UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science

Extra slides Google us for more information. UNIVERSITY OF MASSACHUSETTS AMHERST Department of Computer Science 44

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback