Medical Implant Security: Final Searches

Uncategorized

Search 1:

Database: FHSU Library Resources

Amount of results: 43

Restrictions: Peer-Reviewed, Full Text Online.

Subjects used: cardiac and implant and cybersecurity

Was it helpful/relevant: I’ve used similar keywords, but with the amount of articles in the library’s resources I can still find new research I haven’t seen before. For that reason I’d say that this search was relevant. I’d say that most of the articles are spot on in this search, with some generally useful ones scattered throughout

Search 2:

Database: Communication & Mass Media Complete

Amount of results: 4

Restrictions: Peer Reviewed, Full Text Online

Subjects used: implant and security

Was it helpful/relevant: I haven’t used this database before. The search warranted being included because it includes articles I haven’t seen that are generally useful, if not spot on.

Search 3:

Database: Computer Source

Amount of results: 5

Subjects used: medical and cybersecurity

Was it helpful/relevant: 2 of the articles in this search I have already found in my other searches, but the rest may serve to point out how the future of biomedical implants need to focus on security as much as innovation. 4 out of 5 I would call generally useful, with the last being unrelated to my research.

Search 4:

Database: PubMed

Amount of results: 44

Restrictions: Peer Reviewed, Full Text Online

Subjects used: cybersecurity and implant

Was it helpful/relevant: Very useful, the first page and a half of results were spot on and I hadn’t seen them before.

Search 5:

Database: FHSU Library Resources

Amount of results: 45

Restrictions: Peer Reviewed, Full Text Online

Subjects used: brain and implant and cybersecurity

Was it helpful/relevant: A brain implant related search that will allow me to look data from other types of implants in the event I want to include data on them in the final proposal. Interestingly, that means in this search I’m looking for the generally useful.

Saturation:

The above searches will assist in my final proposal, of that I’m confident. There are quite a few pieces of research I haven’t seen before that contain great data. That research is from databases I haven’t used before, but I’m running out of options for more databases. If I haven’t reached saturation, I think I’m very near it.

Annotations:

Annotation #1:

Ricci, L., Paulsen, J.,  Browning, S., Hazelett, M., Carmody, S., Schwartz, S., Shein, M. (2017). An overview of the security of cardiac implantable electronic devices. Pacing and clinical electrophysiology. https://doi.org/10.1111/pace.13128 

This article presents to the reader facts about how cybersecurity is handled in cardiac pacemakers, starting with a brief history and then bringing us to today. It then asserts that the responsibility to keep a pacemaker safe from cyber-attacks lies with all involved bodies. Described as an “ecosystem” by the authors, all active bodies include the manufacturers, regulators like the FDA, doctors, healthcare locations, and the pacemaker user themselves. They propose that an information sharing and analysis organization composed of the involved bodes could be the key to ensuring the security of pacemakers.

The information in this article is reliable and backed up by several sources, and I agree with the authors’ conclusions. The researchers don’t have any stake in the issue other than safeguarding patients’ lives, so I consider this source relatively unbiased on what solution is proposed.

The information in this article is vital to the start of my proposal; I need to establish that there is or should be concern about the cybersecurity of implants. That is part of what this article is trying to develop. It also offers guidance on addressing the mounting issues of this topic, which may help approach my proposal should I decide on a survey-based model, which is my primary idea.

Annotation #2:

Das, S., Siroky, G. P., Lee, S., Mehta, D,. Suri, R. (2020). Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices. Contemporary Review https://doi.org/10.1016/j.hrthm.2020.10.009

The article starts with a description of the essential parts of a pacemaker and how they work, then discusses potential attack risks and vulnerabilities. After considering all theoretical attack vectors and the damage they could cause, the known vulnerabilities that have occurred and been fixed are discussed. Finally, the role of the manufacturer, FDA, doctor, patient, and security professional are defined. The paper concludes that shortly we should establish a platform for all involved with cardiac implants.

The data presented is well researched and put together, explains things very well and in basic terms, and has a strong throughline leading to its conclusion. The authors are primarily doctors involved in this subject, so their recommendations are backed up and unbiased. Their goal of establishing a platform to communicate is one with which I agree.

This paper has a lot of good information about how pacemakers work, what kind of attacks they could be vulnerable to, and what has been done to avoid enabling bad actors to harm people. The descriptions of each person’s role in ensuring security help formulate what kind of questions I want to ask in my proposal. The desire for a singular meeting body for all involved is again reflected in this paper, something I will consider in my research design.

 

Annotation #3

Ibrahim, M., Alsheikh, A., Matar, A. (2020). Attack Graph Modeling for Implantable Pacemaker. Biosensors. https://doi.org/10.3390/bios10020014

This paper is a very detailed analysis and graphing of cyberattacks. First discussed are the attacks that have happened and how they affect the upcoming predictions. Then the authors describe the Pacemaker Automatic Remote Monitoring System (PARMS) works, detailing at each point how a breach could compromise medical records or endanger the patient. Finally, the authors walk through a detailed description of how an attack could occur.

The authors are incredibly knowledgeable with the subject matter and seem to know precisely how and from where attacks can and will come. Compared to my other sources, this one is far more technical and involved but could still serve my research’s specific functions. The goal of the source is very straightforward, evaluate PARMS and present the potential issues with it to get them investigated and appropriately addressed.

The very technical language of the paper would need to be toned down to fit with the other parts of my proposal, but having a charted attack assists in presenting how and where security measures need to be implemented. This source is less helpful than I was hoping it would be.

 

Annotation #4

Kapoor, A., Vora, A., Yadav, R. (2019). Cardiac devices and cyber attacks: How far are they real? How to overcome? Indian Heart Journal. https://doi.org/10.1016/j.ihj.2020.02.001

This source describes why and how attacks on pacemakers can occur, including defining which wireless band they operate. It relates the risks to patients, not just to their health, but to their medical records, and using a person to commit corporate espionage by stealing schematics of their implant. The paper is closed by discussing the roles of those involved, with emphasis placed on IT professionals being involved at all stages.

This paper seems unbiased, presenting a genuine concern for the patient and representing threats in a non-persuasive or intentionally intimidating way. The article’s goal appears to be to inform readers of the dangers that those with pacemakers face and the vigilance needed to protect them as the technology continues to develop.

The conclusions that this research comes to are very similar to the others in my bibliography, but this paper places explicit emphasis on post-implant surveillance and the involvement of IT professionals in the process. The involvement of IT and medical staff in the implantation of a device is something I would be interested in putting on my survey to see the opinion of the person receiving the implant.

 

Annotation #5

Baranchuk, A., Refaat, M. M., Patton, K. K., Chung, M. K., Krishnan, K., Kutyifa, V., Upadhyay, G., Fisher, J. D., & Lakkireddy, D. R. (2018). Cybersecurity for Cardiac Implantable Electronic Devices: What Should You Know? Journal of the American College of Cardiology. https://doi.org/10.1016/j.jacc.2018.01.023

Starting the article off is a brief section about the Internet of Things and how you could consider a wireless-enabled pacemaker a part of that from a point of view. The following section describes existing cybersecurity in healthcare and the consequences of failures. No implant has been hacked in the wild, but several medication pumps are vulnerable. Rapid-fire parts consider guidelines already in place for implants and how to reduce risk before jumping into what patients should do and what physicians should advise.

Compared to the other sources in my bibliography, this one is more informative and has easy to parse language with simple graphical elements. The paper’s goal is to inform reliably; the authors have no actual recommendation on how to proceed other than to warn that we must address this emerging issue.

The language of this article, considering the topic, is what I mainly want to capture. Throughout the article, risks are addressed without being inflammatory, and the research maintains its ease of reading. The information concerning medicine pumps is presented in other sources but is given a small spotlight here. Considering that, I may want to outline some questions about how the participants feel concerning those vulnerabilities and if they were notified about them per-implantation.

 

 

About Isaac

My name is Isaac Larck, but most people that know me call me Al. I live in Illinios and I'm currently pursuing a degree in Informatics with a focus in Cybersecurity here at Fort Hayes. I work at a local college and in my spare time I play D&D with my friends.

Leave a Reply

Your email address will not be published. Required fields are marked *