Hacking the Human Body? Cyber-Bio Crossover: Implantable Medical Device (IMD) Hacking Rebecca Earnhardt, Researcher / Project Manager UMD START-Unconventional.

Slides:

Advertisements

Similar presentations

Introduction to Ethical Hacking, Ethics, and Legality.

Advertisements

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

HACKING MEDICAL DEVICES BY JENNIFER GROSS. GROWTH OF MEDICAL TECHNOLOGIES Medical technologies and computer science continue to mesh Pacemakers Insulin.

Continuous Glucose Monitoring

1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.

“Scientists Work to Keep Hackers Out of Implanted Medical Devices” Justin Fisher.

RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore.

Company LOGO Internet Safety A Community Approach.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

 A Spy robot is a mobile robot that can go through any neighborhood for the mission of your rescue team.  As the name suggests, Spy robot is a rescue.

Mobile Medical Devices ACGNJ Main Meeting March 7, 2014.

Introduction Implantable Medical Devices (IMDs) are vulnerable to exploitation (last paper) Unauthorized data retrieval Malicious commands Millions of.

IntroOH-1 CSE 5810 Wireless Body Sensor Networks (WBSN) in Healthcare Aljoharah A. Algwaiz Computer Science & Engineering Department The University of.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

Connected Health: Using patient-centric technologies to change behavior and improve outcomes Joseph C. Kvedar, MD Director Center for Connected Health.

September, 2006Doc: IEEE BAN Zhen, Li, and Kohno Slide1 Implanted applications of IG-BAN Bin Zhen, Huan-Bang Li and Ryuji Kohno National.

Security and Privacy for Implantable Medical Devices Presented by : Dilip Simha.C.R.

CUTTING COMPLEXITY – SIMPLIFYING SECURITY INSERT PRESENTERS NAME HERE XXXX INSERT DATE OF EVENT HERE XXXX.

Impact of ICT on Society – Part the first ICT 1_6.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

[START WITH A PATIENT STORY – something compelling that demonstrates the value of diabetes education.] This patient’s story illustrates why I’m passionate.

5th ITU Green Standards Week Jointly organized by ITU, UN-Habitat, UNESCO & UNEP The Bahamas December 2015 IoT & Smart Cities: Balancing Risks &

A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.

Vaccination The use of vaccines to provide protection for individuals and populations against disease. The concept of herd immunity. The differences between.

EDGE™ Final Project Plan Presentation P09001 – RFID Reader & Active Tag Philip Davenport (Industrial and Systems Engineering)

Lesson Overview Lesson Overview Immune System Disorders Lesson Overview 35.4 Immune System Disorders.

DALE A FLOWERS, MBA, CFO, PN MEDICAL. The New Business Case: Integrating Medical Device Design with Your Strategy for Evidencing Value.

Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.

What is an Implantable Medical Device?

Stages of Research and Development

CASE STUDIES * System Engineering, 9th Edition Sommerville.

CompSci 280 S Introduction to Software Development

Quantification of Dose with Neuromodulation Device

Prescribers More likely to select medications based on patient rather than guidelines Incorporates treatment of comorbidities with relation to medication.

CSCE 548 Secure Software Development Risk-Based Security Testing

The Income Divide in Health Care:

5 steps to responding to your talent supply and demand

Cybersecurity - What’s Next? June 2017

Security Standard: “reasonable security”

Cybersecurity of Medical Devices

Agenda Control systems defined

FDA’s IDE Decisions and Communications

Cybersecurity of Internet of Things – Risks and Opportunities

Year 10 ICT ECDL/ICDL IT Security.

Forensics Week 11.

How Cyber Security vulnerabilities will shape the future of Healthcare Sector Globally?

Mcafee updates Mcafee antivirus uses a database of known virus definitions to identify malware and other threats on your computer system. So it is important.

Child Outcomes Summary (COS) Process Module

Advanced Services Cyber Security 101 © ABB February, | Slide 1.

Strategic & Operational Planning:

A review of the new Eversense CGM System

Surveying the Industry

Child Outcomes Summary (COS) Process Module

Child Outcomes Summary (COS) Process Module

George Alter ICPSR Institute for Social Research

Mintu P. Turakhia et al. JACEP 2016;2:

WI-BEEP (WIreless technology and Behavioral Economics to Engage Patients with type 2 diabetes or hypertension) Angellotti E1, Pierce A2, Hescott B3, Wong.

Cyber Security of SCADA Systems Remote Terminal Units (RTU)

Child Outcomes Summary (COS) Process Module

Chapter 1 Health: The Foundation of Life

Diabetes econonomy2 Amini Masoud 1397.

Stable connection More secure More vulnerable to hacking Cheap set up costs Generally will have a good quality signal The connection is not as stable.

Device Hacking Damian Gordon.

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

MicroToken Exchange Data Security Solutions

March 8, 2006 New ACIP Hepatitis B Recommendations

Presentation transcript:

Hacking the Human Body? Cyber-Bio Crossover: Implantable Medical Device (IMD) Hacking Rebecca Earnhardt, Researcher / Project Manager UMD START-Unconventional Weapons and Technology Division Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote

The “Cyber” and “Bio” Crossover Dual-use concerns Ease burden on patient vs. increasing intrusion risks Synthetic development of pathogens GenBank® access and other genetic sequence databases De novo synthesis of horsepox virus to improve vaccines vs. concerns about smallpox reemergence Intellectual property protection Democratization of biotechnology vs. protection against biohacking Increasingly connected and mechanized health management Remote monitoring of medical devices vs. malicious outside interference Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote

Case: Implantable Medical Devices Smaller, increasingly powerful, and progressively connected along with an aging population 200,000+ cardiac devices installed annually in the U.S. (World Survey of Cardiac Pacing and Implantable Cardioverter-Defibrillators) 20-30% of patients with Type 1 diabetes mellitus use continuous blood glucose monitor and insulin pump systems Dramatically increased use of vagus nerve stimulators, prompting “brain control” concerns “[U.S.] demand for implantable medical devices is forecast to increase 7.7 percent annually to $52 billion in 2015.” (Freedonia) Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote

Concern Dates Back “In 2007, then-U.S. Vice President Dick Cheney ordered some of the wireless features to be disabled on his defibrillator due to security concerns. When asked if he would recommend other patients do the same, Cheney said not necessarily. "You've got to look at all eventualities and do whatever you have to safeguard the capabilities of the individual...” - Jim Finkle, “U.S. government probes medical devices for possible cyber flaws,” Reuters Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote

Medical Device Hacking: Worried Well or Warranted Concern? Oct 2016 – Johnson & Johnson One Touch Ping insulin pump system In interviews with Reuters, Johnson & Johnson recognized the system vulnerabilities Black Hat hacker, Jerome Radcliffe, demonstrated insertion of malicious code to trick device into injecting fatal dose of insulin Jan 2017 - Critical defects in St. Jude Medical Center’s implantable cardiac device and Merlin@home transmitter Statement issued by FDA concerning the cyber vulnerability Radio-frequency enabled and WiFi connectivity 2008 experiment demonstrated the ease with which engineers were able to alter RF-enabled cardiac devices Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote

Who Would Hack a Medical Device? A new breed of adversary – cyberbioterrorist? Initial scans indicate lone actors motivated to commit insurance fraud or targeted assassination Others suggest different subsets: spies, insiders, and “interferers” Worst case: adversaries combining capabilities to conduct multiple, simultaneous hacks Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote

Issues with Extant Analyses Superficial, lacking grounding in adversary behavioral modeling Lack of consistent tracking of potential hacking cases by FDA Exploration of the supply-side dominated by technology-focused analyses instead of focusing on the adversarial demand-side Opportunity is the focus while the adversary is ignored Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote

Taking a Balanced Approach Future work includes incorporating technology adoption behavioral modeling into current technology-focused analyses Many decision points and idiosyncrasies that may prohibit adversary adoption Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote

Contact: Rebecca Earnhardt rearnhar@umd.edu Preliminary Research - Do NOT Cite or Quote – Research was Conducted Independently of START-UMD Preliminary Findings - Do NOT Cite or Quote