This article is based on investigative report that examines possible security exploitations and an effective protection scheme for insulin pumps. The study explores security vulnerabilities with insulin pumps information control and also determines the components in the insulin pump systems that are exposed to security attacks.
There was a time that only machines could have devices implanted in the form of motherboards and processors but time has changed. Technology has grown tremendously, in this high-tech world, human body can be implanted with medical devices. Implantable Medical Devices are medical devices implanted inside the body for treating a specific medical problem. In addition it also does offer a capability for the patient which he/she lacked (Hansen & Hansen, 2010).
Furthermore, pacemakers, defibrillators and neurostimulators have also been used in the treatment of neurodegenerative disorders like Parkinson’s disease during Deep Brain Simulation. These devices aid in the treatment for epilepsy. There are various drug delivery systems, in the form of insulin pumps. These types of devices are used for delivering drugs to a targeted organ. In case of insulin pumps, pancreas is the targeted organ where the pumps inject basal or bolus dosages of insulin. According to the International Diabetes Federation (IDF), statistics revealed that 415 million people worldwide were diabetes and this figure is expected to shoot up to 642 million people by the year 2040.
A typical Insulin Pump System (IPS) comprises of three components. An infusion pump, a wireless interface that adjusts the required parameters like the dosage and glucose levels and a Continuous Glucose Meter (CGM). The pump injects the insulin and a Continuous Glucose Monitor (CGM) keeps a log of the glucose readings. The CGM is also armed with a wireless transmitter (Burleson, Clark, Ransford, & Fu, 2012). The CGM also accompanies a subcutaneous sensor for measuring the glucose level.
Apart from the basic security threats, these devices can also be attacked by intruders. Chiefly, there are two types of attackers: Passive and Active
Passive eavesdropper: In cryptography, when secure messages have to be exchanged the example is always taken in the form of Bob and Alice. A passive eavesdropper is usually labeled Darth when Bob and Alice are conversing. In this case, Bob is the medical device and Alice is the physician, the attacker Darth will only be able to listen to the messages being transmitted by the device to the physician. By reading through the message, the attacker is in a position to reveal confidential details about the device and the person’s
Active antagonist: In this case, the attacker Darth is more powerful. Not only can the attacker listen to the communication but can also intercept the communication. This enables the attacker to also send incorrect communication, altering the messages even before it reaches the destination or back to the device (Halperin et al., 2008). The image below depicts the various types of attacks that has been performed across different insulin pumps
Many people depend on Implantable medical devices for a healthier life style and increased life span. These devices have been designed to treat people with problems with cardiac conditions, spinal problems and diabetic conditions. One of the further research would include the implementation would be Artificial Pancreas. This study opens horizons for new research like cybersecurity for medical devices. I wouldn’t have considered this study as a possible research if I hadn’t based on literature review from peer reviewed journals.
This in turn has enabled to add new research directions to develop and widen the scope of the original evidence. It is high time for a need of a paradigm shift ensuring more cybersecurity protocols and standards to be governed while designing these medical devices.