Special Section Technical Briefs

Noninvasive Postmarket Security Monitoring for Medical Devices1

[+] Author and Article Information
Benjamin Ransford, Denis Foo Kune, Ann Gookin, Andrew DeOrio

Virta Laboratories, Inc.,
Ann Arbor, MI 48105

DOI: 10.1115/1.4033285Manuscript received March 1, 2016; final manuscript received March 18, 2016; published online May 12, 2016. Editor: William Durfee.

J. Med. Devices 10(2), 020947 (May 12, 2016) (2 pages) Paper No: MED-16-1182; doi: 10.1115/1.4033285 History: Received March 01, 2016; Revised March 18, 2016

First Page Preview

View Large
First page PDF preview
Copyright © 2016 by ASME
Your Session has timed out. Please sign back in to continue.


Baxa, 2012, “ Preventing Cyber Attacks,” Baxa Corp., Englewood, CO, accessed Oct. 15, 2012, http://blog.secure-medicine.org/2012/06/baxas-non-approved-software-policy.html
U.S. FDA, 2009, “ Cybersecurity for Networked Medical Devices is a Shared Responsibility: FDA Safety Reminder,” U.S. Food and Drug Administration, Silver Spring, MD, accessed April 8, 2016, http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm189111.htm
Talbot, D. , 2012, “ Computer Viruses are ‘Rampant’ on Medical Devices in Hospitals,” MIT Technology Review, Oct. 17 (epub), accessed Nov. 9, 2015.
Kandek, W., 2014, “Windows XP Usage Lower Across Industries,” Qualys Inc., Redwood City, CA (epub), accessed Nov. 9, 2015, https://community.qualys.com/blogs/laws-of-vulnerabilities/2014/04/02/windows-xp-usage-lower-across-industries
O'Brien, G., and Khanna, G., 2014, “Wireless Medical Infusion Pumps—Medical Device Security,” National Cybersecurity Center of Excellence (NCCoE), U.S. National Institute of Standards and Technology, Gaithersburg, MD, accessed Dec. 18, 2014, http://nccoe.nist.gov/sites/default/files/nccoe/NCCOE_HIT-Medical-Device-Use-Case.pdf
Durumeric, Z. , Kasten, J. , Adrian, D. , Halderman, J. A. , Bailey, M. , Li, F. , Weaver, N. , Amann, J. , Beekman, J. , Payer, M. , and Paxson, V. , 2014, “ The Matter of Heartbleed,” Internet Measurement Conference (IMC'14), Vancouver, BC, Canada, Nov. 5–7, pp. 475–488.
Zetter, K. , 2015, “ Hacker Can Send Fatal Dose to Hospital Drug Pumps,” Wired Magazine, Boone, IA, accessed Nov. 9, 2015, http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/
TrapX Labs, 2015, “ Anatomy of an Attack: MedJack (Medical Device Hijack)—Anatomy of an Attack,” TrapX Security, Inc., San Mateo, CA, accessed Nov. 9, 2015, http://deceive.trapx.com/rs/929-JEW-675/images/AOA_Report_TrapX_AnatomyOfAttack-MEDJACK.pdf
Williams, P. A. , and Woodward, A. J. , 2015, “ Cybersecurity Vulnerabilities in Medical Devices: A Complex Environment and Multifaceted Problem,” Med. Devices, 8, pp. 305–316. [CrossRef]
Clark, S. , Mustafa, H. , Ransford, B. , Sorber, J. , Fu, K. , and Xu, W. , 2013, “ Current Events: Identifying Webpages by Tapping the Electrical Outlet,” 18th European Symposium on Research in Computer Security (ESORICS), Egham, UK, Sept. 9–13, pp. 700–717.
Clark, S. S. , Ransford, B. , Rahmati, A. , Guineau, S. , Sorber, J. , Fu, K. , and Xu, W. , 2013, “ WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices,” USENIX Workshop on Health Information Technologies, Washington, DC, Aug. 12.


Grahic Jump Location
Fig. 1

A two-feature classifier identifies abnormal infusion rates (red points outside boundary) on an off-the-shelf infusion pump



Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging and repositioning the boxes below.

Related Journal Articles
Related eBook Content
Topic Collections

Sorry! You do not have access to this content. For assistance or to subscribe, please contact us:

  • TELEPHONE: 1-800-843-2763 (Toll-free in the USA)
  • EMAIL: asmedigitalcollection@asme.org
Sign In