Abstract
Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device.
Highlights
In recent years, the healthcare sector has increasingly been affected by cyberattacks
We aim to find and categorize literature that contributes to the following research question: what solutions, other than full replacement, address security issues caused by legacy software in medical devices?
We considered systems that do some form of communication and processing and that fall under the definition of ‘medical device’ used by the European Medical Device regulation: namely a device intended by the manufacturer to be used for a medical purpose [11]
Summary
The healthcare sector has increasingly been affected by cyberattacks. Ransomware attacks against hospitals have caused significant financial damage and negatively affected patient care [1]. Medical data breaches cost the industry billions, endanger patient privacy and enable large scale identity theft [2], [3]. Attackers have discovered healthcare to be an attractive target: medical information can be more than ten times more valuable than credit card numbers on the black market, because it can for example be used to get access to drugs or to perform insurance fraud [4]. Extortion attempts of hospitals have shown to be successful [5]. Medical devices in hospitals, such as blood
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
