Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: A scoping review

Tom Tervoort, Marcela Tuler De Oliveira, Wolter Pieters, Pieter Van Gelder, Silvia Delgado Olabarriaga, Henk Marquering

Research output: Contribution to journalArticleScientificpeer-review

24 Downloads (Pure)

Abstract

Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device.

Original languageEnglish
Article number9050776
Pages (from-to)84352-84361
Number of pages10
JournalIEEE Access
Volume8
DOIs
Publication statusPublished - 2020

Keywords

  • Healthcare
  • legacy software
  • medical devices
  • security

Fingerprint Dive into the research topics of 'Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: A scoping review'. Together they form a unique fingerprint.

Cite this