Researchers at Purdue University, West Lafayette, Indiana, and Princeton University, New Jersey, have created a prototype firewall to block hackers from interfering with wireless medical devices, including neuroprostheses.
Anand Raghunathan, PhD, a professor in the Purdue School of Electrical and Computer Engineering, is working with Niraj K. Jha, PhD, a Princeton professor of electrical engineering, and Chunxiao Li and Meng Zhang, both Princeton doctoral students in electrical engineering. Raghunathan discussed the new concept and prototype during the Purdue Center for Implantable Devices Symposium in February.
“What motivated us to work on this problem was the ease with which we were able to break into wireless medical systems,” Raghunathan said.
The potentially vulnerable devices include pacemakers, continuous glucose monitoring and insulin-delivery systems, and brain implants under development to control epilepsy and “smart prosthetics” that use electron chips to operate. Many implantable devices have wireless transmitters and receivers, which enable healthcare providers to perform diagnostics and to download data. However, having wireless access also opens the door to potential hackers, who might alter the insulin dosage or direct pacemakers to malfunction, harming or killing a patient.
The team has created a proof-of-concept system-MedMon-for medical monitors, which acts as a firewall to prevent hackers from hijacking the devices. The MedMon prototype, which has been tested and shown to protect an insulin pump from hacking, monitors communications going into and coming out of any implantable or wearable medical device. It uses “multi-layered anomaly detection” to identify potentially malicious transactions. When detecting potentially malicious activity, the firewall can raise an alarm to the user or block “malicious packets” from reaching the medical device by using electronic jamming similar to technology used in military systems.
The prototype is a proof of concept and would need to be miniaturized, such as into a device that could be worn around the neck or integrated into a cell phone. The researchers previously described two other potential solutions in a paper presented during the 2011 Institute of Electrical and Electronics Engineers (IEEE) HealthCom conference. One was based on a cryptographic technique now used in automotive keyless entry systems and garage-door openers, and the other would use “body-coupled” communication,” which involves transmitting signals on a patient’s skin.
A provisional patent application has been filed on the MedMon concept.