Security issues in implantable medical devices: Fact or fiction?

Smart healthcare is an integral part of smart cities. Modern medical devices are becoming increasingly software dependent. Doctors and patients are now using their smart-phones to control and monitor implantable medical devices (IMDs) such as cardiac implants, insulin pumps, deep brain neurostimulators, etc. via the Internet or Bluetooth connections. Although such connectivity expands the devices' ability to fulfill healing and diagnostic functions in a quick and cost-effective manner and can help save many lives, too much reliance on software also results in exposure to several security threats. Control of such devices via the underlying communication network may allow attackers to exploit the critical system vulnerabilities of these devices. Attackers could manipulate the settings of these devices and may try to harm the patients and these malicious attacks can originate from anywhere in the world. However, there have been very few real attempts to hack such devices and harm patients. We investigate the practical security risks involved with the use of IMDs and the motivations for an attacker to hack these devices. While some risks discussed in research are genuine and can be prevented using various security measures, it seems that quite a few risks are mere exaggerations. In our paper, we review the aspects mentioned above of IMDs and also outline some practical security measures that can further enhance the security and privacy for patients using IMDs.