Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Smart Medical Equipment Management Program (Secure-MEMP) Method Considering Security

보안성을 고려한 스마트 의료기기 관리(Secure-MEMP) 방법에 관한 연구

  • 김동원 (건양대학교/사이버보안공학과)
  • Received : 2021.02.09
  • Accepted : 2021.03.18
  • Published : 2021.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

The hospital biomedical engineering team is responsible for establishing and regulating the Medical Device Management Program (MEMP) to ensure that medical devices are safe and reliable. As technology advances, medical devices such as artificial intelligence and precision medicine are developing into a form that allows connection between objects anytime, anywhere, and as various technologies converge, internal and external security threats continue to increase. In this paper, we present a study of the Medical Device Management Program (Secure-MEMP) method, considering that the security threat of medical devices continues to increase due to advances in technology.

병원의 Biomedical engineering team은 의료기기가 안전하고 신뢰할 수 있도록 의료기기 관리 프로그램(MEMP, Medical Equipment Management Program)을 수립하고 규제할 책임이 있다. 기술의 발전으로 인공지능, 정밀의료 등 의료기기는 언제 어디서나 사물들 간 연결이 가능한 형태로 발전하고 있으며 다양한 기술의 융합에 따라 내외·부 보안위협이 지속적으로 증가하고 있다. 본 논문에서는 기술의 발전으로 지속적으로 증가하는 의료기기의 보안위협을 고려하여 안전한 의료기기 관리 프로그램(Secure-MEMP) 방법을 연구 제시한다.

Keywords

Acknowledgement

이 논문은 2020학년도 하반기 건양대학교 학술연구비 지원에 의하여 이루어진 것임.

References

  1. T. Y. Kim, S. K. Y. J. J. Jung and E. J. Kim, "Multi-Hop WBAN Construction for Healthcare IoT Systems", 2015 International Platform Technology and Service(PlatCon), pp. 27-28, Jan. 2015.
  2. Y. S. Jeong, "An Efficient IoT Healthcare Service Management Model of Location Tracking Sensor", Journal of Digital Convergence, Vol. 14, No. 3, pp. 261-267, Mar. 2016. https://doi.org/10.14400/JDC.2016.14.3.261
  3. B. Zhang, X. W. Wang, M. Huang, "A data replica placement scheme for cloud storage under healthcare IoT environment", 2014 11th International Conferenceon Fuzzy Systems and Knowledge Discovery (FSKD), pp. 542-547, Aug. 2014.
  4. Y. S. Jeong, "Design of Prevention Model according to a Dysfunctional of Corporate Information,"Journal of Convergence Soceity for SMB, Vol. 6, No. 2, pp. 11-17, Jun. 2016. https://doi.org/10.22156/CS4SMB.2016.6.2.011
  5. Y. S. Jeong, "Tracking Analysis of User Privacy Damage using Smartphone", Journal of Convergence Society for SMB, Vol. 4, No. 4, Dec. 2014.
  6. Y. S. Jeong, "Design of Security Model for Service of Company Information," Journal of Convergence Soceity for SMB, Vol. 2, No. 2, pp. 43-49, Nov. 2012.
  7. J.A. Hansen, N.M. Hansen A taxonomy of vulnerabilities in implantable medical devices Proc. of the Second Annual Workshop on Security and Privacy in Medical and Home-care Systems, SPIMACS '10, ACM, New York, USA, pp. 13-20, 2010.
  8. Carmen Camara, Pedro Peris-Lopez, Juan E.Tapiador, "Security and privacy issues in implantable medical devices: A comprehensive survey", Journal of Biomedical Informatics, Volume 55, June 2015, Pages 272-289. https://doi.org/10.1016/j.jbi.2015.04.007
  9. U.S. Food and Drug Administration (FDA), Medical Device Safety. (consulted on November of 2013).
  10. HIPPA, Security standards: technical safeguards 2(4) (2007) 1?17.
  11. S. Shivshankar, K. Summerhayes Challenges of conducting medical device studies Inst. Clin. Res, 2007.
  12. K. Fu Inside risks: reducing risks of implantable medical devices ACM Commun., 52 (6) (2009), pp. 25-27. https://doi.org/10.1145/1516046.1516055
  13. D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, W.H. Maisel, Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses, in: Proc. of the 29th Annual IEEE Symposium on Security and Privacy, 2008, pp. 129?142.
  14. C. Li, A. Raghunathan, N.K. Jha, Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system, in: 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom), June 2011, pp. 150?156.
  15. Medtronic, Implantable pacemaker and defibrillator information. consulted on April 2015.
  16. TheVerge, Dick Cheney had the Wireless Disabled on his Pacemaker to Avoid Risk of Terrorist Tampering, 2013.
  17. FDA, "Postmarket Management of Cybersecurity in Medical Devices", 2016.12.28.
  18. N. Paul et al., "A Review of the Security of Insulin Pump Infusion Systems," Journal of Diabetes Science and Technology, 5(6):1557-62, November 2011. https://doi.org/10.1177/193229681100500632
  19. Indrajit Ray and Nayot Poolsapassit, "Using Attack TPees to Identify Malicious Attacks from Authorized Insiders", 10th European Symposium on Research in Computer Security, LNCS 3679, pp. 231-246, 2005.
  20. S Taghipour, D Banjevic and AKS Jardine, "Prioritization of medical equipment for maintenance decisions,", Journal of the Operational Research Society, Volume 62, Issue 9, pp. 1666-1687, September 2011. https://doi.org/10.1057/jors.2010.106
  21. Fennigkoh L and Smith B. Clinical equipment management.JCAHO PTSM Series 2:5-14. Cited on pages(24), January 1989.
  22. D. Kim, J. Choi and K. Han, "Medical Device Safety Management Using Cybersecurity Risk Analysis," in IEEE Access, vol. 8, pp. 115370-115382, 2020, doi: 10.1109/ACCESS.2020.3003032.
  23. Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem.
  24. US Food and Drug Administration [homepage on the Internet] Is The Product A Medical Device? FDA; 2014.
  25. International Medical Device Regulators Forum. "Software as a Medical Device": Possible Framework for Risk Categorization and Corresponding Considerations. IMDRF Software as a Medical Device (SaMD) Working Group; 2014, Accessed June 9, 2015.
  26. Ross RS, Johnson LA. Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach; 2010.
  27. Stine KM, Kissel RL, Barker WC, Lee A, Fahlsing J, Gulick J. Guide for Mapping Types of Information and Information Systems to Security Categories. NIST. 2008.
  28. World Health Organizaiton, "Introduction to medical equipment inventory management," WHO Medical device technical series, June 2011
  29. Kim, Dw., Choi, Jy. & Han, Kh. Risk management-based security evaluation model for telemedicine systems. BMC Med Inform Decis Mak 20, 106 (2020). https://doi.org/10.1186/s12911-020-01145-7.
  30. IHE PCD Technical Committee, "Medical Equipment Management (MEM): Medical Device Cyber Security ?Best Practice Guide," IHE International, July1, 2015.