Understanding Cybersecurity Threats to Implantable Medical Devices: A Review

Abstract

Implantable Medical Devices (IMDs) are wholly or partially introduced to the body permanently or temporarily to serve a medical purpose. These devices, including pacemakers, cardiac defibrillators, deep brain stimulators, and various drug delivery systems, offer significant medical benefits but pose unique security and privacy risks. The modern history of biomedical implantable devices dates to the 1950s. Since then, the demands for them have pushed the frontiers of medicine and engineering. With millions of these devices now equipped with advanced computing and networking capabilities, they are continually exposed to the same security threats the broader cyberspace faces. Current security approaches often rely on "security by obscurity," which is ineffective. Moreover, managing access for multiple stakeholders, such as doctors, patients, and manufacturers, while adhering to the principle of least privilege poses a significant challenge. These threats include data breaches, where sensitive patient information, such as medical history and treatment plans, could be compromised, and device hijacking, which could allow malicious actors to gain control of the device and potentially harm the patient. Furthermore, managing access for multiple stakeholders, including healthcare providers, patients, and manufacturers, while adhering to the principle of least privilege presents a significant challenge. This literature review examines the evolution of security research in IMDs from 2015 to 2025. The review also explores the potential of leveraging advancements in adjacent technology fields, such as cryptography, artificial intelligence, and blockchain, to enhance the security and privacy of IMDs. Key findings underscore the increasing significance of collaborative efforts among researchers, industry stakeholders, and regulatory bodies. Moreover, the review demonstrates a shift towards more holistic security approaches that consider the entire lifecycle of an IMD, from design and development to deployment and maintenance. This review aims to provide valuable insights for developing more secure and trustworthy IMDs, ultimately improving patient safety and confidence in these life-saving technologies.