EECS 598-008 Winter 2013

Medical Device Security

Below are the open-ended essay questions assigned to students.

Essay #1 (Due 1/23/2013): Foreseeable Cybersecurity Risks

Compare and contrast foreseeable computing risks of the Therac-25 in the 1980s with foreseeable computing risks facing wireless, networked medical devices of today. Pick EXACTLY ONE risk as a focus in your thesis statement. Go deep on one risk you believe is most interesting rather than try to cover every risk. Your response should take the form of a 1-page essay written in the third person. Quality and conciseness of writing trumps quantity. Make a single argument and carefully choose facts to support that argument. Do not attempt a shotgun approach of making every argument and using every fact. Be judicious. Here are some of the questions I will ask myself while grading your essays: (1) How complete are the ideas? What facts from the reading are provided to justify an argument? (2) Logical flow. Is the argument made in a logical sequence that lends to easy understanding? That is, a motivation sentence, a thesis statement, facts from the reading to support the thesis, a conclusion sentence. (3) Format. Proofread and free of spelling/grammatical errors? Appropriate font size and whitespace for a tired professor to read painlessly?

It's OK to cite facts from additional sources, but your primary source of facts should be the readings and audio/materials distributed in lecture or coursepack.

Essay #2 (Due 1/30/2013): Ther-Mix-A-Lot-25

Imagine that you're a project manager for a fictional medical device called the Ther-Mix-A-Lot-25 that performs pharmaceutical compounding. It runs an embedded operating system called Doors XP. One day you learn that a hospital filed a MedWatch 3500 form that will result in an adverse event report appearing in MAUDE. Once completed, the report may eventually appear in MedSun summaries on Health IT. The event report states:

Suspect Medical Device
1 Brand Name: Ther-Mix-A-Lot-25
2 Manufacturer Name, City and State
Mix-All-The-Compounds Inc.
Y U No Mix Parkway
Ann Arbor, MI 48109-2121 USA
3 Model: TMIX25A
Serial: e2.7182818


A technician at our hospital pharmacy noticed a slow response on our Ther-Mix-A-Lot-25 machine on January 27th 2013. Specifically, the technician reported a delay of close to 2 minutes to log into the desktop screen. When one of our IT consultants examined the machine, they reported that their anti-virus software detected a variant of the Conficker worm and removed it. The IT consultant explained that the worm is known to cause slow responses from Doors XP Domain Controllers, explaining the delay in logging in. Our pharmacy technician noticed that the device was operating normally after the visit from the IT consultant. Our Ther-Mix-A-Lot-25 was then reconnected to the network to automatically retrieve patient file formulas. The next day, our pharmacy technician noticed the slowdown again, and our IT consultant confirmed that our compounder was again infected. The IT consultant noted that our version of Doors XP was known to be vulnerable to many remote code execution exploits, for which security updates have been issued nearly a decade ago. Queries to the manufacturer (Mix-All-The-Compounds, Inc.) for those security updates indicated that no such updates were available. Our Ther-Mix-A-Lot-25 was taken off the network and the worm removed. We are now entering all formulas by hand.

Your corporate management drafts a response to FDA, and asks you to edit the memo. You noticed that the draft includes the following text:

Any changes to the original, validated image, including installation of antivirus software, nullifies the validated state, may create an unsafe operating condition, and would constitute off‐label use. In addition, our company does not regularly install operating system updates or patches for this device. See our online cybersecurity guidance that specifies our policies relating to product security. These policies are designed to help customers safeguard the Ther-Mix-A-Lot-25 compounder.

Write a respectful response to your management—anticipating the reaction from hospitals. What would you recommend the manufacturer change in the text? Why? What are the bigger system-level issues at play that extend beyond any single component or medical device? Make one argument, be specific, and rely on citable facts rather than opinion to justify your argument. Limit your response to one page.

Non-Essay #3 (Due 2/25/2013): And Then There's MAUDE

This week is a non-essay assignment. Your mission is to find as many interesting MAUDE entries that relate to information security or privacy.

The MAUDE interface is clunky. But what keywords produce the most interesting search results? Here are some suggested keywords to try: rounding error, reboot, divide by zero, buffer overflow, conficker, XP. Not all these keywords will lead you to what you might expect. Let's have a friendly competition to see who can discover the most new keywords that result in interesting security-related MAUDE reports. Also look for reports that might be an undiagnosed security issue. They are hard to find!

Bonus points if one can find security-related information in the 510(k) or PMA summaries. Click on the "510(k)" or "PMA" tabs to find those databases. Listeners can play the at-home game by posting suggestions on your own blog or tweeting with hashtag #U-MAUDE.


Essay #4 (Due 3/18/2013): No Meat

Several medical device security papers have used meat products to test RF security properties of implantable medical devices. Seems like a reasonable idea at first glance, but it's not. Your assignment is to explain in your own words why it is usually inappropriate to use beef (or any other meat products) for medical device security experiments. Cite any resources you rely upon, and under no circumstances borrow the words of others. Submit your one-page essay response in CTools.