Security and safety issues in the medical domain take many different forms. Examples range from purposely contaminated medicine to recalls of vascular stents, and health data breaches. Risks resulting from unintentional threats have long been known, for example, interference from electromagnetic energy.
Security risks resulting from intentional threats have only recently been confirmed, as medical devices increasingly use newer technologies such as wireless communication and Internet access. Intentional threats include unauthorized access of a medical device or unauthorized change of settings of such a device. A senior official in the device unit of the U.S. Food and Drug Administration (FDA) has often been cited with the following statement: "We are aware of hundreds of medical devices that have been infected by malware."34 Even though deaths and injuries have not yet been reported from such intrusions, it is not difficult to imagine that someday they will. There is no doubt that health care will increasingly be digitized in the future. Medical devices will increasingly become smarter and more interconnected. The risk of computer viruses in hospitals and clinics is one side effect of this trend. Without suitable countermeasures, more data breaches and even malicious attacks threatening the lives of patients may result.