CardiWall: A Trusted Firewall for the Detection of Malicious Clinical Programming of Cardiac Implantable Electronic Devices

Today, cardiac implantable electronic devices (CIEDs), such as pacemakers and implantable cardioverter defibrillators (ICDs), play an increasingly important role in healthcare ecosystems as patient life support devices. Physicians control, program and configure CIEDs on a regular basis using a dedicated programmer device. The programmer device is open to external connections (e.g., USB, Bluetooth, etc.), and thus it is exposed to a variety of cyber-attacks by which an attacker can manipulate the programmer device's operations and consequently harm the patient. In this paper, we present CardiWall, a novel detection and prevention system designed to protect ICDs from cyber-attacks aimed at the programmer device. Our system has six different layers of protection, leveraging medical experts' knowledge, statistical methods, and machine learning algorithms. We evaluated the CardiWall system extensively in two comprehensive experiments. For the evaluation, we gathered data for a period of four years and used 775 benign clinical commands that are related to hundreds of different patients (obtained from different programmer devices located at Barzilai University Medical center) and 28 malicious clinical commands (created by two cardiology experts from different hospitals). The evaluation results show that only two out of the six layers proposed in CardiWall system provided a high detection capability associated with high rates of true positive, and low rates of false positive. With the configuration that provided the best harmonic mean of sensitivity and specificity (HMSS), CardiWall achieved a high true positive rate (TPR) of 91.4% and a very low false positive rate (FPR) of 1%, with an AUC of 94.7%.