{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:42:20Z","timestamp":1767339740253,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T00:00:00Z","timestamp":1700438400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,20]]},"DOI":"10.1145\/3689942.3694745","type":"proceedings-article","created":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T00:21:45Z","timestamp":1732234905000},"page":"77-84","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["SAM: Foreseeing Inference-Time False Data Injection Attacks on ML-enabled Medical Devices"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1570-7351","authenticated-orcid":false,"given":"Mohammadreza","family":"Hallajiyan","sequence":"first","affiliation":[{"name":"The University of British Columbia, Vancouver, BC, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-7326-4662","authenticated-orcid":false,"given":"Athish Pranav","family":"Dharmalingam","sequence":"additional","affiliation":[{"name":"Indian Institute of Technology Madras, Chennai, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8011-4590","authenticated-orcid":false,"given":"Gargi","family":"Mitra","sequence":"additional","affiliation":[{"name":"The University of British Columbia, Vancouver, BC, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5279-842X","authenticated-orcid":false,"given":"Homa","family":"Alemzadeh","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7819-5715","authenticated-orcid":false,"given":"Shahrear","family":"Iqbal","sequence":"additional","affiliation":[{"name":"National Research Council, Fredericton, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2380-3415","authenticated-orcid":false,"given":"Karthik","family":"Pattabiraman","sequence":"additional","affiliation":[{"name":"The University of British Columbia, Vancouver, BC, Canada"}]}],"member":"320","published-online":{"date-parts":[[2024,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Asim Abdulkhaleq and Stefan Wagner. 2014. Open tool support for systemtheoretic process analysis. Universit\u00e4tsbibliothek der Universit\u00e4t Stuttgart."},{"key":"e_1_3_2_1_2_1","unstructured":"Asim Abdulkhaleq and Stefan Wagner. 2015. XSTAMPP: an eXtensible STAMP platform as tool support for safety engineering."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2019.12.012"},{"key":"e_1_3_2_1_4_1","unstructured":"Christopher Becker and Qi Van Eikema Hommes. 2014. Transportation systems safety hazard analysis tool (SafetyHAT) user guide (version 1.0). Tech. rep. USA."},{"key":"e_1_3_2_1_5_1","volume-title":"International conference on machine learning. PMLR, 2206--2216","author":"Croce Francesco","year":"2020","unstructured":"Francesco Croce and Matthias Hein. 2020. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning. PMLR, 2206--2216."},{"key":"e_1_3_2_1_6_1","volume-title":"CVE Search: Ethernet. (2024). Retrieved","author":"CVE.","year":"2024","unstructured":"CVE. 2024. CVE Search: Ethernet. (2024). Retrieved July 3, 2024 from https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=Ethernet."},{"key":"e_1_3_2_1_7_1","volume-title":"CVE Search: Wi-fi. (2024). Retrieved","author":"CVE.","year":"2024","unstructured":"CVE. 2024. CVE Search: Wi-fi. (2024). Retrieved July 3, 2024 from https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=wifi."},{"key":"e_1_3_2_1_8_1","volume-title":"Retrieved","author":"CVE.","year":"2024","unstructured":"CVE. 2024. CVE-2023--1670. (2024). Retrieved July 3, 2024 from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023--1670."},{"key":"e_1_3_2_1_9_1","volume-title":"Retrieved","author":"CVE.","year":"2024","unstructured":"CVE. 2024. CVE-2023--3583. (2024). Retrieved July 3, 2024 from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023--35836."},{"volume-title":"d-Nav by Hygieia. (2024). Retrieved","year":"2024","key":"e_1_3_2_1_10_1","unstructured":"d-Nav. 2024. d-Nav by Hygieia. (2024). Retrieved July 3, 2024 from https:\/\/d-na v.com\/."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/CHASE60773.2024.00019"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_1_13_1","volume-title":"Retrieved","author":"BMD.","year":"2024","unstructured":"HeartLung. 2024. AutoBMD. (2024). Retrieved July 3, 2024 from https:\/\/www.heartlung.ai\/autobmd-physicians."},{"key":"e_1_3_2_1_14_1","volume-title":"CAMEL: Communicative Agents for \"Mind\" Exploration of Large Language Model Society. In Advances in Neural Information Processing Systems.","author":"Li Guohao","year":"2023","unstructured":"Guohao Li, Hasan Hammoud, Hani Itani, Dmitrii Khizbullin, and Bernard Ghanem. 2023. CAMEL: Communicative Agents for \"Mind\" Exploration of Large Language Model Society. In Advances in Neural Information Processing Systems. Vol. 36. Curran Associates, Inc., 51991--52008."},{"key":"e_1_3_2_1_15_1","volume-title":"Ronnie Daldos, and Margie Zuk.","author":"Chase Melissa","year":"2023","unstructured":"Melissa Chase, Steven Christey Coley, Ronnie Daldos, and Margie Zuk. 2023. Next steps toward managing legacy medical device cybersecurity risks, The MITRE Corporation. (2023). Retrieved July 3, 2024 from https:\/\/www.mitre.org \/news-insights\/publication\/next-steps-toward-managing-legacy-medical-de vice-cybersecurity-risks."},{"key":"e_1_3_2_1_16_1","volume-title":"USENIX Security '19","author":"Mirsky Yisroel","year":"2019","unstructured":"Yisroel Mirsky, Tom Mahler, Ilan Shelef, and Yuval Elovici. 2019. CT-GAN: malicious tampering of 3d medical imagery using deep learning. In USENIX Security '19. USENIX Association, 461--478."},{"volume-title":"Common Vulnerabilities and Exposures (CVE) Database. (2024). Retrieved","year":"2024","key":"e_1_3_2_1_17_1","unstructured":"Mitre. 2024. Common Vulnerabilities and Exposures (CVE) Database. (2024). Retrieved July 3, 2024 from https:\/\/cve.mitre.org\/."},{"volume-title":"IEEE GLOBECOM '20","author":"Newaz Akm Iqtidar","key":"e_1_3_2_1_18_1","unstructured":"Akm Iqtidar Newaz, Nur Imtiazul Haque, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A. Selcuk Uluagac. 2020. Adversarial Attacks to Machine Learning-Based Smart Healthcare Systems. In IEEE GLOBECOM '20, 1--6."},{"key":"e_1_3_2_1_19_1","volume-title":"National Vulnerability Database. (2024). Retrieved","author":"NIST.","year":"2024","unstructured":"NIST. 2024. National Vulnerability Database. (2024). Retrieved July 3, 2024 from https:\/\/nvd.nist.gov\/."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3644815.3644953"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Ali Nouri Beatriz Cabrero-Daniel Fredrik T\u00f6rner Hakan Sivencrona and Christian Berger. 2024. Engineering Safety Requirements for Autonomous Driving with Large Language Models. eprint: arXiv:2403.16289.","DOI":"10.1109\/RE59067.2024.00029"},{"volume-title":"Retrieved","year":"2024","key":"e_1_3_2_1_22_1","unstructured":"Ollama. 2024. Ollama. (2024). Retrieved July 3, 2024 from https:\/\/ollama.com\/."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.05.014"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/RBME.2020.3013489"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ITSC57777.2023.10422520"},{"key":"e_1_3_2_1_26_1","unstructured":"Yi Qi Xingyu Zhao Siddartha Khastgir and Xiaowei Huang. 2023. Safety Analysis in the Era of Large Language Models: A Case Study of STPA Using ChatGPT. eprint: arXiv:2304.01246."},{"key":"e_1_3_2_1_27_1","unstructured":"Victor Sanh Lysandre Debut Julien Chaumond and Thomas Wolf. 2019. DistilBERT a distilled version of BERT: smaller faster cheaper and lighter. In NeurIPS EMC2 Workshop."},{"key":"e_1_3_2_1_28_1","volume-title":"Teler: A general taxonomy of llm prompts for benchmarking complex tasks. eprint: arXiv:2305.11430.","author":"Karmaker Santu Shubhra Kanti","year":"2023","unstructured":"Shubhra Kanti Karmaker Santu and Dongji Feng. 2023. Teler: A general taxonomy of llm prompts for benchmarking complex tasks. eprint: arXiv:2305.11430."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Murray Shanahan Kyle McDonell and Laria Reynolds. 2023. Role play with large language models. Nature 623 7987 493--498.","DOI":"10.1038\/s41586-023-06647-8"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1051\/matecconf\/201927302010"},{"key":"e_1_3_2_1_31_1","first-page":"376","article-title":"Principles and Perspectives in Medical Diagnostic Systems Employing Artificial Intelligence (AI) Algorithms","volume":"3","author":"Tariq Mehtab","year":"2024","unstructured":"Mehtab Tariq, Yawar Hayat, Adil Hussain, Aftab Tariq, and Saad Rasool. 2024. Principles and Perspectives in Medical Diagnostic Systems Employing Artificial Intelligence (AI) Algorithms. International Research Journal of Economics and Management Studies, 3, 1, 376--398.","journal-title":"International Research Journal of Economics and Management Studies"},{"key":"e_1_3_2_1_32_1","volume-title":"Retrieved","author":"Futurist The Medical","year":"2024","unstructured":"The Medical Futurist. 2024. FDA-approved A.I.-based algorithms. (2024). Retrieved July 3, 2024 from https:\/\/medicalfuturist.com\/fda-approved-ai-based-algorithms\/."},{"key":"e_1_3_2_1_33_1","volume-title":"Proc. of the 29th ISSC Conference about System Safety.","author":"Thomas John","year":"2011","unstructured":"John Thomas and Nancy G Leveson. 2011. Performing hazard analysis on complex, software-and human-intensive systems. In Proc. of the 29th ISSC Conference about System Safety."},{"key":"e_1_3_2_1_34_1","volume-title":"Retrieved","author":"Software U.S. FDA.","year":"2024","unstructured":"U.S. FDA. 2024. ABMD Software. (2024). Retrieved July 3, 2024 from https:\/\/w ww.accessdata.fda.gov\/scripts\/cdrh\/cfdocs\/cfpmn\/pmn.cfm?ID=K213760."},{"key":"e_1_3_2_1_35_1","volume-title":"Artificial Intelligence and Machine Learning (AI\/ML)-Enabled Medical Devices. (2023). Retrieved","author":"U.S. FDA.","year":"2024","unstructured":"U.S. FDA. 2023. Artificial Intelligence and Machine Learning (AI\/ML)-Enabled Medical Devices. (2023). Retrieved July 3, 2024 from https:\/\/www.fda.gov\/medical-devices\/software-medical-device-samd\/artificial-intelligence-and-machine-learning-aiml-enabled-medical-devices."},{"key":"e_1_3_2_1_36_1","volume-title":"CardioLogs ECG Analysis Platform. (2024). Retrieved","author":"U.S. FDA.","year":"2024","unstructured":"U.S. FDA. 2024. CardioLogs ECG Analysis Platform. (2024). Retrieved July 3, 2024 from https:\/\/www.accessdata.fda.gov\/scripts\/cdrh\/cfdocs\/cfpmn\/pmn.cfm?ID=K170568."},{"key":"e_1_3_2_1_37_1","volume-title":"d-Nav System. (2024). Retrieved","author":"U.S. FDA.","year":"2024","unstructured":"U.S. FDA. 2024. d-Nav System. (2024). Retrieved July 3, 2024 from https:\/\/www.accessdata.fda.gov\/scripts\/cdrh\/cfdocs\/cfpmn\/pmn.cfm?ID=K181916."},{"key":"e_1_3_2_1_38_1","volume-title":"NuVasive Pulse System. (2024). Retrieved","author":"U.S. FDA.","year":"2024","unstructured":"U.S. FDA. 2024. NuVasive Pulse System. (2024). Retrieved July 3, 2024 from https:\/\/www.accessdata.fda.gov\/scripts\/cdrh\/cfdocs\/cfpmn\/pmn.cfm?ID=K1 80038."},{"key":"e_1_3_2_1_39_1","volume-title":"One Drop Blood Glucose Monitoring System. (2024). Retrieved","author":"U.S. FDA.","year":"2024","unstructured":"U.S. FDA. 2024. One Drop Blood Glucose Monitoring System. (2024). Retrieved July 3, 2024 from https:\/\/www.accessdata.fda.gov\/scripts\/cdrh\/cfdocs\/cfpmn \/pmn.cfm?ID=K161834."},{"key":"e_1_3_2_1_40_1","volume-title":"Retrieved","author":"U.S. Food and Drug Administration (FDA). 2019. Premarket Approval (PMA).","year":"2019","unstructured":"U.S. Food and Drug Administration (FDA). 2019. Premarket Approval (PMA). (2019). Retrieved July 3, 2024 from https:\/\/www.fda.gov\/medical-devices\/premarket-submissions-selecting-and-preparing-correct-submission\/premarketapproval-pma."},{"key":"e_1_3_2_1_41_1","first-page":"7","article-title":"Threats to Training","volume":"55","author":"Wang Zhibo","year":"2022","unstructured":"Zhibo Wang, Jingjing Ma, Xue Wang, Jiahui Hu, Zhan Qin, and Kui Ren. 2022. Threats to Training: A Survey of Poisoning Attacks and Defenses on Machine Learning Systems. ACM Comput. Surv., 55, 7.","journal-title":"ACM Comput. Surv."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2914094"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2530277"},{"key":"e_1_3_2_1_44_1","volume-title":"STAMP Conference. MIT Press, 27--30","author":"Young William","year":"2017","unstructured":"William Young and Reed Porada. 2017. System-theoretic process analysis for security (STPA-SEC): Cyber security and STPA. In STAMP Conference. MIT Press, 27--30."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Salt Lake City UT USA","acronym":"CCS '24"},"container-title":["Proceedings of the 2024 Workshop on Cybersecurity in Healthcare"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689942.3694745","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689942.3694745","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T02:29:33Z","timestamp":1755916173000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689942.3694745"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,20]]},"references-count":44,"alternative-id":["10.1145\/3689942.3694745","10.1145\/3689942"],"URL":"https:\/\/doi.org\/10.1145\/3689942.3694745","relation":{},"subject":[],"published":{"date-parts":[[2023,11,20]]},"assertion":[{"value":"2024-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}