Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions, ranging from cardiac arrhythmia to Parkinson’s. In this work, we provide a clear definition and overview of the problem space, categorizing relevant research results in academia with respect to threats and identifying trends, interdependencies, and directions for future research. We identify three broad research categories aimed at ensuring the security and privacy of the telemetry, software, and physiological sensing interface layers. We find that while the security of the telemetry interface has received much attention in academia, both the threat of software exploitation and the sensor interface layer deserve further attention. In addition, we identify areas of concern in current research, including common sources of confusion in utilizing the MIT PhysioNet portal for key establishment protocols and the use of human tissue simulators; we make concrete recommendations on appropriate methods for future work.