Implantable medical devices (IMDs) are surgically implanted into a human body to collect physiological data and perform medical therapeutic functions. They are increasingly being used to improve the quality of life of patients by treating chronic ailments such as cardiac arrhythmia, diabetes, and Parkinson's disease. However, recent research has demonstrated the deficiency of wireless IMDs in enforcing security and privacy, and discussed the impact of these attacks on the patient's safety and efficacy of medical treatments. This paper provides an overview of the main vulnerabilities of IMDs. It also reviews the recent research on IMD security and privacy, and discusses their advantages and limitations. In this paper, we also describe the main requirements for improving security of IMDs and identify and discuss a set of research challenges for designing the next generation of secure wireless IMDs. Copyright © 2013 John Wiley & Sons, Ltd.