Cyber-attacks and threats for healthcare – a multi-layer thread analysis

Due to the advent of novel technologies and digital opportunities allowing to simplify user lives, healthcare is increasingly evolving towards digitalization. This represent a great opportunity on one side but it also exposes healthcare organizations to multiple threats (both digital and not) that may lead an attacker to compromise the security of medial processes and potentially patients’ safety. Today technical cybersecurity countermeasures are used to protect the confidentiality, integrity and availability of data and information systems – especially in the healthcare domain. This paper will report on the current state of the art about cyber security in the Healthcare domain with particular emphasis on current threats and methodologies to analyze and manage them. In addition, it will introduce a multi-layer attack model providing a new perspective for attack and threat identification and analysis.

[1]  Houston H. Carr,et al.  Risk Analysis for Information Technology , 1991, J. Manag. Inf. Syst..

[2]  Jean Peccoud,et al.  Cyberbiosecurity: An Emerging New Discipline to Help Safeguard the Bioeconomy , 2018, Front. Bioeng. Biotechnol..

[3]  I. Maglogiannis,et al.  Modeling Risk in Distributed Healthcare Information Systems , 2006, 2006 International Conference of the IEEE Engineering in Medicine and Biology Society.

[4]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[5]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[6]  Kostas Marias,et al.  Cross Layer Interference Management in Wireless Biomedical Networks , 2014, Entropy.

[7]  Luis Ceze,et al.  Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More , 2017, USENIX Security Symposium.

[8]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[9]  Peter Honeyman,et al.  A brief chronology of medical device security , 2016, Commun. ACM.

[10]  Ganthan Narayana Samy,et al.  Security threats categories in healthcare information systems , 2010, Health Informatics J..

[11]  E. B. Fernandez,et al.  Information Systems Security: Scope, State-of-the-art, and Evaluation of Techniques , 2008 .

[12]  Kostas Marias,et al.  Secure access to patient's health records using SpeechXRays a mutli-channel biometrics platform for user authentication , 2016, EMBC.

[13]  Catherine Quantin,et al.  The tidal waves of connected health devices with healthcare applications: consequences on privacy and care management in European healthcare systems , 2017, BMC Medical Informatics and Decision Making.

[14]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[15]  Manolis Tsiknakis,et al.  Designing a digital patient avatar in the context of the MyHealthAvatar project initiative , 2013, 13th IEEE International Conference on BioInformatics and BioEngineering.

[16]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[17]  Roland Opfer,et al.  Clinically Oriented Translational Cancer Multilevel Modeling: The ContraCancrum Project , 2009 .

[18]  Ingoo Han,et al.  Security threats to Internet: a Korean multi-industry investigation , 2001, Inf. Manag..