4 research outputs found
Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED)
Cardiac implantable electronic devices (CIED) are vulnerable to radio frequency (RF) cyber-attacks. Besides, CIED communicate with medical equipment whose telemetry capabilities and IP connectivity are creating new entry points that may be used by attackers. Therefore, it remains crucial to perform a cybersecurity risk assessment of CIED and the systems they rely on to determine the gravity of threats, address the riskiest ones on a priority basis, and develop effective risk management plans. In this study, we carry out such risk assessment according to the ISO/IEC 27005 standard and the NIST SP 800-30 guide. We employed a threat-oriented analytical approach and divided the analysis into three parts, an actor-based analysis to determine the impact of the attacks, a scenario-based analysis to measure the probability of occurrence of threats, and a combined analysis to identify the riskiest attack outcomes. The results show that vulnerabilities on the RF interface of CIED represent an acceptable risk, whereas the network and Internet connectivity of the systems they rely on represent an important potential risk. Further analysis reveals that the damages of these cyber-attacks could spread further to affect manufacturers through intellectual property theft or physicians by affecting their reputation
Medical Internet of Things: A Survey of the Current Threat and Vulnerability Landscape
The Internet of things (IoT) is a system that utilizes the Internet to facilitate communication between sensors and devices. Given the ubiquitous nature of IoT devices, it is seemingly inevitable that IoT would be used as a conduit to transform healthcare. One such medical IoT (mIoT) device that is revolutionizing healthcare is the medical implant device. These mIoT implant devices which control insulin pumps, cardioverter defibrillators and bone growth stimulators have redefined the way patient data is accessed, and healthcare is delivered. These implant devices are a double-edged sword. While they allow for the effective and efficient noninvasive treatment of patients, this external communication makes the medical implants vulnerable to cyberattacks synonymous with IoT devices. As a result, privacy and security vulnerabilities have surfaced as pronounced challenges for mIoT devices. This work summarizes and synthesizes the inherent vulnerabilities associated with mIoT devices and the implications regarding patient safety
Analyse du risque en matiÚre de cybersécurité de l'écosystÚme des dispositifs électroniques cardiaques implantables (DECI)
Lâutilisation des dispositifs Ă©lectroniques cardiaques implantables (DECI) Ă©quipĂ©s de fonctionnalitĂ©s de tĂ©lĂ©mĂ©trie augmente en raison des avantages quâils apportent Ă la qualitĂ© des soins aux patients, au rendement du personnel mĂ©dical et Ă la rĂ©duction des coĂ»ts en santĂ©. Ils interagissent avec des systĂšmes externes situĂ©s Ă lâhĂŽpital (programmeur), au domicile des patients (moniteur Ă domicile) et dans le nuage. Les DECI communiquent avec les programmeurs et les moniteurs domestiques par lâintermĂ©diaire de signaux radiofrĂ©quence (RF) transmis dans la bande des services de communication pour implants mĂ©dicaux (MICS 402-405 Mhz), tandis quâils interagissent avec les systĂšmes en nuage par lâintermĂ©diaire des moniteurs
domestiques et de la connectivité IP (protocole Internet). Les DECI sont vulnérables aux cyberattaques qui exploitent leur interface de communication par radiofréquence. Cela
vaut Ă©galement pour les DECI non Ă©quipĂ©s de tĂ©lĂ©mĂ©trie, mais la tĂ©lĂ©mĂ©trie introduit des vecteurs dâattaque supplĂ©mentaires. La mise en garde de la Food and Drug Administration (FDA) concernant prĂšs dâun demi-million de DECI en 2017, selon laquelle ces dispositifs Ă©taient vulnĂ©rables Ă un accĂšs non autorisĂ©, permettant Ă une personne malveillante de les reprogrammer Ă lâaide dâĂ©quipements disponibles sur le marchĂ©, tĂ©moigne de la croissante inquiĂ©tude que suscitent les cyberattaques contre les DECI. Bien que les DECI puissent ĂȘtre vulnĂ©rables, aucune cyberattaque de ce type nâa Ă©tĂ© signalĂ©e. Bien que nous sachions quâil est techniquement possible de mener de telles attaques dans lâenvironnement contrĂŽlĂ© dâun laboratoire de recherche, il reste Ă dĂ©terminer dans quelle mesure de telles attaques seraient viables sur une cible rĂ©elle dans le monde rĂ©el. Nous avons cherchĂ© Ă Ă©valuer les
risques rĂ©els des cyberattaques contre les DECI Ă©quipĂ©s de tĂ©lĂ©mĂ©trie et des systĂšmes dont ils dĂ©pendent. Nous avons effectuĂ© une analyse de risque rĂ©aliste de ces attaques. Un inventaire des vulnĂ©rabilitĂ©s qui ont Ă©tĂ© rendues publiques Ă ce jour a Ă©tĂ© rĂ©alisĂ©. Des scĂ©narios dâattaque ont Ă©tĂ© dĂ©terminĂ©s sur la base de ces vulnĂ©rabilitĂ©s, en Ă©valuant pourquoi et comment un cybercriminel pourrait les exploiter Ă des fins malveillantes. La probabilitĂ© dâune
exploitation malveillante de chaque vulnĂ©rabilitĂ© a Ă©tĂ© estimĂ©e en fonction de trois critĂšres : la capacitĂ©, la motivation et lâopportunitĂ© des cybercriminels. Des cyberattaques ont Ă©tĂ© simulĂ©es dans notre laboratoire Ă lâaide de DECI et de programmeurs. Nous avons dĂ©terminĂ©
lâimpact des cyberattaques selon quatre Ă©chelles distinctes : santĂ©, Ă©conomie, vie privĂ©e et qualitĂ© de vie. Lâimpact sur la santĂ© a Ă©tĂ© dĂ©terminĂ© selon la classification Hayes des interfĂ©rences cliniquement significatives avec les fonctions des DECI, tandis que le reste des impacts
ont Ă©tĂ© dĂ©terminĂ©s selon le Fair Information Practice Principles 999 (FIPPS), un standard pour lâĂ©valuation de sĂ©curitĂ© des systĂšmes de lâinformation. Enfin, le risque associĂ© Ă chaque vecteur dâattaque a Ă©tĂ© calculĂ© en multipliant sa probabilitĂ© dâexploitation par son impact.
Deux des six objectifs dâattaque possibles reprĂ©sentent un risque critique , Ă savoir âInciter le personnel mĂ©dical Ă commettre des erreurs de diagnosticâ et âAcquĂ©rir des connaissances sur le fonctionnement de lâappareil et des logicielsâ. Quatre des 15 vulnĂ©rabilitĂ©s identifiĂ©es
reprĂ©sentent un risque inacceptable, toutes associĂ©es Ă des dispositifs externes (programmeur et moniteur Ă domicile) et sont exploitables via lâaccĂšs rĂ©seau ou lâaccĂšs web aux cibles. Les rĂ©sultats de cette Ă©tude rĂ©vĂšlent que les menaces associĂ©es Ă lâinterface de communication
RF des DECI représentent un risque acceptable par rapport à la connectivité IP des appareils externes (programmateur et moniteur domestique). Le risque réel se trouve dans les
réseaux informatiques et dans le nuage. Il existe plusieurs solutions à ce problÚme. Il est donc à la portée des groupes affectés (patients, personnel de santé, fabricants et autorités gouvernementales) de prendre les mesures nécessaires pour réduire les risques associés à de
telles cyberattaques.----------ABSTRACT: The use of telemetry-enabled Cardiac Implantable Electronic Devices (CIED) is increasing due to the significant advantages it brings to patient care quality, medical staff performance
and reductions in health cost. They interact with external systems located in the hospital (programmer), in patient homes (home monitor) and in the cloud. CIED communicate
with programmers and the home monitors via Radio Frequency (RF) signals transmitted in the Medical Implants Communication Services band (MICS 402-405 Mhz), whereas they
interact with cloud-based systems via home monitoring devices and Internet Protocol (IP) connectivity. CIED are vulnerable to cyber attacks that use their Radio Frequency communication interface. This also holds for non-telemetry enabled CIED, but telemetry capability introduces additional vectors of cyber attacks. The increased concern of cyber attacks on telemetry-enabled CIED was demonstrated by the Food and Drug Administration (FDA) warning affecting almost half a million CIED in 2017 stating the aforementioned devices were vulnerable to unauthorized access, allowing a malicious person to reprogram them using commercially available equipment. Although CIED may be vulnerable, no such cyber attacks have been reported. While we know it is technically possible to conduct such an attack in the controlled environment of a research laboratory, it remains to be determined how viable such an attack would be on an actual target in the real world. We sought to assess the real-life risks of cyber attack on telemetry enabled CIED and the systems they depend on. We carried out a realistic risk analysis of such attacks. An inventory of the
vulnerabilities that have been made public to date was performed. Attack scenarios were determined based on those vulnerabilities, assessing why and how a cybercriminal could exploit them for malicious purpose. The likelihood of malicious exploitation of each vulnerability was estimated according to three criteria: cybercriminal ability, motivation, and opportunity. Cyber attacks were emulated in our laboratory using current CIED and programmers. We
determined the impact of cyberattacks according to four separate scales: health, economy, privacy and quality of life. The impact on health was determined according to the Hayes classification of clinically significant interference with CIED function while the rest of impacts was determined with the Fair Information Practice Principles 999 (FIPPS), a standard for the security assessment of information systems. Finally, the risk associated with each attack vector was computed by multiplying its exploitation likelihood by its impact. Two of the six possible attack goals represent a critical risk namely âInduce medical staff to make diagnostic errorsâ and âGain knowledge of device operation and softwareâ. Four of the 15 inventoried vulnerabilities represent a critical risk; all associated to external devices (programmer and home monitor) and exploited by network access and web acess. The risk of exploiting CIED
RF communication interface is minor compared to the risk of exploiting externals devices IP connectivity. The real risk lies in computer networks, and there are several solutions. It is therefore within the reach of affected groups (patients, health personnel, manufacturers and government autorities) to take necessary measures to reduce the risks associated to such cyberattacks