Ying He
Attacking and defence pathways for Intelligent Medical Diagnosis System (IMDS)
He, Ying; Camacho, Ruben Suxo; Soygazi, Hasan; Luo, Cunjin
Authors
Ruben Suxo Camacho
Hasan Soygazi
Cunjin Luo
Abstract
Background
The Intelligent Medical Diagnosis System (IMDS) has been targeted by the cyber attackers, who aim to damage the Healthcare Critical National Infrastructure (CNI). This research is motivated by the recent cyber attacks happened worldwide that have resulted in the compromise of medical diagnosis records. This study was conducted to demonstrate how the IMDS could be attacked and diagnosis records compromised (i.e. heart disease) and suggest a list of security defence strategies to prevent against such attacks.
Methods
This research developed an IMDS simulation platform by implementing the OpenEMR system. A Cardiac Diagnosis Component is then added to the IMDS. The IMDS is fed with the ECG data (retrieved from the PhysioNet/Computing in Cardiology Challenge 2017). This research then launched systematic ethical hacking, which was tailored to target IMDS diagnosis records. The systematic hacking was based on the NIST ethical hacking method and followed an attack pathway, starting from identifying the entry points of the medical websites, then propagating to gain access to the server, with the ultimate aim of modifying the heart disease diagnosis records.
Results
The hacking was successful. Four major vulnerabilities (i.e. broken authentication, broken access control, security misconfiguration and using components with known vulnerabilities) were identified in the simulated IMDS and the cardiac diagnosis records were compromised. This research then proposed a list of security defence strategies to prevent such attacks at each possible attacking points along the attacking pathway.
Conclusions
This research demonstrated a systematic ethical hacking to the IMDS, identified four major vulnerabilities and proposed the security defence pathways. It provided novel insights into the protection of IMDS and will benefit researchers in the community to conduct further research in security defence of IMDS.
Citation
He, Y., Camacho, R. S., Soygazi, H., & Luo, C. (2021). Attacking and defence pathways for Intelligent Medical Diagnosis System (IMDS). International Journal of Medical Informatics, 148, Article 104415. https://doi.org/10.1016/j.ijmedinf.2021.104415
Journal Article Type | Article |
---|---|
Acceptance Date | Feb 6, 2021 |
Online Publication Date | Feb 11, 2021 |
Publication Date | 2021-04 |
Deposit Date | Apr 1, 2021 |
Publicly Available Date | Feb 12, 2022 |
Journal | International Journal of Medical Informatics |
Print ISSN | 1386-5056 |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 148 |
Article Number | 104415 |
DOI | https://doi.org/10.1016/j.ijmedinf.2021.104415 |
Keywords | Health Informatics |
Public URL | https://nottingham-repository.worktribe.com/output/5428647 |
Publisher URL | https://www.sciencedirect.com/science/article/abs/pii/S1386505621000411 |
Files
IJMI-YH
(3.4 Mb)
PDF
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: digital-library-support@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search