Professional Documents
Culture Documents
Cyber Securitythreatsandmitigationsinthe Healthcare Sectorwithemphasisonmedicalinternetofthingsand SDN
Cyber Securitythreatsandmitigationsinthe Healthcare Sectorwithemphasisonmedicalinternetofthingsand SDN
net/publication/361718756
Cyber Security threats and mitigations in the Healthcare Sector with emphasis
on medical internet of things and SDN
CITATIONS READS
0 1,234
1 author:
Heshan Basnayaka
Sri Lanka Institute of Information Technology
1 PUBLICATION 0 CITATIONS
SEE PROFILE
All content following this page was uploaded by Heshan Basnayaka on 03 July 2022.
D.G.B.M.H.K Basnayaka
IT20206482
AIA – IE3022
Assignment 01
3rd year 1st semester
It20206482@my.sliit.lk
The abstract— the healthcare sector is the most often targeted The IoT depends largely on wireless connections &
industry by hackers. In this review paper, we discuss various
threats, vulnerabilities of the e-health care sector, and threats and
communications to offer links for intelligent objects. Wireless
vulnerabilities in iot used in the healthcare industry. And as connections are required due to their flexibility needs.
security measures and cryptographic countermeasures to mitigate However, its openness renders wireless connections subject to
these threats and vulnerabilities in the e-healthcare environment. numerous security dangers, eavesdropping, or other hazards.[1]
Throughout the last ten years, many data security events have
Keywords—cyber security, threats in healthcare, phishing, IoT highlighted the rising threat confronting all sectors linked to
security cyberspace (IoT) via communication networks.
While IoT information from brilliant articles and sensors
1. INTRODUCTION capturing wellness related information can be acquired and
IoT is a bunch of physical devices that include sensors, examined determined to boost our regular day to day
indicators, processing power, software, and many more existences, interchanges among smart gadgets might disclose
technologies interconnected via the Internet. Then it can work private data about patients. Assuming a patient wears an
as intelligent objects. For example, ECG machines, blood intelligent sensor that addresses one more device in a
sugar monitoring, heart rate capturing, AID ( automatic insulin particular area, the connection between these two devices may
delivery machines ), etc. These smart devices can work more likewise be used for unsuitable objectives, similar to
efficiently than analog devices and human power. And this monitoring the patient's versatility. Even though medical
cost-effective solution.[1] services professionals, such as specialists, attendants,
paramedics, and so forth, are trusted and accepted to access
More data breaches and cybercrimes are reported every year
and distribute patients' data as intended, there is usually a
in the healthcare sector. From 2009 to 2021, there have been
gamble that the data may turn out to be gotten to unapproved
4419 data breaches in the healthcare sector reported to HHS –
people. For instance, whilst continual patient monitoring
Health and human services of the united states of America[2].
indicates when the pulse is better than predicted or when the
The Healthcare sector was the most cyber-attacked industry in
patient may withstand a coronary event, such information
2015 [3].
could also be recorded and discover other facts that could
Fig 1 shows the average data breach size from 2009 to 2021
make the patient feel uneasy or undermined. The IoT creates
distinctive substantial threats, with such uncountable devices
becoming coordinated. In essential locations, for example,
medical care, more frameworks are getting linked and
dazzling. The hazards in IoT-based fundamental frameworks
are growing increasingly substantial, and any disturbance or
defilement might bring up costly damage or deadly challenges.
[1]
B. Impersonation attacks Spoofing is a general word for the activity that includes a
cybercriminal posing as a trustworthy organization or device
This type of phishing and impersonation attack is an actual to persuade you to perform something valuable to the attacker
fraud when an intruder acts as a legitimate individual to extort — and harmful to you. Any moment an online fraudster
stuff or confidential material from an organization. Typically, camouflages their identities as something other than, it's
these sorts of assaults originate from people targeting high- spoofing.
level persons such as CEOs, directors etc. The purpose of Spoofing may become applicable to many communication
these criminal characters is to deposit the money into a bogus channels and require varying technological sophistication.
account, disclose confidential material, or divulge login details Spoofing assaults frequently incorporate a component of
to breach an organization's network. social engineering when fraudsters psychologically mislead
potential targets by playing on human failings, including
C. MITM – Man in the middle attacks anxiety, greed, or lack of technological understanding. [19]
I. Relay attacks
proof schema for multi-tagged items and the identification However, conventional cybersecurity controls cannot be used
schema for IoT-based medical systems. Their schema enabled directly for Internet-of-the-thick kinds of applications, and
robust and secure communication. They used their plan to they are utilized as a base for newly generated approaches.
assure success. In [26], researchers established an architecture Some of the most prevalent symmetric Encryption techniques
for centralized data storage that gathered data from several will be reviewed in this study. These techniques include DES,
sensing devices. 3DES, Bluefish and AES.
This study tries to ensure system security, privacy, and
confidentiality. They employed two cryptography systems. A. Data encryption standard – DES
The combination of attribute-based and functional encryption
approaches. Data Encryption Standard: DES technique was established
Proposed framework architecture [26] In [27], a cloud-based in 1977 by IBM. This technique is used to encrypt a stream
architecture for safe healthcare applications leveraging fixed-length of bits of plaintext. Then this plaintext is
Wireless Body Area Networks was developed (WBAN). They converted to cypher-text of the identical size. The length of
employed a multi-biometric key generation scheme to secure each block is 64 bits, where 56-bits for the algorithm as key
inter-sensor communication. They also connected the EHR size and the remaining 8 bits are utilized for the checking
centrally kept on the health industry cloud. Their approach party. This technique is characterized as an extremely slow
developed a secure cloud-based architecture that protected cryptographic algorithm. [29]
communication processes and patient data confidentiality and
privacy. [28]
B. Inventory maintenance.
F. Product security
The network must be built as much as possible by employing
devices made by identical manufacturers. The maker must aim
to minimize the usage of 3rd parties products in their
architecture to decrease the danger of supply chain attacks.
The default password of the devices must be modified before
installation into the system. It is usually advisable to deploy
specific application-focused devices in a healthcare context
rather than 3rd party generic IoT devices. [33]
G. Network segmentation
Figure 11. Advanced encryption standard – AES
structure. Micro-segmentation may lock the essential devices from every
unauthorized disclosure outside the network. It needs to be
As Information security is a critical concern in Intelligent assured that equipment in the network is flexibly connected,
Healthcare, subsequent proactive actions may be implemented so the malfunction of one appliance may well not influence
to strengthen the level of security of the Healthcare the total operation of the network. [33]
Information networks.
H. Data Integrity
A. Deployment of security professionals.
The data saved in the storage media should be given access to
An adequate amount of internet security professionals must be only the authenticated person, and all the data should not be
placed in medical and Intelligent Healthcare systems to given access to the public. The gadget must acquire just the
constantly monitor, update and safeguard the linked devices to necessary details, and it must be verified that it does not
a network. This will strive to decrease the It divide in an capture any extraneous information [34]. Periodical backup of
Intelligent Healthcare setting. The clinics must be prepared information must be established to minimize any
with expert teams, including adequate incident response unprecedented assault. [33]
strategies to address problems.[33]
9
https://www.securityweek.com/healthcare-was-most-
attacked-industry-2015-ibm (accessed Mar. 23, 2022).
I. Security audit [4] E. D. Perakslis, "Cybersecurity in Health Care," New
England Journal of Medicine, vol. 371, no. 5, pp.
3rd parties audits must be undertaken frequently on the 395–397, Jul. 2014, doi: 10.1056/NEJMP1404358.
system, and the vulnerabilities existing in the networks must [5] D. Sparrell, "Cyber-Safety in Healthcare IOT," 11th
be examined. The new devices must replace ones that cannot Academic Conference ITU Kaleidoscope: ICT for
be upgraded with updates. [33] Health: Networks, Standards and Innovation, ITU K
2019, Dec. 2019, doi:
7. FUTURE RESEARCH 10.23919/ITUK48006.2019.8996148.
There are so many various kind of researches available for [6] A. B. Jena, N. C. Mann, L. N. Wedlund, and A.
Olenski, "Delays in Emergency Care and Mortality
this topic“ Cyber Security threats and mitigations in the
during Major U.S. Marathons," N Engl J Med, vol.
Healthcare Sector “ e-healthcare sector security very 376, no. 15, pp. 1441–1450, Apr. 2017, doi:
huge and many more things to study and research. 10.1056/NEJMSA1614073.
[7] A. Morse, "Investigation: WannaCry cyber attack on
the NHS," UK National Audit Office, vol. 414, no.
April 2018, p. 6, 2017, Accessed: Mar. 25, 2022.
8. CONCLUSION [Online]. Available: https://www.nao.org.uk/wp-
Smart Healthcare provides several benefits such as quicker content/uploads/2017/10/Investigation-WannaCry-
diagnosis, effective decision-making and active treatment. cyber-attack-and-the-NHS.pdf
Internet security is a fundamental aspect of such networks. [8] K. Chinthapalli, "The hackers holding hospitals to
However, most E - healthcare networks are susceptible to ransom."
assaults due to various variables. This paper evaluates the https://scholar.google.co.uk/citations?view_op=view_
characteristics included in Intelligent Health systems and citation&hl=en&user=v8j0Eo4AAAAJ&citation_for_
computer security problems. The proactive actions that may be view=v8j0Eo4AAAAJ:M05iB0D1s5AC (accessed
performed to enhance the security of E - healthcare systems Mar. 25, 2022).
are also addressed. The given proactive strategies may be [9] S. M. Muzammal et al., "Counter measuring
utilized as best practice standards for building a secure Smart conceivable security threats on smart healthcare
Healthcare. This research analyzed numerous forms of devices," IEEE Access, vol. 6, pp. 20722–20733, Apr.
security concerns in the healthcare industry. And it addressed 2018, doi: 10.1109/ACCESS.2018.2826225.
many of the defensive remedies for such sorts of attacks. In [10] "Healthcare Data Security: How to Protect Patient
literature, Cryptography is regarded to become the greatest Health Information?"
essential countermeasure. Also, this publication discussed https://www.ekransystem.com/en/blog/healthcare-
several of the top prevalent encryption techniques. data-protection-solutions-monitor-and-audit-your-
software (accessed Mar. 25, 2022).
[11] "9 Reasons Healthcare is the Biggest Target for
9. REFERENCES Cyberattacks."
https://swivelsecure.com/solutions/healthcare/healthca
re-is-the-biggest-target-for-cyberattacks/ (accessed
[1] N. S. Abouzakhar, A. Jones, and O. Angelopoulou,
Mar. 25, 2022).
"Internet of Things Security: A Review of Risks and
[12] “What is electronic protected health information
Threats to Healthcare Sector," in Proceedings - 2017
(ePHI)? - Definition from WhatIs.com.”
IEEE International Conference on Internet of Things,
https://searchhealthit.techtarget.com/definition/electro
IEEE Green Computing and Communications, IEEE
nic-protected-health-information-ePHI (accessed Mar.
Cyber, Physical and Social Computing, IEEE Smart
28, 2022).
Data, iThings-GreenCom-CPSCom-SmartData 2017,
[13] itpro, "data protection | IT PRO."
Jan. 2018, vol. 2018-January, pp. 373–378. doi:
https://www.itpro.co.uk/data-protection-0 (accessed
10.1109/iThings-GreenCom-CPSCom-
Mar. 28, 2022).
SmartData.2017.62.
[14] IEEE Communications Society, A. H. & S. N. T. C.
[2] HIPAA Journal, "Healthcare Data Breach Statistics,"
IEEE Communications Society. Internet of Things,
hipaajournal.com.
IEEE Internet of Things (Initiative), and Institute of
https://www.hipaajournal.com/healthcare-data-breach-
Electrical and Electronics Engineers, GIoTS, Global
statistics/ (accessed Mar. 22, 2022).
IoT Summit : 2020 conference proceedings.
[3] SecurityWeek News, "Healthcare Was Most Attacked
[15] "IoT Ecosystem."
Industry in 2015: IBM | SecurityWeek.Com,"
https://www.tutorialandexample.com/iot-ecosystem
securityweek, 2016.
(accessed Mar. 29, 2022).
[16] "Preparing to Release the OWASP IoT Top 10 2018 Gaithersburg, MD, 2007. doi: 10.6028/NIST.SP.800-
(Updated: Released) - Daniel Miessler." 45ver2.
https://danielmiessler.com/blog/preparing-to-release- [32] "Advanced Encryption Standard (AES) -
the-owasp-iot-top-10-2018/ (accessed Mar. 29, 2022). GeeksforGeeks."
[17] A. J. Burns, M. E. Johnson, and P. Honeyman, "A https://www.geeksforgeeks.org/advanced-encryption-
brief chronology of medical device security," Commun standard-aes/ (accessed Apr. 05, 2022).
ACM, vol. 59, no. 10, pp. 66–72, Sep. 2016, doi: [33] R. Marshal, K. Gobinath, and V. V. Rao, "Proactive
10.1145/2890488. measures to mitigate cyber security challenges in IoT
[18] "Man in the Middle Attack: Tutorial & Examples | based smart healthcare networks," Apr. 2021. doi:
Veracode." https://www.veracode.com/security/man- 10.1109/IEMTRONICS52119.2021.9422615.
middle-attack (accessed Mar. 29, 2022). [34] M. Elhoseny et al., "Security and Privacy Issues in
[19] "What is Spoofing & How to Prevent it." Medical Internet of Things: Overview,
https://www.kaspersky.com/resource- Countermeasures, Challenges and Future Directions,"
center/definitions/spoofing (accessed Mar. 29, 2022). Sustainability, vol. 13, no. 21, p. 11645, Oct. 2021,
[20] "Cross Site Scripting (XSS) Software Attack | doi: 10.3390/su132111645.
OWASP Foundation." https://owasp.org/www-
community/attacks/xss/ (accessed Mar. 29, 2022).
[21] "Buffer overflow."
https://www.imperva.com/learn/application-
security/buffer-overflow/ (accessed Mar. 29, 2022). 10. AUTHOR PROFILE
[22] "What is a distributed denial-of-service (DDoS)
attack? | Cloudflare." https://www.cloudflare.com/en-
gb/learning/ddos/what-is-a-ddos-attack/ (accessed
Mar. 29, 2022).
[23] "Relay attack - Wikipedia."
https://en.wikipedia.org/wiki/Relay_attack (accessed
Mar. 29, 2022).
[24] S. R. Moosavi et al., "End-to-end security scheme for
mobility enabled healthcare Internet of Things,"
Future Generation Computer Systems, vol. 64, pp.
108–124, Nov. 2016, doi:
10.1016/j.future.2016.02.020.
[25] P. Gope and T. Hwang, "A Realistic Lightweight
D.G.B.M Heshan Keshawa Basnayaka
Anonymous Authentication Protocol for Securing
Cyber security researcher
Real-Time Application Data Access in Wireless
Undergraduate at SLIIT
Sensor Networks," IEEE Transactions on Industrial
Electronics, vol. 63, no. 11, pp. 7124–7132, Nov.
2016, doi: 10.1109/TIE.2016.2585081.
[26] J.-L. Hou and K.-H. Yeh, "Novel Authentication
Schemes for IoT Based Healthcare Systems,"
International Journal of Distributed Sensor Networks,
vol. 11, no. 11, p. 183659, Nov. 2015, doi:
10.1155/2015/183659.
[27] D. Sharma and D. Jinwala, "Functional Encryption in
IoT E-Health Care System," 2015, pp. 345–363. doi:
10.1007/978-3-319-26961-0_21.
[28] F. A. Khan, A. Ali, H. Abbas, and N. A. H. Haldar, "A
Cloud-based Healthcare Framework for Security and
Patients' Data Privacy Using Wireless Body Area
Networks," Procedia Computer Science, vol. 34, pp.
511–517, 2014, doi: 10.1016/j.procs.2014.07.058.
[29] "Data Encryption Standard."
https://www.tutorialspoint.com/cryptography/data_enc
ryption_standard.htm (accessed Apr. 05, 2022).
[30] "What is Blowfish and how is it used in
cryptography?"
https://www.techtarget.com/searchsecurity/definition/
Blowfish (accessed Apr. 05, 2022).
[31] M. C. Tracy, W. Jansen, K. A. Scarfone, and J.
Butterfield, "Guidelines on electronic mail security,"