With advances in sensing, networking, and computing, smart medical devices have been widely deployed in various clinical settings. However, cyber attacks on hospital networks and critical medical devices are serious threats to patient safety, security, and privacy. This paper studies the cyber-security attacks that target hospital networks and other interconnected clinical environments. Our goal is to characterize threat models in such environments by studying the public data from vulnerability databases on medical devices and reports on real attacks targeted at hospital networks. We use a keyword-based approach to identify security reports on medical devices. We summarize our observations from the analysis of the vulnerability reports and provide insights into the types and impacts of vulnerabilities.
more »
« less
Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach
Networks like those of healthcare infrastructure have been a primary target of cyberattacks for over a decade. From just a single cyberattack, a healthcare facility would expect to see millions of dollars in losses from legal fines, business interruption, and loss of revenue. As more medical devices become interconnected, more cyber vulnerabilities emerge, resulting in more potential exploitation that may disrupt patient care and give rise to catastrophic financial losses. In this paper, we propose a structural model of an aggregate loss distribution across multiple cyberattacks on a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient‐monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. Our framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. To our knowledge, there exist no other models of an aggregate loss distribution for cyber risk in this setting. We contextualize the problem in the probabilistic graph‐theoretical framework using a percolation model and combinatorial techniques to compute the mean and variance of the loss distribution for a mixed random network with associated random costs that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. By characterizing this distribution, we allow for the further utility of pricing cyber risk.
more » « less- PAR ID:
- 10419686
- Publisher / Repository:
- Wiley-Blackwell
- Date Published:
- Journal Name:
- Risk Analysis
- Volume:
- 43
- Issue:
- 12
- ISSN:
- 0272-4332
- Format(s):
- Medium: X Size: p. 2450-2485
- Size(s):
- p. 2450-2485
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null (Ed.)The implementation of Internet of Things (IoT) devices in medical environments, has introduced a growing list of security vulnerabilities and threats. The lack of an extensible big data resource that captures medical device vulnerabilities limits the use of Artificial Intelligence (AI) based cyber defense systems in capturing, detecting, and preventing known and future attacks. We describe a system that generates a repository of Cyber Threat Intelligence (CTI) about various medical devices and their known vulnerabilities from sources such as manufacturer and ICS-CERT vulnerability alerts. We augment the intelligence repository with data sources such as Wikidata and public medical databases. The combined resources are integrated with threat intelligence in our Cybersecurity Knowledge Graph (CKG) from previous research. The augmented graph embeddings are useful in querying relevant information and can help in various AI assisted cybersecurity tasks. Given the integration of multiple resources, we found the augmented CKG produced higher quality graph representations. The augmented CKG produced a 31% increase in the Mean Average Precision (MAP) value, computed over an information retrieval task.more » « less
-
The Internet of Medical Things (IoMT) is a network of interconnected medical devices, wearables, and sensors integrated into healthcare systems. It enables real-time data collection and transmission using smart medical devices with trackers and sensors. IoMT offers various benefits to healthcare, including remote patient monitoring, improved precision, and personalized medicine, enhanced healthcare efficiency, cost savings, and advancements in telemedicine. However, with the increasing adoption of IoMT, securing sensitive medical data becomes crucial due to potential risks such as data privacy breaches, compromised health information integrity, and cybersecurity threats to patient information. It is necessary to consider existing security mechanisms and protocols and identify vulnerabilities. The main objectives of this paper aim to identify specific threats, analyze the effectiveness of security measures, and provide a solution to protect sensitive medical data. In this paper, we propose an innovative approach to enhance security management for sensitive medical data using blockchain technology and smart contracts within the IoMT ecosystem. The proposed system aims to provide a decentralized and tamper-resistant plat- form that ensures data integrity, confidentiality, and controlled access. By integrating blockchain into the IoMT infrastructure, healthcare organizations can significantly enhance the security and privacy of sensitive medical data.more » « less
-
The imperative factors of cybersecurity within institutions have become prevalent due to the rise of cyber-attacks. Cybercriminals strategically choose their targets and develop several different techniques and tactics that are used to exploit vulnerabilities throughout an entire institution. With the thorough analysis practices being used in recent policy and regulation of cyber incident reports, it has been claimed that data breaches have increased at alarming rates rapidly. Thus, capturing the trends of cyber-attacks strategies, exploited vulnerabilities, and reoccurring patterns as insight to better cybersecurity. This paper seeks to discover the possible threats that influence the relationship between the human component and cybersecurity posture. Along with this, we use the Vocabulary for Event Recording and Incident Sharing (VERIS) database to analyze previous cyber incidents to advance risk management that will benefit the institutional level of cybersecurity. We elaborate on the rising concerns of external versus internal factors that potentially put institutions at risk for exploiting vulnerabilities and conducting an exploratory data analysis that articulates the understanding of detrimental monetary and data loss in recent cyber incidents. The human component of this research attributes to the perceptive of the most common cause within cyber incidents, human error. With these concerns on the rise, we found contributing factors with the use of a risk-based approach and thorough analysis of databases, which will be used to improve the practical consensus of cybersecurity. Our findings can be of use to all institutions in search of useful insight to better their risk-management planning skills and failing elements of their cybersecurity.more » « less
-
null (Ed.)Insurance premiums reflect expectations about the future losses of each insured. Given the dearth of cyber security loss data, market premiums could shed light on the true magnitude of cyber losses despite noise from factors unrelated to losses. To that end, we extract cyber insurance pricing information from the regulatory filings of 26 insurers. We provide empirical observations on how premiums vary by coverage type, amount, and policyholder type and over time. A method using particle swarm optimisation and the expected value premium principle is introduced to iterate through candidate parameterised distributions with the goal of reducing error in predicting observed prices. We then aggregate the inferred loss models across 6,828 observed prices from all 26 insurers to derive the County Fair Cyber Loss Distribution . We demonstrate its value in decision support by applying it to a theoretical retail firm with annual revenue of $50M. The results suggest that the expected cyber liability loss is $428K and that the firm faces a 2.3% chance of experiencing a cyber liability loss between $100K and $10M each year. The method and resulting estimates could help organisations better manage cyber risk, regardless of whether they purchase insurance.more » « less
