SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems
An intensive care unit (ICU) is dedicated to caring for patients whose medical condition places them at high risk of mortality or serious morbidity. ICU medical devices (ICUMDs) are used to closely monitor, stabilize, and treat ICU patients who are often unconscious and rely almost solely on ICUMDs....
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9051823/ |
| id |
doaj-54a234a3608344b48f470d364d9f2ff8 |
|---|---|
| record_format |
Article |
| spelling |
doaj-54a234a3608344b48f470d364d9f2ff82021-03-30T01:35:58ZengIEEEIEEE Access2169-35362020-01-018641936422410.1109/ACCESS.2020.29847269051823SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their EcosystemsCarmel Eliash0https://orcid.org/0000-0001-5107-1130Isaac Lazar1https://orcid.org/0000-0001-9450-5226Nir Nissim2https://orcid.org/0000-0003-0652-8861Malware Lab, Cyber Security Research Center, Ben-Gurion University of the Negev, Beer-Sheva, IsraelDivision of Pediatrics, Pediatric Intensive Care Unit, Soroka University Medical Center, Beer-Sheva, IsraelMalware Lab, Cyber Security Research Center, Ben-Gurion University of the Negev, Beer-Sheva, IsraelAn intensive care unit (ICU) is dedicated to caring for patients whose medical condition places them at high risk of mortality or serious morbidity. ICU medical devices (ICUMDs) are used to closely monitor, stabilize, and treat ICU patients who are often unconscious and rely almost solely on ICUMDs. ICUMDs have become more autonomous, with a range of components, connectivity to external devices, and functionalities, opening the door to cyber-attacks. We present a taxonomy based on the functionality of 19 widely used ICUMDs, providing an explanation of each device's medical role, properties, interactions, and how they impact each other's security. We provide an extensive survey of 16 possible attacks aimed at ICUMDs and assess each device's vulnerability. We also create an ecosystem graph describing the roles and interactions of the players of each ICU sub-department. For each device type we produce a unique attack flow diagram that presents the most vulnerable vectors and components within the ecosystem. Finally, we survey relevant security mechanisms and map their coverage for the attacks, identifying existing gaps. We show that current security mechanisms generally fail to provide protection, covering just 12.5-56.3% of the attacks against ICUMDs, leaving the devices and the patients vulnerable.https://ieeexplore.ieee.org/document/9051823/ICUmedical devicecyber-attackmalwaredetectionsecurity |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Carmel Eliash Isaac Lazar Nir Nissim |
| spellingShingle |
Carmel Eliash Isaac Lazar Nir Nissim SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems IEEE Access ICU medical device cyber-attack malware detection security |
| author_facet |
Carmel Eliash Isaac Lazar Nir Nissim |
| author_sort |
Carmel Eliash |
| title |
SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems |
| title_short |
SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems |
| title_full |
SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems |
| title_fullStr |
SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems |
| title_full_unstemmed |
SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems |
| title_sort |
sec-c-u: the security of intensive care unit medical devices and their ecosystems |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2020-01-01 |
| description |
An intensive care unit (ICU) is dedicated to caring for patients whose medical condition places them at high risk of mortality or serious morbidity. ICU medical devices (ICUMDs) are used to closely monitor, stabilize, and treat ICU patients who are often unconscious and rely almost solely on ICUMDs. ICUMDs have become more autonomous, with a range of components, connectivity to external devices, and functionalities, opening the door to cyber-attacks. We present a taxonomy based on the functionality of 19 widely used ICUMDs, providing an explanation of each device's medical role, properties, interactions, and how they impact each other's security. We provide an extensive survey of 16 possible attacks aimed at ICUMDs and assess each device's vulnerability. We also create an ecosystem graph describing the roles and interactions of the players of each ICU sub-department. For each device type we produce a unique attack flow diagram that presents the most vulnerable vectors and components within the ecosystem. Finally, we survey relevant security mechanisms and map their coverage for the attacks, identifying existing gaps. We show that current security mechanisms generally fail to provide protection, covering just 12.5-56.3% of the attacks against ICUMDs, leaving the devices and the patients vulnerable. |
| topic |
ICU medical device cyber-attack malware detection security |
| url |
https://ieeexplore.ieee.org/document/9051823/ |
| work_keys_str_mv |
AT carmeleliash seccuthesecurityofintensivecareunitmedicaldevicesandtheirecosystems AT isaaclazar seccuthesecurityofintensivecareunitmedicaldevicesandtheirecosystems AT nirnissim seccuthesecurityofintensivecareunitmedicaldevicesandtheirecosystems |
| _version_ |
1724186780584902656 |