Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED)

Mikaela, Ngamboé; Berthier, Paul; Ammari, Nader,; Dyrda, Katia; Fernandez, José M.

doi:10.1007/s10207-020-00522-7

Cited by 16 publications

(6 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In risk assessment, the threat, risk, and vulnerability analysis (TVRA) technique are implemented. The risk assessment was carried out in accordance with the ISO/IEC 27005 standard for handling information security risks [30]. TVRA is based on the probability of a specified attack, as well as the impact of the attack on system assets and associated threats.…”

Section: A Iomt-specific Risk Assessmentmentioning

confidence: 99%

“…The study in [41] proposed a systemtheoretic process analysis (STPA) on an insulin pump device to detect accidents caused by security threats that are not protected by functional safety. In [30] used a threat-oriented analytical technique to assess the impacts of the attacks, a scenario-based analysis to determine the probability of threats occurring, and a composite analysis to select the most serious attack.…”

Section: ) Threat Assessmentmentioning

confidence: 99%

See 1 more Smart Citation

A Survey: To Govern, Protect, and Detect Security Principles on Internet of Medical Things (IoMT)

Alhaj

Abdulla²,

Iderss³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

The integration of medical equipment into the Internet of Things (IoT) led to the introduction of Internet of Medical Things (IoMT). Variation of IoT devices have been equipped in medical facilities. These devices provided convenience to healthcare provider since they can continuously monitor their patients in real-time, while allowing them to have greater physical flexibility and mobility. However, users of healthcare services (such as patients and medical staff) often are less concerned about security issues associated with IoT. These alleviate existing problems and jeopardize the lives of their patients by making them susceptible to attacks. Furthermore, IoMT applications have direct access to healthcare services because it handles sensitive patient information. Therefore, it is extremely important to preserve and establish the security and privacy of IoMT. This further justifies the need to investigate and address the related issues. Despite existing literature on security and privacy mechanisms, the domain still requires more attention. Therefore, this paper aims to discuss the security and privacy principles, as well as challenges associated with IoMT. Besides, a comprehensive analysis of privacy and security solutions for IoMT is also presented. In addition, we introduced a novel taxonomy of IoMT security and privacy based on cyber security principles such as "govern," "protect," and "detect". In conclusion, this paper provides a discussion on existing challenges and future direction for researchers.

show abstract

Section: A Iomt-specific Risk Assessmentmentioning

confidence: 99%

Section: ) Threat Assessmentmentioning

confidence: 99%

A Survey: To Govern, Protect, and Detect Security Principles on Internet of Medical Things (IoMT)

Alhaj

Abdulla²,

Iderss³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The authors make use of attack-tree structure analysis as part of their threat analysis model. In [59] The authors use a threat-oriented analytical approach to split the analysis into three parts, an actor-based analysis to assess the effects of the attacks, a scenario-based analysis to calculate the possibility of threats happening, and a composite analysis to classify the most dangerous attack findings. Table 5 presents a comparison of the various IoMT threat models found in the scientific literature.…”

Section: A: Threat Modeling For Iomtmentioning

confidence: 99%

“…In [71] four major groups of impact are proposed: a) Patient safety (Imposing the impact on the health of a patient due to medical device failures such as minor/severe injury or even death), b) Service personnel or environment safety (Imposing the impact on medical personnel or the surrounding ecosystem due to to failures), c) Maintenance (Measuring the average time needed for restoring or maintenance the system after a software failure) and d) Cost (Measuring the total economic cost for maintenance and the time for holding up medical operation). A four-scale impact assessment is presented in [59]. The authors identify four scales: health, economy, quality of life, and privacy.…”

Section: Impact Assessment For Iomtmentioning

confidence: 99%

Risk Assessment Methodologies for the Internet of Medical Things: A Survey and Comparative Appraisal

et al. 2021

View full text Add to dashboard Cite

The Internet of Medical Things (IoMT) has revolutionized health care services by providing significant benefits in terms of patient well being and relevant costs. Traditional risk assessment methodologies, however, cannot be effectively applied in the IoMT context since IoMT devices form part of a distributed and trustless environment and naturally support functionalities that favor reliability and usability instead of security. In this work we present a survey of risk assessment and mitigation methodologies for IoMT. For conducting the survey, we assess two streams of literature. First, we systematically review and classify the current scientific research in IoMT risk assessment methodologies. Second, we review existing standards/best practices for IoMT security assessment and mitigation in order to i) provide a comparative assessment of these standards/best practices on the basis of predefined criteria (scope and/or coverage, maturity level, and relevant risk methodology applied) and ii) identify common themes for IoMT security controls. Based on the analysis, we provide various IoMT research and implementation gaps along with a road map of fruitful areas for future research. The paper could be of significant value to security assessment researchers and policymakers/stakeholders in the health care industry.

show abstract

“…In the same line, M. Ngamboé et al [36] assess the risks in implantable cardiac electronic devices (CIED) using the ISO/IEC 27,005 standard and the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30 guide. Using a methodical approach, they perform the analysis in three parts that are actor-based, scenario-based and combined.…”

Section: Businessmentioning

confidence: 99%

Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation

et al. 2021

View full text Add to dashboard Cite

The inclusion of Internet of Things (IoT) for building smart cities, smart health, smart grids, and other smart concepts has driven data-driven decision making by managers and automation in each domain. However, the hyper-connectivity generated by IoT networks coupled with limited default security in IoT devices increases security risks that can jeopardize the operations of cities, hospitals, and organizations. Strengthening the security aspects of IoT devices prior to their use in different systems can contribute to minimize the attack surface. This study aimed to model a sequence of seven steps to minimize the attack surface by executing hardening processes. Conducted a systematic literature review using Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) techniques. In this way, we were able to define a proposed methodology to evaluate the security level of an IoT solution by means of a checklist that considers the security aspects in the three layers of the IoT architecture. A risk matrix adapted to IoT is established to evaluate the attack surface. Finally, a process of hardening and vulnerability analysis is proposed to reduce the attack surface and improve the security level of the IoT solution.

show abstract

Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED)

Cited by 16 publications

References 38 publications

A Survey: To Govern, Protect, and Detect Security Principles on Internet of Medical Things (IoMT)

A Survey: To Govern, Protect, and Detect Security Principles on Internet of Medical Things (IoMT)

Risk Assessment Methodologies for the Internet of Medical Things: A Survey and Comparative Appraisal

Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation

Contact Info

Product

Resources

About