Cyber Security Threats and Mitigations I
Cyber Security Threats and Mitigations I
Cyber Security Threats and Mitigations I
O.D. Abeywickrama.
Department of Computer Systems
Engineering
Sri Lanka Institute of Information
Technology
Malabe, Sri Lanka.
it20153540@my.sliit.lk
Abstract— A surge in cyber-attacks on the medical profession necessitate innovation as well as the ability to deal with the
has resulted in large losses in the health-care business, owing to aforementioned difficulties [3].
the evident relevance of medical information in human health. In
recent years, the Internet of Things (IoT) has become a critical Medical and health care are two of the most intriguing IoT
component of industry processes. Healthcare, agriculture, supply application sectors. The Internet of Things has the potential to
chain, smart energy, building and industrial automation, and allow a variety of medical applications, including remote
linked autos have all seen substantial growth in IoT applications. health monitoring, exercise programs, chronic ailments, and
The healthcare industry is the topic of this chapter. The benefits, senior care. Adherence to therapy and medication at home and
drawbacks, and potential solutions of employing Software by healthcare professionals is another important potential use.
Defined Networks (SDN) in Healthcare-Internet of Things, as As a result, medical equipment, sensors, and diagnostic and
well as the applications and problems of deploying IoT in the imaging devices can all be considered smart devices or items
healthcare business, are discussed in this chapter (IoT). that are vital to the Internet of Things.
Keywords — Healthcare sector, Cyber security threats, Mitigations, The Internet of Things' healthcare services are designed to
Security, IoT, SDN. save costs, improve quality of life, and enhance the user
experience. According to healthcare providers, remote
I. INTRODUCTION provisioning via the Internet of Things has the potential to
The healthcare business has seen a rise in cybersecurity reduce device downtime.
incidents over the previous few years. Millions of papers have SDN (software-defined networking) is an innovative
been taken from the systems of large organizations like as approach to network modernization. For IoT enabled devices to
Anthem, Primera Blue Cross, and Excellus by malicious work properly, the infrastructure plane and the controlling
hackers. Health data records, on the other hand, aren't the layer must be separated. The SDN Architecture has global
primary purpose in healthcare. visibility and governs the whole network [2].
The Internet of Things (IoT) revolution has resulted in SDN not only solves typical network problems, but it also
internet-enabled insulin pumps, pacemakers, MRI machines, provides a raft of new features to help IoT-enabled networks
and other medical devices. There are presently growing realize their full potential. Clinical trial networks, which are
concerns regarding personal data breaches in the medical made up of several subnetworks, are becoming more common
business. The banking and healthcare industries, according to in the healthcare business. Due to the increasing number of
Boann News, are the most concerned about data breaches, with patients admitted, hospitals utilizing these connections,
49.45 percent and 28.41 percent of breaches, respectively [1]. diagnostic supplies, and many other aspects, SDN entails
Finance is a typical target for hackers since the records are functioning as a backbone to support and execute functions.
full of financial transactions. Healthcare security measures As healthcare moves closer to IoT-enabled devices, these
receive less attention than financial security measures, despite gadgets will be able to communicate with one another across a
the fact that medical data is far more valuable and sensitive. network. There are certain benefits to this, but there are also
Each connection might alternatively be made up of many some drawbacks. It is vital to have a network that can manage
networks. For example, obtaining a patient record from a the problems of IoT-enabled networks. One of the obstacles is
connected IoT enabled medical imaging device necessitates security, as vital information about each patient's health is one
maximum bandwidth from the appropriate hospital's network, of the concerns.
as well as agility and flexibility. Traditional networks
Given the serious consequences of assaulting Internet- The risk of security breaches grows in direct proportion to
enabled medical equipment, the goal of this research is to find the "degree of connectedness," according to Lake et al. The
vulnerabilities in Internet-enabled medical devices that can be availability of Internet-connected medical devices has
found via Shodan. Shodan's web API is used to collect substantially improved the quality of today's healthcare
thousands of devices from prominent medical device services. Given the various benefits, Sometime et al.
manufacturers, and Nessus, a cutting-edge vulnerability emphasized that Internet capabilities in medical devices allow
assessment tool, is used to explore the devices' weaknesses. attackers to get sensitive information and infect devices with
malware, endangering human life.
The remainder of this work is arranged in the following
manner. To begin, gather information on medical equipment Cyber-attacks can affect pacemakers, neurostimulators,
and vulnerability evaluations. Explain what a research testbed implantable cardiac defibrillators (ICDs), and pharmaceutical
is in the second paragraph. Then, summarize the most delivery systems [3],[5]. The Food and Drug Administration
significant results and conclusions. Finally, draw a conclusion (FDA) has established cybersecurity requirements for three
and give recommendations for further research. medical device classes (table 1) before goods are allowed to
the market to address the growing concern about medical
II. RESEARCH STATEMENT. device cybersecurity.
Attackers exploit this flaw by impersonating government IoT is presently spreading into the contemporary era as a result
agencies, tax authorities, and other pandemic-related of numerous networks with varied networks. These two
organizations in harmful phishing campaigns. Wu et al. networks are interconnected. Massive networks are also
common in healthcare IoT. A variety of hospital and other phone apps for webmail and software as a service (SaaS) [9].
clinical trial networks make up these networks. Because Malicious software includes worms and Trojan horses.
conventional network designs couldn't keep up with the rapid
pace of IoT advancements, it became imperative to integrate Even during the Coronavirus outbreak, attackers and
IoT into the SDN-based network. The suggested SDN-based APT outfits used emails and ad sites to send malware to
IoT Healthcare Network architecture is shown in Figure 2. The vulnerable individuals and networks. It was discovered that
network, as can be seen, is made up of a variety of different 70% of the malware entered the system via email. Malicious
networks at various hospitals. Several hospitals are continuing software with specific features, like as ransomware, will have
to engage in network activities to transfer data, clinical reports,
a major impact on the epidemic's company [16]. Because it is
and patient data across a variety of IoT devices.
simple to deploy and has a huge impact on the target,
All pertinent data is stored at a data center. Three levels of distributed denial of service is tough to utilize. DDoS assaults,
design separate the networking employed in this data center. unlike regular DoS attacks, employ several attack sources and
The first layer is the internet protocol, which incorporates hosts to create a threat against many targets, multiplying the
physical configuration, networking devices, and other network threat and complicating security.
locations (switches, routers). The second and higher tier is the
main and control layer, which is a more centralized SDN
controller. This SDN controller is in charge of overall network
operations and has a comprehensive picture of the network
[19].
VII. MITIGATIONS.
To address the healthcare industry's cybersecurity threats,
all stakeholders must act promptly. Mitigating and preventing
cyberattacks is challenging; more preparation and better
channels for putting plans into action are required to guarantee
that all security processes are followed appropriately [21].
Participants from the corporate and public sectors must
collaborate to guarantee the implementation of systems that
effectively handle security issues. Regardless of how
Figure 5 : Breakdown of Security Ratings by
sophisticated attackers have grown in recent years, there are a
Major Industry.
variety of effective defenses that can help minimize the
frequency of attacks. The following are some
V. CHALLENGES countermeasures; nevertheless, they are by no means
exhaustive:
The health industry has faced several obstacles because of
Users must be educated: The client is the weakest link in
the blatant attacks, and it has been a top issue for a long time.
any security system. Many security systems consider people to
As a result of the public convergence of various persons
be the weakest link. Client cybersecurity awareness is crucial
seeking treatments, the healthcare industry has come under
for reducing the risk of cyberattacks on a company through
fire. The attackers uncovered a hole in the firm since the
education initiatives. According to the survey, 11% of
majority of the material is still available on the websites for
companies aim to make security a high priority via planning,
clients and patients to examine. As a consequence, people
while the rest do not, revealing a substantial gap. Using an
with evil motives will find it simple to contact them and
encryption platform to secure communication over a virtual
obtain information from them.
private network, on the other hand, has shown to be effective
in the battle against security. Applicability through the usage
of a virtual private network (VPN) has become part of many
people's daily routine. Using a VPN protects your privacy routes are to generate less expensive designs. Health related
while also allowing you to adhere to more stringent rules and frameworks that minimize expenses by offering lower-cost
security procedures. services will benefit patients and other medical staff.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: