Cyber Security Threats and Mitigations I

Download as pdf or txt
Download as pdf or txt
You are on page 1of 9

Cyber Security threats and mitigations in the

Healthcare Sector with emphasis on medical Internet


of Things and SDN.

O.D. Abeywickrama.
Department of Computer Systems
Engineering
Sri Lanka Institute of Information
Technology
Malabe, Sri Lanka.
it20153540@my.sliit.lk

Abstract— A surge in cyber-attacks on the medical profession necessitate innovation as well as the ability to deal with the
has resulted in large losses in the health-care business, owing to aforementioned difficulties [3].
the evident relevance of medical information in human health. In
recent years, the Internet of Things (IoT) has become a critical Medical and health care are two of the most intriguing IoT
component of industry processes. Healthcare, agriculture, supply application sectors. The Internet of Things has the potential to
chain, smart energy, building and industrial automation, and allow a variety of medical applications, including remote
linked autos have all seen substantial growth in IoT applications. health monitoring, exercise programs, chronic ailments, and
The healthcare industry is the topic of this chapter. The benefits, senior care. Adherence to therapy and medication at home and
drawbacks, and potential solutions of employing Software by healthcare professionals is another important potential use.
Defined Networks (SDN) in Healthcare-Internet of Things, as As a result, medical equipment, sensors, and diagnostic and
well as the applications and problems of deploying IoT in the imaging devices can all be considered smart devices or items
healthcare business, are discussed in this chapter (IoT). that are vital to the Internet of Things.
Keywords — Healthcare sector, Cyber security threats, Mitigations, The Internet of Things' healthcare services are designed to
Security, IoT, SDN. save costs, improve quality of life, and enhance the user
experience. According to healthcare providers, remote
I. INTRODUCTION provisioning via the Internet of Things has the potential to
The healthcare business has seen a rise in cybersecurity reduce device downtime.
incidents over the previous few years. Millions of papers have SDN (software-defined networking) is an innovative
been taken from the systems of large organizations like as approach to network modernization. For IoT enabled devices to
Anthem, Primera Blue Cross, and Excellus by malicious work properly, the infrastructure plane and the controlling
hackers. Health data records, on the other hand, aren't the layer must be separated. The SDN Architecture has global
primary purpose in healthcare. visibility and governs the whole network [2].
The Internet of Things (IoT) revolution has resulted in SDN not only solves typical network problems, but it also
internet-enabled insulin pumps, pacemakers, MRI machines, provides a raft of new features to help IoT-enabled networks
and other medical devices. There are presently growing realize their full potential. Clinical trial networks, which are
concerns regarding personal data breaches in the medical made up of several subnetworks, are becoming more common
business. The banking and healthcare industries, according to in the healthcare business. Due to the increasing number of
Boann News, are the most concerned about data breaches, with patients admitted, hospitals utilizing these connections,
49.45 percent and 28.41 percent of breaches, respectively [1]. diagnostic supplies, and many other aspects, SDN entails
Finance is a typical target for hackers since the records are functioning as a backbone to support and execute functions.
full of financial transactions. Healthcare security measures As healthcare moves closer to IoT-enabled devices, these
receive less attention than financial security measures, despite gadgets will be able to communicate with one another across a
the fact that medical data is far more valuable and sensitive. network. There are certain benefits to this, but there are also
Each connection might alternatively be made up of many some drawbacks. It is vital to have a network that can manage
networks. For example, obtaining a patient record from a the problems of IoT-enabled networks. One of the obstacles is
connected IoT enabled medical imaging device necessitates security, as vital information about each patient's health is one
maximum bandwidth from the appropriate hospital's network, of the concerns.
as well as agility and flexibility. Traditional networks

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE


Shodan, an Internet of Things search engine, is one tool destination. The goal of this study is to show how important
that might aid in the discovery of potentially vulnerable SDN is in IoT healthcare applications. Various benefits,
Internet-connected medical equipment. A web interface and/or challenges, and current research avenues, as well as the full
API are available to access Shodan's billion-record database. architecture of both technologies, are presented.
Figure 1 shows how a user may locate and operate medical
equipment manufactured by Omron Corporation, a renowned III. LITERATURE REVIEW.
medical device manufacturer.
The challenge of obtaining, aggregating, and understanding
network data from a variety of IoT devices has been
investigated. This data can be large and in any format,
including audio, video, and text. The authors provided a
centralized and adaptive system architecture for real-time
transmission of massive amounts of data that can meet
security, privacy, and other criteria for a variety of connected
Figure 1 : Shodan results for Omron corporation search. healthcare applications.

Given the serious consequences of assaulting Internet- The risk of security breaches grows in direct proportion to
enabled medical equipment, the goal of this research is to find the "degree of connectedness," according to Lake et al. The
vulnerabilities in Internet-enabled medical devices that can be availability of Internet-connected medical devices has
found via Shodan. Shodan's web API is used to collect substantially improved the quality of today's healthcare
thousands of devices from prominent medical device services. Given the various benefits, Sometime et al.
manufacturers, and Nessus, a cutting-edge vulnerability emphasized that Internet capabilities in medical devices allow
assessment tool, is used to explore the devices' weaknesses. attackers to get sensitive information and infect devices with
malware, endangering human life.
The remainder of this work is arranged in the following
manner. To begin, gather information on medical equipment Cyber-attacks can affect pacemakers, neurostimulators,
and vulnerability evaluations. Explain what a research testbed implantable cardiac defibrillators (ICDs), and pharmaceutical
is in the second paragraph. Then, summarize the most delivery systems [3],[5]. The Food and Drug Administration
significant results and conclusions. Finally, draw a conclusion (FDA) has established cybersecurity requirements for three
and give recommendations for further research. medical device classes (table 1) before goods are allowed to
the market to address the growing concern about medical
II. RESEARCH STATEMENT. device cybersecurity.

A growing number of cyber-attacks in the medical


profession have resulted in huge losses in the health-care
industry, owing to the relevance of medical information in
human health. This article begins with a brief overview of the
dataflow in the medical sector, then analyzes the
vulnerabilities at each stage of the dataflow to provide a
comprehensive overview of potential cyber-attacks and
countermeasures. Then, depending on the weaknesses of the
medical system, a categorization of cyber-attacks is presented.
Table 1 : Medical device classes.
The study also includes findings from previous
research aimed at resolving these cyber-attacks, as well as the Cybersecurity concerns are typically directed at class II and
benefits and drawbacks of each approach. More importantly, III devices. Jay Radcliffe, for example, used the serial number
to get into an insulin pump, a Class II piece of equipment, and
the study looks at current literature for data storage assurance
was able to transmit orders to it or disable it. For diabetics who
to see if there are any potential cybersecurity designs for the rely on properly working insulin pumps, this may be
medical domain. Previous countermeasures and designs are devastating. Analyzing the vulnerabilities of other linked
addressed in terms of resource depletion, attack reduction, medical equipment, for example, is important in order to
applicability, and other criteria. Finally, the research considers reduce the risk of major attacks.
and advises future work in the medical field to prevent cyber-
attacks and protect human health [4]. A discussion of the utilization of IoT, its origins, and
advantages is included. They also demonstrate the design's
complexities as well as other component needs. The authors
Existing network designs fail to apply high-level network proposed an architecture for IoT-healthcare as well as further
rules and manual command-line interfaces, which creates a research goals and challenges. This study looked at the
barrier in IoT-enabled healthcare networks; this is where SDN challenges and various concerns about the security and privacy
comes in. Not only has SDN made it easier to control the of traditional healthcare monitoring systems (HMS).
whole network, but it has also eliminated the need for a Architecture was also considered as a resource. This design
manual command-line interface. With only a few clicks, you might be used to control IoT-powered medical monitoring
may direct traffic from a certain source to a specific equipment. It ensures the security and privacy of the many
services provided, as well as their dependability. A number of The researchers looked at new offensive tendencies
programs and services are aimed towards the elderly and influencing emerging technologies including cloud computing,
infirm. social media, key infrastructure, and smartphone technology.
There is a significant risk of medical technology vulnerabilities
Malasri and Wang gave an outline of healthcare implanted and assaults with the introduction of cutting-edge medical
devices as well as some of the risks associated with them technology.
(eavesdropping and spoofing). Ida et al. discussed a thorough
investigation of IoT for eHealth. Security issues in IoT The research, on the other hand, was restricted to
healthcare were also examined in the study. McMahon et al. identifying flaws in hacked medical devices. The Telecare
covered IoT-enabled medical devices in considerable depth. Medical System Taxonomy is another major review (TMS).
On the other hand, the study was limited to finding flaws in TMS authentication techniques, as well as TMS limits and
vulnerable medical devices. Masdari and Ahmadzadeh benefits, are also compared. Using only the Markov model, a
published yet another excellent analysis on the authentication case study on the risks of healthcare IoT. However, due to the
taxonomy of the telecare medical system (TMS). TMS Markov model's limitations, only a few issues were discovered.
authentication methods are also compared, as well as TMS Provides a promising overview of the medical service industry
limitations and benefits [6], [7]. [9].
This report gives a broad review of the current situation of McDermott et al. [10] conducted a survey to determine
IoT in a number of sectors. Massive scaling, architecture and probable danger classifications for HER data protection.
dependencies, knowledge creation, robustness, openness, Portable gadgets, physical threats, technological dangers,
security, privacy, and human in the loop are the eight research insider usage, and administrative dangers were all classified
directions that have been discussed to provide the increasing into five categories.
use of sensors, actuators, communication, and extracting
knowledge from large volumes of data [4]. The goal of the
research is to provide a technical combination that combines
SDN with IoT.
Current achievements in different areas, such as the
wireless and optical domains, are emphasized in order to
combine the technologies, as well as security and scalability
challenges associated with both technologies. SDN technology
is not only gaining popularity in industry and academia, but it
is also the most successful technological solution for reducing
network traffic utilizing a particular protocol.
A survey was conducted by McDermott et al. to assess risk
classifications for securing Electronic Health Record (HER)
data. The use of IoT in healthcare is described in this study.
The suggested architecture employs a specialized algorithm
and protocol to safeguard healthcare data against network
threats. IoT-restricted devices in the healthcare industry are
still in their infancy in terms of security. This proposed Figure 2 : Healthcare Cyber Attacks.
approach, which is a secure, trustworthy, and approved Fernández-Alemán et al. [11] provided the findings of
procedure, addresses all the aforementioned issues. In this a comprehensive evaluation of the literature on EHR security
study, graphs are used to assess network connection [8]. and privacy. The review also suggested that EHR security and
From a number of angles, SDN solves the challenges privacy standards be created, and that guidelines be given.
of efficiency, scalability, manageability, and cost-effectiveness The articles included non-technological factors, the
in IoT. Edge, access, and core networking concerns have all business community, software development security, and
been explored. Many networking solutions have been physical security. According to the poll, physical security
introduced that either support the network with SDN or are requires more attention because many physical attacks result in
effective in fixing the WSN issue. The problems of IoT and breaches that risk the patient's safety.
data center networks, as well as how SDN may assist solve
them, have also been discussed. This section mentioned cybersecurity breaches such as
ransomware attacks on hospitals and health information theft.
Because of the engagement of IoTs and its major In addition, deliberate assaults against well-known medical
dependence on information technology, medical care has devices were conducted out. Following extensive investigation,
increased in popularity throughout the world in the previous it was discovered that all of the available surveys are incredibly
decade. MCIS cybersecurity is now an essential component of essential [5]. These surveys, on the other hand, either focus on
delivering reliable, secure, and effective medical care. One of the security and privacy of implanted medical devices from an
the most serious dangers to IoT-enabled medical equipment is IoT standpoint or employ specific models and case studies to
cybersecurity. authenticate the devices. The cutting-edge survey, on the other
hand, evaluates the flow of information in the medical domain
as well as the fundamental cybersecurity flaws in the medical examine implanted medical devices in depth, with an emphasis
domain, with a focus on data storage and IoT connection. on access control mechanisms for limiting unauthorized access.
Another research on cyber security problems in healthcare was
Such wireless connections put the gadget at danger of undertaken by Kruse et al. Jalali et al. published a bibliometric
security breaches, raising worries about patient safety and study of the literature on health care and cybersecurity [13].
privacy [2]. Investigators have discovered that these devices, as
well as their wireless connections, are vulnerable to cyber- Cyber actors are growing more prevalent by the day
attacks, jeopardizing patient safety, security, and privacy. because of phishing and other criminal acts, according to a
World Economic Forum study. Because many individuals only
Researchers have shown many forms of attacks on medical obtain information via emails rather than first-hand sources
equipment, including privacy leaks by eavesdropping, safety like work briefings, such attacks have been extremely
and integrity flaws via message manipulation, and availability successful. As a result, people are more willing to share
difficulties via battery draining assaults [4]. A number of information [14]. People anticipate contact from officials,
mitigations have been proposed for these attacks. The resource employers, and other information related to their work, so
limits on medical devices for applying security measures are a fraudsters may take advantage of this by enticing them in with
major consideration when building mitigations for them. appealing emails and collecting certifications related to their
The most significant consideration for implantable medical jobs.
devices (IMDs) is battery life. Non-rechargeable batteries are Routes are well-known among cybercriminals. Today's
used in most electronics, and they must be changed every few software, hardware, and network layers all have flaws,
years. Adding cryptographic security to communications is according to Jang-Jaccard and Nepal. New attack patterns were
extremely difficult since any communication or function that examined for emerging technologies such as cloud computing,
affects battery life has a significant performance effect [9]. The social media, critical infrastructure, and smartphone
device platform does not enable high-end encryption for technology [15].
communications protection, even for non-implantable devices.
As a result, in recent years, lightweight cryptography for these When sending an email, the sender must ensure that the
low-end devices has been a hot research area . message received is genuine. When sending an email, the
sender must be sure that the message he or she is receiving is
Though this would let patients to move around and be real. This is because criminals impersonate people and force
monitored at all times, it will also put patients' safety, security, them to visit gun-infected websites. Other parties can gain
and privacy at risk. For further acceptance of these devices and access to information and conduct attacks thanks to
their expanded communication functions, it will be critical to vulnerabilities and other flaws in home employer security
address these cyber dangers. Present an architecture for IoTs systems. As a result of the pervasive isolation, a problem has
that improves their safety, security, and privacy while allowing arisen. Finding technology solutions has become more
for more mobility and monitoring in this section. For better challenging, putting the industry at risk of circumstances like
patient safety, security, and privacy, the framework employs remote work [16].
lightweight encryption and attribute-based permission to give
fine-grained access control to device data and functionality [9]. Cyber security can be jeopardized by data collection
attacks, database assaults, website attacks, and operation device
People are using the internet to acquire various instructions attacks. Cybersecurity may also be used for evil objectives like
on how to use various pieces of technology connected to forgery, data tampering, data leak, and so on. Hackers can use
treatment and messages for their health problems and clinic cybersecurity for nefarious purposes such as forgery, data
schedules. They also utilize the internet to acquire different tampering, data breach, and so on [17].
instructions on how to operate certain equipment linked to their
therapy, as well as messages about their health issues and clinic As a consequence, patient privacy is threatened, which has
timetables. Cybercriminals are using the same chance to launch a negative impact on treatment and medication operations, as
as many assaults as possible in order to gain credentials for a well as putting the patient's health at risk. The MS17-010
variety of purposes. Cyber-attacks have considerably escalated security update and OpenSSH vulnerabilities both affect an
as a result of the epidemic [12]. information-gathering assault. The most frequent vulnerability
that allows attackers to take complete control of devices is the
Jang-Jaccard and Nepal discovered weaknesses in today's
MS17-010 security update. This topic has been tackled in a
software, hardware, and network layers. Cloud computing, number of different ways [18]. To begin, the ransomware's API
social media, critical infrastructure, and smartphone sequence can be employed. Second, combining decoupled
technology were all investigated for new attack patterns. Scams architecture and usable security, an alternative solution may be
and other forms of cybercrime earn more money while posing discovered.
the smallest danger to the perpetrators, unless special
circumstances exist. Government agencies and private
enterprises have provided financial support to individuals.
People are willing to work for organizations so that they may IV. THE ARCHITECTURE OF THE NETWORK WITH
spend more time socializing with others in their network. SDN.

Attackers exploit this flaw by impersonating government IoT is presently spreading into the contemporary era as a result
agencies, tax authorities, and other pandemic-related of numerous networks with varied networks. These two
organizations in harmful phishing campaigns. Wu et al. networks are interconnected. Massive networks are also
common in healthcare IoT. A variety of hospital and other phone apps for webmail and software as a service (SaaS) [9].
clinical trial networks make up these networks. Because Malicious software includes worms and Trojan horses.
conventional network designs couldn't keep up with the rapid
pace of IoT advancements, it became imperative to integrate Even during the Coronavirus outbreak, attackers and
IoT into the SDN-based network. The suggested SDN-based APT outfits used emails and ad sites to send malware to
IoT Healthcare Network architecture is shown in Figure 2. The vulnerable individuals and networks. It was discovered that
network, as can be seen, is made up of a variety of different 70% of the malware entered the system via email. Malicious
networks at various hospitals. Several hospitals are continuing software with specific features, like as ransomware, will have
to engage in network activities to transfer data, clinical reports,
a major impact on the epidemic's company [16]. Because it is
and patient data across a variety of IoT devices.
simple to deploy and has a huge impact on the target,
All pertinent data is stored at a data center. Three levels of distributed denial of service is tough to utilize. DDoS assaults,
design separate the networking employed in this data center. unlike regular DoS attacks, employ several attack sources and
The first layer is the internet protocol, which incorporates hosts to create a threat against many targets, multiplying the
physical configuration, networking devices, and other network threat and complicating security.
locations (switches, routers). The second and higher tier is the
main and control layer, which is a more centralized SDN
controller. This SDN controller is in charge of overall network
operations and has a comprehensive picture of the network
[19].

Figure 3 : The proposed architecture of SDN based IoT


healthcare Network. Figure 4 : Average cost of data breach per record
by industry.

IV. CYBER SECURITY ISSUES IN HEALTHCARE.


B. Departments impacted by the cyber actors.
Healthcare appears to have experienced a spike in 1. Information Technology Department.
cyberattacks, making it more vulnerable than other sectors.
Hackers breach software for a variety of purposes. Many Hospital IT divisions are one of the most frequently
attackers want credentials in order to demand a ransom, while targeted departments since they store a broad variety of data.
others seek credentials in order to pay high-profile individuals Cyber criminals are looking for weaknesses in the system,
to divulge important information to the public [20]. Hospitals such as antiquated or vulnerable technology, to launch assaults
have already been heavily targeted as a result of these since the IT department hasn't kept up with the trends. The
difficulties, owing to the increased use of technologies such as industry's vulnerability to cyber-security weaknesses has been
telehealth and electronic health records. highlighted by recent cyber-attacks.
A. Common threats. The key concept is that, due to budget constraints, these
Phishing compromises, ransomware, and DDoS were the businesses must protect their IT departments in the same way
most common threats in the healthcare industry, especially as fanciers defend their nations or towns [21]. Many hospitals,
during the pandemic; these threats were used in numerous for example, continue to utilize outdated technology and
attacks. To breach the objective, only a few clicks were devices, leaving them exposed to cyber threats such as
required, implying that sending more emails increased the Windows 7 or Windows XP.
success rate. Stealth was employed extensively in sensitive
locations such as fiancees, banks, and other well-known According to Europol, crypto locker attacks against
businesses. Attackers employ more complex tactics to attract healthcare facilities are common. Hospitals should be
victims, such as encrypting websites with HTTPS encryption computerized, with new Internet of Things connections in
technology. SSL was installed on more than 75% of phishing charge of preserving and documenting hospital activities.
sites, exacerbating the problem. Phishing targets include
Because of a lack of strong confidentiality in the field, the
2. Financial Department healthcare industry has suffered. Although a significant
number of people, including patients and organizations,
The disruption of global institutions and networks has cost communicate information, the technology is difficult to use.
millions of dollars. Health-care finance departments have been Keeping track of the incoming and leaving data during this
attacked by phishing, malicious software, and ransomware, data transfer has proven difficult. Because there are so many
culminating in a loss of roughly $21 billion by 2020. For various ways to share information, such as payments, online
example, South Africa is taking every effort to safeguard its clinics, and information sharing, it is difficult for the
financial assets. healthcare department to choose the ideal network, especially
during pandemics.
Due to poor security precautions on their phones, clients
transact from home using their cellphones, making Despite the fact that most IT workers prefer to play dark
information more available to cyber criminals. Banking sector websites and despise their professions, the healthcare business
security would improve if firewall protection and other aspects has had difficulty attracting semi-skilled IT personnel owing
such as internal access restrictions were better understood and to a lack of staff training, making it tough to battle black hats.
applied. Antivirus software updates on PCs could make a
difference in terms of security.

Financial institution employees, for example, are more


vulnerable to security threats since they work in the most risky
environment. Phishing and other facets of social engineering
hacking are becoming more well-known among professionals,
and they may quickly get addicted.

Figure 6 : A smart health-care system.

VII. MITIGATIONS.
To address the healthcare industry's cybersecurity threats,
all stakeholders must act promptly. Mitigating and preventing
cyberattacks is challenging; more preparation and better
channels for putting plans into action are required to guarantee
that all security processes are followed appropriately [21].
Participants from the corporate and public sectors must
collaborate to guarantee the implementation of systems that
effectively handle security issues. Regardless of how
Figure 5 : Breakdown of Security Ratings by
sophisticated attackers have grown in recent years, there are a
Major Industry.
variety of effective defenses that can help minimize the
frequency of attacks. The following are some
V. CHALLENGES countermeasures; nevertheless, they are by no means
exhaustive:
The health industry has faced several obstacles because of
Users must be educated: The client is the weakest link in
the blatant attacks, and it has been a top issue for a long time.
any security system. Many security systems consider people to
As a result of the public convergence of various persons
be the weakest link. Client cybersecurity awareness is crucial
seeking treatments, the healthcare industry has come under
for reducing the risk of cyberattacks on a company through
fire. The attackers uncovered a hole in the firm since the
education initiatives. According to the survey, 11% of
majority of the material is still available on the websites for
companies aim to make security a high priority via planning,
clients and patients to examine. As a consequence, people
while the rest do not, revealing a substantial gap. Using an
with evil motives will find it simple to contact them and
encryption platform to secure communication over a virtual
obtain information from them.
private network, on the other hand, has shown to be effective
in the battle against security. Applicability through the usage
of a virtual private network (VPN) has become part of many
people's daily routine. Using a VPN protects your privacy routes are to generate less expensive designs. Health related
while also allowing you to adhere to more stringent rules and frameworks that minimize expenses by offering lower-cost
security procedures. services will benefit patients and other medical staff.

To safeguard sensitive data and assets from hackers, IX. CONCLUSION.


healthcare facilities must beef up their security [22].
Unwanted behavior that may compromise a network's security This study does a thorough review of the literature on cyber
and confidence can be detected using an intrusion detection risk in the healthcare industry. It's a condensed version of the
most important cyber-risk study. It stresses the significance of
system and a firewall (IDS). An IDS uses anomaly detection
the problem. In this regard, more research is needed to address
and test protocol analysis, such as deep pocket research, as the healthcare sector's critical infrastructure in order to improve
well as other activities like matching signatures and other the field's future employment opportunities, since health
approach combinations, to better understand risk hybrids. facility research is insufficient to meet healthcare needs. The
Artificial Intelligence outlier detection has made intrusion key objectives of this review article are to raise awareness of
detection systems (IDS) the most frequent and accurate the healthcare industry's relevance and to analyze the necessity
technique of identifying assaults due to its capacity to for security measures in the healthcare sector to protect
recognize behaviors such as zero-day threats. sensitive information in hospital databases. This article
reviewed over 15 papers, but anyone may use this material to
VIII. FUTURE RESEARCH. learn as much about the significance of this issue for public and
While the Internet has benefited the medical industry government healthcare institutions.
greatly, it has also caused substantial security concerns. The Cybersecurity attacks have had a significant impact on the
goal of this research was to leverage the Shodan database to healthcare industry's efficiency. As a result, greater planning
find flaws in networked medical devices. According to our first and better channels for putting plans into action are required to
findings, key suppliers including Animas, Bionet, Roche, and ensure that all security systems are properly reviewed in order
ReliOn are vulnerable to Dropbear SSH server flaws, PHP to secure the safety and confidentiality of health information in
vulnerabilities, and OpenSSH flaws that allow remote code hospital databanks. Cyberattacks, not only in the healthcare
execution and/or authentication bypass. industry, should be viewed as a serious danger to all
Future work might go in a number of interesting areas. enterprises. As a result, governments must invest sufficient
First, future research might greatly broaden the area of risk resources to hospital firewalls and overall security.
assessment by investigating all of the medical devices on Sensors and network connectivity management are
Shodan. Second, research might be done to find out who owns addressed by the Internet of Things (IoT) and Software
sensitive equipment so that the owners are aware of the risks. Defined Networking (SDN), respectively. These are
Finally, automated mitigation techniques may be built to patch interconnected and must overcome challenges like as
and secure the found vulnerabilities. A number of the routes programmability and data management in order to meet
listed would aid in the development of critical medical device customer desires. By combining the two technologies, several
security capabilities [23]. difficulties in the traditional healthcare system may be
addressed.
In order to secure running devices, ongoing research
should look at fair and realistic solutions to CSRF assaults. To SDN is a ground-breaking method of using technology to
change network design. In healthcare, the Internet of Things
safeguard the medical system, people must be informed of the
has the potential to improve controllable networking in order to
danger. Furthermore, because the majority of inspections and
tackle a variety of problems.
procedures are likely to be considerably depreciated, solutions
should concentrate on increasing performance efficiency. Data X. ACKNOWLEDGMENT
input and creation operations are disrupted wholly or partially
by DoS, backdoor, and ransomware assaults. There have been Thank you, especially, to our Applied Information Assurance
proposed ways for reaching various aims; nevertheless, they professor in charge, Mr. Kanishka Yapa, for his invaluable
are incompatible with the medical industry. mentorship and technical assistance, which inspired us to
finish our task. Furthermore, we'd want to take this
opportunity to thank our cybersecurity classmates for their
As a result, improved detection methods for backdoors, invaluable criticism and assistance during this project.
denial-of-service assaults, and ransomware attacks are
essential. The ransomware assault is especially risky since
current ransomware tactics have poor system performance, REFERENCES
which might influence the outcome. Intruders can use DoS [1] G. Kortuem, F. Kawsar, V. Sundramoorthy, and D.
and remote code execution to adjust a patient's drug dose, Fitton, “Smart objects as building blocks for the
potentially resulting in the patient's death. Most designs have internet of things,” IEEE Internet Comput., vol. 14,
been proven to perform better in terms of data security and no. 1, pp. 44–51, Jan. 2010, doi:
transmission efficiency. However, not all architectural designs 10.1109/MIC.2009.143.
are cost-effective [24]. As a result, the planning and design [2] “What is Software-Defined Networking (SDN)? -
Ciena.” https://www.ciena.com/insights/what-is/What- Sungoor, “The potential of Internet of m-health
Is-SDN.html (accessed Mar. 21, 2022). Things m-IoT for non-invasive glucose level sensing,”
[3] D. Halperin, T. Kohno, T. S. Heydt-Benjamin, K. Fu, Proc. Annu. Int. Conf. IEEE Eng. Med. Biol. Soc.
and W. H. Maisel, “Security and privacy for EMBS, pp. 5264–5266, 2011, doi:
implantable medical devices,” IEEE Pervasive 10.1109/IEMBS.2011.6091302.
Comput., vol. 7, no. 1, pp. 30–39, Jan. 2008, doi: [15] L. Coventry and D. Branley, “Cybersecurity in
10.1109/MPRV.2008.16. healthcare: A narrative review of trends, threats and
[4] K. Sood, S. Yu, and Y. Xiang, “Software-Defined ways forward,” Maturitas, vol. 113, pp. 48–52, Jul.
Wireless Networking Opportunities and Challenges 2018, doi: 10.1016/J.MATURITAS.2018.04.008.
for Internet-of-Things: A Review,” IEEE Internet [16] S. Chen, H. Xu, D. Liu, B. Hu, and H. Wang, “A
Things J., vol. 3, no. 4, pp. 453–463, Aug. 2016, doi: vision of IoT: Applications, challenges, and
10.1109/JIOT.2015.2480421. opportunities with China Perspective,” IEEE Internet
[5] I. F. Akyildiz, M. Pierobon, S. Balasubramaniam, and Things J., vol. 1, no. 4, pp. 349–359, Aug. 2014, doi:
Y. Koucheryavy, “The internet of Bio-Nano things,” 10.1109/JIOT.2014.2337336.
IEEE Commun. Mag., vol. 53, no. 3, pp. 32–40, Mar. [17] L. Wu, X. Du, M. Guizani, and A. Mohamed, “Access
2015, doi: 10.1109/MCOM.2015.7060516. Control Schemes for Implantable Medical Devices: A
[6] M. Masdari and S. Ahmadzadeh, “A survey and Survey,” IEEE Internet Things J., vol. 4, no. 5, pp.
taxonomy of the authentication schemes in Telecare 1272–1283, Oct. 2017, doi:
Medicine Information Systems,” J. Netw. Comput. 10.1109/JIOT.2017.2708042.
Appl., vol. 87, pp. 1–19, Jun. 2017, doi: [18] N. Taimoor and S. Rehman, “Reliable and Resilient
10.1016/J.JNCA.2017.03.003. AI and IoT-Based Personalised Healthcare Services:
[7] “IEEE Xplore Full-Text PDF:” A Survey,” IEEE Access, vol. 10, pp. 535–563, 2022,
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnu doi: 10.1109/ACCESS.2021.3137364.
mber=7843009&tag=1 (accessed Mar. 25, 2022). [19] S. Van Rossem et al., “Deploying elastic routing
[8] Y. Meng, Z. Huang, G. Shen, and C. Ke, “SDN-Based capability in an SDN/NFV-enabled environment,”
Security Enforcement Framework for Data Sharing 2015 IEEE Conf. Netw. Funct. Virtualization Softw.
Systems of Smart Healthcare,” IEEE Trans. Netw. Defin. Network, NFV-SDN 2015, pp. 22–24, Jan.
Serv. Manag., vol. 17, no. 1, pp. 308–318, Mar. 2020, 2016, doi: 10.1109/NFV-SDN.2015.7387398.
doi: 10.1109/TNSM.2019.2941214. [20] “Cybersecurity Attacks during a Pandemic: It Is Not
[9] A. Strielkina, V. Kharchenko, and D. Uzun, Just IT’s Job! | Medsurg Nursing; 30(1):65-66, 2021. |
“Availability models for healthcare IoT systems: ProQuest Central.”
Classification and research considering attacks on https://pesquisa.bvsalud.org/global-literature-on-
vulnerabilities,” Proc. 2018 IEEE 9th Int. Conf. novel-coronavirus-2019-ncov/resource/pt/covidwho-
Dependable Syst. Serv. Technol. DESSERT 2018, pp. 1095011 (accessed Mar. 24, 2022).
58–62, Jul. 2018, doi: [21] P. Anantharam et al., “Knowledge-Driven
10.1109/DESSERT.2018.8409099. Personalized Contextual mHealth Service for Asthma
[10] J. Zhang, L. Li, G. Lin, D. Fang, Y. Tai, and J. Huang, Management in Children,” Proc. - 2015 IEEE 3rd Int.
“Cyber Resilience in Healthcare Digital Twin on Lung Conf. Mob. Serv. MS 2015, pp. 284–291, Aug. 2015,
Cancer,” IEEE Access, vol. 8, pp. 201900–201913, doi: 10.1109/MOBSERV.2015.48.
2020, doi: 10.1109/ACCESS.2020.3034324. [22] A. D. Wood et al., “Context-aware wireless sensor
[11] G. Lin, S. Wen, Q. L. Han, J. Zhang, and Y. Xiang, networks for assisted living and residential
“Software Vulnerability Detection Using Deep Neural monitoring,” IEEE Netw., vol. 22, no. 4, pp. 26–33,
Networks: A Survey,” Proc. IEEE, vol. 108, no. 10, 2008, doi: 10.1109/MNET.2008.4579768.
pp. 1825–1848, Oct. 2020, doi: [23] H. Kumarage, I. Khalil, A. Alabdulatif, Z. Tari, and X.
10.1109/JPROC.2020.2993293. Yi, “Secure Data Analytics for Cloud-Integrated
[12] S. Sharma, K. Chen, and A. Sheth, “Toward Practical Internet of Things Applications,” IEEE Cloud
Privacy-Preserving Analytics for IoT and Cloud- Comput., vol. 3, no. 2, pp. 46–56, Mar. 2016, doi:
Based Healthcare Systems,” IEEE Internet 10.1109/MCC.2016.30.
Computing, vol. 22, no. 2, IEEE, 2018. [24] A. K. Pandey et al., “Key Issues in Healthcare Data
[13] G. Lin et al., “Cross-Project Transfer Representation Integrity: Analysis and Recommendations,” IEEE
Learning for Vulnerable Function Discovery,” IEEE Access, vol. 8, pp. 40612–40628, 2020, doi:
Trans. Ind. Informatics, vol. 14, no. 7, pp. 3289–3297, 10.1109/ACCESS.2020.2976687.
Jul. 2018, doi: 10.1109/TII.2018.2821768.
[14] R. S. H. Istepanian, S. Hu, N. Y. Philip, and A.
Author Profile.
Osuni D. Abeywickrama
is a third year first-
semester student at
SLIIT, where she is
pursuing a BSc. Hons
Information Technology
degree with a specialty in
software development. in
the field of cyber-
security. It's her first time
writing a review article
in the subject of healthcare. Her research
examines a variety of topics of cyber security.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy