Cyber-physical Threat Detection Platform Designed for Healthcare Systems
Hospitals are responsible for delivering healthcare services to patients in need. These services are large and complex and get affected by multiple interacting actors, such as doctors, nurses, patients, citizens, medical suppliers, health insurance providers. Lately, hospitals around the world are one of the main targets when it comes to terrorist attacks, the cyber realm being the principal source. The healthcare sector is particularly vulnerable due to heavy involvement in patient personal and health information, time constraints, and complex day-to-day operations. In addition to cyber-threats, physical threats are increasingly growing and even healthcare facilities are not immune to them. Malicious intended people created cyber threatening attacks with the purpose to systematically collect evidence against the healthcare system, to advocate for the end of such attacks, and to endanger people's lives or to use the stolen personal data for bad intended actions. Henceforth it is necessary to build a platform that will get alerts and incidents at a fast pace in real-time to prevent any casualties at low cost. SAFECARE project aims to offer protection to hospitals and increase the compliance for the European regulations and security regarding ethics and privacy for health services. This paper presents a solution that will enhance security in hospitals. The primary platform will be built based on a BTMS (Building Threat Monitoring System) where events, incidents, and alerts will be transmitted by sensors from hospital rooms in real-time. Several scenarios were thought to simulate different types of attacks against hospitals and according to the scenarios, various prototypes will be built for assuring the security of the personal and patients from various hospitals.
British Standard Institute (BSI). (2014). BS11200: Crisis Management – guidance and good practice . BSI.
ENISA. (2016). Securing Hospitals: A research study and blueprint. Independent Security Evaluators. Ανάκτηση 2019, από https://www.securityevaluators.com/wp-content/uploads/2017/07/securing_hospitals.pdf
INFOSEC. (2019). INFOSEC institute. Ανάκτηση 10 2019, από Hospital Security: https://resources.infosecinstitute.com/category/healthcare-information-security/security-awareness-for-healthcare-professionals/hospital-security/
Jalali, M. S., & Kaiser, J. P. (2018). Cybersecurity in hospitals: a systematic, organizational perspective. Journal of medical Internet research, 20(5), e10059.
Larrucea, X., Moffie, M., Asaf, S., & Santamaria, I. (2020). Towards a GDPR compliant way to secure European cross border Healthcare Industry 4.0. Computer Standards & Interfaces, 69, 103408.
Martignani, C. (2019). Cybersecurity in cardiac implantable electronic devices. Expert review of medical devices, 16(6), 437-444.
Martin, G., Martin, P., Hankin, C., Darzi, A., & Kinross, J. (2017). Cybersecurity and healthcare: how safe are we?. Bmj, 358, j3179.
National Academies of Sciences, Engineering, and Medicine (2015). Guidebook on Best Practices for Airport Cybersecurity. Best Practices for Airport Cybersecurity. Washington, DC: The National.
OASIS. (2019). Emergency Data Exchange Language (EDXL) Hospital AVailability Exchange (HAVE) Version 2.0
Poenaru, Vlad Andrei, George Suciu, Cristian George Cernat, Gyorgy Todoran, and Traian Lucian Militaru. "Attacking the cloud." ICEST 2012
SAFECARE project. (2018). Grant Agreement Number 787005, European Commission H2020. Ανάκτηση 11 2019, από https://www.safecare-project.eu/
Suciu, G., Scheianu, A., Vulpe, A., Petre, I., & Suciu, V. (2018). Cyber-attacks–the impact over airports security and prevention modalities. In World Conference on Information Systems and Technologies (pp. 154-162). Springer, Cham.