SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems

Carmel Eliash, Isaac Lazar, Nir Nissim

Research output: Contribution to journalArticlepeer-review

10 Scopus citations

Abstract

An intensive care unit (ICU) is dedicated to caring for patients whose medical condition places them at high risk of mortality or serious morbidity. ICU medical devices (ICUMDs) are used to closely monitor, stabilize, and treat ICU patients who are often unconscious and rely almost solely on ICUMDs. ICUMDs have become more autonomous, with a range of components, connectivity to external devices, and functionalities, opening the door to cyber-attacks. We present a taxonomy based on the functionality of 19 widely used ICUMDs, providing an explanation of each device's medical role, properties, interactions, and how they impact each other's security. We provide an extensive survey of 16 possible attacks aimed at ICUMDs and assess each device's vulnerability. We also create an ecosystem graph describing the roles and interactions of the players of each ICU sub-department. For each device type we produce a unique attack flow diagram that presents the most vulnerable vectors and components within the ecosystem. Finally, we survey relevant security mechanisms and map their coverage for the attacks, identifying existing gaps. We show that current security mechanisms generally fail to provide protection, covering just 12.5-56.3% of the attacks against ICUMDs, leaving the devices and the patients vulnerable.

Original languageEnglish
Article number9051823
Pages (from-to)64193-64224
Number of pages32
JournalIEEE Access
Volume8
DOIs
StatePublished - 1 Jan 2020

Keywords

  • ICU
  • cyber-attack
  • detection
  • malware
  • medical device
  • privacy
  • security

ASJC Scopus subject areas

  • General Computer Science
  • General Materials Science
  • General Engineering

Fingerprint

Dive into the research topics of 'SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems'. Together they form a unique fingerprint.

Cite this