Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED)-Reference-Cited by-同舟云学术

Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED)

Published:2020-10-07 Issue:4 Volume:20 Page:621-645
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Ngamboé Mikaëla^ORCID,Berthier Paul,Ammari Nader,Dyrda Katia,Fernandez José M.

Abstract

AbstractCardiac implantable electronic devices (CIED) are vulnerable to radio frequency (RF) cyber-attacks. Besides, CIED communicate with medical equipment whose telemetry capabilities and IP connectivity are creating new entry points that may be used by attackers. Therefore, it remains crucial to perform a cybersecurity risk assessment of CIED and the systems they rely on to determine the gravity of threats, address the riskiest ones on a priority basis, and develop effective risk management plans. In this study, we carry out such risk assessment according to the ISO/IEC 27005 standard and the NIST SP 800-30 guide. We employed a threat-oriented analytical approach and divided the analysis into three parts, an actor-based analysis to determine the impact of the attacks, a scenario-based analysis to measure the probability of occurrence of threats, and a combined analysis to identify the riskiest attack outcomes. The results show that vulnerabilities on the RF interface of CIED represent an acceptable risk, whereas the network and Internet connectivity of the systems they rely on represent an important potential risk. Further analysis reveals that the damages of these cyber-attacks could spread further to affect manufacturers through intellectual property theft or physicians by affecting their reputation.

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1007/s10207-020-00522-7.pdf

Reference71 articles.

1. Cuvillier, E.: Handbook of Leads for Pacing. Defibrillation and Cardiac Resynchronization, Cardiotext (2011)

2. Savci, H.S., Sula, A., Wang, Z., Dogan, N.S., Arvas, E.: Mics transceivers: regulatory standards and applications [medical implant communications service]. In: Proceedings. IEEE SoutheastCon, pp. 179–182. IEEE (2005)

3. Sanders, R.S., Lee, M.T.: Implantable pacemakers. Proc. IEEE 84, 480–486 (1996)

4. Biotronik USA: Eluna HF-T technical manual. https://manualzz.com/doc/7597543/eluna-hf-t---biotronik-usa (2015)

5. Medtronic: Medtronic carelink 2090 reference manual programmer for medtronic and vitatron devices. https://www.manualslib.com/manual/1410977/Medtronic-Carelink-2090.html#manual (2001)

Cited by 14 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Cyber Threats and Vulnerabilities in Connected Medical Devices;Advances in Healthcare Information Systems and Administration;2024-07-23

2. MEDICALHARM: A threat modeling designed for modern medical devices and a comprehensive study on effectiveness, user satisfaction, and security perspectives;International Journal of Information Security;2024-03-29

3. United States Healthcare Data Breaches: Insights for NIST SP 800-66 Revision 2 from a Review of the NIST SP 800-66 Revision 1;Journal of Information Security;2024

4. Guarding the Beats by Defending Resource Depletion Attacks on Implantable Cardioverter Defibrillators;Lecture Notes in Networks and Systems;2024

5. MEDICALHARM - A Threat Modeling designed for Modern Medical Devices;2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom);2023-11-01