Author:
Silvestri Stefano,Islam Shareful,Amelin Dmitry,Weiler Gabriele,Papastergiou Spyridon,Ciampi Mario
Abstract
AbstractThe healthcare sectors have constantly faced significant challenge due to the rapid rise of cyber threats. These threats can pose any potential risk within the system context and disrupt the critical healthcare service delivery. It is therefore necessary for the healthcare organisations to understand and tackle the threats to ensure overall security and resilience. However, threats are continuously evolved and there is large amount of unstructured security-related textual information is available. This makes the threat assessment and management task very challenging. There are a number of existing works that consider Machine Learning models for detection and prediction of cyber attack but they lack of focus on the Natural Language Processing (NLP) to extract the threat information from unstructured security-related text. To this end, this work proposes a novel method to assess and manage threats by adopting natural language processing. The proposed method has been tailored for the healthcare ecosystem and allows to identify and assess the possible threats within healthcare information infrastructure so that appropriate control and mitigation actions can be taken into consideration to tackle the threat. In detail, NLP techniques are used to extract the useful threat information related to specific assets of the healthcare ecosystems from the largely available security-related information on Internet (e.g. cyber security news), to evaluate the level of the identified threats and to select the required mitigation actions. We have performed experiments on real healthcare ecosystems in Fraunhofer Institute for Biomedical Engineering, considering in particular three different healthcare scenarios, namely implantable medical devices, wearables, and biobank, with the purpose of demonstrating the feasibility of our approach, which is able to provide a realistic manner to identify and assess the threats, evaluate the threat level and suggest the required mitigation actions.
Funder
Consiglio Nazionale Delle Ricerche
Publisher
Springer Science and Business Media LLC
Subject
Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software
Reference56 articles.
1. Rees, D.: Cyber attacks in healthcare: the position across Europe (2021). https://www.pinsentmasons.com/out-law/analysis/cyber-attacks-healthcare-europe
2. McKee, D., Laulheret, P.: McAfee Enterprise ATR uncovers vulnerabilities in globally used B. Braun infusion pump (2021). https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/
3. Institute, P.: Sixth annual benchmark study on privacy & security of healthcare data. Tech. rep, Ponemon Institute (2016)
4. Islam, S., Papastergiou, S., Mouratidis, H.: A dynamic cyber security situational awareness framework for healthcare ICT infrastructures. In: PCI 2021: 25th Pan-Hellenic Conference on Informatics, pp. 334–339. ACM, Volos, Greece (2021). https://doi.org/10.1145/3503823.3503885
5. Tikhomirov, M., Loukachevitch, N.V., Sirotina, A., Dobrov, B.V.: Using BERT and augmentation in named entity recognition for cybersecurity domain. In: Natural Language Processing and Information Systems—25th International Conference on Applications of Natural Language to Information Systems, NLDB 2020, vol. 12089, pp. 16–24. Springer, Saarbrücken, Germany (2020). https://doi.org/10.1007/978-3-030-51310-8_2
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献