RESUMEN
BACKGROUND: The Intelligent Medical Diagnosis System (IMDS) has been targeted by the cyber attackers, who aim to damage the Healthcare Critical National Infrastructure (CNI). This research is motivated by the recent cyber attacks happened worldwide that have resulted in the compromise of medical diagnosis records. This study was conducted to demonstrate how the IMDS could be attacked and diagnosis records compromised (i.e. heart disease) and suggest a list of security defence strategies to prevent against such attacks. METHODS: This research developed an IMDS simulation platform by implementing the OpenEMR system. A Cardiac Diagnosis Component is then added to the IMDS. The IMDS is fed with the ECG data (retrieved from the PhysioNet/Computing in Cardiology Challenge 2017). This research then launched systematic ethical hacking, which was tailored to target IMDS diagnosis records. The systematic hacking was based on the NIST ethical hacking method and followed an attack pathway, starting from identifying the entry points of the medical websites, then propagating to gain access to the server, with the ultimate aim of modifying the heart disease diagnosis records. RESULTS: The hacking was successful. Four major vulnerabilities (i.e. broken authentication, broken access control, security misconfiguration and using components with known vulnerabilities) were identified in the simulated IMDS and the cardiac diagnosis records were compromised. This research then proposed a list of security defence strategies to prevent such attacks at each possible attacking points along the attacking pathway. CONCLUSIONS: This research demonstrated a systematic ethical hacking to the IMDS, identified four major vulnerabilities and proposed the security defence pathways. It provided novel insights into the protection of IMDS and will benefit researchers in the community to conduct further research in security defence of IMDS.
Asunto(s)
Seguridad Computacional , HumanosRESUMEN
AIMS: The Intelligence Medical Diagnosis System (IMDS) has been targeted by the cyber terrorists, who aim to destroy the Critical National Infrastructure (CNI). This paper is motivated by the most recent incidents happened worldwide and have resulted in the compromise of diagnosis results. This study was undertaken to show how the IMDS could be attacked and diagnosis results compromised and present a set of cyber defense strategies to prevent against such attacks. METHODS AND RESULTS: This study used the ECGs data from the PhysioNet/Computing in Cardiology (CinC) Challenge 2017. We fed the data into our IMDS and launched a series of ethical hacking, which is specifically tailored to target IMDS. We proposed a set of cyber security strategies to prevent such compromise. We tested the effectiveness of our cyber defense strategies using an experiment. The results showed that the strategies were effective in protecting the IMDS diagnosis results from being compromised. CONCLUSIONS: This study provides novel insights into the protection of IMDS and concludes that our cyber defense strategies can protect IMDS from being compromised by Brute Force and SQL Injection attacks.