The Enemy Within: The Emerging Threats to Healthcare from Malicious Mobile Devices
This addresses a critical security issue for healthcare systems and patients, but it is incremental as it builds on existing threat analysis in cybersecurity.
The paper tackles the problem of malicious mobile devices threatening healthcare by exposing medical devices to attacks that can steal data or issue fatal commands, and it presents a systematic analysis and potential defenses.
With the proliferation of wireless networks, mobile devices and medical devices are increasingly being equipped with wireless interfaces, such as Bluetooth and WiFi to allow easy access to and control of the medical devices. Unfortunately, the very presence and usage of such interfaces also expose the medical devices to novel attacks from malicious parties. The emerging threat from malicious mobile devices is significant and severe, since attackers can steal confidential data from a patient's medical device. Also, attackers can compromise the medical device and either feed doctors bad data from it or issue potentially fatal commands to the device, which may even result in the death of the patient. As the mobile devices are often at close proximity to the patient (either in the hospital or home settings), attacks from such devices are hard to prevent. In this paper, we present a systematic analysis of this new threat from mobile devices on medical devices and healthcare infrastructure. We also perform a thorough security analysis of a major hospital and uncover potential vulnerabilities. Finally, we propose a set of potential solutions and defenses against such attacks.