Security of Medical Cyber-physical Systems: An Empirical Study on Imaging Devices
This addresses security risks in life-critical medical cyber-physical systems, which is an incremental study focusing on imaging devices.
The paper tackled security vulnerabilities in medical imaging devices by conducting an empirical study on 15 devices from 9 manufacturers, resulting in the design of a threat model, attack techniques, protection mechanisms, and a hierarchical scoring system for actionable security suggestions.
Recent years have witnessed a boom of connected medical devices, which brings security issues in the meantime. Medical imaging devices, an essential part of medical cyber-physical systems, play a vital role in modern hospitals and are often life-critical. However, security and privacy issues in these medical cyber-physical systems are sometimes ignored. In this paper, we perform an empirical study on imaging devices to analyse the security of medical cyber-physical systems. To be precise, we design a threat model and propose prospective attack techniques for medical imaging devices. To tackle potential cyber threats, we introduce protection mechanisms, evaluate the effectiveness and efficiency of protection mechanisms as well as its interplay with attack techniques. To scoring security, we design a hierarchical system that provides actionable suggestions for imaging devices in different scenarios. We investigate 15 devices from 9 manufacturers to demonstrate empirical comprehension and real-world security issues.