The number of cyber-attacks around the world exploded in 2020: exploiting the Covid-19 pandemic as an opportunity for cybercriminals to take advantage of the shift in focus towards smart working and hospital staff transferred to the frontline.
This paper (March 2019) investigates the issues related to the design of medical devices and the lack of security by design approaches. It proposes an automatic, intelligent and real-time system to detect, classify, and mitigate ransomware for integrated clinical environments.
Abstract: Medical Cyber-Physical Systems (MCPS) hold the promise of reducing human errors and optimising healthcare by delivering new ways to monitor, diagnose and treat patients through integrated clinical environments (ICE). Despite the benefits provided by MCPS, many of the ICE medical devices have not been designed to satisfy cybersecurity requirements and, consequently, are vulnerable to recent attacks. Nowadays, ransomware attacks account for 85% of all malware in healthcare, and more than 70% of attacks confirmed data disclosure.
Conclusions: With the goal of improving this situation, the main contribution of this paper is an automatic, intelligent and real-time system to detect, classify, and mitigate ransomware in ICE. The proposed solution is fully integrated with the ICE++ architecture, our previous work, and makes use of Machine Learning (ML) techniques to detect and classify the spreading phase of ransomware attacks affecting ICE.
Additionally, Network Function Virtualisation (NFV) and Software Defined Networking (SDN) paradigms are considered to mitigate the ransomware spreading by isolating and replacing infected devices. Different experiments returned a precision/recall of 92.32%/99.97% in anomaly detection, an accuracy of 99.99% in ransomware classification, and promising detection and mitigation times. Finally, different labelled ransomware datasets in ICE have been created and made publicly available.
PANACEA Research perspectives: One of the R&I priority areas of PANACEA is a Security by Design framework comprising two complementary tools: Secure Design Support Platform (SDSP) and the Compliance Support Tool (CST). The driver is to give medical device manufacturers, health application providers and healthcare organisations (i.e. hospitals) a comprehensive workflow including processes, software solutions and links to regulations.
Keywords: Integrated clinical environments; medical cyber-physical systems; cybersecurity; anomaly detection; ransomware classification; network function virtualisation; software-defined networking
Lookout Watch entry date: 04/02/2020.