TY - JOUR
T1 - Demonstration of new attacks on three healthcare network protocols in a lab environment
AU - Dupont, Guillaume
AU - dos Santos, Daniel
AU - Dashevskyi, Stanislav
AU - Vijayakumar, Sangavi
AU - Murali, Sashaank P.
AU - Costante, Elisa
AU - den Hartog, Jerry
AU - Etalle, Sandro
PY - 2024/6
Y1 - 2024/6
N2 - Healthcare delivery organizations such as hospitals are complex infrastructures comprising a broad range of networked devices. They include connected medical devices which can deliver health care, support hospitals’ operations, and can exchange patients’ data over healthcare network protocols. Previous research has pointed out weaknesses in the implementations of some of these protocols, and demonstrated how they could be abused by malicious actors in hospitals. There are still other healthcare network protocols for which we have limited knowledge, and no security analysis can be found in the literature. This can represent an issue, as these technologies may also have vulnerabilities which could, if exploited, impact hospitals’ operations and patients’ data. For this reason, we investigate in this paper three healthcare protocols found in hospital networks: the POCT1-A and LIS02-A standards used by some point-of-care and laboratory devices, and the proprietary protocol Data Export used by some Philips patient monitors. We explain how to build a test lab to perform security research on medical devices, in which we demonstrate four attacks highlighting how the selected protocols can be abused. This research provides greater knowledge of threats relevant to healthcare delivery organizations, and helps to enhance network security monitoring capabilities such as intrusion detection systems. More specifically, signatures can be created to detect attacks on these protocols and datasets can be assembled to assist the development and testing of hospital-specific intrusion detection systems.
AB - Healthcare delivery organizations such as hospitals are complex infrastructures comprising a broad range of networked devices. They include connected medical devices which can deliver health care, support hospitals’ operations, and can exchange patients’ data over healthcare network protocols. Previous research has pointed out weaknesses in the implementations of some of these protocols, and demonstrated how they could be abused by malicious actors in hospitals. There are still other healthcare network protocols for which we have limited knowledge, and no security analysis can be found in the literature. This can represent an issue, as these technologies may also have vulnerabilities which could, if exploited, impact hospitals’ operations and patients’ data. For this reason, we investigate in this paper three healthcare protocols found in hospital networks: the POCT1-A and LIS02-A standards used by some point-of-care and laboratory devices, and the proprietary protocol Data Export used by some Philips patient monitors. We explain how to build a test lab to perform security research on medical devices, in which we demonstrate four attacks highlighting how the selected protocols can be abused. This research provides greater knowledge of threats relevant to healthcare delivery organizations, and helps to enhance network security monitoring capabilities such as intrusion detection systems. More specifically, signatures can be created to detect attacks on these protocols and datasets can be assembled to assist the development and testing of hospital-specific intrusion detection systems.
KW - Connected medical devices
KW - Healthcare
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=85165502988&partnerID=8YFLogxK
U2 - 10.1007/s11416-023-00479-w
DO - 10.1007/s11416-023-00479-w
M3 - Article
AN - SCOPUS:85165502988
SN - 2263-8733
VL - 20
SP - 301
EP - 314
JO - Journal of Computer Virology and Hacking Techniques
JF - Journal of Computer Virology and Hacking Techniques
IS - 2
ER -