Process-Aware Attacks on Medication Control of Type-I Diabetics Using Infusion Pumps

Abstract

As medical infusion pumps are known to be vulnerable to cybersecurity threats, industrial reports, guidelines, and state-of-the art research have focused on securing such devices. This includes hardening a pump's network communications, wireless interfaces, and patching software flaws that can allow adversaries to compromise the device's usability and potentially lead to adverse effects on patients. Still, a very small percentage of this work has focused on securing devices against <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">process-aware attacks</i> that target the business logic behind medical treatment processes, even though it is widely known that deviations or disruptions in continuous medication administration may be harmful, even lethal. In this work, we first develop a threat model on an insulin infusion pump used for blood glucose regulation in Type-I diabetics. We then set up a generalized Simulink model of common insulin pumps used for Type-I diabetic treatment and perform a volume control assessment to investigate the probability of process-aware cyber-attacks to cause patient harm through microalterations on continuous medical administration that stay within operational limits but manage to impact a patient's health. We achieve this by manipulating the business process logic behind semiautomatic drug administration on the insulin pump model that uses continuous glucose monitoring systems. We validate attack models capable of causing adverse impact on patients through performance degradation of the drug administration processes.