Abstract
An intensive care unit (ICU) is dedicated to caring for patients whose medical condition places them at high risk of mortality or serious morbidity. ICU medical devices (ICUMDs) are used to closely monitor, stabilize, and treat ICU patients who are often unconscious and rely almost solely on ICUMDs. ICUMDs have become more autonomous, with a range of components, connectivity to external devices, and functionalities, opening the door to cyber-attacks. We present a taxonomy based on the functionality of 19 widely used ICUMDs, providing an explanation of each device’s medical role, properties, interactions, and how they impact each other’s security. We provide an extensive survey of 16 possible attacks aimed at ICUMDs and assess each device’s vulnerability. We also create an ecosystem graph describing the roles and interactions of the players of each ICU sub-department. For each device type we produce a unique attack flow diagram that presents the most vulnerable vectors and components within the ecosystem. Finally, we survey relevant security mechanisms and map their coverage for the attacks, identifying existing gaps. We show that current security mechanisms generally fail to provide protection, covering just 12.5-56.3% of the attacks against ICUMDs, leaving the devices and the patients vulnerable.
Highlights
In recent years, there has been a growing trend in the use of advanced technologies in medical ecosystems in order to improve patient care
Our primary goals in this study are to provide the reader with a comprehensive understanding regarding intensive care units (ICUs) medical devices (ICUMDs), and their sub-categories, ecosystems, and vulnerability to attacks, and to identify the security gaps between these attacks and existing security mechanisms
We have provided a detailed description of the different ICUMDs and presented an ICUMD taxonomy, which categorizes the ICUMDs into five main categories, based on their main functionality and medical goal
Summary
There has been a growing trend in the use of advanced technologies in medical ecosystems in order to improve patient care. The domain of securing medical ecosystems (information systems, devices, and the communication modalities operating between them) has gained momentum in recent years, as awareness of the potential attacks and risks, and their dangers increases [75]1,2. The body heater device measures the patient’s body temperature and the room temperature, adjusting the patient While this type of care provided by a device operating in autonomous mode can free the medical team up, allowing them to tend to other important medical issues, and help address the shortage of ICU caregivers, it can expose the patient to harm in the case of a compromised ICUMD. An understanding of ICU medical devices and their interactions and vulnerabilities, ICU ecosystems, potential cyber-attacks, and existing security gaps is required in order to develop such security mechanisms, and this paper provides this essential information. The paper encompasses the following: an ICUMD taxonomy and description of the ICUMDs, ICUMD ecosystems, and attack diagrams, detailed information on potential attacks and the existing security mechanisms, and our conclusions and suggestions for future work
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
