Research Repository

Attacking and Defence Pathways for Intelligent Medical Diagnosis System (IMDS)

He, Ying and Camacho, Ruben Suxo and Soygazi, Hasan and Luo, Cunjin (2021) 'Attacking and Defence Pathways for Intelligent Medical Diagnosis System (IMDS).' International Journal of Medical Informatics, 148. p. 104415. ISSN 1386-5056

IJMI.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (3MB) | Preview


Background The Intelligent Medical Diagnosis System (IMDS) has been targeted by the cyber attackers, who aim to damage the Healthcare Critical National Infrastructure (CNI). This research is motivated by the recent cyber attacks happened worldwide that have resulted in the compromise of medical diagnosis records. This study was conducted to demonstrate how the IMDS could be attacked and diagnosis records compromised (i.e. heart disease) and suggest a list of security defence strategies to prevent against such attacks. Methods This research developed an IMDS simulation platform by implementing the OpenEMR system. A Cardiac Diagnosis Component is then added to the IMDS. The IMDS is fed with the ECG data (retrieved from the PhysioNet/Computing in Cardiology Challenge 2017). This research then launched systematic ethical hacking, which was tailored to target IMDS diagnosis records. The systematic hacking was based on the NIST ethical hacking method and followed an attack pathway, starting from identifying the entry points of the medical websites, then propagating to gain access to the server, with the ultimate aim of modifying the heart disease diagnosis records. Results The hacking was successful. Four major vulnerabilities (i.e. broken authentication, broken access control, security misconfiguration and using components with known vulnerabilities) were identified in the simulated IMDS and the cardiac diagnosis records were compromised. This research then proposed a list of security defence strategies to prevent such attacks at each possible attacking points along the attacking pathway. Conclusions This research demonstrated a systematic ethical hacking to the IMDS, identified four major vulnerabilities and proposed the security defence pathways. It provided novel insights into the protection of IMDS and will benefit researchers in the community to conduct further research in security defence of IMDS.

Item Type: Article
Uncontrolled Keywords: Ethical hacking; OpenEMR system; Intelligent Medical Diagnosis System (IMDS); Cardiac diagnosis records; Cyber defence strategies
Divisions: Faculty of Science and Health
Faculty of Science and Health > Computer Science and Electronic Engineering, School of
SWORD Depositor: Elements
Depositing User: Elements
Date Deposited: 04 Mar 2021 09:06
Last Modified: 23 Sep 2022 19:44

Actions (login required)

View Item View Item