Securing Smart Healthcare Systems from Vulnerability Exploitation

  • Gemini George
  • Sabu M. ThampiEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1122)


The capabilities of the IoT to track entities, measure and analyze vital information captured by sensors, and to transmit data over a fleet of devices, has convincingly placed it best suited toward the realization of the future-ready smart hospitals and healthcare applications. Real time sensing and monitoring of vital signs of patients, efficient scheduling of medical procedures, effective tracking of scarce resources, and optimized supply chain management of drugs and medical devices help not only to significantly improve the quality of health services but also to lower healthcare costs. However, bringing the healthcare systems under the IoT network poses huge security challenges. Once the devices controlling the life supporting equipments are under attack, the damages are beyond imagination. The vulnerabilities in the IoT-based devices can pose serious threats to the IoT healthcare systems. In this work, we propose a graphical modeling of possible attacks through exploitation of such vulnerabilities. The proposed model helps to foresee the possible attack paths exist in a network and to design suitable defense mechanisms. We also propose strategies for improving the security of the IoT-assisted networks.


Vulnerability analysis IoT Network IoT Healthcare Risk assessment Risk mitigation 



This project is sponsored by Dept. of Science and Technology, Govt. of India through WoS-A under sanction order No. SR/WOS-A/ET-97/2016(G).


  1. 1.
    Cisco white paper, IoT threat environment, published on 2015.
  2. 2.
    Huawei technologies, IoT security white paper-evolving security architecture, published on 2018.
  3. 3.
    FDA, US food and drugs administration, medical device recalls, published on 2018.
  4. 4.
    Hipaa journal, pacific alliance medical center announces ransomware attack, published on 2017.
  5. 5.
    George, G., Thampi, S.M.: A graph-based security framework for securing industrial IoT networks from vulnerability exploitations. IEEE Access 6, 43586–43601 (2018)CrossRefGoogle Scholar
  6. 6.
    Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet-of-Things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks, p. 5. ACM (2015)Google Scholar
  7. 7.
    Islam, S.R., Kwak, D., Kabir, M.H., Hossain, M., Kwak, K.-S.: The internet of things for health care: a comprehensive survey. IEEE Access 3, 678–708 (2015)CrossRefGoogle Scholar
  8. 8.
    Chiuchisan, I., Costin, H.-N., Geman, O.: Adopting the internet of things technologies in health care systems. In: 2014 International Conference and Exposition on Electrical and Power Engineering (EPE), pp. 532–535. IEEE (2014)Google Scholar
  9. 9.
    Yang, G., et al.: A health-IoT platform based on the integration of intelligent packaging, unobtrusive bio-sensor, and intelligent medicine box. IEEE Trans. Ind. Inform. 10(4), 2180–2191 (2014)CrossRefGoogle Scholar
  10. 10.
    Doukas, C., Maglogiannis, I.: Bringing IoT and cloud computing towards pervasive healthcare. In: 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 922–926. IEEE (2012)Google Scholar
  11. 11.
    Rohokale, V.M., Prasad, N.R., Prasad, R.: A cooperative internet of things (IoT) for rural healthcare monitoring and control. In: 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), pp. 1–6. IEEE (2011)Google Scholar
  12. 12.
    Catarinucci, L., et al.: An iot-aware architecture for smart healthcare systems. IEEE Internet Things J. 2(6), 515–526 (2015)CrossRefGoogle Scholar
  13. 13.
    Zhang, Y., Sun, L., Song, H., Cao, X.: Ubiquitous wsn for healthcare: recent advances and future prospects. IEEE Internet Things J. 1(4), 311–318 (2014)CrossRefGoogle Scholar
  14. 14.
    Xu, B., Da Xu, L., Cai, H., Xie, C., Hu, J., Bu, F., et al.: Ubiquitous data accessing method in IoT-based information system for emergency medical services. IEEE Trans. Ind. Inform. 10(2), 1578–1586 (2014)CrossRefGoogle Scholar
  15. 15.
    Laplante, P.A., Laplante, N.: The internet of things in healthcare: potential applications and challenges. IT Prof. 3, 2–4 (2016)CrossRefGoogle Scholar
  16. 16.
    Tarouco, L.M.R., et al.: Internet of things in healthcare: Interoperatibility and security issues. In: 2012 IEEE International Conference on Communications (ICC), pp. 6121–6125. IEEE (2012)Google Scholar
  17. 17.
    Gope, P., Hwang, T.: BSN-care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens. J. 16(5), 1368–1376 (2016)CrossRefGoogle Scholar
  18. 18.
    Anil Chacko, T.H.: Security and privacy issues with IoT in healthcare. EAI Endorsed Trans. Pervasive Health Technol. 4, e2 (2018)Google Scholar
  19. 19.
    Simpson, A.K., Roesner, F., Kohno, T.: Securing vulnerable home IoT devices with an in-hub security manager. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 551–556. IEEE (2017)Google Scholar
  20. 20.
    Ge, M., Hong, J.B., Guttmann, W., Kim, D.S.: A framework for automating security analysis of the Internet of Things. J. Netw. Comput. Appl. 83, 12–27 (2017)CrossRefGoogle Scholar
  21. 21.
    George, G., Thampi, S.M.: A graph-based decision support model for vulnerability analysis in IoT networks. In: Thampi, S.M., Madria, S., Wang, G., Rawat, D.B., Alcaraz Calero, J.M. (eds.) SSCC 2018. CCIS, vol. 969, pp. 1–23. Springer, Singapore (2019). Scholar
  22. 22.
    Romero-Mariona, J., Hallman, R., Kline, M., San Miguel, J., Major, M., Kerr, L.: Security in the industrial internet of things-the C-SEC approach. In: Proceedings of the International Conference on Internet of Things and Big Data, vol. 1, pp. 421–428 (2016)Google Scholar
  23. 23.
    Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: MILCOM, pp. 1339–1344 (2011)Google Scholar
  24. 24.
    Noel, S., Harley, E., Tam, K., Limiero, M., Share, M.: Cygraph: graph-based analytics and visualization for cybersecurity. In: Handbook of Statistics, vol. 35, pp. 117–167. Elsevier (2016)Google Scholar
  25. 25.
    George, G., Thampi, S.M.: Vulnerability-based risk assessment and mitigation strategies for edge devices in the internet of things. In: Pervasive and Mobile Computing, p. 101068 (2019)Google Scholar
  26. 26.
    Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system (CVSS) (2011).
  27. 27.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM (2002)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Center for Research and Innovation in Cyber Threat ResilienceIndian Institute of Information Technology and Management-KeralaThiruvananthapuramIndia
  2. 2.Cochin University of Science and TechnologyKochiIndia

Personalised recommendations