Abstract
Hospitals have not been prepared to face cyber attacks. Their core objective is to take care about patients by curing them efficiently. In this paper we propose a vulnerability assessment approach, to highlight the information system weaknesses of a hospital. By defining a map of the information system which considers the most critical assets (i.e., the units which manage the core information), the most likely attack scenarios with the worst consequences are constructed. By studying these scenarios, we suggest mitigation countermeasures, based on a reorganization of the digital information system into isolated sub-systems. Our objective is to be more resilient to cyber attacks, by increasing the required complexity for hacker’s crimes and by limiting the damages of attacks.
References
IDEFØ, Integration Definition for Function Modelling (IDEFØ) Draft Federal Information Processing Standards Publication (1993). http://www.idef.com/Downloads/pdf/idef0.pdf
Bevilacqua, M., Ciarapica, F.E., Paciarotti, C.: Business process reengineering of emergency management procedures: a case study. Saf. Sci. 50, 1368–1376 (2012)
Malavika, S.: Automized intensive care unit (AICU). Int. J. Adv. Electr. Electr. Eng. 1, 11–14 (2012)
Venkateswarlu, G.: Expert and SCADA based centralized patient monitoring and escorting system. Int.J. Adv. Res. Electr. Electr. Instrum. Eng. 3, 13089–13098 (2014)
Phillips, C., Painton-Swiler, L.: A graph-based system for network-vulnerability analysis. In: 9th ACM Conference on Computer and Communications Security, pp. 71–79. ACM Press, Charlottesville, VA, USA (1999)
Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using bayesian attack graphs. IEEE Trans. Depend. Secure Comput. 9, 61–74 (2012)
Yeh, Q.J., Jung-Ting Chang, A.: Threats and countermeasures for information system security: a cross-industry study. Inf. Manag. 44, 480–491 (2007)
Noel, S., Jajodia, S.: Understanding complex network attack graphs through clustered adjacency matrices. In: Proceedings of the 21st Annual Computer Security Applications Conference, IEEE, pp. 1–10 (2006)
ANSSI, 40 essential measures for a healthy network. http://www.ssi.gouv.fr/administration/guide/guide-dhygiene-informatique/ (2013)
Yelowitz, L.: An efficient algorithm for constructing hierarchical graphs. IEEE Trans. Syst. Man Cybern. 6, 327–329 (1976)
Kuhl, M.E., Sudit, M., Kistner, J., Costantini, K.: Cyber attack modelling and simulation for network security analysis. In: Proceedings of the 2007 Winter Simulation Conference, pp. 1180–1188
Kernighan, B.W., Lin, S.: An efficient heuristic procedure for partitioning graphs. Bell Syst. Tech. J. 49, 291–307 (1970)
Grange, H., Leynon, J.: Crisis management plan: preventive measures and lessons learned from a major computer system failure, HCSE 2015. In: Proceedings in Mathematics and Statistics. Springer, Lyon, France, pp. 203–214 (2015)
Scott, J., Eftekhari, P.: Hacking Healthcare IT in 2016, Institute for Critical Infrastructure Technology. http://icitech.org/wp-content/uploads/2016/01/ICIT-Brief-Hacking-Healthcare-IT-in-2016.pdf (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Guinet, A. (2017). How to Protect a Hospital Against Cyber Attacks. In: Cappanera, P., Li, J., Matta, A., Sahin, E., Vandaele, N., Visintin, F. (eds) Health Care Systems Engineering. ICHCSE 2017. Springer Proceedings in Mathematics & Statistics, vol 210. Springer, Cham. https://doi.org/10.1007/978-3-319-66146-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-66146-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66145-2
Online ISBN: 978-3-319-66146-9
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)