IoE Security Risk Analysis in a Modern Hospital Ecosystem

Abstract

Internet of Everything (IoE) and Internet of Things (IoT) paradigms emerged in the recent years as key elements of the infrastructures in business, industry and everyday life. This has, created new challenges, including those related to privacy and security, in the pervasive computing area. The Internet of Things is recognized for allowing the connection of virtual and physical worlds by giving processing power to “things”. The Internet of Everything goes beyond that by connecting people, data, and processes to the Internet of Things, thereby making a connected world. For any technology to be successful and achieve widespread use, it needs to gain the trust of users by providing adequate privacy and security assurance. Despite the growing interest of the research community in IoT and IoE, and the emergence of vibrant literature addressing its architecture and its elements, the security and privacy of these systems and the consequential ways in which the varying capabilities of constituent devices might impact it, are still not fully understood. In this paper, a modern hospital ecosystem is used as a case model for the IoE security risk analysis. This model is used for understanding the nature of cyber-attacks against the healthcare industry with a focus of first identifying the threat actors that attack the health industry, why they do so, and how they do so. To answer these questions, an analysis was carried out on medical-related systems and devices used in the healthcare industry using Shodan IoT search engine. A DREAD threat model exercise is then used to carry out a qualitative risk analysis on healthcare networks to understand where, among various threats, the greatest risk lies. This analysis also included a focus on supply-chain attacks and the way this translates to the healthcare network. Finally, results from the DREAD threat model are used to recommend technical and non-technical measures that would help in providing security and assuring privacy within healthcare industry utilizing IoE technology.