KABLOSUZ AĞA BAĞLI TIBBİ CİHAZLARDA SİBER GÜVENLİK AÇIKLARI VE ÇÖZÜM ÖNERİLERİ

Yıl 2023, Cilt: 9 Sayı: 2, 269 - 283, 31.08.2023

Hüseyin Galip Yurttaş , Alper Güzel

Öz

Bu makale, kablosuz ağa bağlı tıbbi cihazlarda siber güvenlik konusunu ele almaktadır. Kablosuz tıbbi cihazların yaygın kullanımı, hastaların sağlık durumlarını izlemek ve tedavi etmek için büyük avantajlar sunmaktadır. Ancak, bu cihazlar, siber saldırılara karşı ciddi riskler taşımaktadır. Bu risklerden faydalanan saldırganların cihazları ele geçirmesi, hasta verilerini elde etmesi veya hastaların sağlığına zarar vermesine sebep olabilmektedir. Araştırmamız, kablosuz tıbbi cihazlarda siber güvenlik zafiyetlerinin çeşitli faktörlerden kaynaklandığını ortaya koymuş, güvenlik zayıflıklarına nasıl önlem alınabileceği konusunda öneriler sunulmuştur. Bu makale, kablosuz tıbbi cihazlardaki güvenlik zayıflıkları ve bu zayıflıkların potansiyel etkilerinin başta bu alanda strateji belirleyici olan regülatörler, kurum yöneticileri olmak üzere cihaz üreticileri ve kullanıcılar tarafından anlaşılması için önemli bir adımdır. Gelecekteki çalışmalarda, bu zayıflıkların giderilmesi ve güvenlik önlemlerinin etkin bir şekilde uygulanması için daha fazla araştırma yapılmasını gerekmektedir. Bu şekilde, kablosuz tıbbi cihazların güvenliği ve hasta güvenliği konusunda önemli bir ilerleme sağlanabilir.

Anahtar Kelimeler

"kablosuz tıbbi cihazlar", "siber güvenlik", "tehditler", "önlemler", "standartlar"

CYBER SECURITY VULNERABILITIES AND SOLUTIONS FOR MEDICAL DEVICES CONNECTED TO WIRELESS NETWORKS

Öz

This paper addresses the issue of cybersecurity in wireless networked medical devices. The widespread use of wireless medical devices offers great advantages for monitoring and treating patients' health conditions. However, these devices carry serious risks against cyber-attacks. Attackers who exploit these risks can compromise the devices, obtain patient data, or cause harm to patients' health. Our research has revealed that cyber security vulnerabilities in wireless medical devices are caused by various factors, and recommendations are presented on how to take precautions against security weaknesses. This paper is an important step towards understanding the security weaknesses in wireless medical devices and their potential impacts by regulators, institutional managers, device manufacturers and users. In future studies, further research is needed to address these weaknesses and to effectively implement security measures. In this way, significant progress can be made in the safety of wireless medical devices and patient safety.

Anahtar Kelimeler

"wireless medical devices", "cyber security", "threats", "measures", "standards

Kaynakça

• Alsubaei, F., Abuhussein, A., Shandilya, V., ve Shiva, S. (2019). IoMT-SAF: Internet of medical things security assessment framework. Internet of Things, 8, 100123. https://doi.org/10.1016/j.iot.2019.100123
• Coventry, L., ve Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 113, 48-52. https://pubmed.ncbi.nlm.nih.gov/29903648/
• Deloitte. (2013). Networked medical device cybersecurity and patient safety: Perspectives of health care information. Deloitte. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/life-sciences-healthcare/us-lhsc-networked-medical-device.pdf
• Denning, T., Fu, K. ve Kohno, T. (2008) Absence makes the heart grow fonder: New directions for implantable medical device security. In HotSec.
• Esposito, C., Santis, A., Tortora, G., Chang, H. ve Choo, K. (2018) Blockchain: A panacea for healthcare cloud-based data security and privacy? IEEE Cloud Computing, 5(1):31–37, 2018
• Garcia. (2017). Why cybersecurity must be part of medical device architecture. Medical Device and Diagnostic Industry Qmed. https://www.mddionline.com/
• Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu K. (2011) They can hear your heartbeats: non-invasive security for implantable medical devices. In Proceedings of the ACM SIGCOMM conference, pages 2–13, 2011.
• Harit, H., Ezzati, A., & Elharti, R. (2017). Internet of things security: Challenges and perspectives.ICC’17: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing (ICC '17),167, 1-8. https://doi.org/10.1145/3018896.3056784
• HHS. (2021). 2020: A retrospective look at healthcare cybersecurity. Department of Health and Human Services. Leadership for IT Security & Privacy across HHS. HHS Cybersecurity Program. Office of Information Security. https://www.hhs.gov/sites/default/files/2020-hph-cybersecurty-retrospective-tlpwhite.pdf
• HIPAA Ransomware. (2017). Wannacry ransomware encrypted hospital medical devices. HIPAA Journal.com. https://www.hipaajournal.com/wannacry-ransomware-encryptedhospital-medical-devices-8811/
• Kovacs, E. (2014). 70 percent of iot devices vulnerable to cyberattacks: HP. Security Week. https://www.securityweek.com/70-iot-devices-vulnerable-cyberattacks-hp.
• Laurinda B Harman, Cathy A Flite, and Kesa Bond. Electronic health records:privacy, confidentiality, and security. AMA Journal of Ethics, 14(9):712–719, 2012.
• Li, H., Sun, G., Li, Y., & Yang, R. (2021). Wearable wireless physiological monitoring system based on multi-sensor. Electronics, 10(9), 986. https://doi.org/10.3390/electronics10090986
• Maras, M.-H. (2015). Internet of Things: Security and privacy implications. International Data Privacy Law, 5(2), 99–104. https://doi.org/10.1093/idpl/ipv004
• Martin, G., Martin, P., Hankin, C., Darzi, A., & Kinross, J. (2017). Cybersecurity and healthcare: How safe are we. BMJ. https://doi.org/10.1136/bmj.j3179
• McFarland, R. J., & Olatunbosun, S. B. O. (2019). An exploratory study on the use of internet of medical things (iomt) in the healthcare industry and their associated cybersecurity risks. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp). https://csce.ucmss.com/cr/books/2019/LFS/CSREA2019/ICM2519.pdf
• Miraz, M. H., Ali, M., Excell, P. S., & Picking, R. (2018). Internet of nano-things, things and everything: Future growth trends. Future Internet, 10(8), 68. https://doi.org/10.3390/fi10080068
• Morgan, S. (2019). Patient insecurity: Explosion of the internet of medical things: How vulnerable is the iomt to cyber threats? CyberCrime Magazine. 119 https://cybersecurityventures.com/patient-insecurity-explosion-of-the-internet-ofmedical-things/
• Omolara, A. E., Alabdulatif, A., Abiodun, O. I., Alawida, M., Alabdulatif, A., Alshoura, W. H., & Arshad, H. (2021). The internet of things security: A survey encompassing unexplored areas and new insights. Computers & Security, 102494. https://doi.org/10.1016/j.cose.2021.102494
• Rathpre, H., Mohamed, A., Al-Ali, A., Du, X., ve Guizani, M. (2017). A review of security challenges, attacks and resolutions for wireless medical devices. In 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), pages 1495–1501. IEEE, 2017.
• Sağlık Bakanlığı, (2019). Tıbbi Cihazlarda Alınması Gereken Güvenlik Önlemleri Dokümanı V.1.0 https://some.saglik.gov.tr/Eklenti/42923/0/tibbi-cihazlarda-alinacak-guvenlik-onlemleri-dokumani-v.docx
• Schumaker, E. (2020). Elon musk unveils brain chip implant: It's like a fitbit in your skull. ABC News (online). https://abcnews.go.com/Health/elon-musk-unveils-brain-chip-implantfitbit-skull/story?id=72703840
• Shah, K., (2019). Privacy and Security Issues of Wearables in Healthcare. Doktora Tezi, Flinders University, College of Science and Engineering.
• Steger, A. (2020). What makes iomt devices so difficult to secure? HealthTechmagazine.net. https://healthtechmagazine.net/article/2020/02/what-makes-iomt-devices-so-difficultsecure-perfcon
• Sun, W., Cai, Z., Li, Y., Liu, F., Fang, S., & Wang, G. (2018). Security and privacy in the medical internet of things: A review. Security and Communication Networks, 2018, 5978636. https://doi.org/10.1155/2018/5978636
• Thielfoldt K. (2022). Internet of Medical Things Cybersecurity Vulnerabilities and Medical Professionals’ Cybersecurity Awareness: A Quantitative Study
• TrapX Research Labs. (2021). TrapX Anatomy of attack: MEDJACK.2: Hospitals under siege. https://www.trapx.com/wpcontent/uploads/2021/01/AOA_Report_TrapX_MEDJACK.2.pdf
• Tsiatsis, V., Karnouskos, S., Holler, J., Boyle, D., & Mulligan, S. (2018). Internet of Things: Technologies and Applications for a New Age of Intelligence. Academic Press.
• Xu, F., Qin, Z., Tan, C., Wang, B., Li, Q. (2011) Imdguard: Securing implantable medical devices with the external wearable guardian. In 2011 Proceedings IEEE INFOCOM, pages 1862–1870. IEEE, 2011.
• Zhenge, J., Shen, Y., Zhang, Z., Wu, T., Zhang, G., & Lu, H. (2013). Emerging wearable medical devices towards personalized healthcare. BodyNets '13: Proceedings of the 8th International Conference on Body Area Networks, 2013, 427-431. https://eudl.eu/doi/10.4108/icst.bodynets.2013.253725