Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

A Cyber Risk Assessment Approach to Federated Identity Management Framework Based Digital Healthcare System

Version 1 : Received: 22 December 2023 / Approved: 22 December 2023 / Online: 26 December 2023 (01:41:20 CET)

A peer-reviewed article of this Preprint also exists.

Huda, S.; Islam, Md.R.; Abawajy, J.; Kottala, V.N.V.; Ahmad, S. A Cyber Risk Assessment Approach to Federated Identity Management Framework-Based Digital Healthcare System. Sensors 2024, 24, 5282, doi:10.3390/s24165282. Huda, S.; Islam, Md.R.; Abawajy, J.; Kottala, V.N.V.; Ahmad, S. A Cyber Risk Assessment Approach to Federated Identity Management Framework-Based Digital Healthcare System. Sensors 2024, 24, 5282, doi:10.3390/s24165282.

Abstract

Abstract: Integration of Medical Cyber Physical Systems (MCPS) and Internet-of-Medical Devices (IoMT) with conventional hospital networks have facilitated easy and speedy data collection, vertical and horizontal connectedness and collaborations among healthcare providers. Federated identity management (FIM) provides a solution towards the identity management challenge arising from this integration of millions of MCPSs to get personalized care and frictionless experiences for the patients, doctors, and employees. FIM protocols such as OAuth, Security Assertion Markup Language (SAML) are highly susceptible to cyber attacks like theft of barrier token, replay attack, message insertion, and Man-in-Middle attacks. IoMT devices have vulnerabilities in their firmware, operating systems, data encryption, data at store and data transmission. Combined vulnerabilities of FIM framework and IoMT devices creates major cyber risks for the current digital healthcare system. Therefore, a comprehensive and evidenced based cyber risk assessment is an urgent need for a cyber-safe digital health care system that can avoid frequent life threatening situations. This paper proposes a comprehensive and evidenced based cyber risk assessment approach for FIM and IoMT based collaborative digital healthcare systems. The novelty of the proposed approach is that it considers three dimensional vulnerabilities arising from existing IT communication protocols and infrastructure, IoMT and MCPS medical devices, protocols of FIM and their combined impact on hospitals and provides corresponding recommendations of security controls. The proposed approaches combine two industry standards including Cyber Resilience Review (CRR) asset management, NIST SP 800-30 to take advantage of both approaches. We have used a large number of IoMT and MCPS devices from multiple providers for threat modelling and produced evidence based cyber-risks using attack trees and detailed attack sequence diagrams to validate proposed approaches. The corresponding recommendation of security controls will support healthcare professionals and providers significantly for improving both the patient and medical device safety management within the FIM enabled healthcare ecosystem.

Keywords

Cybersecurity risk for healthcare; Risk Framework and standards; Risk; threat models; risk mitigations

Subject

Computer Science and Mathematics, Security Systems

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.

Leave a public comment
Send a private comment to the author(s)
* All users must log in before leaving a comment
Views 0
Downloads 0
Comments 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.