Huda, S.; Islam, M.R.; Kottala, V.N.V.; Abawajy, J.H. A Cyber Risk Assessment Approach to Federated Identity Management Framework Based Digital Healthcare System. Preprints2023, 2023121750. https://doi.org/10.20944/preprints202312.1750.v1
APA Style
Huda, S., Islam, M.R., Kottala, V.N.V., & Abawajy, J.H. (2023). A Cyber Risk Assessment Approach to Federated Identity Management Framework Based Digital Healthcare System. Preprints. https://doi.org/10.20944/preprints202312.1750.v1
Chicago/Turabian Style
Huda, S., Vinay Naga Vamsi Kottala and Jemal Hussen Abawajy. 2023 "A Cyber Risk Assessment Approach to Federated Identity Management Framework Based Digital Healthcare System" Preprints. https://doi.org/10.20944/preprints202312.1750.v1
Abstract
Abstract: Integration of Medical Cyber Physical Systems (MCPS) and Internet-of-Medical Devices (IoMT) with conventional hospital networks have facilitated easy and speedy data collection, vertical and horizontal connectedness and collaborations among healthcare providers. Federated identity management (FIM) provides a solution towards the identity management challenge arising from this integration of millions of MCPSs to get personalized care and frictionless experiences for the patients, doctors, and employees. FIM protocols such as OAuth, Security Assertion Markup Language (SAML) are highly susceptible to cyber attacks like theft of barrier token, replay attack, message insertion, and Man-in-Middle attacks. IoMT devices have vulnerabilities in their firmware, operating systems, data encryption, data at store and data transmission. Combined vulnerabilities of FIM framework and IoMT devices creates major cyber risks for the current digital healthcare system. Therefore, a comprehensive and evidenced based cyber risk assessment is an urgent need for a cyber-safe digital health care system that can avoid frequent life threatening situations. This paper proposes a comprehensive and evidenced based cyber risk assessment approach for FIM and IoMT based collaborative digital healthcare systems. The novelty of the proposed approach is that it considers three dimensional vulnerabilities arising from existing IT communication protocols and infrastructure, IoMT and MCPS medical devices, protocols of FIM and their combined impact on hospitals and provides corresponding recommendations of security controls. The proposed approaches combine two industry standards including Cyber Resilience Review (CRR) asset management, NIST SP 800-30 to take advantage of both approaches. We have used a large number of IoMT and MCPS devices from multiple providers for threat modelling and produced evidence based cyber-risks using attack trees and detailed attack sequence diagrams to validate proposed approaches. The corresponding recommendation of security controls will support healthcare professionals and providers significantly for improving both the patient and medical device safety management within the FIM enabled healthcare ecosystem.
Keywords
Cybersecurity risk for healthcare; Risk Framework and standards; Risk; threat models; risk mitigations
Subject
Computer Science and Mathematics, Security Systems
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
