Cyberattack Path Generation and Prioritisation for Securing Healthcare Systems

Shareeful Islam; Spyridon Papastergiou; Eleni-Maria Kalogeraki; Kitty Kioskli

doi:10.3390/app12094443

Applied Sciences (Apr 2022)

Cyberattack Path Generation and Prioritisation for Securing Healthcare Systems

Shareeful Islam,
Spyridon Papastergiou,
Eleni-Maria Kalogeraki,
Kitty Kioskli

Affiliations

Shareeful Islam: School of Computing and Information Science, Anglia Ruskin University, Cambridge CB1 1PT, UK
Spyridon Papastergiou: Department of Informatics, University of Piraeus, 185 34 Piraeus, Greece
Eleni-Maria Kalogeraki: Department of Informatics, University of Piraeus, 185 34 Piraeus, Greece
Kitty Kioskli: Institute of Analytics and Data Science (IADS), School of Computer Science and Electronic Engineering, University of Essex, Essex CO4 3SQ, UK

DOI: https://doi.org/10.3390/app12094443
Journal volume & issue: Vol. 12, no. 9
p. 4443

Abstract

Read online

Cyberattacks in the healthcare sector are constantly increasing due to the increased usage of information technology in modern healthcare and the benefits of acquiring a patient healthcare record. Attack path discovery provides useful information to identify the possible paths that potential attackers might follow for a successful attack. By identifying the necessary paths, the mitigation of potential attacks becomes more effective in a proactive manner. Recently, there have been several works that focus on cyberattack path discovery in various sectors, mainly on critical infrastructure. However, there is a lack of focus on the vulnerability, exploitability and target user profile for the attack path generation. This is important for healthcare systems where users commonly have a lack of awareness and knowledge about the overall IT infrastructure. This paper presents a novel methodology for the cyberattack path discovery that is used to identify and analyse the possible attack paths and prioritise the ones that require immediate attention to ensure security within the healthcare ecosystem. The proposed methodology follows the existing published vulnerabilities from common vulnerabilities and exposures. It adopts the common vulnerability scoring system so that base metrics and exploitability features can be used to determine and prioritise the possible attack paths based on the threat actor capability, asset dependency and target user profile and evidence of indicator of compromise. The work includes a real example from the healthcare use case to demonstrate the methodology used for the attack path generation. The result from the studied context, which processes big data from healthcare applications, shows that the uses of various parameters such as CVSS metrics, threat actor profile, and Indicator of Compromise allow us to generate realistic attack paths. This certainly supports the healthcare practitioners in identifying the controls that are required to secure the overall healthcare ecosystem.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords