Security Defense Strategy for ECG Diagnosis Systems (EDS)

Ying He1, Hasan Soygazi1, Cunjin Luo2
1De Montfort University, 2Southwest Medical University


Aims: The ECG Diagnosis System (EDS) has been targeted by the cyber terrorists, who aim to destroy the Healthcare Critical National Infrastructure (CNI). This paper is motivated by the most recent incidents happened worldwide and have resulted in the compromise of Cardiac diagnosis results. This study was undertaken to show how the EDS could be attacked and diagnosis results compromised and present a set of cyber defense strategies to prevent against such attacks.

Methods and Results: This study used the ECGs data from the MIT-BIH Arrhythmia Database. We supplied the data into our EDS. The EDS is an interactive software system, allowing the doctors to search and retrieve patients ECGs record. We then followed the NIST pen-testing framework to perform the ethical hacking. Specifically, we identified the attack pathways and entry points to the EDS and launched a series of ethical hacking, e.g. brute force and code injection, which are specifically tailored to target EDS. We were able to access the sensitive ECGs data and made changes to the ECGs data. We proposed a set of cyber security strategies to prevent such compromise. We tested the effectiveness of our cyber defense strategies using a comparable experiment. The results show that the strategies are effective in protecting the EDS diagnosis results from being compromised.

Conclusions: In the present study, we have (1) demonstrated how the EDS diagnosis results can be compromised, (2) presented a set of cyber security strategies specifically tailored to EDS to prevent such compromise and (3) evaluate our proposed strategies by comparing the results before and after applying the strategies. This study provides novel insights into the protection of EDS and concluded that our tailored cyber defense strategies can protect EDS from being compromised by brute force and code injection attacks.