AI Based Security Defense Pathway for Medical Diagnosis Systems (CMDS)

Ying He1, Kuanquan Wang2, Henggui Zhang3, Cunjin Luo4
1De Montfort University, 2Harbin Institute of Technology, 3The University of Manchester, 4University of Essex


Aims: The medical diagnosis system has been targeted by the cyber attackers, who aim to destroy the healthcare infrastructure. This research is motivated by the cyber attacks happened worldwide that have resulted in the diagnosis records compromise. This study was conducted to show the attack pathway targeting the cardiac diagnosis results and present an AI based security defense pathway to prevent such attacks. Methods and Results: This study used a simulated medical systems (OpenEMR) with an embedded cardiac diagnosis components. We supplied the ECGs data (retrieved from the PhysioNet/Computing in Cardiology Challenge 2017) into the simulated system. The simulated system is an interactive system, allowing healthcare professionals to retrieve patients diagnosis records. We then adopted the NIST pen-testing methodology to identify the attack pathway and launched a series of ethical hacking, against the OWASP Top 10 vulnerabilities. We were able gain access, propagate in the system, finally modify the diagnosis records. We proposed an AI based security defense pathway to prevent such attacks . We then evaluated the feasibility of the AI based solutions. The results show these AI based security solutions are effective in protecting the diagnosis results from being compromised. Conclusions: We (1) identified the attack pathway on how the diagnosis records can be compromised, (2) presented an AI based security defense pathway tailored to CIMDS. This study provides novel insights into the defense of CMDS and concluded our AI based defense pathway can protect the diagnosis records from being compromised through the exploitation of broken authentication and security misconfiguration vulnerabilities. Future work will consider a mature medical diagnosis system, such as the arrhythmia detection and classification in ambulatory ECGs developed by Andrew Y. Ng. Future work will also focus on enriching the data set through integrating data collected from various medical devices such as MCG and MRI.