AI-Based Penetration and Prevention of the Cardiac Medical Diagnosis Systems

Ying He1, Cunjin Luo2, Kun Ni1
1University of Nottingham, 2University of Essex


Aims: The cardiac medical diagnosis system has been targeted by the hackers, who aim to destroy the healthcare security critical infrastructure. This research is motivated by the recent cyber-attacks happened around the world which resulted in the compromise of the diagnosis results. This study was carried to demonstrate how the cardiac medical diagnosis systems can be penetrated using AI-based ethical hacking and present solutions to counteract such attacks.

Methods and Results: This study used a simulated medical system (OpenEMR) with an embedded cardiac diagnosis component developed in our previous work. The system was fed with the ECGs data (retrieved from the PhysioNet/Computing in Cardiology Challenge 2017). We then followed the OWASP ethical hacking methodology to launch AI-based ethical hacking, against the OWASP Top 10 vulnerabilities. We were able to successfully penetrate the system and gain access to the core of the cardiac diagnosis component. We then proposed a series of security solutions to prevent such cyber-attacks.

Conclusions: In this research, we (1) demonstrated the how the cardiac medical diagnosis system can be penetrated using AI-based ethical hacking; (2) presented a series of security solutions to counteract AI-based cyber-attacks. This study provides novel insights into the defense of cardiac medical diagnosis system and concluded that our AI based ethical hacking can penetrate the cardiac medical diagnosis system through exploiting its vulnerabilities.

Future Work: Future work will focus on hacking into the core algorithms of the cardiac diagnosis, which can mislead the medical diagnosis and decision making. Future work will also consider a mature cardiac medical diagnosis system, such as the arrhythmia detection and classification in ambulatory ECGs developed by Andrew Y. Ng.