Medical Advisories as Deterrents in Healthcare Cybercrime

Based on research by Hadipour, N., & Murimi, R. 

Established in 2018, CISA's central mission is to improve the resilience of critical infrastructure sectors against cybercrime threats. As part of this mission, CISA issues ICS advisories, providing timely information about vulnerabilities and mitigations for several critical infrastructure sectors. These advisories are categorized into six types: Alerts, Analysis Reports, Cybersecurity Advisories, ICS Medical Advisories, and ICS Alerts. I

n this paper, the authors focus on ICS Medical Advisories (ICSMAs) as these specifically address vulnerabilities in ICSs used in healthcare. These advisories are critical for organizations that managing healthcare infrastructure, as they offer essential guidance to ensure patient safety and continued functionality of critical medical equipment.

Key Points

• The author’s analysis of CISA’s dataset of Industrial Control Systems (ICS) medical advisories points to the evolution of complexity in the cybercrime threats confronting healthcare systems, as well as complexity in the networked environments within which healthcare operates.

• This research has created a dataset consisting of CISA ICS medical advisories over the last eight years, incorporating factors such as vulnerability, risk, exploitability, and mitigation strategies. The systematic analysis of these factors offers a comprehensive view of security threats within the public health critical infrastructure.

• The authors mapped the vulnerabilities in ICSMAs to Open Worldwide Application Security Project (OWASP) security risks, and NSA mitigation strategies, providing a multi-faceted framework for understanding and addressing weaknesses.

• Together, these contributions can guide security assessments, prioritize remediation efforts, and inform the development of more robust, resilient ICS medical systems.

Why This Matters

The examination of the entire CISA ICSMA database offers several insights.

• First, each ICSMA is a collaborative effort featuring the contributions of cybersecurity research teams in the vendor organizations, third-party researchers, affiliated vendors and manufacturers, clinicians, hospitals, and patients. Many of the vendors are large international companies whose products are employed in healthcare around the world. Consequently, the CISA’s ICSMA database has the potential to impact the security of systems, and the health and wellbeing of people around the world.
• Second, the ICSMA database has evolved in the kinds of information that are being profiled in each advisory, mirroring the evolution in other parallel open- source initiatives.
• CISA’s ICS medical advisory database can help the development of proactive cybersecurity strategies tailored to safeguard medical infrastructure and deter malicious attackers.
• Ultimately, this analysis can inform secure network design and policy development by facilitating collaboration among stakeholders in the healthcare industry, cybersecurity experts, and regulatory bodies.

Based upon the following peer-reviewed manuscript: Hadipour, N., & Murimi, R. (2024, October). Medical Advisories as Deterrents in Healthcare Cybercrime. In 2024 Cyber Awareness and Research Symposium (CARS) (pp. 1-6). IEEE.