Electronics and Telecommunications Trends (전자통신동향분석)

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Security Technology Trends to Prevent Medical Device Hacking and Ransomware

커넥티드 의료기기 해킹 및 랜섬웨어 대응기술 동향

  • 권혁찬 (네트워크.시스템보안연구실) ;
  • 정병호 (네트워크.시스템보안연구실) ;
  • 문대성 (네트워크.시스템보안연구실) ;
  • 김익균 (정보보호연구본부)
  • Published : 2021.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

Ransomware attacks, such as Conti, Ryuk, Petya, and Sodinokibi, that target medical institutions are increasing rapidly. In 2020, in the United States., ransomware attacks affected over 600 separate clinics, hospitals, and organizations, and more than 18 million patient records. The cost of these attacks is estimated to be almost $21 billion USD. The first death associated with a ransomware attack was reported in 2020 by the University Hospital of Düesseldorf in Germany. In the case of medical institutions, as introduced in the Medjack report issued by TrapX Labs, in many cases, attackers target medical devices that are relatively insecure and then penetrate deep into more critical network infrastructure, such as EMR servers. This paper introduces security vulnerabilities of hospital medical devices, considerations for ransomware response by medical institutions, and related technology trends.

Keywords

Acknowledgement

이 논문은 2021년도 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 연구임[No.2020-0-00447, "안전한 의료·헬스케어 서비스를 위한 커넥티드 의료기기 해킹대응 핵심기술 개발"].

References

  1. Comparitech, "Ransomware attacks on US healthcare organizations cost $20.8bn in 2020," Mar. 2021, https://www.comparitech.com/blog/information-security/ransomware-attacks-hospitals-data/
  2. 권혁찬, "의료사물인터넷(IoMT) 보안 기술 및 동향," ICT Conver gence Korea 2021, 2021. 3.
  3. 권혁찬 외, "커넥티드 의료기기 보안 동향 및 이슈," 주간기술동향, 제1911호, 2019. 8.
  4. A. James and M.B. Simon, "MEDJACK.3-Medical device hijack cyber attack evolve," in Proc. RSA Conf. (San Francisco, CA, USA), Feb. 2017.
  5. Armis, "URGENT/11-Takeover of a Spacelabs Xprezzon patient monitor," 2019, https://www.youtube.com/watch?v=tpSXr4XhQwM
  6. Armis, "NAT slipstreaming v2.0," https://www.armis.com/research/nat-slipstreaming-v20/
  7. Paloalto Networks(zingbox), "IoT guardian for the healthcare industry," White paper, 2016.
  8. Medigate, "Dedicated medical device-security platform," White paper, 2017.
  9. L. Fernandez Maimo et al., "Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments," Sensors, vol. 19, no. 5, 2019.
  10. OpenICE, https://www.openice.info/
  11. C. Ma et al., "Analysis of multi-types of flow features based on hybrid neural network for improving network anomaly detection," IEEE Access, vol. 7, 2019, pp. 148363-148380. https://doi.org/10.1109/access.2019.2946708
  12. P. Berezinski et al., "An entropy-based network anomaly detection method," J. Entropy. vol. 17, 2015, pp. 2367-2408. https://doi.org/10.3390/e17042367
  13. FDA, "Premarket submissions for management of cybersecurity in medical devices," 2014.
  14. FDA, "Postmarket management of cybersecurity in medical devices," 2016.
  15. M. Zou et al., "Network phenotyping for network traffic classification and anomaly detection," in Proc. IEEE Int. Symp. Technol. Homeland Secur. (Woburn, MA, USA), oct. 2018, pp. 23-24.
  16. A. Azmoodeh et. al., "Detecting crypto-ransomware in IoT networks based on energy consumption footprint," J. Ambient Intell. Humanized Comput. vol. 9, 2018, pp. 1141-1152. https://doi.org/10.1007/s12652-017-0558-5
  17. R.H. Hwang et al., "An LSTM-based deep learning approach for classifying malicious traffic at the packet level," Appl. Sci. vol. 9, 2019.
  18. B. Seri et al., "Pwned piper," White paper, Armis, 2021, https://www.armis.com/research/pwnedpiper