TY - GEN
T1 - Safeguarding Healthcare
T2 - 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing, 2023 International Conference on Pervasive Intelligence and Computing, 2023 International Conference on Cloud and Big Data Computing, 2023 International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2023
AU - Hamel, Aleksandra Ursula Charlotte
AU - Zarcu, Bogdan Cristian
AU - Csenteri, Andras Gergely
AU - Pfliegler, Tamara
AU - Khan, Sajjad
AU - Svetinovic, Davor
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Using digital data gathering and analytics in healthcare brings benefits and risks to patients and practitioners. Smart Health Information Systems, such as Clinical Decision Support Systems (CDSSs), consolidate data from various sources, utilizing artificial intelligence for decision support. However, machine learning models in CDSSs are vulnerable to various attacks, leading to incorrect predictions with severe consequences. This paper systematically investigates security and privacy threats related to CDSSs. First, we leverage the data flow and sequence diagrams to identify the critical use cases that might lead to security or privacy breaches. Second, we identify and classify threats imminent to the CDSSs using Security Cards and STRIDE. Lastly, the persona non-grata who pose a significant threat to the integrity of the CDSSs are identified. Implementing our method can assist teams in addressing security threats to CDSSs by considering their unique vulnerabilities. This research contributes to developing comprehensive security strategies for CDSSs.
AB - Using digital data gathering and analytics in healthcare brings benefits and risks to patients and practitioners. Smart Health Information Systems, such as Clinical Decision Support Systems (CDSSs), consolidate data from various sources, utilizing artificial intelligence for decision support. However, machine learning models in CDSSs are vulnerable to various attacks, leading to incorrect predictions with severe consequences. This paper systematically investigates security and privacy threats related to CDSSs. First, we leverage the data flow and sequence diagrams to identify the critical use cases that might lead to security or privacy breaches. Second, we identify and classify threats imminent to the CDSSs using Security Cards and STRIDE. Lastly, the persona non-grata who pose a significant threat to the integrity of the CDSSs are identified. Implementing our method can assist teams in addressing security threats to CDSSs by considering their unique vulnerabilities. This research contributes to developing comprehensive security strategies for CDSSs.
KW - clinical decision support system
KW - healthcare
KW - persona non-grata
KW - privacy
KW - security
KW - STRIDE
KW - threat modeling
UR - https://www.scopus.com/pages/publications/85182607753
U2 - 10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361509
DO - 10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361509
M3 - Conference contribution
AN - SCOPUS:85182607753
T3 - 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2023
SP - 478
EP - 485
BT - 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 14 November 2023 through 17 November 2023
ER -