TY - GEN
T1 - Safeguarding Healthcare: A Comprehensive Threat Analysis of Clinical Decision Support Systems
AU - Hamel, Aleksandra Ursula Charlotte
AU - Zarcu, Bogdan-Cristian
AU - Csenteri, Andras-Gergely
AU - Pfliegler, Tamara
AU - Khan, Sajjad
AU - Svetinovic, Davor
PY - 2023/12/25
Y1 - 2023/12/25
N2 - Using digital data gathering and analytics in healthcare brings benefits and risks to patients and practitioners. Smart Health Information Systems, such as Clinical Decision Support Systems (CDSSs), consolidate data from various sources, utilizing artificial intelligence for decision support. However, machine learning models in CDSSs are vulnerable to various attacks, leading to incorrect predictions with severe consequences. This paper systematically investigates security and privacy threats related to CDSSs. First, we leverage the data flow and sequence diagrams to identify the critical use cases that might lead to security or privacy breaches. Second, we identify and classify threats imminent to the CDSSs using Security Cards and STRIDE. Lastly, the persona non-grata who pose a significant threat to the integrity of the CDSSs are identified. Implementing our method can assist teams in addressing security threats to CDSSs by considering their unique vulnerabilities. This research contributes to developing comprehensive security strategies for CDSSs.
AB - Using digital data gathering and analytics in healthcare brings benefits and risks to patients and practitioners. Smart Health Information Systems, such as Clinical Decision Support Systems (CDSSs), consolidate data from various sources, utilizing artificial intelligence for decision support. However, machine learning models in CDSSs are vulnerable to various attacks, leading to incorrect predictions with severe consequences. This paper systematically investigates security and privacy threats related to CDSSs. First, we leverage the data flow and sequence diagrams to identify the critical use cases that might lead to security or privacy breaches. Second, we identify and classify threats imminent to the CDSSs using Security Cards and STRIDE. Lastly, the persona non-grata who pose a significant threat to the integrity of the CDSSs are identified. Implementing our method can assist teams in addressing security threats to CDSSs by considering their unique vulnerabilities. This research contributes to developing comprehensive security strategies for CDSSs.
U2 - 10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361509
DO - 10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361509
M3 - Contribution to conference proceedings
SN - 979-8-3503-0461-9
T3 - IEEE Xplore
SP - 478
EP - 485
BT - 2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
PB - IEEE
CY - New York
ER -