Security of medical cyber-physical systems
Abstract
Relevance. Medical cyber-physical systems (CPS), including IoMT devices for real-time monitoring, diagnostics, and therapy, have become integral to healthcare digitalization. The convergence of operational technology with traditional IT expands attack surfaces, making hospitals and telemedicine infrastructures attractive targets for cyber adversaries. Hybrid warfare further amplifies risks, as cyberattacks on medical networks may cause not only data breaches but also direct harm to patients and disruption of critical care.
Purpose. The research aims to classify and analyze the main types of threats and vulnerabilities affecting medical CPS in hybrid conflict environments, summarize existing protection strategies, and propose a framework for enhancing their cyber resilience through regulatory, organizational, and technological measures.
Research Methods. The study applies the PRISMA methodology to review publications indexed in Scopus, IEEE Xplore, and PubMed. Comparative and analytical methods were used to synthesize findings from recent incidents, including the WannaCry ransomware attack on the NHS, the SingHealth breach in Singapore, and other high-impact cases targeting healthcare data.
Results. The analysis revealed a dominance of ransomware, DDoS, and IoMT exploitation via insecure communication protocols and legacy software. Weak authentication, insufficient network segmentation, and human factor vulnerabilities remain key issues. Among effective countermeasures are multi-factor authentication, blockchain-based data integrity control, end-to-end encryption, and Cybersecurity Mesh Architecture (CSMA). The study highlights the importance of applying quantum-resistant cryptography and AI-driven adaptive defense systems capable of autonomous detection and response in dynamic threat environments.
Conclusions. Despite advances in medical device security, the resilience of CPS in hybrid threat contexts remains insufficient. Ensuring security-by-design, strengthening compliance with international cybersecurity standards (such as ISO/IEC 80001 and IEC 62443), and developing specialized cybersecurity training for medical personnel are critical steps. The integration of AI-based situational awareness, regulatory harmonization, and public-private cooperation will significantly enhance the sustainability and trustworthiness of digital healthcare ecosystems.
Downloads
References
/References
J. Fruhlinger, “The OPM hack explained: Bad security practices meet China’s Captain America,” CSO Online, 2020. Available: https://www.csoonline.com/article/566509/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html [in English].
A. H. Ameen, M. A. Mohammed, and A. N. Rashid, “Enhancing security in IoMT: A blockchain-based cybersecurity framework for machine learning-driven ECG signal classification,” Fusion: Practice and Applications, vol. 14, no. 1, pp. 221–251, 2024, doi: 10.54216/fpa.140117 [in English].
B. Bhushan et al., “Towards a secure and sustainable Internet of Medical Things (IoMT): Requirements, design challenges, security techniques, and future trends,” Sustainability, vol. 15, no. 7, p. 6177, 2023, doi: 10.3390/su15076177 [in English].
H. Durham and P. Wynn-Pope, “Protecting the ‘helpers’: Humanitarians and health care workers during times of armed conflict,” in Yearbook of International Humanitarian Law 2011, vol. 14, The Hague: T. M. C. Asser Press, 2012, pp. 327–346, doi: 10.1007/978-90-6704-855-2_10 [in English].
A. Ghubaish et al., “Recent advances in the Internet of Medical Things (IoMT) systems security,” IEEE Internet of Things Journal, 2020, doi: 10.1109/jiot.2020.3045653 [in English].
S. Heidari, M. Naseri, and K. Nagata, “Quantum selective encryption for medical images,” International Journal of Theoretical Physics, vol. 58, no. 11, pp. 3908–3926, 2019, doi: 10.1007/s10773-019-04258-6 [in English].
F. N. Longi, L. Patel, and J. Ahmed, “Training medical students to address cybersecurity threats on health care systems,” Academic Medicine, 2024, doi: 10.1097/acm.0000000000005936 [in English].
D. M. Mathkor et al., “Multirole of the Internet of Medical Things (IoMT) in biomedical systems for managing smart healthcare systems: An overview of current and future innovative trends,” Journal of Infection and Public Health, 2024, doi: 10.1016/j.jiph.2024.01.013 [in English].
A. Reji, B. Pranggono, J. Marchang, and A. Shenfield, “Anomaly Detection for the Internet-of-Medical-Things,” in Proc. 2023 IEEE Int. Conf. on Communications Workshops (ICC Workshops), IEEE, 2023, doi: 10.1109/iccworkshops57953.2023.10283523 [in English].
M. Tzanou, “The GDPR and (big) health data,” in Health Data Privacy under the GDPR, London: Routledge, 2020, pp. 3–22, doi: 10.4324/9780429022241-2 [in English].
“Understanding HIPAA Requirements,” Dental Abstracts, vol. 65, no. 5, p. 323, 2020, doi: 10.1016/j.denabs.2020.05.011 [in English].
Z. Wang, P. Ma, X. Zou, J. Zhang, and T. Yang, “Security of medical cyber-physical systems: An empirical study on imaging devices,” in Proc. IEEE INFOCOM 2020 – IEEE Conf. on Computer Communications Workshops (INFOCOM WKSHPS), IEEE, 2020, doi: 10.1109/infocomwkshps50562.2020.9162769 [in English].
Fruhlinger J. The OPM hack explained: Bad security practices meet China’s Captain America [Електронний ресурс] // CSO Online. – 2020. – Режим доступу: https://www.csoonline.com/article/566509/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html
Ameen A. H., Mohammed M. A., Rashid A. N. Enhancing security in IoMT: A blockchain-based cybersecurity framework for machine learning-driven ECG signal classification // Fusion: Practice and Applications. – 2024. – Vol. 14, No. 1. – P. 221–251. DOI: 10.54216/fpa.140117 https://doi.org/10.54216/fpa.140117
Bhushan B., Kumar A., Agarwal A. K. та ін. Towards a secure and sustainable Internet of Medical Things (IoMT): Requirements, design challenges, security techniques and future trends // Sustainability. – 2023. – Vol. 15, No. 7. – P. 6177. DOI: 10.3390/su15076177 https://doi.org/10.3390/su15076177
Durham H., Wynn-Pope P. Protecting the ‘helpers’: Humanitarians and health care workers during times of armed conflict // Yearbook of International Humanitarian Law 2011. – Vol. 14. – The Hague: T. M. C. Asser Press, 2012. – P. 327–346. DOI: 10.1007/978-90-6704-855-2_10 https://doi.org/10.1007/978-90-6704-855-2_10
Ghubaish A., Salman T., Zolanvari M. та ін. Recent advances in the Internet of Medical Things (IoMT) systems security // IEEE Internet of Things Journal. – 2020. – P. 1. DOI: 10.1109/jiot.2020.3045653 https://doi.org/10.1109/jiot.2020.3045653
Heidari S., Naseri M., Nagata K. Quantum selective encryption for medical images // International Journal of Theoretical Physics. – 2019. – Vol. 58, No. 11. – P. 3908–3926. DOI: 10.1007/s10773-019-04258-6 https://doi.org/10.1007/s10773-019-04258-6
Longi F. N., Patel L., Ahmed J. Training medical students to address cybersecurity threats on health care systems // Academic Medicine. – 2024. DOI: 10.1097/acm.0000000000005936 https://doi.org/10.1097/acm.0000000000005936
Mathkor D. M., Mathkor N., Bassfar Z. та ін. Multirole of the Internet of Medical Things (IoMT) in biomedical systems for managing smart healthcare systems: An overview of current and future innovative trends // Journal of Infection and Public Health. – 2024. DOI: 10.1016/j.jiph.2024.01.013 https://doi.org/10.1016/j.jiph.2024.01.013
Reji A., Pranggono B., Marchang J., Shenfield A. Anomaly Detection for the Internet of Medical Things // Proc. 2023 IEEE Int. Conf. on Communications Workshops (ICC Workshops). – IEEE, 2023. DOI: 10.1109/iccworkshops57953.2023.10283523 https://doi.org/10.1109/iccworkshops57953.2023.10283523
Tzanou M. The GDPR and (big) health data // Health Data Privacy under the GDPR. – London: Routledge, 2020. – P. 3–22. DOI: 10.4324/9780429022241-2 https://doi.org/10.4324/9780429022241-2
Understanding HIPAA Requirements // Dental Abstracts. – 2020. – Vol. 65, No. 5. – P. 323. DOI: 10.1016/j.denabs.2020.05.011 https://doi.org/10.1016/j.denabs.2020.05.011
Wang Z., Ma P., Zou X., Zhang J., Yang T. Security of medical cyber-physical systems: An empirical study on imaging devices // Proc. IEEE INFOCOM 2020 – IEEE Conf. on Computer Communications Workshops (INFOCOM WKSHPS). – IEEE, 2020. DOI: 10.1109/infocomwkshps50562.2020.9162769 https://doi.org/10.1109/infocomwkshps50562.2020.9162769
