Security of Medical Cyber-physical Systems: An Empirical Study on Imaging Devices

Recent years have witnessed a boom of connected medical devices, which brings security issues in the meantime. Medical imaging devices, an essential part of medical cyber-physical systems, play a vital role in modern hospitals and are often life-critical. However, security and privacy issues in these medical cyber-physical systems are sometimes ignored. In this paper, we perform an empirical study on imaging devices to analyse the security of medical cyber-physical systems. To be precise, we design a threat model and propose prospective attack techniques for medical imaging devices. To tackle potential cyber threats, we introduce protection mechanisms, evaluate the effectiveness and efficiency of protection mechanisms as well as its interplay with attack techniques. To scoring security, we design a hierarchical system that provides actionable suggestions for imaging devices in different scenarios. We investigate 15 devices from 9 manufacturers to demonstrate empirical comprehension and real-world security issues.