Mitigating Security Threats in the Sharing of Medical Data
A Comprehensive Review
DOI:
https://doi.org/10.26512/lstr.v17i2.57418Keywords:
Cybersecurity. Medical data. Healthcare applications. Data breaches. Ransomware.Abstract
[Purpose] The medical field is one of the most regular targets of cybersecurity assaults, which occur extensively worldwide. Medical data security is of extreme importance. Medical data, often stored electronically, faces frequent attacks from both internal and external sources during transmission and storage. Data breaches are an important concern in the healthcare industry. Attackers may target medical data for financial gain or identity theft. Even a single breach can expose sensitive patient information.
[Methodology/approach/design] Cybersecurity measures are critical for safeguarding patient information and maintaining the integrity of healthcare applications in an increasingly digital healthcare landscape.
[Findings] Legal software systems with updated software are essential, along with ensuring that the medical data is only accessible to authorised persons.
[Practical implications] This paper explores the areas of cybersecurity relevant to healthcare applications, emphasizing the risks posed by well-known threats such as WannaCry, Medjack, NotPetya, and brainjacking.
References
Abd Elminaam, D., Abdual Kader, H.M. and Hadhoud, M.M. (2010) Evaluation of the Performance of Symmetric Encryption Algorithms. International Journal of Network Security, 10, 216-222.
Ahmad Almogren, Irfan Mohiuddin, Ikram Ud Din, Hisham Al Majed, and Nadra Guizani. Ftm-iomt: Fuzzy-based trust management for preventing sybil attacks in internet of medical things. IEEE Internet of Things Journal, 2020.
Akbanov, M., Vassilakis, V. G., & Logothetis, M. D. (2019a). WannaCry Ransomware: Analysis of infection, persistence, recovery prevention and propagation mechanisms. Journal of Telecommunications and Information Technology, 1(2019), 113-124. https://doi.org/10.26636/jtit.2019.130218
Akbanov, M., Vassilakis, V. G., & Logothetis, M. D. (2019b). Ransomware detection and mitigation using software-defined networking: The case of WannaCry. Computers & Electrical Engineering, 76, 111-121. https://doi.org/10.1016/j.compeleceng.2019.03.012
Akbanov, M., Vassilakis, V., Moscholios, I. D., & Logothetis, M. D. (2018). Static and dynamic analysis of WannaCry ransomware. ResearchGate. https://www.researchgate.net/publication/332144343_Static_and_Dynamic_Analysis_of_WannaCry_Ransomware
Ali, A.; Pasha, M.F.; Ali, J.; Fang, O.H.; Masud, M.; Jurcut, A.D.; Alzain, M.A. Deep learning based homomorphic secure search-able encryption for keyword search in blockchain healthcare system: A novel approach to cryptography. Sensors 2022, 22, 528.
Almalawi, A., Khan, A. I., Alsolami, F., Abushark, Y. B., & Alfakeeh, A. S. (2023). Managing security of healthcare data for a modern healthcare system. Sensors, 23(7), 3612. https://doi.org/10.3390/s23073612
Alsubaei, F. S., Abuhussein, A., Shandilya, V., & Shiva, S. G. (2019). IOMT-SAF: Internet of Medical Things Security Assessment Framework. Internet of Things, 8, 100123. https://doi.org/10.1016/j.iot.2019.100123
Anuradha, M., Jayasankar, T., Prakash, N. B., Sikkandar, M. Y., Hemalakshmi, G. R., Bharatiraja, C., & Britto, A. S. F. (2021). IoT enabled cancer prediction system to enhance the authentication and security using cloud computing. Microprocessors and Microsystems, 80, 103301. https://doi.org/10.1016/j.micpro.2020.103301
Berr, J. (2017, May 16). "WannaCry" ransomware attack losses could reach $4 billion. CBS News. https://www.cbsnews.com/news/wannacry-ransomware-attacks-wannacry-virus-losses/
Betafred,Msmbaldwin,Justinha,tfosmark,martyav,Microsoft Security Bulletin MS17-010 - Critical.,2017
Butson, Christopher R., et al. "Patient-specific analysis of the volume of tissue activated during deep brain stimulation." Neuroimage 34.2 (2007): 661-670.
Cabaj, K., & Mazurczyk, W. (2016). Using Software-Defined networking for ransomware mitigation: the case of CryptoWall. IEEE Network, 30(6), 14-20. https://doi.org/10.1109/mnet.2016.1600110nm
ÇELİKTAŞ, Barış. (2018) "ISTANBUL TECHNICAL UNIVERSITY★ INFORMATICS INSTITUTE." .
Chaudhury, D. (2020). Brainjacking - The Shocking Cyber Security Threat in Healthcare. ITSecurityWire. https://itsecuritywire.com/featured/brainjacking-cybersecurity-threat/
Cisomag. (2022, February 28). How brainjacking became a new cybersecurity risk in health care. CISO MAG | CyberSecurity Magazine. https://cisomag.com/how-brainjacking-became-a-new-cybersecurity-risk-in-health-care/
Contreras, L. M., Truong, N. D., Eshraghian, J. K., Xu, Z., Huang, Z., Nikpour, A., & Kavehei, O. (2023). Neuromorphic Neuromodulation: Towards the next generation of on-device AI-revolution in electroceuticals. arXiv (Cornell University). https://doi.org/10.48550/arxiv.2307.12471
D. Storm, MEDJACK, Hackers hijacking medical devices to create backdoors in hospital networks, Comput.World,(2015),p.8 https://www.computerworld.com/article/2932371/cybercrime-hacking/medjack-hackers-hijacking-medical-devices-to-create-backdoors-in-hospital-networks.html (Accessed 19 February 2018).
Greenberg, A. (2019, November 5). How the Worst Cyberattack in History Hit American Hospitals. Slate Magazine. https://slate.com/technology/2019/11/sandworm-andy-greenberg-excerpt-notpetya-hospitals.html
Hamouda, B. E. H. H. (2020). Comparative study of different cryptographic algorithms. Journal of Information Security, 11(03), 138-148. https://doi.org/10.4236/jis.2020.113009
Haque, Nur Imtiazul, et al. "A novel framework for threat analysis of machine learning-based smart healthcare systems." arXiv preprint arXiv:2103.03472 (2021).
Hockey, A. (2020). Uncovering the cyber security challenges in healthcare. Network Security, 2020(4), 18-19. https://doi.org/10.1016/s1353-4858(20)30046-5
I. Thompson, "Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide," The Register, 28-Jun-2017. [Online] Available: https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/
Jones, S. (2017, May 12). What is WannaCry and how can it be stopped? Financial Times. https://www.ft.com/content/af74e3f4-373d-11e7-99bd-13beb0903fa3
Jump, Michelle. "Fighting cyberthreats with technology solutions." Biomedical instrumentation & technology 53.1 (2019): 38-43.
Karule, K.P. and Nagrale, N.V. (2016) Comparative Analysis of Encryption Algorithms for Various Types of Data Files for Data Security. International Journal of Scientific Engineering and Applied Science, 2, 495-498.
Kirsch, Zach, and Ming Chow. "Quantum computing: The risk to existing encryption methods." Retrieved from URL: http://www. cs. tufts. edu/comp/116/archive/fall2015/zkir sch. pdf (2015).
Koujalagi, Ashok, Shweta Patil, and Praveen Akkimaradi. "The wannacry ransomeware, a mega cyber attack and their consequences on the modern india." International Journal of Management Information Technology and Engineering 6.4 (2018): 1-4.
L. Pycroft, S.G. Boccard, S.L.F. Owen, J.F. Stein, J.J. Fitzgerald, A.L. Green, T.Z. Aziz, Brainjacking implant security issues in invasive neuromodulation, World Neurosurg. 92 (2016)454-462, http://dx.doi.org/10.1016/j.wneu.2016.05.010
L.Evenstad, NHS trust recovers after cyber-attack, Comput. Wkly, (2016) http://www.computerweekly.com/news/450402278/NHS-trust-recovers-after-cyber-attack (Accessed 19 February 2018).
Laiphrakpam, D. S., and Khumanthem, M. S.,Medical image encryption based on improved ElGamal encryption technique. Optik 147:88-102, 2017.
Lika, Reyner Aranta, et al. "NotPetya: cyber attack prevention through awareness via gamification." 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE). IEEE, 2018.
M. Smith, MEDJACK 2: Old malware used in new medical device hijacking attacks to breach hospitals, Network World. (2016). https://www.csoonline.com/article/556739/medjack-2-old-malware-used-in-new-medical-device-hijacking-attacks-to-breach-hospitals.html
Meggitt, Sinclair. "Medjack attacks: The scariest part of the hospital." (2018).
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal of Advanced Research in Computer Science, 8(5), 1938-1940. https://doi.org/10.26483/ijarcs.v8i5.4021
Monday's Ransomware Attack Fails to Dent India, Says Minister: 10 Facts. (n.d.). NDTV.com.,2017 https://www.ndtv.com/india-news/ransomware-wannacry-surfaces-in-kerala-bengal-10-facts-1693806
N.C.S. Centre, 10 Steps to Cyber Security, (2016).
National Audit Office. Investigation: WannaCry cyber-attack and the NHS. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf (2017).
OGU, R. E. "MITIGATING THE HARMFUL EFFECTS OF RANSOMWARE: THE AMALGAMATED APPROACH."
P. Farrell, The Medicare machine: patient details of any Australian for sale on darknet, Guard, (2017) https://www.theguardian.com/australia-news/2017/jul/04/the-medicare-machine-patient-details-of-any-australian-for-sale-on-darknet (Accessed 2 March 2018).
Pycroft, L., Boccard, S., Owen, S., Stein, J., FitzGerald, J. J., Green, A. L., & Aziz, T. Z. (2016). Brainjacking: Implant security issues in invasive neuromodulation. World Neurosurgery, 92, 454-[472. https://doi.org/10.1016/j.wneu.2016.05.010
Rashmi V Deshmukh and Kailas K Devadkar. Understanding ddos attack & its effect in cloud environment. Procedia Computer Science, 49:202- 210, 2015.
Rathore, H., Al-Ali, A., Mohamed, A., Du, X., & Guizani, M. (2017). DLRT: Deep Learning Approach for Reliable Diabetic Treatment. GLOBECOM 2017-2017 IEEE Global Communications Conference. https://doi.org/10.1109/glocom.2017.8255028
Rathore, H., Wenzel, L., Al-Ali, A., Mohamed, A., Du, X., & Guizani, M. (2018). Multi-Layer Perceptron model on chip for secure diabetic treatment. IEEE Access, 6, 44718-44730. https://doi.org/10.1109/access.2018.2854822
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Khan, R. A. (2020). Healthcare data breaches: Insights and implications. Healthcare, 8(2), 133. https://doi.org/10.3390/healthcare8020133
Shankar K. and Eswaran P. (2018). RGB based multiple share creation in visual cryptography with aid of elliptic curve cryptography. China Commun Vol. 14 No. 2,118-130.
Shankar, K., and Eswaran, P., Sharing a secret image with encapsulated shares in visual cryptography. Procedia Comput. Sci. 70: 462-468, 2015.
Staff, R. (2017, June 21). Honda halts Japan car plant after WannaCry virus hits computer network. U.S. https://www.reuters.com/article/us-honda-cyberattack-idUSKBN19C0EI
Storm D. MEDJACK: Hackers hijacking medical devices to create backdoors in hospital networks. https://www.computerworld.com/article/2932371/medjack-hackers-hijacking-medical-devices-to-create-backdoors-in-hospital-networks.html (2015). Accessed 15 Dec 2020.
T. Wehbe, V. Mooney, A. Javaid, and O. Inan. A novel physiological features-assisted architecture for rapidly distinguishing health problems from hardware trojan attacks and errors in medical devices. In IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pages 106-109, 2017.
Thilagam, K., Beno, A., Lakshmi, M., Wilfred, C. B., George, S. M., Karthikeyan, M., Vijayakumar, P., Ramesh, C., & Karunakaran, P. (2022). Secure IoT Healthcare Architecture with Deep Learning-Based Access Control System. Journal of Nanomaterials, 2022, 1-8. https://doi.org/10.1155/2022/2638613
Vahab Pournaghshband, Majid Sarrafzadeh, and Peter Reiher. Securing legacy mobile medical devices. In International Conference on Wireless Mobile Communication and Healthcare, pages 163-172. Springer, 2012
What is WannaCry ransomware? (2023, July 6). www.kaspersky.com. https://www.kaspersky.com/resource-center/threats/ransomware-wannacry
Wikipedia contributors. (2023). WannaCry ransomware attack. Wikipedia. https://en.wikipedia.org/wiki/WannaCry_ransomware_attack#Affected_organisations
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Law, State and Telecommunications Review
This work is licensed under a Creative Commons Attribution 4.0 International License.
By submitting this paper to the Law, State and Telecommunications Review,
I hereby declare that I agree to the terms of the Creative Commons Attribution 4.0 International (CC BY 4.0).
