《MEDSHIELD:面向互联物联网护理的主动威胁建模框架.pdf》由会员分享,可在线阅读,更多相关《MEDSHIELD:面向互联物联网护理的主动威胁建模框架.pdf(19页珍藏版)》请在三个皮匠报告上搜索。
1、MEDSHIELDProactive Threat Modeling Framework for Connected IoT CareMeet the PresentersDr.Jennifer Schieferle Uhlenbrock Dr.Deepti GuptaThe Spark Sequence Problem:Adversarial exploitation of medical devices,robotics,and smart hospital systems has emerged as a critical challenge as healthcare environm
2、ents embrace interconnected,IoMT enabled equipment.Objective:Design and run a heavyweight threat-modeling framework that maps attack surfaces across interconnected clinical systems,quantify impact and patient-safety impact,prioritize,close attacker paths against healthcare systems,and mandate mitiga
3、tions with owners,timelines,and verification.Notable U.S.Healthcare BreachesBreachApproximate DateScale/Who AffectedWhat Happened/Key IssuesUnited Health/Change HealthcareEarly 2025;disclosed JanFeb 2025190 million people affectedData exposed includes member IDs,diagnoses,treatment info,social secur
4、ity numbers,billing codes.Massive scale,wide ripple effects.(Reuters)New York Blood Center(NYBCe)Breach occurred Jan 20-26,2025;reported mid-2025194,000 individualsExposure of names,SSNs,drivers license numbers,bank account info(for direct deposit),medical test results.(Toms Guide)Aspire Rural Healt
5、h System(Michigan)Access:Nov 4,2024 Jan 6,2025;disclosed mid-2025138,000 individualsUnauthorized access to internal systems.Data possibly exposed includes SSNs,financial/medical data,insurance information,biometric identifiers.(Huron Daily Tribune)Ascension Healthcare SystemMay 2024(attack),with dis
6、ruption into following weeks/monthsNot fully clear how many records;but thousands of records/patient medical records inaccessible;class-action lawsuitsRansomware group“Black Basta”blamed.Attack made patient medical records unavailable for a period.Care disruptions etc.(Wikipedia)Visionworks of Ameri