Cyber-physical systems security: A systematic review

Harkat, Houda; Camarinha-Matos, Luis M.; Goes, João; Ahmed, Hasmath F.T.

doi:10.1016/j.cie.2024.109891

Cited by 13 publications

(1 citation statement)

References 150 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Alhuwail et al (2021) recommends "targeted bottom-up approach via personalized outreach, in-person contacts, and frequent announcements throughout the workflow" (Alhuwail et al, 2021). In conjunction with proper training, devices in the healthcare infrastructure's network should be assessed, updated and/or configured properly prior to being introduced to the overall network, especially over time with regards to software life cycles (Otieno et al, 2023;Phiri, 2023;Harkat et al, 2024;Dadkhah et al, 2024). A core principle highlighting the necessity of this approach lies in the notion that a single vulnerability is sufficient for a malicious actor to access, move laterally or gain privileges in a system and that understanding the risk of each vulnerability allows for holistic comprehension and aids security teams as they work toward building resistance.…”

Section: Mitigation and Prevention Strategiesmentioning

confidence: 99%

Botnets in Healthcare: Threats, Vulnerabilities, and Mitigation Strategies

Barnett,

Womack,

Brito

et al. 2024

eccws

View full text Add to dashboard Cite

The increasing digitization of healthcare systems has introduced new opportunities to improve efficiency and accessibility for medical professionals and patients. Examples include the simplified collection, storage, and organization of patient data using electronic health records (EHRs), the use of teleconferencing software like Zoom to allow patients to meet with their care providers remotely, and medical IoT devices like glucose monitors, pacemakers, and other remote patient monitoring devices that leverage software and the internet to provide patients and their healthcare providers with critical information. All of these use cases are examples of how technology can increase the quality of patient care. While the healthcare industry has realized many benefits from its increased investment in new technology, trends have shown that this increased utilization has also opened avenues for malicious cyber actors. One of these threats is botnets. These malicious networks of compromised computers, controlled by cybercriminals, can wreak havoc on all sectors of society, with the healthcare industry proving to be a desirable target. This research is a high-level analysis that investigates the threat botnets pose by employing an exploratory review. We identify the multifaceted nature of botnet threats in healthcare, analyzing their standard forms and the vulnerabilities inherent in healthcare infrastructures, ranging from outdated software to inadequate cybersecurity protocols to poor or total lack of security awareness training for staff. Moreover, the various techniques botnets use to propagate are explored to elucidate the potential points of exploitation and the damage they can cause organizations when proper controls are not implemented. These negative consequences include data breaches, service disruptions, and compromised patient confidentiality, which can endanger medical staff and patients if not addressed. This paper then discusses proven mitigation strategies such as end-user awareness, traffic monitoring, and detection response tools that organizations can employ to reduce the potential and efficacy of such threats. The threat landscape will continue to evolve; however, by staying on top of the latest trends, we can ensure the security of such critical infrastructure and save lives.

show abstract