当前位置:首页 > 报告详情

MEDSHIELD:面向互联物联网护理的主动威胁建模框架.pdf

上传人: 可*** 编号:991761 2025-12-07 19页 1.59MB

1、MEDSHIELDProactive Threat Modeling Framework for Connected IoT CareMeet the PresentersDr.Jennifer Schieferle Uhlenbrock Dr.Deepti GuptaThe Spark Sequence Problem:Adversarial exploitation of medical devices,robotics,and smart hospital systems has emerged as a critical challenge as healthcare environm

2、ents embrace interconnected,IoMT enabled equipment.Objective:Design and run a heavyweight threat-modeling framework that maps attack surfaces across interconnected clinical systems,quantify impact and patient-safety impact,prioritize,close attacker paths against healthcare systems,and mandate mitiga

3、tions with owners,timelines,and verification.Notable U.S.Healthcare BreachesBreachApproximate DateScale/Who AffectedWhat Happened/Key IssuesUnited Health/Change HealthcareEarly 2025;disclosed JanFeb 2025190 million people affectedData exposed includes member IDs,diagnoses,treatment info,social secur

4、ity numbers,billing codes.Massive scale,wide ripple effects.(Reuters)New York Blood Center(NYBCe)Breach occurred Jan 20-26,2025;reported mid-2025194,000 individualsExposure of names,SSNs,drivers license numbers,bank account info(for direct deposit),medical test results.(Toms Guide)Aspire Rural Healt

5、h System(Michigan)Access:Nov 4,2024 Jan 6,2025;disclosed mid-2025138,000 individualsUnauthorized access to internal systems.Data possibly exposed includes SSNs,financial/medical data,insurance information,biometric identifiers.(Huron Daily Tribune)Ascension Healthcare SystemMay 2024(attack),with dis

6、ruption into following weeks/monthsNot fully clear how many records;but thousands of records/patient medical records inaccessible;class-action lawsuitsRansomware group“Black Basta”blamed.Attack made patient medical records unavailable for a period.Care disruptions etc.(Wikipedia)Visionworks of Ameri

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《MEDSHIELDProactive Threat Modeling Framework for Connected IoT Care》的内容,以下是全文关键点的概括: 1. **医疗设备威胁模型框架**:旨在设计并运行一个全面的威胁模型框架,以应对医疗设备、机器人系统和智能医院系统的对抗性攻击。 2. **美国医疗数据泄露事件**:2025年初,联合健康公司、纽约血液中心、Aspire农村健康系统、Ascension医疗保健系统和Visionworks of America等均发生了大规模数据泄露事件。 3. **威胁模型**:PASTA、STRIDE、Trike和VAST等模型在特定领域表现良好,但往往忽略了IT、生物医学和临床运营之间的缝隙。 4. **MEDSHIELD框架**:专注于IoT和OT,采用以任务为导向、以映射为驱动的框架,整合技术、运营和人为因素,并考虑临床影响。 5. **医疗挑战**:包括IoMT设备数量庞大、设备打补丁困难、临床安全优先、复杂的所有权问题以及合规性要求。 6. **案例研究**:通过一个放射科工作站被勒索软件攻击的案例,展示了如何应用MEDSHIELD框架进行威胁建模和缓解措施。 7. **威胁类型**:包括数据泄露、访问控制攻击和医疗设备中毒等。 8. **MEDSHIELD应用**:为医疗设备制造商、CISO、安全架构师、临床工程师、生物医学技术人员、安全分析师、威胁猎手和监管/政策顾问提供指导。 9. **最终目标**:将威胁建模转化为管理层情报,提高医疗保健系统的安全性。
安全漏洞如何影响患者?" 如何防范未雨绸缪?" 如何守护智能医院安全?"
客服
商务合作
小程序
服务号
折叠