Publications
Our Publications

A Privacy-Preserving and Standard-Based Architecture for Secondary Use of Clinical Data
Information
2022, 13(2), 87

A Dynamic Cyber Security Situational Awareness Framework for Healthcare ICT Infrastructures
PCI 2021: 25th Pan-Hellenic Conference on Informatics
November 2021, Pages 334–339
The healthcare sectors have experienced a massive technical evolution over the past decade by integration of medical devices with IT at both physical and cyber level for a critical Health Care Information Infrastructure (HCII). HCII provides huge benefits for the health care service delivery but evolving digital interconnectivity among medical and IT devices has also changed the threat landscape. In particular, systems are now more exposed to the cyber-attacks due to sensitivity and criticality of patient health care information and accessibility of medical devices and this pose any potential disruption of healthcare service delivery. There is a need to enhance security and resilience of HCII. In this paper, we present a Cyber Security Situational Awareness Framework that aims to improve the security and resilience of the overall HCII. The framework aims to develop a novel dynamic Situational Awareness approach on the health care ecosystem. We consider bio inspired Swarm Intelligence and its inherent features with the main principles of the Risk and Privacy assessment and management and Incident handling to ensure security and resilience of healthcare service delivery.

The landscape of cybersecurity vulnerabilities and challenges in healthcare: Security standards and paradigm shift recommendations
ARES 2021: The 16th International Conference on Availability, Reliability and Security
August 2021, Article No.: 136, Pages 1-9

An integrated cyber security risk management framework and risk predication for the critical infrastructure protection
Neural Computing and Applications
Special Issue on Large Scale Neural Computing & Cybersecurity Opportunities Using Artificial Intelligence
February 2022

Cyberattack Path Generation and Prioritisation for Securing Healthcare Systems
Applied Sciences
2022, 12(9), 4443
Cyberattacks in the
healthcare sector are constantly increasing due to the increased usage of
information technology in modern healthcare and the benefits of acquiring a
patient healthcare record. Attack path discovery provides useful information to
identify the possible paths that potential attackers might follow for a
successful attack. By identifying the necessary paths, the mitigation of
potential attacks becomes more effective in a proactive manner. Recently, there
have been several works that focus on cyberattack path discovery in various
sectors, mainly on critical infrastructure. However, there is a lack of focus
on the vulnerability, exploitability and target user profile for the attack
path generation. This is important for healthcare systems where users commonly
have a lack of awareness and knowledge about the overall IT infrastructure.
This paper presents a novel methodology for the cyberattack path discovery that
is used to identify and analyse the possible attack paths and prioritise the
ones that require immediate attention to ensure security within the healthcare
ecosystem. The proposed methodology follows the existing published
vulnerabilities from common vulnerabilities and exposures. It adopts the common
vulnerability scoring system so that base metrics and exploitability features
can be used to determine and prioritise the possible attack paths based on the
threat actor capability, asset dependency and target user profile and evidence
of indicator of compromise. The work includes a real example from the
healthcare use case to demonstrate the methodology used for the attack path
generation. The result from the studied context, which processes big data from
healthcare applications, shows that the uses of various parameters such as CVSS
metrics, threat actor profile, and Indicator of Compromise allow us to generate
realistic attack paths. This certainly supports the healthcare practitioners in
identifying the controls that are required to secure the overall healthcare
ecosystem.