Vulnerability Analysis in Medical Grade OT Equipment at the SOLCA Nucleus Hospital in Quito
DOI:
https://doi.org/10.29166/ingenio.v7i1.5935Keywords:
OT Equipment, SOLCA, health, information security, Tenable OT, Vulnerabilities, informatics riskAbstract
The importance of the information security contained in the medical equipment of a Hospital System (HS) is crucial for monitoring the patient's health status. The HS relies on increasingly technologically advanced equipment due to the scope of the results; these are connected to the HS network. Without proper control in administration, they can be vulnerable to cyberattacks, disrupting the normal functioning of the hospital network and compromising a patient's medical history, endangering their health. The medical interest arises in protecting the Operational Technology (OT) equipment, which supports real-time industrial and critical processes within an HS, in order to safeguard patient information. Hospital Solca Quito will conduct a vulnerability analysis using the Tenable OT tool, identifying assets, risks, and immediate actions, enabling working in a secure way.
Downloads
Metrics
References
S. F. Ahmed, M. S. Bin Alam, S. Afrin, S. J. Rafa, N. Rafa, and A. H. Gandomi, “Insights into Internet of Medical Things (IoMT): Data fusion, security issues and potential solutions,” Inf. Fusion, p. 102060, Sep. 2023, doi: 10.1016/j.inffus.2023.102060. DOI: https://doi.org/10.1016/j.inffus.2023.102060
H. Verma, N. Chauhan, and L. K. Awasthi, “A Comprehensive review of ‘Internet of Healthcare Things’: Networking aspects, technologies, services, applications, challenges, and security concerns,” Comput. Sci. Rev., vol. 50, p. 100591, Nov. 2023, doi: 10.1016/j.cosrev.2023.100591. DOI: https://doi.org/10.1016/j.cosrev.2023.100591
S. A. Wagan, J. Koo, I. F. Siddiqui, M. Attique, D. R. Shin, and N. M. F. Qureshi, “Internet of medical things and trending converged technologies: A comprehensive review on real-time applications,” J. King Saud Univ. - Comput. Inf. Sci., vol. 34, no. 10, pp. 9228–9251, Nov. 2022, doi: 10.1016/j.jksuci.2022.09.005. DOI: https://doi.org/10.1016/j.jksuci.2022.09.005
P. O. Iyiewuare, I. D. Coulter, M. D. Whitley, and P. M. Herman, “Researching the Appropriateness of Care in the Complementary and Integrative Health Professions Part 2: What Every Researcher and Practitioner Should Know About the Health Insurance Portability and Accountability Act and Practice-based Research in the United States,” J. Manipulative Physiol. Ther., vol. 41, no. 9, pp. 807–813, Nov. 2018, doi: 10.1016/j.jmpt.2018.11.003. DOI: https://doi.org/10.1016/j.jmpt.2018.11.003
L. Gupta, T. Salman, A. Ghubaish, D. Unal, A. K. Al-Ali, and R. Jain, “Cybersecurity of multi-cloud healthcare systems: A hierarchical deep learning approach,” Appl. Soft Comput., vol. 118, p. 108439, Mar. 2022, doi: 10.1016/j.asoc.2022.108439. DOI: https://doi.org/10.1016/j.asoc.2022.108439
A. Orozco, "Sobrevida libre de enfermedad en pacientes con cáncer de recto localmente avanzado que recibieron quimio-radioterapia en Hospital SOLCA Quito", vol. 33, no. 1, pp.89, Quito, 2022.
D. Citharthan, M. Varatharaj, and P. Rajan, "Role of Cryptography and Its Challenges in Integrating Secured IoT Products", no. November, 2020. doi: 10.1201/9781003032441-3. DOI: https://doi.org/10.1201/9781003032441-3
J. F. Andrade, “Ciberseguridad y Salud,” INNDEV - Innov. Dev. Ciencias del Sur, vol. 2, no. 1, pp. 1–11, 2023, [Online]. Available: https://www.itscs-cicc.com/ojs/index.php/inndev/article/download/47/17
J. García and L. Herrero, “La ciberdefensa en los sistemas de información sanitarios militares,” vol. 76, no. 3, pp. 140–142, 2020, doi: 10.4321/S1887-85712020000300001.
S. T. Argaw et al., “Cybersecurity of Hospitals: Discussing the challenges and working towards mitigating the risks,” BMC Med. Inform. Decis. Mak., vol. 20, no. 1, pp. 1–10, 2020, doi: 10.1186/s12911-020-01161-7. DOI: https://doi.org/10.1186/s12911-020-01161-7
B. C. Santamaría, “concepto de tres herramientas de gestión y análisis de vulnerabilidades,” 2021.
C. Liu, Y. Alrowaili, N. Saxena, and C. Konstantinou, “Cyber risks to critical smart grid assets of industrial control systems,” Energies, vol. 14, no. 17, pp. 0–19, 2021, doi: 10.3390/en14175501. DOI: https://doi.org/10.3390/en14175501
H. Pulkkinen, “SAFE SECURITY SCANNING OF A PRO- DUCTION STATE AUTOMATION Master of Science Thesis,” December, 2022.
H. D. E. Datos, “Tenable.otTM,” 2023.
E. L. D. D. E. La, “DE CIBERSEGURIDAD INDUSTRIAL,” 2023.
T. Yaqoob, H. Abbas, and M. Atiquzzaman, “Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices—A Review,” IEEE Commun. Surv. Tutorials, vol. 21, no. 4, pp. 3723–3768, 2019, doi: 10.1109/COMST.2019.2914094. DOI: https://doi.org/10.1109/COMST.2019.2914094
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Gerardo Iván Cajamarca Méndez , Mario Giovanny Ron Gavi, María Gabriela Vera, María Karina Alvarado Figueroa, Bryan Alexander Cajamarca Albán
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
