Aims: The cardiac medical diagnosis system has been targeted by the cyber attackers, who aim to bring down the health security critical infrastructure. This research is motivated by the recent cyber-attacks happened during COVID 19 pandemics which resulted in the compromise of the diagnosis results. This study was carried to demonstrate how the cardiac medical diagnosis systems can be penetrated using AI-based Directory Discovery Attack and present solutions to counteract such attacks.
Methods and Results: This study used a simulated medical system (OpenEMR) with an embedded cardiac diagnosis component developed in our previous work. The system was fed with the ECGs data (retrieved from the PhysioNet/Computing in Cardiology Challenge 2017). We then followed the NIST (National Institute of Standards and Technology) ethical hacking methodology to launch AI-based Directory Discovery Attack, against the OWASP Top 10 vulnerabilities. We were able to successfully penetrate the system and gain access to the core of the cardiac diagnosis directories. We then proposed a series of security solutions to prevent such cyber-attacks.
Conclusions: In this research, we (1) demonstrated the how the cardiac medical diagnosis system can be penetrated using AI-based Directory Discovery Attack; (2) presented a series of security solutions to counteract AI-based Directory Discovery attacks. This study provides novel insights into the defense of cardiac medical diagnosis system and concluded that our AI based Directory Discovery attacks can penetrate the cardiac medical diagnosis system through accessing the Directory that has sensitive diagnosis information.
Future Work: Future work will focus on hacking into the core algorithms of the cardiac diagnosis, which can mislead the medical diagnosis and decision making. Future work will also consider a mature cardiac medical diagnosis system, such as the arrhythmia detection and classification in ambulatory ECGs developed by Andrew Y. Ng.