Systematic Threat Analysis of Modern Unified Healthcare Communication Systems.

Recently, smart medical devices have become prevalent in remote monitoring of patients and the delivery of medication. The ongoing Covid-19 pandemic situation has boosted the upward trend of the popularity of smart medical devices in the healthcare system. Simultaneously, different device manufacturers and technologies compete for a share in a smart medical device's market, which forces the integration of diverse smart medical devices into a common healthcare ecosystem. Hence, modern unified healthcare communication systems (UHCSs) combine ISO/IEEE 11073 and Health Level Seven (HL7) communication standards to support smart medical devices' interoperability and their communication with healthcare providers. Despite their advantages in supporting various smart medical devices and communication technologies, these standards do not provide any security and suffer from vulnerabilities. Existing studies provide stand-alone security solutions to components of UHCSs and do not cover UHCSs holistically. In this paper, we perform a systematic threat analysis of UHCSs that relies on attack-defense tree (ADTree) formalisms. Considering the attack landscape and defense ecosystem, we build an ADTree for UHCSs and convert the ADTree to stochastic timed automata (STA) to perform quantitative analysis. Our analysis using UPPAAL SMC shows that the Man-in-theMiddle and unauthorized remote access attacks are the most probable attacks that a malicious entity could pursue, causing mistreatment to patients. We also extract valuable information about the top threats, the likelihood of performing different individual and simultaneous attacks, and the expected cost for attackers.