A Practical Experience Applying Security Audit Techniques in An Industrial Healthcare System

Healthcare institutions are an ever-innovative field, where modernization is advancing by leaps and bounds. This modernization, called “digitization”, brings with it some concerns that need to be taken into account. The aim of this work is to present away to combine the advantages of cybersecurity a...

Descripción completa

Detalles Bibliográficos
Autores: Gómez, Julián, Olivero González, Miguel Ángel, García García, Julián Alberto, Escalona Cuaresma, María José
Tipo de recurso: capítulo de libro
Estado:Versión aceptada para publicación
Fecha de publicación:2022
País:España
Institución:Universidad de Sevilla (US)
Repositorio:idUS. Depósito de Investigación de la Universidad de Sevilla
OAI Identifier:oai:idus.us.es:11441/168828
Acceso en línea:https://hdl.handle.net/11441/168828
https://doi.org/10.1007/978-3-030-93453-8_1
Access Level:acceso abierto
Palabra clave:Artificial intelligence
Cybersecurity
Healthcare
Pentesting
Security
Descripción
Sumario:Healthcare institutions are an ever-innovative field, where modernization is advancing by leaps and bounds. This modernization, called “digitization”, brings with it some concerns that need to be taken into account. The aim of this work is to present away to combine the advantages of cybersecurity and artificial intelligence to protect what is of most concern: electronic medical records and the privacy of patient data. Health-related data in healthcare systems are subject to strict regulations, such as the EU’s General Data Protection Regulation (GDPR), non-compliance with which imposes huge penalties and fines. Healthcare cybersecurity plays an important role in protecting this sensitive data, which is highly valuable to criminals. The methodology used to perform a security assessment process has been orchestrated with frameworks that make the audit process as comprehensive and organized as possible. The results of this study include a security audit on an industrial scenario currently in production. An exploitation and vulnerability analysis has been performed, and more that 450 vulnerabilities has been found. This chapter outlines a systematic approach using artificial intelligence to enable the system security team to facilitate the process of conducting a security audit taking into account the sensitivity of their systems.