A cybersecurity review of healthcare industry
- CILLERUELO RODRÍGUEZ, CARLOS
- José Javier Martínez Herráiz Director
- Luis de Marcos Ortega Codirector/a
Universidad de defensa: Universidad de Alcalá
Fecha de defensa: 21 de marzo de 2023
- Álvaro Ortigosa Presidente/a
- Luis Fernández Sanz Secretario/a
- José A. Calvo-Manzano Villalón Vocal
Tipo: Tesis
Resumen
The development of novel cybersecurity detection methods has failed to stop the increase in cybersecurity incidents. This has led to a difficult situation, where many companies are being affected by cybersecurity incidents [2][3][4][5]. The development of measures capable of stopping and detecting these attacks is especially relevant in critical infrastructures, such as healthcare services. In this thesis, a cybersecurity review, analysis of threats and development of novel cybersecurity techniques is presented. This thesis follows an experimental and deductive method consisting of three papers. The first paper is centred on developing new techniques of malware detection based on the usage of artificial intelligence. This research was able to develop a method for detecting potentially unwanted and malicious applications in mobile environments. The second publication looked to identify and detect threats and stolen information from healthcare services on darknets [13]. This research led to the discovery and proof of the interconnection between different darknets. The last publication is focused on analyzing the security of medical devices. To carry out this research, a medical device, a portable electrocardiograph [14], was tested. These tests were able to discover multiple cybersecurity vulnerabilities. Proving the necessity for the development of novel detection and protection methods applicable to the Healthcare Industry. On top of that, multiple medical devices present minimal or no cybersecurity features. It is necessary to develop transition contingency measures. The usage of medical devices with cybersecurity features by healthcare services will probably be a process that will not be achieved in years but decades. Finally, regarding stolen information, darknets; in particular the Tor network [15], have become a key point in the Ransomware as a Business (RaaB) model [5]. Several of the victims publicised by these groups have turned out to be health services [16][17], proving the need and interest in the study of such networks.