Process-Aware Attacks on Medication Control of Type-I Diabetics Using Infusion Pumps

George Stergiopoulos, Panayiotis Kotzanikolaou, Charalambos Konstantinou, Achilleas Tsoukalis

Research output: Contribution to journalArticlepeer-review

2 Scopus citations

Abstract

As medical infusion pumps are known to be vulnerable to cybersecurity threats, industrial reports, guidelines, and state-of-the art research have focused on securing such devices. This includes hardening a pump's network communications, wireless interfaces, and patching software flaws that can allow adversaries to compromise the device's usability and potentially lead to adverse effects on patients. Still, a very small percentage of this work has focused on securing devices against process-aware attacks that target the business logic behind medical treatment processes, even though it is widely known that deviations or disruptions in continuous medication administration may be harmful, even lethal. In this work, we first develop a threat model on an insulin infusion pump used for blood glucose regulation in Type-I diabetics. We then set up a generalized Simulink model of common insulin pumps used for Type-I diabetic treatment and perform a volume control assessment to investigate the probability of process-aware cyber-attacks to cause patient harm through microalterations on continuous medical administration that stay within operational limits but manage to impact a patient's health. We achieve this by manipulating the business process logic behind semiautomatic drug administration on the insulin pump model that uses continuous glucose monitoring systems. We validate attack models capable of causing adverse impact on patients through performance degradation of the drug administration processes.
Original languageEnglish (US)
Pages (from-to)1-12
Number of pages12
JournalIEEE Systems Journal
DOIs
StatePublished - Jan 25 2023

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Process-Aware Attacks on Medication Control of Type-I Diabetics Using Infusion Pumps'. Together they form a unique fingerprint.

Cite this