A cybersecurity review of healthcare industry

  1. CILLERUELO RODRÍGUEZ, CARLOS
Dirigida per:
  1. José Javier Martínez Herráiz Director
  2. Luis de Marcos Ortega Codirector

Universitat de defensa: Universidad de Alcalá

Fecha de defensa: 21 de de març de 2023

Tribunal:
  1. Álvaro Ortigosa President/a
  2. Luis Fernández Sanz Secretari
  3. José A. Calvo-Manzano Villalón Vocal
Departament:
  1. Ciencias de la Computación

Tipus: Tesi

Teseo: 801395 DIALNET lock_openTESEO editor

Resum

The development of novel cybersecurity detection methods has failed to stop the increase in cybersecurity incidents. This has led to a difficult situation, where many companies are being affected by cybersecurity incidents [2][3][4][5]. The development of measures capable of stopping and detecting these attacks is especially relevant in critical infrastructures, such as healthcare services. In this thesis, a cybersecurity review, analysis of threats and development of novel cybersecurity techniques is presented. This thesis follows an experimental and deductive method consisting of three papers. The first paper is centred on developing new techniques of malware detection based on the usage of artificial intelligence. This research was able to develop a method for detecting potentially unwanted and malicious applications in mobile environments. The second publication looked to identify and detect threats and stolen information from healthcare services on darknets [13]. This research led to the discovery and proof of the interconnection between different darknets. The last publication is focused on analyzing the security of medical devices. To carry out this research, a medical device, a portable electrocardiograph [14], was tested. These tests were able to discover multiple cybersecurity vulnerabilities. Proving the necessity for the development of novel detection and protection methods applicable to the Healthcare Industry. On top of that, multiple medical devices present minimal or no cybersecurity features. It is necessary to develop transition contingency measures. The usage of medical devices with cybersecurity features by healthcare services will probably be a process that will not be achieved in years but decades. Finally, regarding stolen information, darknets; in particular the Tor network [15], have become a key point in the Ransomware as a Business (RaaB) model [5]. Several of the victims publicised by these groups have turned out to be health services [16][17], proving the need and interest in the study of such networks.