Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Systematically Assessing the Security Risks of AI/ML-enabled Connected Healthcare Systems

Mohammed Elnawawy, Mohammadreza Hallajiyan, Gargi Mitra, Shahrear Iqbal, Karthik Pattabiraman

TL;DR

The paper addresses security risks in AI/ML-enabled connected healthcare systems by systematically analyzing FDA-approved devices, mapping possible attacks on ML pipelines to peripheral vulnerabilities, and demonstrating a realistic BGMS case study. It combines cross-domain threat modeling with an end-to-end risk perspective and shows that existing risk assessment frameworks largely fail to capture multi-vendor, end-to-end risks, calling for novel methods. The BGMS case study and adversarial evaluation reveal that inference-time and training-time attacks can be practical and potentially fatal, reinforcing the need for end-to-end defenses and automated risk identification. Overall, the work highlights the practical significance of securing AI-enabled medical ecosystems and outlines concrete directions for future research, including automated risk identification, patient-specific risk profiling, and attack-resilient ML models.

Abstract

The adoption of machine-learning-enabled systems in the healthcare domain is on the rise. While the use of ML in healthcare has several benefits, it also expands the threat surface of medical systems. We show that the use of ML in medical systems, particularly connected systems that involve interfacing the ML engine with multiple peripheral devices, has security risks that might cause life-threatening damage to a patient's health in case of adversarial interventions. These new risks arise due to security vulnerabilities in the peripheral devices and communication channels. We present a case study where we demonstrate an attack on an ML-enabled blood glucose monitoring system by introducing adversarial data points during inference. We show that an adversary can achieve this by exploiting a known vulnerability in the Bluetooth communication channel connecting the glucose meter with the ML-enabled app. We further show that state-of-the-art risk assessment techniques are not adequate for identifying and assessing these new risks. Our study highlights the need for novel risk analysis methods for analyzing the security of AI-enabled connected health devices.

Systematically Assessing the Security Risks of AI/ML-enabled Connected Healthcare Systems

TL;DR

The paper addresses security risks in AI/ML-enabled connected healthcare systems by systematically analyzing FDA-approved devices, mapping possible attacks on ML pipelines to peripheral vulnerabilities, and demonstrating a realistic BGMS case study. It combines cross-domain threat modeling with an end-to-end risk perspective and shows that existing risk assessment frameworks largely fail to capture multi-vendor, end-to-end risks, calling for novel methods. The BGMS case study and adversarial evaluation reveal that inference-time and training-time attacks can be practical and potentially fatal, reinforcing the need for end-to-end defenses and automated risk identification. Overall, the work highlights the practical significance of securing AI-enabled medical ecosystems and outlines concrete directions for future research, including automated risk identification, patient-specific risk profiling, and attack-resilient ML models.

Abstract

The adoption of machine-learning-enabled systems in the healthcare domain is on the rise. While the use of ML in healthcare has several benefits, it also expands the threat surface of medical systems. We show that the use of ML in medical systems, particularly connected systems that involve interfacing the ML engine with multiple peripheral devices, has security risks that might cause life-threatening damage to a patient's health in case of adversarial interventions. These new risks arise due to security vulnerabilities in the peripheral devices and communication channels. We present a case study where we demonstrate an attack on an ML-enabled blood glucose monitoring system by introducing adversarial data points during inference. We show that an adversary can achieve this by exploiting a known vulnerability in the Bluetooth communication channel connecting the glucose meter with the ML-enabled app. We further show that state-of-the-art risk assessment techniques are not adequate for identifying and assessing these new risks. Our study highlights the need for novel risk analysis methods for analyzing the security of AI-enabled connected health devices.
Paper Structure (18 sections, 5 figures, 3 tables)

This paper contains 18 sections, 5 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Motivation and Background
  3. Blood Glucose Management: Background
  4. An ML-enabled Blood Glucose Management System
  5. Unique Security Risks in AI/ML-enabled Medical Systems
  6. Attacks on ML-Based Systems and Their Relevance in the Healthcare Domain
  7. Known Attacks on ML Algorithms Used by FDA-Approved Medical Devices
  8. Analyzing the Functionality and Vulnerability Landscape of FDA-approved (AI/ML)-Enabled Medical Devices
  9. Case Study
  10. Attack Description
  11. Experimental Setup
  12. Results
  13. Discussion: Attack Practicality and Broader Impact
  14. Risk Assessment Techniques Evaluation
  15. A Survey of Existing Techniques
  16. ...and 3 more sections

Figures (5)

  • Figure 1: A blood glucose management system that uses ML on the cloud, and interfaces with multiple peripheral devices.
  • Figure 2: RMSE of the benign model, the model attacked with fasting hyperglycemic blood glucose levels, and with postprandial hyperglycemic blood glucose levels.
  • Figure 3: Percentage of originally normal glucose instances that are misclassified as hyperglycemic.
  • Figure 4: Percentage of originally hypoglycemic glucose instances that are misclassified as hyperglycemic.
  • Figure 5: Security risk assessment techniques by manufacturers of FDA-approved ML-enabled medical systems based on fdapremarket