Table of Contents
Fetching ...

Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices

Isabel Straw, Akhil Polamarasetty, Mustafa Jaafar

TL;DR

IPV survivors relying on connected healthcare devices face multi-vector threats not captured by traditional MedTech cybersecurity models. The authors develop hazard-integrated threat trees that fuse CPS safety data with tech-abuse concepts and validate them through an immersive live simulation focusing on IoMT devices like insulin pumps and BLE hearing aids. They identify threat pathways across confidentiality, integrity, availability, and reveal substantial gaps in forensic readiness and device-awareness among practitioners. The work calls for IoMT-aware engineering, governance, and training to reduce harm and improve evidence collection in technology-facilitated abuse scenarios.

Abstract

Individuals experiencing interpersonal violence (IPV), who depend on medical devices, represent a uniquely vulnerable population as healthcare technologies become increasingly connected. Despite rapid growth in MedTech innovation and "health-at-home" ecosystems, the intersection of MedTech cybersecurity and technology-facilitated abuse remains critically under-examined. IPV survivors who rely on therapeutic devices encounter a qualitatively different threat environment from the external, technically sophisticated adversaries typically modeled in MedTech cybersecurity research. We address this gap through two complementary methods: (1) the development of hazard-integrated threat models that fuse Cyber physical system security modeling with tech-abuse frameworks, and (2) an immersive simulation with practitioners, deploying a live version of our model, identifying gaps in digital forensic practice. Our hazard-integrated CIA threat models map exploits to acute and chronic biological effects, uncovering (i) Integrity attack pathways that facilitate "Medical gaslighting" and "Munchausen-by-IoMT", (ii) Availability attacks that create life-critical and sub-acute harms (glycaemic emergencies, blindness, mood destabilization), and (iii) Confidentiality threats arising from MedTech advertisements (geolocation tracking from BLE broadcasts). Our simulation demonstrates that these attack surfaces are unlikely to be detected in practice: participants overlooked MedTech, misclassified reproductive and assistive technologies, and lacked awareness of BLE broadcast artifacts. Our findings show that MedTech cybersecurity in IPV contexts requires integrated threat modeling and improved forensic capabilities for detecting, preserving and interpreting harms arising from compromised patient-technology ecosystems.

Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices

TL;DR

IPV survivors relying on connected healthcare devices face multi-vector threats not captured by traditional MedTech cybersecurity models. The authors develop hazard-integrated threat trees that fuse CPS safety data with tech-abuse concepts and validate them through an immersive live simulation focusing on IoMT devices like insulin pumps and BLE hearing aids. They identify threat pathways across confidentiality, integrity, availability, and reveal substantial gaps in forensic readiness and device-awareness among practitioners. The work calls for IoMT-aware engineering, governance, and training to reduce harm and improve evidence collection in technology-facilitated abuse scenarios.

Abstract

Individuals experiencing interpersonal violence (IPV), who depend on medical devices, represent a uniquely vulnerable population as healthcare technologies become increasingly connected. Despite rapid growth in MedTech innovation and "health-at-home" ecosystems, the intersection of MedTech cybersecurity and technology-facilitated abuse remains critically under-examined. IPV survivors who rely on therapeutic devices encounter a qualitatively different threat environment from the external, technically sophisticated adversaries typically modeled in MedTech cybersecurity research. We address this gap through two complementary methods: (1) the development of hazard-integrated threat models that fuse Cyber physical system security modeling with tech-abuse frameworks, and (2) an immersive simulation with practitioners, deploying a live version of our model, identifying gaps in digital forensic practice. Our hazard-integrated CIA threat models map exploits to acute and chronic biological effects, uncovering (i) Integrity attack pathways that facilitate "Medical gaslighting" and "Munchausen-by-IoMT", (ii) Availability attacks that create life-critical and sub-acute harms (glycaemic emergencies, blindness, mood destabilization), and (iii) Confidentiality threats arising from MedTech advertisements (geolocation tracking from BLE broadcasts). Our simulation demonstrates that these attack surfaces are unlikely to be detected in practice: participants overlooked MedTech, misclassified reproductive and assistive technologies, and lacked awareness of BLE broadcast artifacts. Our findings show that MedTech cybersecurity in IPV contexts requires integrated threat modeling and improved forensic capabilities for detecting, preserving and interpreting harms arising from compromised patient-technology ecosystems.
Paper Structure (26 sections, 12 figures, 3 tables)

This paper contains 26 sections, 12 figures, 3 tables.

Figures (12)

  • Figure 1: The cyber physical system of our simulated scenario, involving an IPV victim dependent on two health technologies - (1) Connected Insulin Pump and (2) BLE Enabled Hearing Aids (HAs). The figure demonstrates two device ecosystems, containing the therapeutic devices themselves (Pump and HAs) and their associated connected technologies (Smartphone app/Patient programmer).
  • Figure 2: (nb. Larger figures available in Appendix 1.): Hazard-integrated Attack Trees for Confidentiality [C] Attacks on Healthcare Technologies. Examples are provided for our selected technologies of hearing aids and insulin pumps, unless the attack is deemed self-explanatory (e.g. adversary destroys device)
  • Figure 3: (nb. Larger figures available in Appendix 1.): Hazard-integrated Attack Trees for Integrity [I] Based Attacks on Connected Healthcare Technologies. Examples are provided for our selected technologies of hearing aids and insulin pumps, unless the attack is deemed self-explanatory.
  • Figure 4: (nb. Larger figures available in Appendix 1.): Hazard-integrated Attack Trees for Availability [A] Based Attacks on Connected Healthcare Technologies. Examples are provided for our selected technologies of hearing aids and insulin pumps, unless the attack is deemed self-explanatory.
  • Figure 5: A photo of the Medjacking simulation, with the ‘victim’ (dummy) positioned centrally, with connected and implanted MedTech in place on the body and additional connected devices positioned around the room.
  • ...and 7 more figures