{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T04:24:33Z","timestamp":1754195073656,"version":"3.40.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030582005"},{"type":"electronic","value":"9783030582012"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58201-2_24","type":"book-chapter","created":{"date-parts":[[2020,9,13]],"date-time":"2020-09-13T23:02:29Z","timestamp":1600038149000},"page":"355-369","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["A Matter of Life and Death: Analyzing the Security of Healthcare Networks"],"prefix":"10.1007","author":[{"given":"Guillaume","family":"Dupont","sequence":"first","affiliation":[]},{"given":"Daniel Ricardo","family":"dos Santos","sequence":"additional","affiliation":[]},{"given":"Elisa","family":"Costante","sequence":"additional","affiliation":[]},{"given":"Jerry","family":"den Hartog","sequence":"additional","affiliation":[]},{"given":"Sandro","family":"Etalle","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,14]]},"reference":[{"key":"24_CR1","doi-asserted-by":"crossref","unstructured":"Alsubaei, F., Abuhussein, A., Shiva, S.: Security and privacy in the Internet of medical things: taxonomy and risk assessment. In: LCN (2017)","DOI":"10.1109\/LCN.Workshops.2017.72"},{"key":"24_CR2","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1109\/ACCESS.2016.2521727","volume":"4","author":"R Altawy","year":"2016","unstructured":"Altawy, R., Youssef, A.: Security tradeoffs in cyber physical systems: a case study survey on implantable medical devices. IEEE Access 4, 959\u2013979 (2016)","journal-title":"IEEE Access"},{"key":"24_CR3","unstructured":"Bland, M., Dameff, C., Tully, J.: Pestilential protocol: how unsecure HL-7 messages threaten patient lives (2018)"},{"key":"24_CR4","volume-title":"Hacking Exposed Industrial Control Systems","author":"C Bodungen","year":"2016","unstructured":"Bodungen, C., Singer, B., Shbeeb, A., Wilhoit, K., Hilt, S.: Hacking Exposed Industrial Control Systems. McGraw-Hill, New York City (2016)"},{"key":"24_CR5","unstructured":"Ciholas, P., Lennie, A., Sadigova, P., Such, J.: The security of smart buildings: a systematic literature review. arXiv e-prints (2019)"},{"key":"24_CR6","unstructured":"Duggal, A.: Understanding HL7 2.X standards, pen testing, and defending HL7 2.X messages. Black Hat US 2016 (2016). https:\/\/youtu.be\/MR7cH44fjrc"},{"key":"24_CR7","unstructured":"Fiebig, T., et al.: SoK: an analysis of protocol design: avoiding traps for implementation and deployment. arXiv e-prints (2016)"},{"key":"24_CR8","unstructured":"FireEye: Double dragon (2019). https:\/\/bit.ly\/38nj6bU"},{"key":"24_CR9","doi-asserted-by":"crossref","unstructured":"Foo Kune, D., Venkatasubramanian, K., Vasserman, E., Lee, I., Kim, Y.: Toward a safe integrated clinical environment: a communication security perspective. In: MedCOMM (2012)","DOI":"10.1145\/2342536.2342540"},{"key":"24_CR10","volume-title":"Attacking Network Protocols","author":"J Forshaw","year":"2017","unstructured":"Forshaw, J.: Attacking Network Protocols. No Starch Press, San Francisco (2017)"},{"issue":"5","key":"24_CR11","first-page":"3810","volume":"5","author":"A Gatouillat","year":"2018","unstructured":"Gatouillat, A., Badr, Y., Massot, B., Sejdic, E.: Internet of medical things: a review of recent contributions dealing with cyber-physical systems in medicine. IEEE IoT J. 5(5), 3810\u20133822 (2018)","journal-title":"IEEE IoT J."},{"key":"24_CR12","unstructured":"Hanna, S., Rolles, R., Molina-Markham, A., Poosankam, P., Fu, K., Song, D.: Take two software updates and see me in the morning: the case for software security evaluations of medical devices. In: HealthSec (2011)"},{"key":"24_CR13","unstructured":"Haselhorst, D.: HL7 data interfaces in medical environments: attacking and defending the achille\u2019s heel of healthcare. Technical report, SANS (2017)"},{"key":"24_CR14","unstructured":"HIMSS: 2019 HIMSS cybersecurity survey. Technical report (2019)"},{"key":"24_CR15","unstructured":"ISE: Securing hospitals: a research study and blueprint. Technical report (2016)"},{"key":"24_CR16","doi-asserted-by":"crossref","unstructured":"Jaigirdar, F., Rudolph, C., Bain, C.: Can I trust the data I see?: A physician\u2019s concern on medical data in IoT health architectures. In: ACSW (2019)","DOI":"10.1145\/3290688.3290731"},{"issue":"4","key":"24_CR17","first-page":"215","volume":"15","author":"R Koppel","year":"2015","unstructured":"Koppel, R., Smith, S.W., Blythe, J., Kothari, V.H.: Workarounds to computer access in healthcare organizations: you want my password or a dead patient? ITCH 15(4), 215\u2013220 (2015)","journal-title":"ITCH"},{"key":"24_CR18","doi-asserted-by":"crossref","unstructured":"Kramer, D., Baker, M., Ransford, B., Molina-Markham, A., Stewart, Q., Fu, K.: Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance. PLoS ONE 7(7) (2012)","DOI":"10.1371\/journal.pone.0040200"},{"issue":"3","key":"24_CR19","first-page":"3","volume":"10","author":"C Kumar","year":"2017","unstructured":"Kumar, C.: New dangers in the new world: cyber attacks in the healthcare industry. Intersect 10(3), 3\u20134 (2017)","journal-title":"Intersect"},{"issue":"1","key":"24_CR20","first-page":"75","volume":"100","author":"I Lee","year":"2011","unstructured":"Lee, I., et al.: Challenges and research directions in medical cyber-physical systems. Proc. IEEE 100(1), 75\u201390 (2011)","journal-title":"Proc. IEEE"},{"key":"24_CR21","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1016\/S1353-4858(16)30096-4","volume":"2016","author":"S Mansfield-Devine","year":"2016","unstructured":"Mansfield-Devine, S.: Ransomware: taking businesses hostage. Netw. Secur. 2016, 8\u201317 (2016)","journal-title":"Netw. Secur."},{"issue":"4","key":"24_CR22","first-page":"36","volume":"38","author":"A McAdams","year":"2004","unstructured":"McAdams, A.: Security and risk management: a fundamental business issue. Inf. Manag. 38(4), 36 (2004)","journal-title":"Inf. Manag."},{"key":"24_CR23","unstructured":"McKee, D.: 80 to 0 in under 5 seconds: falsifying a medical patient\u2019s vitals (2018). https:\/\/bit.ly\/2LJI8bB"},{"key":"24_CR24","volume-title":"Network Security Assessment","author":"C McNab","year":"2016","unstructured":"McNab, C.: Network Security Assessment. O\u2019Reilly Media, Newton (2016)"},{"key":"24_CR25","unstructured":"Mirsky, Y., Mahler, T., Shelef, I., Elovici, Y.: CT-GAN: malicious tampering of 3D medical imagery using deep learning. In: USENIX Security (2019)"},{"key":"24_CR26","unstructured":"MITRE: ATT&CK tactic: lateral movement (2019). https:\/\/bit.ly\/2qwuUaE"},{"key":"24_CR27","doi-asserted-by":"crossref","unstructured":"Mundt, T., Wickboldt, P.: Security in building automation systems - a first analysis. In: Cyber Security (2016)","DOI":"10.1109\/CyberSecPODS.2016.7502336"},{"key":"24_CR28","doi-asserted-by":"crossref","unstructured":"O\u2019Brien, G., Edwards, S., Littlefield, K., McNab, N., Wang, S., Zheng, K.: Securing wireless infusion pumps. In: Healthcare Delivery Organizations (2017)","DOI":"10.6028\/NIST.SP.1800-8"},{"key":"24_CR29","unstructured":"Philips: Data export interface programming guide (2015)"},{"key":"24_CR30","unstructured":"Regalado, D.: Inside the alaris infusion pump, not too much medicine, plz. DEF CON 25 IoT Village (2017). https:\/\/youtu.be\/w4sChnS4DrI"},{"key":"24_CR31","unstructured":"Rios, B.: Infusion pump teardown. S4x16 (2016). https:\/\/youtu.be\/pq9sCaoBVOw"},{"key":"24_CR32","unstructured":"Roberts, P.: Let\u2019s get cyberphysical: Internet attack shuts off the heat in Finland. https:\/\/bit.ly\/33XQgeK"},{"key":"24_CR33","doi-asserted-by":"crossref","unstructured":"Rushanan, M., Rubin, A., Kune, D., Swanson, C.: SoK: security and privacy in implantable medical devices and body area networks. In: IEEE S&P (2014)","DOI":"10.1109\/SP.2014.40"},{"key":"24_CR34","unstructured":"Seri, B., Vishnepolsky, G., Zusman, D.: Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS. Technical report, Armis (2019)"},{"key":"24_CR35","doi-asserted-by":"crossref","unstructured":"Sheefer, Y., Porticor, Holz, R., Munchen, T.U., Saint-Andre, P.: Summarizing known attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS) (2015)","DOI":"10.17487\/rfc7457"},{"key":"24_CR36","unstructured":"Symantec: New orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia (2019). https:\/\/symc.ly\/33Rpp3S"},{"key":"24_CR37","unstructured":"Symantec: Whitefly: Espionage group has Singapore in its sights. https:\/\/symc.ly\/2qoF3WG (2019)"},{"key":"24_CR38","doi-asserted-by":"crossref","unstructured":"Taylor, C., Venkatasubramanian, K., Shue, C.: Understanding the security of interoperable medical devices using attack graphs. In: HiCoNS (2014)","DOI":"10.1145\/2566468.2566482"},{"key":"24_CR39","unstructured":"US DoH CISA: ICS-CERT advisories (2019). https:\/\/bit.ly\/369pLnZ"},{"key":"24_CR40","doi-asserted-by":"crossref","unstructured":"Wood, D., Apthorpe, N., Feamster, N.: Cleartext data transmissions in consumer IoT medical devices. In: IoTS&P (2017)","DOI":"10.1145\/3139937.3139939"},{"key":"24_CR41","doi-asserted-by":"crossref","unstructured":"Xu, J., Venkatasubramanian, K., Sfyrla, V.: A methodology for systematic attack trees generation for interoperable medical devices. In: SysCon (2016)","DOI":"10.1109\/SYSCON.2016.7490632"},{"key":"24_CR42","doi-asserted-by":"crossref","unstructured":"Xu, Y., Tran, D., Tian, Y., Alemzadeh, H.: Poster: analysis of cyber-security vulnerabilities of interconnected medical devices. In: CHASE (2019)","DOI":"10.1109\/CHASE48038.2019.00017"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58201-2_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,14]],"date-time":"2024-09-14T00:08:38Z","timestamp":1726272518000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58201-2_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030582005","9783030582012"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58201-2_24","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"14 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"35","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2020.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"149","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.88","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5.14","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}