Related papers: Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices

Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices

URL: http://arxiv.org/abs/2601.12593v1
Date: Sun, 18 Jan 2026 21:32:52 GMT
Title: Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices
Authors: Isabel Straw, Akhil Polamarasetty, Mustafa Jaafar,
Abstract summary: We develop hazard-integrated threat models that fuse Cyber physical system security modeling with tech-abuse frameworks.<n>We conduct an immersive simulation with practitioners, deploying a live version of our model, identifying gaps in digital forensic practice.<n>Our findings show that MedTech cybersecurity in IPV contexts requires integrated threat modeling and improved forensic capabilities.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Individuals experiencing interpersonal violence (IPV), who depend on medical devices, represent a uniquely vulnerable population as healthcare technologies become increasingly connected. Despite rapid growth in MedTech innovation and "health-at-home" ecosystems, the intersection of MedTech cybersecurity and technology-facilitated abuse remains critically under-examined. IPV survivors who rely on therapeutic devices encounter a qualitatively different threat environment from the external, technically sophisticated adversaries typically modeled in MedTech cybersecurity research. We address this gap through two complementary methods: (1) the development of hazard-integrated threat models that fuse Cyber physical system security modeling with tech-abuse frameworks, and (2) an immersive simulation with practitioners, deploying a live version of our model, identifying gaps in digital forensic practice. Our hazard-integrated CIA threat models map exploits to acute and chronic biological effects, uncovering (i) Integrity attack pathways that facilitate "Medical gaslighting" and "Munchausen-by-IoMT", (ii) Availability attacks that create life-critical and sub-acute harms (glycaemic emergencies, blindness, mood destabilization), and (iii) Confidentiality threats arising from MedTech advertisements (geolocation tracking from BLE broadcasts). Our simulation demonstrates that these attack surfaces are unlikely to be detected in practice: participants overlooked MedTech, misclassified reproductive and assistive technologies, and lacked awareness of BLE broadcast artifacts. Our findings show that MedTech cybersecurity in IPV contexts requires integrated threat modeling and improved forensic capabilities for detecting, preserving and interpreting harms arising from compromised patient-technology ecosystems.

Related papers

Data Poisoning Vulnerabilities Across Healthcare AI Architectures: A Security Threat Analysis [39.89241412792336]
We analyzed eight attack scenarios in four categories: architectural attacks on convolutional neural networks, large language models, and reinforcement learning agents.<n>Our findings indicate that attackers with access to only 100-500 samples can compromise healthcare AI regardless of dataset size.<n>We recommend multilayer defenses including required adversarial testing, ensemble-based detection, privacy-preserving security mechanisms, and international coordination on AI security standards.
arXiv Detail & Related papers (2025-11-14T07:16:16Z)
ANNIE: Be Careful of Your Robots [48.89876809734855]
We present the first systematic study of adversarial safety attacks on embodied AI systems.<n>We show attack success rates exceeding 50% across all safety categories.<n>Results expose a previously underexplored but highly consequential attack surface in embodied AI systems.
arXiv Detail & Related papers (2025-09-03T15:00:28Z)
Securing the Internet of Medical Things (IoMT): Real-World Attack Taxonomy and Practical Security Measures [3.99381596255401]
The Internet of Medical Things (IoMT) has the potential to radically improve healthcare by enabling real-time monitoring, remote diagnostics, and AI-driven decision making.<n>However, the connectivity, embedded intelligence, and inclusion of a wide variety of novel sensors expose medical devices to severe cybersecurity threats.<n>We provide a taxonomy of potential attacks targeting IoMT, presenting attack surfaces, vulnerabilities, and mitigation strategies across all layers of the IoMT architecture.
arXiv Detail & Related papers (2025-07-25T18:24:45Z)
Systems-Theoretic and Data-Driven Security Analysis in ML-enabled Medical Devices [6.197430230611422]
We analyze publicly available data on device recalls and adverse events, and known vulnerabilities, to understand the threat landscape of AI/ML-enabled medical devices.<n>Our work aims to empower manufacturers to embed cybersecurity as a core design principle in AI/ML-enabled medical devices.
arXiv Detail & Related papers (2025-06-18T00:05:48Z)
Explainable AI for Securing Healthcare in IoT-Integrated 6G Wireless Networks [1.9950682531209158]
We show how explainable AI techniques like SHAP, LIME, and DiCE can uncover vulnerabilities, strengthen defenses, and improve trust and transparency in 6G enabled healthcare.
arXiv Detail & Related papers (2025-05-20T17:46:09Z)
Countering Autonomous Cyber Threats [40.00865970939829]
Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
arXiv Detail & Related papers (2024-10-23T22:46:44Z)
SoK: Security and Privacy Risks of Healthcare AI [15.655956766190256]
The integration of artificial intelligence (AI) and machine learning (ML) into healthcare systems holds great promise for enhancing patient care.<n>However, it also exposes sensitive data and system integrity to potential cyberattacks.<n>Current security and privacy (S&P) research on healthcare AI is highly unbalanced in terms of healthcare deployment scenarios and threat models.
arXiv Detail & Related papers (2024-09-11T16:59:58Z)
MITS-GAN: Safeguarding Medical Imaging from Tampering with Generative Adversarial Networks [48.686454485328895]
This study introduces MITS-GAN, a novel approach to prevent tampering in medical images. The approach disrupts the output of the attacker's CT-GAN architecture by introducing finely tuned perturbations that are imperceptible to the human eye. Experimental results on a CT scan demonstrate MITS-GAN's superior performance.
arXiv Detail & Related papers (2024-01-17T22:30:41Z)
Pervasive Communications Technologies For Managing Pandemics [3.908842679355255]
This paper is about using smart technologies such as Mobile Edge Clouds (MEC), Internet of Things (IoT), and Artificial Intelligence (AI) as an approach to effectively manage pandemics. MECs provide cloud services on the edge, integrating IoT infrastructure and execution of sophisticated AI algorithms in the Cloud. Low-cost Single Board Computers (SBC) based clusters are integrated within MEC to support remote medical teams in the field.
arXiv Detail & Related papers (2020-06-18T18:46:33Z)
COVI White Paper [67.04578448931741]
Contact tracing is an essential tool to change the course of the Covid-19 pandemic. We present an overview of the rationale, design, ethical considerations and privacy strategy of COVI,' a Covid-19 public peer-to-peer contact tracing and risk awareness mobile application developed in Canada.
arXiv Detail & Related papers (2020-05-18T07:40:49Z)
Digital Ariadne: Citizen Empowerment for Epidemic Control [55.41644538483948]
The COVID-19 crisis represents the most dangerous threat to public health since the H1N1 pandemic of 1918. Technology-assisted location and contact tracing, if broadly adopted, may help limit the spread of infectious diseases. We present a tool, called 'diAry' or 'digital Ariadne', based on voluntary location and Bluetooth tracking on personal devices.
arXiv Detail & Related papers (2020-04-16T15:53:42Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.