SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems

Carmel Eliash, Isaac Lazar, Nir Nissim

Research output: Contribution to journalArticlepeer-review


An intensive care unit (ICU) is dedicated to caring for patients whose medical condition places them at high risk of mortality or serious morbidity. ICU medical devices (ICUMDs) are used to closely monitor, stabilize, and treat ICU patients who are often unconscious and rely almost solely on ICUMDs. ICUMDs have become more autonomous, with a range of components, connectivity to external devices, and functionalities, opening the door to cyber-attacks. We present a taxonomy based on the functionality of 19 widely used ICUMDs, providing an explanation of each device's medical role, properties, interactions, and how they impact each other's security. We provide an extensive survey of 16 possible attacks aimed at ICUMDs and assess each device's vulnerability. We also create an ecosystem graph describing the roles and interactions of the players of each ICU sub-department. For each device type we produce a unique attack flow diagram that presents the most vulnerable vectors and components within the ecosystem. Finally, we survey relevant security mechanisms and map their coverage for the attacks, identifying existing gaps. We show that current security mechanisms generally fail to provide protection, covering just 12.5-56.3% of the attacks against ICUMDs, leaving the devices and the patients vulnerable.

Original languageAmerican English
Article number9051823
Pages (from-to)64193-64224
Number of pages32
JournalIEEE Access
StatePublished - 1 Jan 2020


  • ICU
  • cyber-attack
  • detection
  • malware
  • medical device
  • privacy
  • security

All Science Journal Classification (ASJC) codes

  • General Engineering
  • General Computer Science
  • General Materials Science


Dive into the research topics of 'SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems'. Together they form a unique fingerprint.

Cite this