Advancing Digital Forensics and Incident Response Strategies Against Emerging Healthcare Cyber Threats

The rapid proliferation of the Internet of Medical Things (IoMT) has brought significant advancements in patient care but also introduced new cyber-related challenges. This paper focuses on cyber-related attacks on medical devices to review the Digital Forensics and Incident Response (DFIR) capabilities in the UK healthcare industry. Case studies from the United Kingdom (UK), Ireland and the United States of America (USA) have been used to highlight vulnerabilities in medical devices and healthcare IT systems, ranging from data integrity issues to large scale ransomware attacks. These attacks show the lack of sufficient information regarding the DFIR capabilities within the National Healthcare Service (NHS) in the UK, which should be assessed and continuously monitored to ensure an effective response in the event of a cyber-attack. The paper highlights the limitations of cybersecurity considerations within the healthcare industry, as well as reviewing a range of medical cyber-attacks, examining existing policies and frameworks, and discussing future DFIR capabilities in healthcare. This paper’s key findings reveal gaps in current DFIR processes, including inadequate incident response plans, delayed detection of intrusions, and insufficient staff training on cybersecurity best practices. As the healthcare industry continues its digital transformation, the development and implementation of sophisticated DFIR capabilities must keep pace. A better understanding of cybersecurity challenges in healthcare and enhancing DFIR strategies will lead to improved protection of patient data and ensure the integrity
of medical devices and services.