Babatunde Owolabi explains Cyber-Physical Security in Smart Healthcare

By Tosin Clegg

The advent of smart healthcare, with its interconnected medical devices and real-time data exchange, has undeniably revolutionised patient care.
However, this digital transformation comes with a significant caveat: an escalating threat from cyberattacks. Babatunde Owolabi, a leading authority in cybersecurity and e-health project management, is at the forefront of addressing these vulnerabilities, as evidenced by his pivotal research, “Cyber-Physical Security in Smart Healthcare: Protecting IoT-Enabled Medical Devices from Spyware, Ransomware, and Network-Based Exploits”.

Babatunde, with over a decade of experience leading global health programmes and cybersecurity projects, highlights the critical urgency of this issue.
“The integration of Cyber-Physical Systems (CPS) has brought immense benefits, but also opened new avenues for malicious actors,” he states.

“Our medical devices, from pacemakers to infusion pumps, are now potential targets, jeopardising patient safety and data integrity.” His expertise in safeguarding health information systems makes him a vital voice in this domain.

In his paper presentation during the July 2024 Nigeria Young Researchers’ Forum meeting in Abuja, he meticulously outlines the multifaceted threats posed by spyware, ransomware, and network-based exploits in healthcare settings.

Spyware, for instance, can infiltrate hospital networks to exfiltrate sensitive patient records, leading to severe privacy violations. Ransomware attacks, increasingly common, disrupt critical clinical operations by encrypting files and demanding ransom, causing dangerous delays in emergency care.

Network-based exploits leverage system vulnerabilities to gain unauthorised access, directly compromising the reliability of life-critical medical devices.

“The thought of a cybercriminal manipulating a patient’s vital medical device is terrifying, but it’s a very real threat we must confront,” Babatunde warns, underscoring the high stakes involved in securing these systems.

Babatunde’s research champions the strategic deployment of predictive analytics and AI-driven cybersecurity frameworks as a robust defence mechanism.
This forward-thinking approach moves beyond reactive security measures, aiming to anticipate and neutralise threats before they can cause harm. His background includes significant experience in data-driven decision-making, which is crucial for such advanced analytics.

A key component of this strategy involves behavioural analytics and anomaly detection. By establishing a baseline of normal user and device activities, these systems can identify deviations that signal potential malicious intent, enabling proactive defence.
This allows healthcare institutions to spot unusual login attempts, abnormal data transfers, or unexpected device behaviour in real-time.

Machine learning models further enhance threat detection by analysing vast historical data to recognise attack patterns.
This continuous learning process allows systems to adapt to the evolving sophistication of cyber threats, making them more resilient against new forms of attack.

“AI is not a silver bullet, but it’s an indispensable tool in our arsenal against cyber adversaries,” says Babatunde, acknowledging both the promise and the complexities.
However, the research also candidly addresses the challenges inherent in AI adoption, such as false positives and alert fatigue among cybersecurity teams.
“We need to fine-tune these systems to be effective without overwhelming our human defenders,” Babatunde notes, highlighting the importance of balancing automation with human oversight to avoid desensitisation to genuine threats.

To mitigate these challenges, Babatunde advocates for a multi-layered security approach. This includes robust encryption techniques, continuous monitoring, and strict regulatory compliance. Encryption, using methods like AES-256, is paramount for safeguarding sensitive medical data both in transit and at rest.

Network segmentation, a practice that isolates medical devices from broader hospital IT systems, is identified as a critical best

practice. This minimises the attack surface and contains the impact of any potential breach, preventing a single compromised device from becoming a gateway to the entire network.

The study further highlights the importance of incident response planning. A well-structured plan ensures that, in the event of a successful attack, healthcare institutions can effectively mitigate the impact, restore operations swiftly, and minimise disruption to patient care. This preparedness is as crucial as preventative measures.
“Securing smart healthcare isn’t just about technology; it’s about governance, policy, and a culture of cybersecurity awareness,” Babatunde asserts. His work at the Grant Management Unit of the Lagos State Ministry of Health has provided him with direct experience in implementing digital transformation strategies and managing programmes that integrate technology into healthcare delivery, giving him a unique perspective on the operational realities of healthcare security.
His research underscores the critical importance of predictive analytics, risk assessment models, and ethical AI applications in strengthening cyber-physical security.

He noted that by embracing these advanced measures, healthcare institutions can fortify their IoT-enabled medical devices against evolving cyber threats, ensuring the resilience and trustworthiness of smart healthcare ecosystems.