A multi-zone healthcare simulation environment for security testing, built on containerised services, segmented networks, and orchestration logic adapted from the ICS Access SimLab.
This lab models a modern healthcare environment where clinical systems, administrative IT, and medical devices interact across trust boundaries. It is designed for realistic security exercises, failure analysis, and compliance-aware system behaviour testing.
This is not a demo environment.
It is a controlled simulation of:
- clinical systems (EMR, PACS, order entry)
- administrative systems (billing, identity, email)
- medical devices (patient monitors, infusion systems)
- external exposure (patient portals, vendor access)
All connected through segmented networks with explicit trust boundaries.
Security is the starting point.
System behaviour, failure modes, and attack paths are modelled first. Compliance frameworks such as HIPAA, ISO 27001, and NIS2 are applied against that behaviour, not the other way around.
The lab will be structured into zones:
- internet: public-facing systems and attacker entry points
- enterprise: administrative IT systems
- clinical: core healthcare systems handling patient data
- medical-devices: bedside and operational medical equipment
- implantable: low-power and constrained medical devices
- dmz: third-party and vendor access
Each zone will be isolated and connected through controlled gateways.
- system behaviour driven, not compliance checklist driven
- realistic protocols: HL7, FHIR, DICOM
- explicit modelling of patient safety impact
- support for adversarial scenarios, not just monitoring
- EMR data exfiltration
- ransomware on imaging systems
- manipulation of clinical data flows
- lateral movement from IT to medical devices
- failure analysis under degraded conditions
- Docker
- Python 3.x
- 8 GB RAM minimum, 16 GB recommended