IT Infrastructure and Security in Healthcare Industry

Abhishek Kumar

Surabhi Agarwal

Sweta Korde

Vibhor Pandey

IDS 520 Enterprise Information Infrastructure

Planning and Security Final Project Report

By

1

CONTENTS

INTRODUCTION .............................................................................................................. 3

HEATHCARE INDUSTRY OVERVIEW ..................................................................... 3

CURRENT BUSINESS PROBLEMS ............................................................................ 3

GOALS AND OBJECTIVES ......................................................................................... 4

METHODOLOGY ............................................................................................................. 4

SUMMARY OF STEPS ................................................................................................. 4

ASSUMPTIONS ............................................................................................................ 4

FINDINGS ......................................................................................................................... 5

REQUIREMENT GATHERING ................................................................................... 5

FLOW ANALYSIS ........................................................................................................ 6

NETWORK ARCHITECTURE ..................................................................................... 8

CORE LAYER ........................................................................................................... 8

DISTRIBUTION LAYER .......................................................................................... 8

ACCESS LAYER ....................................................................................................... 9

ADVANTAGES OF HIERARCHICAL DESIGN ..................................................... 9

NETWORK MANAGEMENT....................................................................................... 9

UNDER FAULT MANAGEMENT: HOST INTRUSION DETECTION SYSTEM 9

UNDER CONFIGURATION MANAGEMENT-PROVISIONING: IDENTITY

SERVICE ENGINE .................................................................................................... 9

UNDER PERFORMANCE MANAGEMENT: APPLICATION MANAGER ......... 9

PERFORMANCE ARCHITECTURE ......................................................................... 10

ACHIEVING SIX SIGMA AVAILIBITY ............................................................... 10

QoS ........................................................................................................................... 10

MEDICAL GRADE NETWORK APPLICATIONS ............................................... 11

THREAT ANALYSIS .................................................................................................. 12

SECURITY MODEL ................................................................................................... 12

2

SECURITY METRICS ................................................................................................ 16

RISK ANALYSIS ........................................................................................................ 17

Cost Benefit Analysis ............................................................................................... 18

PROTECTION MECHANISM .................................................................................... 18

ENDPOINT SECURITY .......................................................................................... 18

NETWORK SECURITY .......................................................................................... 18

CONTENT SECURITY ........................................................................................... 19

SYSTEM NETWORK AND EVENT MANAGEMENT ........................................ 19

RECOMMENDATIONS .................................................................................................. 19

REFERENCES ................................................................................................................. 21

3

INTRODUCTION

HEATHCARE INDUSTRY OVERVIEW

The healthcare industry is undergoing an intense transformation as there is a shift from

traditional procedures towards automated and sophisticated systems. The outdated non IT

practices which exists in most of the healthcare firms aren’t efficient to handle the high

amount of data processing and storage needs. Also, data sharing across multiple locations

and ease of access of information is also a growing problem. The various medical

equipment that are present on the premises produce large amounts of data in the form of

patient records. This data needs efficient handling and timely processing. The medical

devices need to be integrated with the software systems so that they can be controlled

remotely, which exposes these equipment and software to an array of threats. Most of the

internet facing portals can be accessed remotely by doctors, patients and the management

which calls for stricter protocols to ensure data security.

CURRENT BUSINESS PROBLEMS

Current issues faced by the healthcare industry in terms of IT infrastructure

• Physical records maintained on paper

• EMRs work in a silo without end to end integration

• Integration between medical devices doesn’t exist

• Non-existence of a nurse portal; verbal instructions provided to the medical staff

• Integration of patient data in the patient portal

• Data flow and timely availability between different facilities

• Instant messaging and pager services for emergency alerts to the staff

• Data backup for emergency

• Infrastructure backup to handle emergency situations

• Video conferencing capabilities between the physicians and patients or between

the physicians

• Integration of data flowing from external vendors needs to be done

• Electronic integration of the ancillary and drugstore services

• Old non efficient infrastructure

• Security of confidential patient information and hospital data

4

GOALS AND OBJECTIVES

Our team has decided to address the various challenges faced by the healthcare industry

and provide a robust IT infrastructure and security solution. We will look into the

existing architecture in the healthcare firms which does not have a complete integration

and end to end data availability.

METHODOLOGY

SUMMARY OF STEPS

The following steps were followed in this project:

1. Business problem analysis

2. Requirement Gathering

3. Flow Analysis

4. Network Architecture

5. Network Management

6. Performance Architecture

7. Threat Analysis

8. Security Model

9. Security Metrics

10. Risk Analysis

11. Protection Mechanism

ASSUMPTIONS

Since we are looking at healthcare industry as a sector, certain data points were such as

the number of cyber-attacks that this industry faces on yearly basis were not available.

Also, unlike businesses Healthcare sector is not mandated by law to disclose all their

dealings. Thus, assumptions were made were necessary.

5

FINDINGS

REQUIREMENT GATHERING

Applications

Objective

s

Related

Metric

Target

Value

Critical

Resources

Affecting

Factors

Modifyin

g Factors

Expected

Benefits

Security of

EMR(EHR)

Security

of health

records

HIPAA

and the

HITECH

compliant

HIPAA and

the HITECH

compliant

Access

Controller

Govt.

regulatio

ns

Govt.

regulatio

ns

H

CT Scan,

Pagers, X ray

all the traffic

needs to

routed

Channel

Capacity

Peak data

rate

(PDR),sus

tained

data rate

(SDR),

minimum

data rate

(MDR)

10GB LAN

link, 100GB

WAN link.

Limited

Storage

Capacity of

4Tera bytes

of data

(4000GB

Wireless

communic

ation

between

devices

Tradition

al

method

of using

paper in

reports

HIT act

mandates

electronic

records

M

Electronic

records should

be

created/stored

/transferred

accurately to

depict true

health state

Accurate

results

Error &

Loss

Rates –

BER/CLR/

CMR/

Frame &

Packet

Loss

1-2.5% as

acceptable

packet loss

TCP

protocol

should be

used

UDP

protocols

do not

provide

recovery

of lost

packet

TCP if lost

is re-send H

Pharmacy

system/ Labs /

Medical

Equipment

need to

communicate

Synchroni

ze with

other

device

# of

devices /

type of

output,

input file

File

conversion

in expected

formats

Connector

s LDAP

Legacy

systems

Medical

equipme

nt

Integrato

rs

available

M

Medical

emergency has

no fixed time

24x7

Operation

s

Availabilit

y (%

uptime/d

owntime)

Availability-

99.999%

Back up

servers/

power to

ensure

availability

Single

point

failure

Distribute

d

networki

ng

M

6

at time of

failure

Loss of medical

records is

common

Back-up

of data Storage

Storage 1

TB

Scheduled

Jobs for

back up

Maintena

nce of

record

Patient

history

needs to

recorded

H

Regular

Patient

monitoring

helps in early

diagnosis

Faster

analysis

of data

Query

Time <5 sec DB Server

Server

Computin

g Speed

Patient

history

needs to

analyzed

M

FLOW ANALYSIS

Network Flow analysis helps the network administrators to get an insight to the network

as well prioritize the parts of network on the basis of its requirements and availability.

Flow analysis starts with the mapping of all the device in that particular network and

assigning a level of priority to those components. It gives an idea of the traffic rate and

the volume in the particular network which helps to set per-application policy controls as

well as the quality of service. For example: network services to web based application for

the customer can be restricted to a particular level giving a priority to the level of

bandwidth assigned to the life support system applications. Flow analysis also provides

us the added information about the response time of the applications, optimization of

flow. It helps in the selection of optimal path using the network and business

requirements. Flow Characteristics can be broadly classified as specified in the below

table.

Flow

Characteristic

s

Features In Reference to

Healthcare IT

Performance

Requirements

Capacity (bandwidth) Capacity of the

Infrastructure used

according the

healthcare budget.

7

Delay Latency created in

different

applications. With

life support system to

have the minimum

and the customer

applications to be

allowed to have the

maximum.

Reliability Maximum for the life

support applications.

Quality of service Levels Highest for the life

support and network

used by the medical

applications.

Importance

and priority

Levels

Business/Enterprise/provid

er

Depends on the type

of healthcare

industry

(large/Medium/Small

)

Social On less priority level.

Others

Directionality of the

network.

Scheduling of network.

Protocols used.

Security requirements.

Bidirectional or

Unidirectional.

Health IT infrastructure consists of uni-directional as well bi-directional directional

network. Unidirectional networks are the one ones used for the reporting of the patient`s

status in the system. Unidirectional networks are very few in use in the healthcare

network. Bidirectional network with a large bandwidth are most common in use for the

networks large level healthcare organizations. Some of the applications are provided the

highest priority hence provided bi-directional guaranteed type of flow. Flow analysis is

done the basis of Capacity, Delay and reliability of the network. Application in the

healthcare IT is evaluated on the following parameters:

Capacity: It is maximum for the applications used for life support system and

other medical equipment like CT Scan MRI etc. with best network capacity

available in the market. It could be as high as 1.2 GB/s for important

applications to 500kb/s for the application related to customer support.

8

Delay: minimum delay for the application and network involved in life support

system and other medical equipment. Though minimum delay of around 100 ms

is accepted in the applications like VOIP messaging, other communications.

Reliability: maximum for the medical equipment and the life support system of

around 99.9999%. We try to achieve 6 sigma availability. While for other

application some downtime is accepted.

NETWORK ARCHITECTURE

The proposed architecture is a hierarchical model.

The interconnection of layers described above can occur in a variety of ways using

combination of layer 2 and layer 3 technologies.

Biomedical devices, clinical applications and associated security requirements influence

the layer 2 and layer 3 designs.

CORE LAYER

Serves as the backbone of the network

A minimalist design configuration is adopted for core layer to reduce

complexity.

For high availability in Hierarchical networks , blocks are interconnected

DISTRIBUTION LAYER

• Serves as services and control boundary between access and core layers.

• Acts as logical isolation point in the event of failure in access layer.

• Load balancing, QoS, ease of provisioning are key considerations in this layer.

9

ACCESS LAYER

• First point of entry into the network for edge services such as medical devices, portable

computers, end stations etc.

• Provides demarcation between computing devices and network infrastructure.

• It provides QoS, security and policy trust boundary and is a key element in enabling

multiple services.

ADVANTAGES OF HIERARCHICAL DESIGN

In a hierarchical design, the capacity, features and functionality of specific device are

optimized for its position in the network and the role it plays.

A Hierarchical design avoids the need for a fully meshed network in which all nodes

are interconnected.

The functions are distributed at each layer.

The building blocks of modular networks are easy to replicate. There is no need to

redesign the whole network each time a module is added or removed.

Distinct building blocks can be put in-service and taken out-of-service without

impacting the rest of the network.

The Hierarchical design capability enhances troubleshooting, problem isolation and

network management.

Mission critical applications such as EMR and patient vital signs monitoring systems

take advantage of these designs.

NETWORK MANAGEMENT

To ensure the service level and optimization of available resources network management

has been incorporated in network architecture.

UNDER FAULT MANAGEMENT: HOST INTRUSION DETECTION SYSTEM

This helps in notifying when a breach occurs. This should place alongside all the

firewalls. The trigger alarm should be set at a threshold level that is accordance with a

threat.

UNDER CONFIGURATION MANAGEMENT-PROVISIONING: IDENTITY

SERVICE ENGINE

This helps in provisioning with defining access levels to users/devices reasoning

interconnections logically and policy wise. The medical devices should be identified and

provisioned accordingly.

UNDER PERFORMANCE MANAGEMENT: APPLICATION MANAGER

This helps in dynamic load sharing and provides end to end encryption. The load

balancing helps in keeping the network utilized well and ensuring service level targets.

10

PERFORMANCE ARCHITECTURE

For achieving high availability of 99.999 percent and above, there needs to be hardware

redundancy the network, and diagnostics that are capable of recognizing a fault condition

and failing over to a secondary or load-sharing device. The overall goal is to provide a

highly available end-to-end MGN that includes clinical systems and biomedical devices.

In many cases, however, the clinical systems (EHR, EMR, practice management, lab,

pharmacy, radiology, and so on) are not architected to provide 99.999 percent availability.

Clinical applications increasingly are consuming more data centre storage resources plus

network resources. In addition, today’s broadly distributed imaging services can be multi-

vendor, resulting in Imaging centres spread in multiple disparate locations, making it

challenging for the network architect to design a network that meets the expectations of the

client. PACS which is, Picture Archiving and Communication system, images are not

distorted by packet loss or delay. These properties only affect the rendering time. Since

PACS vendors have service-level agreements (SLAs) for this purpose, it is necessary to

understand the impact and extent of this on the workflow. Patient care can be impacted by

severe network congestion which can delay an image by 1 minute in reaching radiologist

or a surgeon who is preparing to perform emergency surgery.

ACHIEVING SIX SIGMA AVAILIBITY

Meticulously planned networks which have well thought out implementation process and

procedures and time tested tools for actively managing the network lead to achieving six

sigma availability. For a “six-sigma” service, it can be out for only 31.53 seconds every

year. Such high level of availability at network layer can indeed be achieved within data

centres that host EMR/EHR systems. Many times, the applications designed to support

clinical staff are not designed for this high level of availability and lead to downtimes. Most

of these outages occur because of software upgrades or patches being installed, or

sometimes involve failure in upstream systems like external testing labs. The outage or

unavailability occur within the organization because of the software updates or the patches

being applied. In order to increase the availability up to six sigma, we use IN Service

Software Upgrade. It provides a feature of software upgrade while system continues to

forward the data packet. It eliminates the downtime and hence increasing the total

availability of the system. Here two routes are maintained one active and the other one at

standby. In the event one becomes inactive traffic flows through the other as traffic is

synchronously relayed to both routes.

QOS

Quality of service (QoS) is measures transmission quality and service availability of a

network. Traffic on IP networks compete for valuable resources like transmission

bandwidth and equipment processing time which are very scarce. This leads to packet loss,

11

packet delay, and jitter (defined as variance of packet delay).These have a very negative

effect on applications. It can lead to interruptions or stoppages of real time services like

video call or voice call and may also slow down applications. As healthcare networks are

increasingly getting more and more congested, failure of network is becoming a very

distinct possibility. Routers and switches must be placed in a well thought out manner so

that consistent application experience can be obtained in varying traffic conditions.

Healthcare network traffic is a mixture of high priority and low priority traffic which

includes applications, medical devices traffic, imaging data, voice and video traffic, guest

services, emails and so on.

QOS model for Medical grade Networks:

Network performance issue arises form bottlenecks in the networks either caused by low

bandwidth links or underpowered devices which QOS an important factor to consider.

Data and clinical application is critical in creating an effective QOS.

We recommend a Platinum Service SLA for the Healthcare industry as high RMA values

are needed for proper functioning.

Application Reliability Capacity Delay Loss in

Revenue

Clinical

Applications

99.999 Guaranteed <5sec High

Imaging services 99.999 Guaranteed <5sec High -

Medium

Communication

equipment

99.99 Best Effort <5sec Medium -

Low

Monitoring

Equipment

99.999 Guaranteed <5 sec High

MEDICAL GRADE NETWORK APPLICATIONS

Monitoring Equipment feed continuous streams of data to central nurse’s station. These

data feed are relatively low band width with a constant bit-rate for reducing jitter. Delay or

interruption in data feed to the nurses’ station may not directly impact patient safety but

12

they do lead to loss in reaction time in detecting of physiological conditions. This kind of

traffic would be classified as high priority and would require a high queuing policy.

We recommend a Platinum Service SLA for the Healthcare industry as high RMA values

are needed for proper functioning.

Strategy Performance Requirement Measurement

Sensitive information

must be protected Continuous monitoring of the

systems for any factors causing

downtime

Timely reporting of incident

and follow up

Intrusion scan

reports

Security

assessment reports

RMA of mission

critical applications The entire system downtime

must be minimal

The entire system must be

reliable throughout

Defined

requirement of

99.999%

availability

Capacity metric

tracking

THREAT ANALYSIS

The following table represents the threat analysis for the Healthcare Industry.

Effect: A – Destructive B- Disabling C- Disruptive D- No impact

Likelihood: A- Certain B- Likely C- Unlikely D – Impossible

SECURITY MODEL

IT implementation in Health Care industry has begun to transform the Healthcare sector

completely with modern technology advancements made to change the sector all

together. Electronic Medical records and record exchanges have improved to become

more secured and reliable. Medical Institution have become more accountable for the

patient data and records.IT infrastructure models in Healthcare also consists of remote

Effect/Likelihood Hardware Servers Network Devices Software Data Medical Equipment EHR/EMR

Hacked Medical Equipment A/A B/B A/B B/B A/A A/A B/B

Hacked Network attached devices B/B B/B A/A B/C B/B B/A C/C

Hacked internet facing personal health data B/B A/B B/C A/B A/B B/B A/B

Hacked surveilliance cameras/security equipment A/A B/C B/B B/B B/B C/D C/C

Theft or Loss of data A/B A/B B/C A/B A/A B/C A/B

Unathorized Access B/B B/B B/B A/B A/B C/C A/A

Viruses, Worms, Macros, Denial of service B/B B/B B/C A/B A/B C/C B/A

Equipment Failure A/B B/C A/B B/B B/C A/B C/C

Service issues from Service providers C/A A/B A/B B/C B/C B/C B/C

Insider misuse C/A B/C A/B B/B B/C B/B B/B

Patient Records Breach B/A A/B B/B B/B A/B B/B A/A

13

patient monitoring, remote medicine consulting or telemedicine, hence requiring high

network availability as well as security. Access through mobile devices to the secured

medical records of the patients and the other business application increase the severity of

the requirement of a secured model.

Security Issues faced in Healthcare IT infra-structure can be broadly classified as:

Ownership of information: Sense of ownership is required towards the patient`s

medical information to prevent any unauthorized access to the data related to the

patients. The team, organization or the person who created the patient data is

responsible to maintain and secure the data. Data related personals can be

divided into three categories: Creator, Author and Manager. The personal

responsible to generate the data is referred as the creator of the data. In case

EMR Laboratory staffs can be considered as the creators. Author of data can be

referred to as the clinician. Manager to the EMR is the patient self. Sometimes

there could be some third party involved at this particular level. Protection of

ownership could be performed using encryption or watermarking techniques.

Authentication of data: Authentication of data is required to assert that particular

data set is true and error free. Endpoint Authentication is observed in most of the

network architecture. It prevents any form of man in the middle attack. Several

protocols are used to have secured web browsing, mails and faxing, VOIP.

Non- repudiation: It acts as the electronic signature to validate the transaction. It

prevents any denial between parties after the completing of any particular

transaction.

Authorization and Confidentiality of data: Patient can allow or deny the sharing

and usage of data for any purpose other than his diagnosis. So the attributes to

access the data is maintained properly. Confidentiality of data is defined by ISO-

17799 ensuring the access only to those who are authorized to access the data.

Availability of data: For EHR to work at the optimum must have high

availability. So all the systems associated to maintenance and the usage of EHR

should be available 24*7 preventing any sort of service disruption. Security and

Privacy protection and HIPPA compliance help us to attain the requirement.

14

Electronic health record security Model:

In a particular scenario of a patient entering into the hospital with a diagnosed disease

needs to be attended by the doctor from the hospital as well as experts from other

hospitals. This case requires the access of EHR by several parties. It includes her data to

be accessed by regular doctors, specialist from the hospital as well as from other hospitals

of the region. It may also need to be accesses by the family doctor of the patient who lies

completely out of the chain. So the access list to the document needs to be managed and

altered several times by the patient or with the patient`s consent. Now the security model

consist of three components:

Electronic Health Record Secured collection and integration: With HIPPA

compliance data is to be shared among the health care providers and the CDO`s.

It also includes the combination and updating of EHR with maintenance of

proper digital signature.

Electronic health Record Storage and access management: Secured storage

servers are to be maintained along with proper access database. Cryptography

can also be used for access control.

Electronic Secure Usage Model: It consists of proper signature maintenance and

verification.

With Increase in the number of cases of security breach or the theft of patient data,

healthcare organization need to adopt security compliance at the earliest. Security

standards such as HIPPA, NIST, and PCI should be adopted and implemented. HIPPA

has established privacy requirements for electronic health records. HIPPA is enacted to

insure the private and confidential data from loss and makes it available in a secured

manner.

15

HIPPA Security Rule is divided into 6 parts. It uses these particular standards to describe

the security standards:

General Rules

Administrative Safeguard

Physical Safeguard

Technical Safeguard

Organizational Safeguard

Policies, Procedures and documentation safeguards.

In order to have a secured IT infrastructure model, Security should be considered as an

integral part of system design. It can be both difficult as well as costly to implement

security measures after the system has been developed, it should be integrated fully

during the system life cycle process. Information should be protected at all three phases:

being processed, transit and in storage. Potential trade-offs should be identified between

reducing risks and increasing the costs. Security model should always have the upgrade

and patch installation option available. Publically accessed system should be kept

separate from the mission critical systems to enhance the network security. Access should

be limited to be provided, no more authorization than necessary to perform required

functions. Proper security in the shutdown and disposal of the system should be

maintained. Disposal of data should be in a secured manner. Security modeling inn over

all is a combination of measures distributed physically and logically.

16

SECURITY METRICS

Infrastructure Security metrics is application of statistical and quantitative approaches of

mathematical analysis to the process of measuring the activities and outcomes of the

program. Measure gives an aggregate, higher-level results as well as the return of

investment for the infrastructure model. Security metrics should must be able to

demonstrate it value to the organization. CMMI (Capability, Maturity model Integrated)

can be used to measure the performance and the process improvement.

Before creating the Infrastructure metrics, info security measures are required. Time

Estimate is to be found out to implement the Infrastructure security model. Healthcare IT

is changing with time and requirement of the security models have increased, so duration

of implementation is an important factor to be considered while selecting a particular IT

infrastructure. Prioritization of individual metrics is equally important within an

organization. Healthcare IT needs prioritize among various requirements such as 24*7

availability, Remote Access, Data Security, Wireless Connectivity etc. Performance

target for the network is to be determined. As network requirements of Healthcare IT is

very critical, Performance target should be close to 100%. Percentage space of remote

access points used to gain unauthorized access is to be determined. Possible Security

breaches into the network is to be calculated. Healthcare IT has multiple remote access

points. So all those remote access points needs to be secured eliminating most of the

vulnerabilities. Average frequency of audits and the training given to personals is also to

be accounted for the measurements. Percentage of physical security incidents are also

calculated while measurements.

The criteria applied to select a good Information security Metrics:

Confidentiality

Integrity

Availability

It should cover all the business aspects and should be up to date.

Metric Rationale Pros/Cons

Impact of Downtime –

Loss of Business ($) and

brand image of the

organization.

Network Availability is

crucial. Lack of security

can result to attacks and

breaches made in the

system.

Planning Budget for the

secured IT

infrastructure.

Incident Occurrence

Rate

Mean Time to Incident

discovery

Early and accurate

Identification, handling

and recovery from the

security incident.

Knowledge about

Incident occurrences

recovery and handling.

Better resourcing of IT

team. Mean Time to incident

recovery

Downtime (hours) Reporting downtime

would help to analyze

Helps in better time

management and

mitigation.

17

the vulnerability of the

network.

Number of critical

applications in

operation.

Helps in identifying the

critical application e.g.

life support system,

MRI etc. and risks

associate to these

applications.

Security of important

life support and other

critical applications

Risk Assessment

Coverage

Replacement cost

associated with the

application failures

Fulfilment of Service

Levels Agreements

Service provided to the

patients

Helps to realize the

commitment towards

the patient and the

service provided.

Helps in achieving the

ROI.

Information Security

Budget Allocation in

Healthcare IT.

Level and requirement

justification for the

budget for IT security.

Budget planning for the

security system.

Patch and upgrades to

the application critical

network.

Maintenance to an

updated level of the

system.

Better knowledge of

available patches and

upgrades present in

sector.

Vulnerability scan of

the complete network.

Management of the

vulnerabilities to which

the network is exposed.

Helps in better

recognition of the

vulnerabilities to which

the network is exposed.

Mean time to mitigate

the vulnerabilities

present in the network

RISK ANALYSIS

The risk analysis was performed and the following table represents our findings and the

associated costs.

Threats Cost/Incident Frequency of Occurrence Cost per Incident (SLE) ARO Starting ALE

Hacked Medical Equipment $ 10,000,000.00 Once every 10 years $ 10,000,000.00 0.1 $ 1,000,000.00

Hacked Network attached devices $ 20,000.00 Once every 10 years $ 20,000.00 0.1 $ 2,000.00

Hacked internet facing personal health data $ 2,000,000.00 Twice every year $ 2,000,000.00 2 $ 4,000,000.00

Hacked surveilliance cameras/security equipment $ 1,000,000.00 Once every three years $ 1,000,000.00 0.33 $ 333,333.33

Theft or Loss of data $ 4,000,000.00 Once every year $ 4,000,000.00 1 $ 4,000,000.00

Unathorized Access $ 100,000.00 Thrice every year $ 100,000.00 3 $ 300,000.00

Viruses, Worms, Macros, Denial of service $ 2,000,000.00 Once every year $ 2,000,000.00 1 $ 2,000,000.00

Equipment Failure $ 4,000,000.00 Once very two years $ 4,000,000.00 0.5 $ 2,000,000.00

Service issues from Service providers $ 500,000.00 Twice every year $ 500,000.00 2 $ 1,000,000.00

Insider misuse $ 500,000.00 Twice every year $ 500,000.00 2 $ 1,000,000.00

Patient Records Breach $ 1,000,000.00 Once every year $ 1,000,000.00 1 $ 1,000,000.00

18

COST BENEFIT ANALYSIS

The following table represents the results of the Cost Benefit Analysis. The control

measures and the associated cost have been listed as well which were used for the

analysis.

PROTECTION MECHANISM

This section provides an overview of an architecture that helps meet security requirements

associated with securing clinical systems and devices, biomedical devices/servers, IT

endpoints, and their associated applications.

ENDPOINT SECURITY

Like in any other industry, healthcare has very diverse and complex set of endpoints.

Healthcare providers use a plethora of both wired and wireless devices for clinical IT needs.

These devices need to be secure from data loss, data theft, and privacy invasion, and must

also meet the local country and state security law. Some Products that can help with end

point security are Host Intrusion Prevention software, Wireless LAN Controller (WLC),

Antivirus software and Trojan-ware removal tools.

Securing end points adequately following things must be done:

Enforce security policies for users and devices.

Identify and restrict users and devices that violate policies.

Manage identities and control users on specific devices.

Inspect device health, and quarantine and remediate devices with security issues

NETWORK SECURITY

One of the most fundamental elements of the Medical networks is network security, which

is designed to protect the integrity of the network infrastructure itself, where entire network

segments may be the target of attacks such as theft of service, service abuse, denial of

service (DoS), and data loss. Firewalls must be used to separate the network and prevent

unauthorized access. Additionally, Network security can be enhanced by using Security

Appliances provided by vendors such as Cisco. VPN must be used for accessing the

Medical network from outside. Routers also must be provided with firewalls. Infrastructure

protection must be given on Routing/Switching platforms.

Threats Cost/Incident

Frequency of

occurrence ALE (Prior) ARO ALE (Post)

Cost of

Controls Type of Control

CBA= Starting

ALE- Ending ALE-

Cost of controls

Hacked Medical Equipment $ 10,000,000.00 Once every 10 years $ 1,000,000.00 0.5 $ 500,000.00 100,000

Physical/Software

Security $ 400,000.00

Hacked Network attached devices $ 20,000.00 Once every 10 years $ 2,000.00 0.25 $ 500.00 15,000 Physical Security $ (13,500.00)

Hacked internet facing personal health data $ 2,000,000.00 Twice every year $ 4,000,000.00 1 $4,000,000.00 70,000 Firewall $ (70,000.00)

Hacked surveilliance cameras/security equipment $ 1,000,000.00 Once every three years $ 333,333.33 0.15 $ 50,000.00 75,000

Physical/Software

Security $ 208,333.33

Theft or Loss of data $ 4,000,000.00 Once every year $ 4,000,000.00 0.5 $2,000,000.00 1,000,000 Backups $ 1,000,000.00

Unathorized Access $ 100,000.00 Thrice every year $ 300,000.00 1 $ 300,000.00 900,000 Software Security $ (900,000.00)

Viruses, Worms, Macros, Denial of service $ 2,000,000.00 Once every year $ 2,000,000.00 0.3 $ 600,000.00 150,000 Antivirus $ 1,250,000.00

Equipment Failure $ 4,000,000.00 Once very two years $ 2,000,000.00 0.2 $ 400,000.00 175,000 Physical Security $ 1,425,000.00

Service issues from Service providers $ 500,000.00 Twice every year $ 1,000,000.00 0.7 $ 700,000.00 90,000 Insurance $ 210,000.00

Insider misuse $ 500,000.00 Twice every year $ 1,000,000.00 0.8 $ 800,000.00 100,000 Software Security $ 100,000.00

Patient Records Breach $ 1,000,000.00 Once every year $ 1,000,000.00 0.4 $ 400,000.00 150,000 Software Security $ 450,000.00

19

CONTENT SECURITY

Healthcare facilities are, like all others, vulnerable to attacks on data and content. Spam,

phishing attacks launched through e-mail, and attacks launched for stealing web content

have all been used to provide an attacker access to a target system. For adequate content

security within the Healthcare architecture products which facilitate email filtering and

checking, Web security against malicious websites and intrusion prevention systems must

be employed.

SYSTEM NETWORK AND EVENT MANAGEMENT

System tools keep a check on the health of the entire system whereas network

management tools help in automating, simplifying, and integrating networks to reduce

operational costs. Tools that deal in the area of access control systems, enterprise

management and infrastructure security management can be obtained from vendors.

RECOMMENDATIONS

Proposed network architecture should have high availability with minimum

latency for the critical equipment. Six Sigma availability should be aimed for.

Network segregation should be performed on the basis of network

requirement and should be layered.

Hierarchical model of network Architecture is proposed for the IT

implementation in healthcare.

The calculated cost benefit analysis reflects a positive value for most of

the controls implemented. So we should focus on implementing the ones

with a positive value with a priority.

Organization should have full proof disaster recovery system so that

there no loss of data in case on any kind of breach occurs.

Network Architecture comes with options of software upgrades and

patches to install while the network is in function. We use In Service

Software Upgrade (ISSU) to achieve this requirement.

A mechanism to provide automatic alert in case of any network failure

occurs. Host Intrusion Detection System can be used alongside the

firewall.

Security to the EMR and data should be kept on priority as chance of

breach for EMR is high. Secured data storage centres should be

maintained.

Adequate IT training should be provided to resources and creation of IT

department in the organization.

Remote Access to the network should be provided with any compromise

with network security.

We recommend the usage of HIPPA to establish the privacy

requirements for the electronic health records.

20

We expect an implementation cost of around $10 million healthcare

organization. Of this total, IT Infrastructure and implementation cost of

$5 million and a cost of $5 million for the cost of network equipment and

computers. Time estimation can be around 6 months to a year. A

dedicated team with a CIO is required for the implementation.

21

REFERENCES

http://www.cisco.com/web/strategy/healthcare/cisco_medical-grade_network.html

http://www.hhs.gov/ocr/privacy/

http://docwiki.cisco.com/wiki/Network_Management_Basics