The Healthcare Beliefs and Trust in Healthcare Providers of ...
IT Infrastructure and Security in Healthcare Industry
-
Upload
independent -
Category
Documents
-
view
2 -
download
0
Transcript of IT Infrastructure and Security in Healthcare Industry
IT Infrastructure and Security in Healthcare Industry
Abhishek Kumar
Surabhi Agarwal
Sweta Korde
Vibhor Pandey
IDS 520 Enterprise Information Infrastructure
Planning and Security Final Project Report
By
1
CONTENTS
INTRODUCTION .............................................................................................................. 3
HEATHCARE INDUSTRY OVERVIEW ..................................................................... 3
CURRENT BUSINESS PROBLEMS ............................................................................ 3
GOALS AND OBJECTIVES ......................................................................................... 4
METHODOLOGY ............................................................................................................. 4
SUMMARY OF STEPS ................................................................................................. 4
ASSUMPTIONS ............................................................................................................ 4
FINDINGS ......................................................................................................................... 5
REQUIREMENT GATHERING ................................................................................... 5
FLOW ANALYSIS ........................................................................................................ 6
NETWORK ARCHITECTURE ..................................................................................... 8
CORE LAYER ........................................................................................................... 8
DISTRIBUTION LAYER .......................................................................................... 8
ACCESS LAYER ....................................................................................................... 9
ADVANTAGES OF HIERARCHICAL DESIGN ..................................................... 9
NETWORK MANAGEMENT....................................................................................... 9
UNDER FAULT MANAGEMENT: HOST INTRUSION DETECTION SYSTEM 9
UNDER CONFIGURATION MANAGEMENT-PROVISIONING: IDENTITY
SERVICE ENGINE .................................................................................................... 9
UNDER PERFORMANCE MANAGEMENT: APPLICATION MANAGER ......... 9
PERFORMANCE ARCHITECTURE ......................................................................... 10
ACHIEVING SIX SIGMA AVAILIBITY ............................................................... 10
QoS ........................................................................................................................... 10
MEDICAL GRADE NETWORK APPLICATIONS ............................................... 11
THREAT ANALYSIS .................................................................................................. 12
SECURITY MODEL ................................................................................................... 12
2
SECURITY METRICS ................................................................................................ 16
RISK ANALYSIS ........................................................................................................ 17
Cost Benefit Analysis ............................................................................................... 18
PROTECTION MECHANISM .................................................................................... 18
ENDPOINT SECURITY .......................................................................................... 18
NETWORK SECURITY .......................................................................................... 18
CONTENT SECURITY ........................................................................................... 19
SYSTEM NETWORK AND EVENT MANAGEMENT ........................................ 19
RECOMMENDATIONS .................................................................................................. 19
REFERENCES ................................................................................................................. 21
3
INTRODUCTION
HEATHCARE INDUSTRY OVERVIEW
The healthcare industry is undergoing an intense transformation as there is a shift from
traditional procedures towards automated and sophisticated systems. The outdated non IT
practices which exists in most of the healthcare firms aren’t efficient to handle the high
amount of data processing and storage needs. Also, data sharing across multiple locations
and ease of access of information is also a growing problem. The various medical
equipment that are present on the premises produce large amounts of data in the form of
patient records. This data needs efficient handling and timely processing. The medical
devices need to be integrated with the software systems so that they can be controlled
remotely, which exposes these equipment and software to an array of threats. Most of the
internet facing portals can be accessed remotely by doctors, patients and the management
which calls for stricter protocols to ensure data security.
CURRENT BUSINESS PROBLEMS
Current issues faced by the healthcare industry in terms of IT infrastructure
• Physical records maintained on paper
• EMRs work in a silo without end to end integration
• Integration between medical devices doesn’t exist
• Non-existence of a nurse portal; verbal instructions provided to the medical staff
• Integration of patient data in the patient portal
• Data flow and timely availability between different facilities
• Instant messaging and pager services for emergency alerts to the staff
• Data backup for emergency
• Infrastructure backup to handle emergency situations
• Video conferencing capabilities between the physicians and patients or between
the physicians
• Integration of data flowing from external vendors needs to be done
• Electronic integration of the ancillary and drugstore services
• Old non efficient infrastructure
• Security of confidential patient information and hospital data
4
GOALS AND OBJECTIVES
Our team has decided to address the various challenges faced by the healthcare industry
and provide a robust IT infrastructure and security solution. We will look into the
existing architecture in the healthcare firms which does not have a complete integration
and end to end data availability.
METHODOLOGY
SUMMARY OF STEPS
The following steps were followed in this project:
1. Business problem analysis
2. Requirement Gathering
3. Flow Analysis
4. Network Architecture
5. Network Management
6. Performance Architecture
7. Threat Analysis
8. Security Model
9. Security Metrics
10. Risk Analysis
11. Protection Mechanism
ASSUMPTIONS
Since we are looking at healthcare industry as a sector, certain data points were such as
the number of cyber-attacks that this industry faces on yearly basis were not available.
Also, unlike businesses Healthcare sector is not mandated by law to disclose all their
dealings. Thus, assumptions were made were necessary.
5
FINDINGS
REQUIREMENT GATHERING
Applications
Objective
s
Related
Metric
Target
Value
Critical
Resources
Affecting
Factors
Modifyin
g Factors
Expected
Benefits
Security of
EMR(EHR)
Security
of health
records
HIPAA
and the
HITECH
compliant
HIPAA and
the HITECH
compliant
Access
Controller
Govt.
regulatio
ns
Govt.
regulatio
ns
H
CT Scan,
Pagers, X ray
all the traffic
needs to
routed
Channel
Capacity
Peak data
rate
(PDR),sus
tained
data rate
(SDR),
minimum
data rate
(MDR)
10GB LAN
link, 100GB
WAN link.
Limited
Storage
Capacity of
4Tera bytes
of data
(4000GB
Wireless
communic
ation
between
devices
Tradition
al
method
of using
paper in
reports
HIT act
mandates
electronic
records
M
Electronic
records should
be
created/stored
/transferred
accurately to
depict true
health state
Accurate
results
Error &
Loss
Rates –
BER/CLR/
CMR/
Frame &
Packet
Loss
1-2.5% as
acceptable
packet loss
TCP
protocol
should be
used
UDP
protocols
do not
provide
recovery
of lost
packet
TCP if lost
is re-send H
Pharmacy
system/ Labs /
Medical
Equipment
need to
communicate
Synchroni
ze with
other
device
# of
devices /
type of
output,
input file
File
conversion
in expected
formats
Connector
s LDAP
Legacy
systems
Medical
equipme
nt
Integrato
rs
available
M
Medical
emergency has
no fixed time
24x7
Operation
s
Availabilit
y (%
uptime/d
owntime)
Availability-
99.999%
Back up
servers/
power to
ensure
availability
Single
point
failure
Distribute
d
networki
ng
M
6
at time of
failure
Loss of medical
records is
common
Back-up
of data Storage
Storage 1
TB
Scheduled
Jobs for
back up
Maintena
nce of
record
Patient
history
needs to
recorded
H
Regular
Patient
monitoring
helps in early
diagnosis
Faster
analysis
of data
Query
Time <5 sec DB Server
Server
Computin
g Speed
Patient
history
needs to
analyzed
M
FLOW ANALYSIS
Network Flow analysis helps the network administrators to get an insight to the network
as well prioritize the parts of network on the basis of its requirements and availability.
Flow analysis starts with the mapping of all the device in that particular network and
assigning a level of priority to those components. It gives an idea of the traffic rate and
the volume in the particular network which helps to set per-application policy controls as
well as the quality of service. For example: network services to web based application for
the customer can be restricted to a particular level giving a priority to the level of
bandwidth assigned to the life support system applications. Flow analysis also provides
us the added information about the response time of the applications, optimization of
flow. It helps in the selection of optimal path using the network and business
requirements. Flow Characteristics can be broadly classified as specified in the below
table.
Flow
Characteristic
s
Features In Reference to
Healthcare IT
Performance
Requirements
Capacity (bandwidth) Capacity of the
Infrastructure used
according the
healthcare budget.
7
Delay Latency created in
different
applications. With
life support system to
have the minimum
and the customer
applications to be
allowed to have the
maximum.
Reliability Maximum for the life
support applications.
Quality of service Levels Highest for the life
support and network
used by the medical
applications.
Importance
and priority
Levels
Business/Enterprise/provid
er
Depends on the type
of healthcare
industry
(large/Medium/Small
)
Social On less priority level.
Others
Directionality of the
network.
Scheduling of network.
Protocols used.
Security requirements.
Bidirectional or
Unidirectional.
Health IT infrastructure consists of uni-directional as well bi-directional directional
network. Unidirectional networks are the one ones used for the reporting of the patient`s
status in the system. Unidirectional networks are very few in use in the healthcare
network. Bidirectional network with a large bandwidth are most common in use for the
networks large level healthcare organizations. Some of the applications are provided the
highest priority hence provided bi-directional guaranteed type of flow. Flow analysis is
done the basis of Capacity, Delay and reliability of the network. Application in the
healthcare IT is evaluated on the following parameters:
Capacity: It is maximum for the applications used for life support system and
other medical equipment like CT Scan MRI etc. with best network capacity
available in the market. It could be as high as 1.2 GB/s for important
applications to 500kb/s for the application related to customer support.
8
Delay: minimum delay for the application and network involved in life support
system and other medical equipment. Though minimum delay of around 100 ms
is accepted in the applications like VOIP messaging, other communications.
Reliability: maximum for the medical equipment and the life support system of
around 99.9999%. We try to achieve 6 sigma availability. While for other
application some downtime is accepted.
NETWORK ARCHITECTURE
The proposed architecture is a hierarchical model.
The interconnection of layers described above can occur in a variety of ways using
combination of layer 2 and layer 3 technologies.
Biomedical devices, clinical applications and associated security requirements influence
the layer 2 and layer 3 designs.
CORE LAYER
Serves as the backbone of the network
A minimalist design configuration is adopted for core layer to reduce
complexity.
For high availability in Hierarchical networks , blocks are interconnected
DISTRIBUTION LAYER
• Serves as services and control boundary between access and core layers.
• Acts as logical isolation point in the event of failure in access layer.
• Load balancing, QoS, ease of provisioning are key considerations in this layer.
9
ACCESS LAYER
• First point of entry into the network for edge services such as medical devices, portable
computers, end stations etc.
• Provides demarcation between computing devices and network infrastructure.
• It provides QoS, security and policy trust boundary and is a key element in enabling
multiple services.
ADVANTAGES OF HIERARCHICAL DESIGN
In a hierarchical design, the capacity, features and functionality of specific device are
optimized for its position in the network and the role it plays.
A Hierarchical design avoids the need for a fully meshed network in which all nodes
are interconnected.
The functions are distributed at each layer.
The building blocks of modular networks are easy to replicate. There is no need to
redesign the whole network each time a module is added or removed.
Distinct building blocks can be put in-service and taken out-of-service without
impacting the rest of the network.
The Hierarchical design capability enhances troubleshooting, problem isolation and
network management.
Mission critical applications such as EMR and patient vital signs monitoring systems
take advantage of these designs.
NETWORK MANAGEMENT
To ensure the service level and optimization of available resources network management
has been incorporated in network architecture.
UNDER FAULT MANAGEMENT: HOST INTRUSION DETECTION SYSTEM
This helps in notifying when a breach occurs. This should place alongside all the
firewalls. The trigger alarm should be set at a threshold level that is accordance with a
threat.
UNDER CONFIGURATION MANAGEMENT-PROVISIONING: IDENTITY
SERVICE ENGINE
This helps in provisioning with defining access levels to users/devices reasoning
interconnections logically and policy wise. The medical devices should be identified and
provisioned accordingly.
UNDER PERFORMANCE MANAGEMENT: APPLICATION MANAGER
This helps in dynamic load sharing and provides end to end encryption. The load
balancing helps in keeping the network utilized well and ensuring service level targets.
10
PERFORMANCE ARCHITECTURE
For achieving high availability of 99.999 percent and above, there needs to be hardware
redundancy the network, and diagnostics that are capable of recognizing a fault condition
and failing over to a secondary or load-sharing device. The overall goal is to provide a
highly available end-to-end MGN that includes clinical systems and biomedical devices.
In many cases, however, the clinical systems (EHR, EMR, practice management, lab,
pharmacy, radiology, and so on) are not architected to provide 99.999 percent availability.
Clinical applications increasingly are consuming more data centre storage resources plus
network resources. In addition, today’s broadly distributed imaging services can be multi-
vendor, resulting in Imaging centres spread in multiple disparate locations, making it
challenging for the network architect to design a network that meets the expectations of the
client. PACS which is, Picture Archiving and Communication system, images are not
distorted by packet loss or delay. These properties only affect the rendering time. Since
PACS vendors have service-level agreements (SLAs) for this purpose, it is necessary to
understand the impact and extent of this on the workflow. Patient care can be impacted by
severe network congestion which can delay an image by 1 minute in reaching radiologist
or a surgeon who is preparing to perform emergency surgery.
ACHIEVING SIX SIGMA AVAILIBITY
Meticulously planned networks which have well thought out implementation process and
procedures and time tested tools for actively managing the network lead to achieving six
sigma availability. For a “six-sigma” service, it can be out for only 31.53 seconds every
year. Such high level of availability at network layer can indeed be achieved within data
centres that host EMR/EHR systems. Many times, the applications designed to support
clinical staff are not designed for this high level of availability and lead to downtimes. Most
of these outages occur because of software upgrades or patches being installed, or
sometimes involve failure in upstream systems like external testing labs. The outage or
unavailability occur within the organization because of the software updates or the patches
being applied. In order to increase the availability up to six sigma, we use IN Service
Software Upgrade. It provides a feature of software upgrade while system continues to
forward the data packet. It eliminates the downtime and hence increasing the total
availability of the system. Here two routes are maintained one active and the other one at
standby. In the event one becomes inactive traffic flows through the other as traffic is
synchronously relayed to both routes.
QOS
Quality of service (QoS) is measures transmission quality and service availability of a
network. Traffic on IP networks compete for valuable resources like transmission
bandwidth and equipment processing time which are very scarce. This leads to packet loss,
11
packet delay, and jitter (defined as variance of packet delay).These have a very negative
effect on applications. It can lead to interruptions or stoppages of real time services like
video call or voice call and may also slow down applications. As healthcare networks are
increasingly getting more and more congested, failure of network is becoming a very
distinct possibility. Routers and switches must be placed in a well thought out manner so
that consistent application experience can be obtained in varying traffic conditions.
Healthcare network traffic is a mixture of high priority and low priority traffic which
includes applications, medical devices traffic, imaging data, voice and video traffic, guest
services, emails and so on.
QOS model for Medical grade Networks:
Network performance issue arises form bottlenecks in the networks either caused by low
bandwidth links or underpowered devices which QOS an important factor to consider.
Data and clinical application is critical in creating an effective QOS.
We recommend a Platinum Service SLA for the Healthcare industry as high RMA values
are needed for proper functioning.
Application Reliability Capacity Delay Loss in
Revenue
Clinical
Applications
99.999 Guaranteed <5sec High
Imaging services 99.999 Guaranteed <5sec High -
Medium
Communication
equipment
99.99 Best Effort <5sec Medium -
Low
Monitoring
Equipment
99.999 Guaranteed <5 sec High
MEDICAL GRADE NETWORK APPLICATIONS
Monitoring Equipment feed continuous streams of data to central nurse’s station. These
data feed are relatively low band width with a constant bit-rate for reducing jitter. Delay or
interruption in data feed to the nurses’ station may not directly impact patient safety but
12
they do lead to loss in reaction time in detecting of physiological conditions. This kind of
traffic would be classified as high priority and would require a high queuing policy.
We recommend a Platinum Service SLA for the Healthcare industry as high RMA values
are needed for proper functioning.
Strategy Performance Requirement Measurement
Sensitive information
must be protected Continuous monitoring of the
systems for any factors causing
downtime
Timely reporting of incident
and follow up
Intrusion scan
reports
Security
assessment reports
RMA of mission
critical applications The entire system downtime
must be minimal
The entire system must be
reliable throughout
Defined
requirement of
99.999%
availability
Capacity metric
tracking
THREAT ANALYSIS
The following table represents the threat analysis for the Healthcare Industry.
Effect: A – Destructive B- Disabling C- Disruptive D- No impact
Likelihood: A- Certain B- Likely C- Unlikely D – Impossible
SECURITY MODEL
IT implementation in Health Care industry has begun to transform the Healthcare sector
completely with modern technology advancements made to change the sector all
together. Electronic Medical records and record exchanges have improved to become
more secured and reliable. Medical Institution have become more accountable for the
patient data and records.IT infrastructure models in Healthcare also consists of remote
Effect/Likelihood Hardware Servers Network Devices Software Data Medical Equipment EHR/EMR
Hacked Medical Equipment A/A B/B A/B B/B A/A A/A B/B
Hacked Network attached devices B/B B/B A/A B/C B/B B/A C/C
Hacked internet facing personal health data B/B A/B B/C A/B A/B B/B A/B
Hacked surveilliance cameras/security equipment A/A B/C B/B B/B B/B C/D C/C
Theft or Loss of data A/B A/B B/C A/B A/A B/C A/B
Unathorized Access B/B B/B B/B A/B A/B C/C A/A
Viruses, Worms, Macros, Denial of service B/B B/B B/C A/B A/B C/C B/A
Equipment Failure A/B B/C A/B B/B B/C A/B C/C
Service issues from Service providers C/A A/B A/B B/C B/C B/C B/C
Insider misuse C/A B/C A/B B/B B/C B/B B/B
Patient Records Breach B/A A/B B/B B/B A/B B/B A/A
13
patient monitoring, remote medicine consulting or telemedicine, hence requiring high
network availability as well as security. Access through mobile devices to the secured
medical records of the patients and the other business application increase the severity of
the requirement of a secured model.
Security Issues faced in Healthcare IT infra-structure can be broadly classified as:
Ownership of information: Sense of ownership is required towards the patient`s
medical information to prevent any unauthorized access to the data related to the
patients. The team, organization or the person who created the patient data is
responsible to maintain and secure the data. Data related personals can be
divided into three categories: Creator, Author and Manager. The personal
responsible to generate the data is referred as the creator of the data. In case
EMR Laboratory staffs can be considered as the creators. Author of data can be
referred to as the clinician. Manager to the EMR is the patient self. Sometimes
there could be some third party involved at this particular level. Protection of
ownership could be performed using encryption or watermarking techniques.
Authentication of data: Authentication of data is required to assert that particular
data set is true and error free. Endpoint Authentication is observed in most of the
network architecture. It prevents any form of man in the middle attack. Several
protocols are used to have secured web browsing, mails and faxing, VOIP.
Non- repudiation: It acts as the electronic signature to validate the transaction. It
prevents any denial between parties after the completing of any particular
transaction.
Authorization and Confidentiality of data: Patient can allow or deny the sharing
and usage of data for any purpose other than his diagnosis. So the attributes to
access the data is maintained properly. Confidentiality of data is defined by ISO-
17799 ensuring the access only to those who are authorized to access the data.
Availability of data: For EHR to work at the optimum must have high
availability. So all the systems associated to maintenance and the usage of EHR
should be available 24*7 preventing any sort of service disruption. Security and
Privacy protection and HIPPA compliance help us to attain the requirement.
14
Electronic health record security Model:
In a particular scenario of a patient entering into the hospital with a diagnosed disease
needs to be attended by the doctor from the hospital as well as experts from other
hospitals. This case requires the access of EHR by several parties. It includes her data to
be accessed by regular doctors, specialist from the hospital as well as from other hospitals
of the region. It may also need to be accesses by the family doctor of the patient who lies
completely out of the chain. So the access list to the document needs to be managed and
altered several times by the patient or with the patient`s consent. Now the security model
consist of three components:
Electronic Health Record Secured collection and integration: With HIPPA
compliance data is to be shared among the health care providers and the CDO`s.
It also includes the combination and updating of EHR with maintenance of
proper digital signature.
Electronic health Record Storage and access management: Secured storage
servers are to be maintained along with proper access database. Cryptography
can also be used for access control.
Electronic Secure Usage Model: It consists of proper signature maintenance and
verification.
With Increase in the number of cases of security breach or the theft of patient data,
healthcare organization need to adopt security compliance at the earliest. Security
standards such as HIPPA, NIST, and PCI should be adopted and implemented. HIPPA
has established privacy requirements for electronic health records. HIPPA is enacted to
insure the private and confidential data from loss and makes it available in a secured
manner.
15
HIPPA Security Rule is divided into 6 parts. It uses these particular standards to describe
the security standards:
General Rules
Administrative Safeguard
Physical Safeguard
Technical Safeguard
Organizational Safeguard
Policies, Procedures and documentation safeguards.
In order to have a secured IT infrastructure model, Security should be considered as an
integral part of system design. It can be both difficult as well as costly to implement
security measures after the system has been developed, it should be integrated fully
during the system life cycle process. Information should be protected at all three phases:
being processed, transit and in storage. Potential trade-offs should be identified between
reducing risks and increasing the costs. Security model should always have the upgrade
and patch installation option available. Publically accessed system should be kept
separate from the mission critical systems to enhance the network security. Access should
be limited to be provided, no more authorization than necessary to perform required
functions. Proper security in the shutdown and disposal of the system should be
maintained. Disposal of data should be in a secured manner. Security modeling inn over
all is a combination of measures distributed physically and logically.
16
SECURITY METRICS
Infrastructure Security metrics is application of statistical and quantitative approaches of
mathematical analysis to the process of measuring the activities and outcomes of the
program. Measure gives an aggregate, higher-level results as well as the return of
investment for the infrastructure model. Security metrics should must be able to
demonstrate it value to the organization. CMMI (Capability, Maturity model Integrated)
can be used to measure the performance and the process improvement.
Before creating the Infrastructure metrics, info security measures are required. Time
Estimate is to be found out to implement the Infrastructure security model. Healthcare IT
is changing with time and requirement of the security models have increased, so duration
of implementation is an important factor to be considered while selecting a particular IT
infrastructure. Prioritization of individual metrics is equally important within an
organization. Healthcare IT needs prioritize among various requirements such as 24*7
availability, Remote Access, Data Security, Wireless Connectivity etc. Performance
target for the network is to be determined. As network requirements of Healthcare IT is
very critical, Performance target should be close to 100%. Percentage space of remote
access points used to gain unauthorized access is to be determined. Possible Security
breaches into the network is to be calculated. Healthcare IT has multiple remote access
points. So all those remote access points needs to be secured eliminating most of the
vulnerabilities. Average frequency of audits and the training given to personals is also to
be accounted for the measurements. Percentage of physical security incidents are also
calculated while measurements.
The criteria applied to select a good Information security Metrics:
Confidentiality
Integrity
Availability
It should cover all the business aspects and should be up to date.
Metric Rationale Pros/Cons
Impact of Downtime –
Loss of Business ($) and
brand image of the
organization.
Network Availability is
crucial. Lack of security
can result to attacks and
breaches made in the
system.
Planning Budget for the
secured IT
infrastructure.
Incident Occurrence
Rate
Mean Time to Incident
discovery
Early and accurate
Identification, handling
and recovery from the
security incident.
Knowledge about
Incident occurrences
recovery and handling.
Better resourcing of IT
team. Mean Time to incident
recovery
Downtime (hours) Reporting downtime
would help to analyze
Helps in better time
management and
mitigation.
17
the vulnerability of the
network.
Number of critical
applications in
operation.
Helps in identifying the
critical application e.g.
life support system,
MRI etc. and risks
associate to these
applications.
Security of important
life support and other
critical applications
Risk Assessment
Coverage
Replacement cost
associated with the
application failures
Fulfilment of Service
Levels Agreements
Service provided to the
patients
Helps to realize the
commitment towards
the patient and the
service provided.
Helps in achieving the
ROI.
Information Security
Budget Allocation in
Healthcare IT.
Level and requirement
justification for the
budget for IT security.
Budget planning for the
security system.
Patch and upgrades to
the application critical
network.
Maintenance to an
updated level of the
system.
Better knowledge of
available patches and
upgrades present in
sector.
Vulnerability scan of
the complete network.
Management of the
vulnerabilities to which
the network is exposed.
Helps in better
recognition of the
vulnerabilities to which
the network is exposed.
Mean time to mitigate
the vulnerabilities
present in the network
RISK ANALYSIS
The risk analysis was performed and the following table represents our findings and the
associated costs.
Threats Cost/Incident Frequency of Occurrence Cost per Incident (SLE) ARO Starting ALE
Hacked Medical Equipment $ 10,000,000.00 Once every 10 years $ 10,000,000.00 0.1 $ 1,000,000.00
Hacked Network attached devices $ 20,000.00 Once every 10 years $ 20,000.00 0.1 $ 2,000.00
Hacked internet facing personal health data $ 2,000,000.00 Twice every year $ 2,000,000.00 2 $ 4,000,000.00
Hacked surveilliance cameras/security equipment $ 1,000,000.00 Once every three years $ 1,000,000.00 0.33 $ 333,333.33
Theft or Loss of data $ 4,000,000.00 Once every year $ 4,000,000.00 1 $ 4,000,000.00
Unathorized Access $ 100,000.00 Thrice every year $ 100,000.00 3 $ 300,000.00
Viruses, Worms, Macros, Denial of service $ 2,000,000.00 Once every year $ 2,000,000.00 1 $ 2,000,000.00
Equipment Failure $ 4,000,000.00 Once very two years $ 4,000,000.00 0.5 $ 2,000,000.00
Service issues from Service providers $ 500,000.00 Twice every year $ 500,000.00 2 $ 1,000,000.00
Insider misuse $ 500,000.00 Twice every year $ 500,000.00 2 $ 1,000,000.00
Patient Records Breach $ 1,000,000.00 Once every year $ 1,000,000.00 1 $ 1,000,000.00
18
COST BENEFIT ANALYSIS
The following table represents the results of the Cost Benefit Analysis. The control
measures and the associated cost have been listed as well which were used for the
analysis.
PROTECTION MECHANISM
This section provides an overview of an architecture that helps meet security requirements
associated with securing clinical systems and devices, biomedical devices/servers, IT
endpoints, and their associated applications.
ENDPOINT SECURITY
Like in any other industry, healthcare has very diverse and complex set of endpoints.
Healthcare providers use a plethora of both wired and wireless devices for clinical IT needs.
These devices need to be secure from data loss, data theft, and privacy invasion, and must
also meet the local country and state security law. Some Products that can help with end
point security are Host Intrusion Prevention software, Wireless LAN Controller (WLC),
Antivirus software and Trojan-ware removal tools.
Securing end points adequately following things must be done:
Enforce security policies for users and devices.
Identify and restrict users and devices that violate policies.
Manage identities and control users on specific devices.
Inspect device health, and quarantine and remediate devices with security issues
NETWORK SECURITY
One of the most fundamental elements of the Medical networks is network security, which
is designed to protect the integrity of the network infrastructure itself, where entire network
segments may be the target of attacks such as theft of service, service abuse, denial of
service (DoS), and data loss. Firewalls must be used to separate the network and prevent
unauthorized access. Additionally, Network security can be enhanced by using Security
Appliances provided by vendors such as Cisco. VPN must be used for accessing the
Medical network from outside. Routers also must be provided with firewalls. Infrastructure
protection must be given on Routing/Switching platforms.
Threats Cost/Incident
Frequency of
occurrence ALE (Prior) ARO ALE (Post)
Cost of
Controls Type of Control
CBA= Starting
ALE- Ending ALE-
Cost of controls
Hacked Medical Equipment $ 10,000,000.00 Once every 10 years $ 1,000,000.00 0.5 $ 500,000.00 100,000
Physical/Software
Security $ 400,000.00
Hacked Network attached devices $ 20,000.00 Once every 10 years $ 2,000.00 0.25 $ 500.00 15,000 Physical Security $ (13,500.00)
Hacked internet facing personal health data $ 2,000,000.00 Twice every year $ 4,000,000.00 1 $4,000,000.00 70,000 Firewall $ (70,000.00)
Hacked surveilliance cameras/security equipment $ 1,000,000.00 Once every three years $ 333,333.33 0.15 $ 50,000.00 75,000
Physical/Software
Security $ 208,333.33
Theft or Loss of data $ 4,000,000.00 Once every year $ 4,000,000.00 0.5 $2,000,000.00 1,000,000 Backups $ 1,000,000.00
Unathorized Access $ 100,000.00 Thrice every year $ 300,000.00 1 $ 300,000.00 900,000 Software Security $ (900,000.00)
Viruses, Worms, Macros, Denial of service $ 2,000,000.00 Once every year $ 2,000,000.00 0.3 $ 600,000.00 150,000 Antivirus $ 1,250,000.00
Equipment Failure $ 4,000,000.00 Once very two years $ 2,000,000.00 0.2 $ 400,000.00 175,000 Physical Security $ 1,425,000.00
Service issues from Service providers $ 500,000.00 Twice every year $ 1,000,000.00 0.7 $ 700,000.00 90,000 Insurance $ 210,000.00
Insider misuse $ 500,000.00 Twice every year $ 1,000,000.00 0.8 $ 800,000.00 100,000 Software Security $ 100,000.00
Patient Records Breach $ 1,000,000.00 Once every year $ 1,000,000.00 0.4 $ 400,000.00 150,000 Software Security $ 450,000.00
19
CONTENT SECURITY
Healthcare facilities are, like all others, vulnerable to attacks on data and content. Spam,
phishing attacks launched through e-mail, and attacks launched for stealing web content
have all been used to provide an attacker access to a target system. For adequate content
security within the Healthcare architecture products which facilitate email filtering and
checking, Web security against malicious websites and intrusion prevention systems must
be employed.
SYSTEM NETWORK AND EVENT MANAGEMENT
System tools keep a check on the health of the entire system whereas network
management tools help in automating, simplifying, and integrating networks to reduce
operational costs. Tools that deal in the area of access control systems, enterprise
management and infrastructure security management can be obtained from vendors.
RECOMMENDATIONS
Proposed network architecture should have high availability with minimum
latency for the critical equipment. Six Sigma availability should be aimed for.
Network segregation should be performed on the basis of network
requirement and should be layered.
Hierarchical model of network Architecture is proposed for the IT
implementation in healthcare.
The calculated cost benefit analysis reflects a positive value for most of
the controls implemented. So we should focus on implementing the ones
with a positive value with a priority.
Organization should have full proof disaster recovery system so that
there no loss of data in case on any kind of breach occurs.
Network Architecture comes with options of software upgrades and
patches to install while the network is in function. We use In Service
Software Upgrade (ISSU) to achieve this requirement.
A mechanism to provide automatic alert in case of any network failure
occurs. Host Intrusion Detection System can be used alongside the
firewall.
Security to the EMR and data should be kept on priority as chance of
breach for EMR is high. Secured data storage centres should be
maintained.
Adequate IT training should be provided to resources and creation of IT
department in the organization.
Remote Access to the network should be provided with any compromise
with network security.
We recommend the usage of HIPPA to establish the privacy
requirements for the electronic health records.
20
We expect an implementation cost of around $10 million healthcare
organization. Of this total, IT Infrastructure and implementation cost of
$5 million and a cost of $5 million for the cost of network equipment and
computers. Time estimation can be around 6 months to a year. A
dedicated team with a CIO is required for the implementation.
21
REFERENCES
http://www.cisco.com/web/strategy/healthcare/cisco_medical-grade_network.html
http://www.hhs.gov/ocr/privacy/
http://docwiki.cisco.com/wiki/Network_Management_Basics