nach oben

Journal of Imaging Informatics in Medicine

Erschienen in:

11.10.2016

Cyber-Security Issues in Healthcare Information Technology

verfasst von: Steve G. Langer

Erschienen in: Journal of Imaging Informatics in Medicine | Ausgabe 1/2017

Einloggen, um Zugang zu erhalten

Abstract

In 1999–2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

Nur mit Berechtigung zugänglich

Authentication

Is the agent who they claim to be

Authorization

Does the agent have rights to the resource

Confidentiality (data)

Is data secure from the eyes of unintended agents

Cyphertext

The encrypted version of an unencoded “clear” text

Denial of service

An attack that incapacitates a service running on a computer

Encryption

A reversible process to converts a clear text message that can be read by anyone into a cipher-text message that can be read by no one, unless they possess the decryption key(s).

Firewall

A device that contains two network cards on two different networks, and uses a rule base to select what data is passed through and in what direction

Hashing

An algorithm to generate a unique value from a unique text input

Integrity (Data)

Is data unaltered from its original sent state

Internet

The big “I” internet is the world wide network connecting the millions of private local area networks.

Local Area Network

Generally applied to a local Ethernet subnet where all computers have the same address suffix (i.e. xxx.corporationX.com)

Non-repudiation

Can an agent send/alter a message, then later deny having sent/altered it

One/two-factor authentication

One factor authentication may require only one piece of data, perhaps a password. Two factor methods use an additional item, perhaps a biometric (fingerprint, voice, etc.) to perform authentication.

Public Key Infrastructure

A trusted means of distributing individual’s public keys. Required in a large scale implementation of a public key encryption system.

Reliability

Is a service or system available and accurate when needed

Sniffing

Using a network interface card in a promiscuous mode to capture all data on the network, even if it is not meant for the local machine

Spoofing

Faking the Internet address of packets emanating from one’s computer so as to assume the identity of another computer and hide one’s true identity

Switched networks

As opposed to shared networks (which act like a party line in the telephone world), switched networks create private links momentarily between computers

Tripwire

A program that can detect intruder’s changes to a computer system’s critical files

Trojan Horse

A program that masquerades as something benign but actually contains Malware.

Virtual Private Network

A method of encrypting data passed on the open Internet so it is as if the users share a private link

Langer SG, Stewart BK: Computer security: a primer. J Digit Imaging 12(3):114–23, 1999CrossRefPubMedPubMedCentral

Seibert T, Andriole K, Langer S, Siegel E, Morin R: Practice Guideline for Electronic Medical Information Privacy and Security. American College of Radiology Practice Guideline. 2004; 2004(Res. 12):471–77. PMID: 0

Morin et al: “ACR-AAPM- SIIM Practice Parameter for Electronic Medical Information Privacy and Security “ http://www.acr.org/~/media/419A8512DBDB4FDE99EC75B3C68B01CF.pdf, 2014

“Health Insurance Portability and Accountability Act: Final Rule”. Federal Register, 2013; 78(17): 5566–5698. https://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf

Felice RW et al: “Taking Back Control of Our Pacemakers and OnStar Vehicles” SIIM Annual Meeting, 2016, Portland, OR. http://siim.org/page/16it_security

Reel M and Robertson J: “It’s Way too Easy to Hack the Hospital” Bloomberg Businessweek, 2015: 11. http://www.bloomberg.com/features/2015-hospital-hack/

Schneier B: “Beyond Security Theatre” https://www.schneier.com/blog/archives/2009/11/beyond_security.html, 2014

Zargar ST: A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Commun Surv Tutorials 11:2046–2069, 2013CrossRef

Hegan DG. “Risk and Reward Analysis”. Expert Program Management. http://www.expertprogrammanagement.com/2011/07/risk-and-reward-analysis/

10.

Lippmann R, Haines JW, Fried DJ, Korba J, Das K: “The 1999 DARPA Off-Line Intrusion Detection Evaluation”. Comput Netw 34(4):579–595, 2000CrossRef

11.

Wikipedia “Computer Security Exploits” https://en.wikipedia.org/wiki/Category:Computer_security_exploits

12.

Becher M, Freiling FC, Hoffmann J, Holz T, Uellenbeck S, & Wolf C: Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices.” Security and Privacy (SP), 2011 I.E. Symposium on (pp. 96–111). IEEE 2011

13.

Foster B, & Lejins Y: Ehealth security Australia: the Solution Lies with Frameworks and Standards. Proceedings of the 2nd Australian eHealth Informatics and Security Conference, 2–4 December 2013, Edith Cowan University, Perth, Western Australia, 2013

14.

Maydanchik A: “Data Quality Assessment”, Technics Publications, LLC, Bradley Beach, NJ, 2007

15.

Open Web Application Security Project (2005) “OWASP Developers Guide V2.0”. OWASP Publishing, Bel Air, MD

16.

Computer Emergency Response Team (CERT). “Top 10 Secure Coding Practices” https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices

17.

LA Times: “Hollywood Hospital Pays $17,000 in Bitcoin to Hackers”. http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html, 2016

18.

Esser S: “iOS Kernel Exploitation”. Blackhat Annual Meeting, Las Vegas NV. https://media.blackhat.com/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf, 2011

19.

CERT Top 30 (May 2015). “Top 30 Targeted High Risk Vulnerabilities” https://www.us-cert.gov/ncas/alerts/TA15-119A

20.

The Honeynet Project (Gordon Lyon, 2001). “Know Your Enemy: Revealing the Security Tools, Tactics and Motives of the Blackhat Community”. ISBN-10: 0321166469 Addison Wesley, New York, NY

21.

Easy doc. Hacket R: “Do not Download This Scam Mac App! It’s Nasty Malware” Fortune 2016: 7. http://fortune.com/2016/07/06/mac-malware-backdoor-app/, 2016

22.

Oechslin, Philippe (2003-08-17). “Making a Faster Cryptanalytical Time-Memory Trade-Off”. Advances in Cryptology: Proceedings of CRYPTO 2003, 23rd Annual International Cryptology Conference. Lecture Notes in Computer Science (Santa Barbara, California, USA: Springer). ISBN 3-540-40674-3

23.

Takai TM, et al: “Guide for Conducting Risk Assessments”, National Institute of Standards and Technology-Computer Security Division, Gaithersburg, MD, 2012

24.

Scarfone K, et al: “Technical Guide to Information Security and Assessment”. NIST Special Publication 800–115. National Institute of Standards and Technology-Computer Security Division, Gaithersburg, MD, 2008

25.

Sons S: Under the sink: security exercises. Linux J 276:42–58, 2016

26.

Schneier B: Applied Cryptography”. Wiley and Sons, Hoboken, NJ, 1996

27.

Schoen D, Kumar N: Getting Started with Spiceworks”. Packt Publishing, Birmingham, UK, 2013

28.

Carter G: LDAP System Administration”. O’Reilly Media, Sebastopol, CA, 2003

29.

Snedaker S: Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd edition. Elsevier Publishing, Amsterdam, Netherlands, 2013

30.

Davies J: Implementing SSL/TLS Using Cryptography and PKI”. Wiley and Sons, Hoboken, NJ, 2011

31.

Garfinkel S: Pretty Good Privacy”. O’Reilly Media, Sebastopol, CA, 1994

Titel: Cyber-Security Issues in Healthcare Information Technology
verfasst von: Steve G. Langer
Publikationsdatum: 11.10.2016
Verlag: Springer International Publishing
Erschienen in: Journal of Imaging Informatics in Medicine / Ausgabe 1/2017
Print ISSN: 2948-2925
Elektronische ISSN: 2948-2933
DOI: https://doi.org/10.1007/s10278-016-9913-x

Neu im Fachgebiet Radiologie

18.04.2024 | Pädiatrische Notfallmedizin | Nachrichten

Update Radiologie

Bestellen Sie unseren Fach-Newsletter und bleiben Sie gut informiert.

Newsletter bestellen

Springer Medizin

Cyber-Security Issues in Healthcare Information Technology

Abstract

Neu im Fachgebiet Radiologie

Fünf Dinge, die im Kindernotfall besser zu unterlassen sind

„Nur wer sich gut aufgehoben fühlt, kann auch für Patientensicherheit sorgen“

Wie toxische Männlichkeit der Gesundheit von Männern schadet

Studie bestätigt Potenzial von KI in der Radiologie

Update Radiologie

Springer Medizin

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Weitere Artikel der Ausgabe 1/2017

Survey of Non-Rigid Registration Tools in Medicine

CT and MR Protocol Standardization Across a Large Health System: Providing a Consistent Radiologist, Patient, and Referring Provider Experience

Does Expectation of Abnormality Affect the Search Pattern of Radiologists When Looking for Pulmonary Nodules?

Crypto-Watermarking of Transmitted Medical Images

A Multimodal Search Engine for Medical Imaging Studies

Radiologists’ Variation of Time to Read Across Different Procedure Types

Neu im Fachgebiet Radiologie

Fünf Dinge, die im Kindernotfall besser zu unterlassen sind

„Nur wer sich gut aufgehoben fühlt, kann auch für Patientensicherheit sorgen“

Wie toxische Männlichkeit der Gesundheit von Männern schadet

Studie bestätigt Potenzial von KI in der Radiologie

Update Radiologie