Securing Healthcare Networks

against Cyber-Attacks

Submitted By:

Christine Paul ChitilapillyStudent ID: 1126256

Date of Submission: December 14, 2016

Securing Healthcare Networks against Cyber-Attacks

Abstract

In the current era of digitization, with all the data being converted from paper to electronic records, even the healthcare industry has become so dependent on technology. As hospitals are adopting electronic means for data storage, medical results, transactions and billing, utmost care is to be taken to protect a patient’s personal privacy by protecting their electronic health records, which is only possible by enhancing the security and privacy of the hospital’s network. This paper proposes certain security mechanisms for a more controlled and safer access to the healthcare provider’s network, thus being aware of every device trying to access the network and making sure only authorized devices are able to connect, with the help of measures such as, intrusion detection systems to continuously monitor the network, firewalls to ensure endpoint devices comply with security policies and biometrics for identity based network access control.

1. Introduction

[2] Numerous health care industries have been victims of cyber-attacks. Such attacks occur when an isolated device transfers the stored medical data to the hospital’s network, which could possibly takeover the entire network of the hospital and intercept data exchange between the patient and the healthcare center. For instance, wearable devices such as the (insulin) diabetes kit that determines the exact amount to be discharged into the patient’s blood, based on their current glucose level. If a hacker was to intercept this traffic and change the dosage to a lethal amount or maybe even take over the hospital’s entire network of dosage tracker users and hold their lives for ransom for any possible financial gains or any gain as such. Therefore, with technology growing more pervasive each day, all Internet-connected devices in the healthcare industry need to cater to anticipated potential security threats and towards neutralizing them.

2. The Need for Security in Healthcare Networks

[4], [5] Healthcare providers are responsible for securing classified patient information in light of a conceivable cyber-attack, but also because government regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA), establish privacy requirements for protecting health data.

Several e-Healthcare security challenges are examined in order to address the evolving needs digital healthcare industry. New security concerns emerge in transmitting and processing of

patient data or even public healthcare alerts, across many parties with varying security, privacy and trust levels. There could be several devices responsible for an upsurge in malicious traffic.

1. Connected medical endpoints that are used for consults and remote procedures2. Internet facing personal health-data that are not certified under U.S. Standards, not

regulated under HIPAA/HITECH registration, which states that any healthcare organization that stores, processes or transmits personal health information (PHI) is required to comply with the Health Insurance Portability and Accountability Act and safeguard all protected data.

3. Security systems and edge devices, including VPN applications and devices, firewalls and enterprise network controllers (ENCs).

A cyber-attack/attacker could possibly takeover the hospital’s entire network, intercept data exchange between patient and healthcare center or even threaten for monetary gains. Common network threats include packet sniffing, IP spoofing, DoS and man-in-the-middle attack, resulting in disruption of clinical and administrative processes, loss of patient trust and financial costs.

As healthcare facilities rely on networks for their core operations, they become vulnerable to compromised security, interfere with a clinician’s ability to treat patients, or even expose providers to substantial liabilities. Merely deploying a firewall would be insufficient. Instead, patient information should be protected at every point of access, both inside and outside the network.

Thus, it is essential to be aware of every device or user trying to connect to the network and provide appropriate access to each device or user.

3. Intrusion Detection System using Biometrics for Authentication

3.1 Implementing IDS for continuous network monitoring

[1], [3] Intrusion detection is one among several popular ways of implementing network security.

IDSs that depend on audit trails for choosing whether a specific activity is intrusive or not; compliments other security innovations such as firewalls.

IDSs that detect intrusions based on deviations from normal to abnormal state using user or systems profiles is defined as anomaly detection. Anomaly detection tends to detect novel attacks with the expense of false positives. Signatures are a set of actions, conditions or activities, when met indicate an intrusion. IDS that rely on signatures are often called signature based detection systems. They usually tend to have a higher detection rate with the expense of false negatives.

Since healthcare network attacks are mostly user-level attacks, the IDS must be host-based.

3.2 Biometrics

Biometrics could be classified into two common types:

1. Physical Biometrics which estimate the physiological characteristics of a person, such as fingerprint, iris scan, face recognition

2. Behavioral Biometrics which estimate the behavior of a person, such as keystroke dynamics and mouse dynamics

Endowing a host-based intrusion detection system (HIDS) with a fingerprint technique is one way to authenticate users of a device within a network in a more reliable way. Making use of biometrics in combination with IDSs, enhances the authentication capability of an IDS. If the fingerprint technique be used to complement a host-based intrusion detection system in order to improve its level of authentication, it would allow us to effectively detect misuse of any connected end-host device.

3.3 Fingerprint based IDS Architecture

The above figure demonstrates the design of the system. All sensors send information to the central IDS, which analyzes and categorizes all data, in order to notify the administrator about the behavior of each user, which means that the central IDS is aware of all authorized and unauthorized login attempts. A system based on this architecture is designed to be able to authenticate users, deny unauthorized users and as well as detect insider attacks.

3.4 Algorithm for Fingerprint Identification

i. Matriculation: The user’s fingerprint is captured using a fingerprint capturing device, which is saved to a database.

ii. Verification: When user log’s in, this fingerprint from the database is compared with the input fingerprint to test for a match. Once matched, access to device would be granted, else, the IDS would be notified.

4. Firewalls to Ensure Endpoint Devices Comply with Security Policies

[4], [5] The most ideal approach to ensure endpoint devices comply with security policies would be to implement a firewall or an access router with inspection firewall features. An integrated router sensible, financially savvy solution for smaller networks. Larger organizations, however, may require the expanded capabilities of a devoted firewall.

Implementing a firewall would serve as a barrier for the network. It performs the following:

i. Ensure that only appropriate information and authorized personnel are allowed access to the network

ii. Block undesirable or perilous transmissions from unapproved usersiii. Filter Internet content that users are permitted to view

5. Conclusion

With regard to implementing biometrics to detect intrusions, using mouse dynamics or keystroke techniques, an attacker could easily forge an authorized user’s keystrokes, but may find it comparatively infeasible to gain access using fingerprints.

Another fairly secure approach that could be simultaneously implemented is to preset the firewall to deny all services except those clearly permitted. Although a firewall is indispensable for any business connected to the Internet, employing and sustaining one levies the constrained IT resources of mid-scale networks, because of which many such networks tend to outsource their firewall execution and administration.

The assumption made throughout this paper is that a concurrent employment of fingerprints in IDS and a well-employed firewall, could drastically improve the security of the healthcare network and thus help achieve identity based network access control and prevent unauthorized users from accessing the network.

References:

[1] K. Challita, H. Farhat, and K. Khaldi, "Biometric Authentication for Intrusion Detection System," in 2010 First International Conference on Integrated Intelligent Computing, 2010, pp. 195–199.

[2] S. M. R. Islam, D. Kwak, M. D. H. Kabir, M. Hosain, and K.-S. Kwak, "The Internet of Things for Health Care: A Comprehensive Survey," IEEE Access, 2015, pp. 678–708.

[3] S. Roy, S. Chatterjee, S. Chattopadhyay, and A. K. Gupta, "A biometrics-based robust and secure user authentication protocol for e-healthcare service," in 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2016, pp. 638–644.

[4] Cisco Healthcare Security Perspectives (n.d) Retrieved from http://www.cisco.com/

[5] Top 4 Network Security Challenges in Healthcare (n.d.) Retrieved from https://www.bradfordnetworks.com/