Skip to main content

Advertisement

SpringerLink
Log in

Cyber-Security Issues in Healthcare Information Technology

  • Published:
Journal of Digital Imaging Aims and scope Submit manuscript

Abstract

In 1999–2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

Note: All web references were last viewed July 2016.

  1. Langer SG, Stewart BK: Computer security: a primer. J Digit Imaging 12(3):114–23, 1999

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  2. Seibert T, Andriole K, Langer S, Siegel E, Morin R: Practice Guideline for Electronic Medical Information Privacy and Security. American College of Radiology Practice Guideline. 2004; 2004(Res. 12):471–77. PMID: 0

  3. Morin et al: “ACR-AAPM- SIIM Practice Parameter for Electronic Medical Information Privacy and Security “ http://www.acr.org/~/media/419A8512DBDB4FDE99EC75B3C68B01CF.pdf, 2014

  4. “Health Insurance Portability and Accountability Act: Final Rule”. Federal Register, 2013; 78(17): 5566–5698. https://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf

  5. Felice RW et al: “Taking Back Control of Our Pacemakers and OnStar Vehicles” SIIM Annual Meeting, 2016, Portland, OR. http://siim.org/page/16it_security

  6. Reel M and Robertson J: “It’s Way too Easy to Hack the Hospital” Bloomberg Businessweek, 2015: 11. http://www.bloomberg.com/features/2015-hospital-hack/

  7. Schneier B: “Beyond Security Theatre” https://www.schneier.com/blog/archives/2009/11/beyond_security.html, 2014

  8. Zargar ST: A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Commun Surv Tutorials 11:2046–2069, 2013

    Article  Google Scholar 

  9. Hegan DG. “Risk and Reward Analysis”. Expert Program Management. http://www.expertprogrammanagement.com/2011/07/risk-and-reward-analysis/

  10. Lippmann R, Haines JW, Fried DJ, Korba J, Das K: “The 1999 DARPA Off-Line Intrusion Detection Evaluation”. Comput Netw 34(4):579–595, 2000

    Article  Google Scholar 

  11. Wikipedia “Computer Security Exploits” https://en.wikipedia.org/wiki/Category:Computer_security_exploits

  12. Becher M, Freiling FC, Hoffmann J, Holz T, Uellenbeck S, & Wolf C: Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices.” Security and Privacy (SP), 2011 I.E. Symposium on (pp. 96–111). IEEE 2011

  13. Foster B, & Lejins Y: Ehealth security Australia: the Solution Lies with Frameworks and Standards. Proceedings of the 2nd Australian eHealth Informatics and Security Conference, 2–4 December 2013, Edith Cowan University, Perth, Western Australia, 2013

  14. Maydanchik A: “Data Quality Assessment”, Technics Publications, LLC, Bradley Beach, NJ, 2007

  15. Open Web Application Security Project (2005) “OWASP Developers Guide V2.0”. OWASP Publishing, Bel Air, MD

  16. Computer Emergency Response Team (CERT). “Top 10 Secure Coding Practices” https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices

  17. LA Times: “Hollywood Hospital Pays $17,000 in Bitcoin to Hackers”. http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html, 2016

  18. Esser S: “iOS Kernel Exploitation”. Blackhat Annual Meeting, Las Vegas NV. https://media.blackhat.com/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf, 2011

  19. CERT Top 30 (May 2015). “Top 30 Targeted High Risk Vulnerabilities” https://www.us-cert.gov/ncas/alerts/TA15-119A

  20. The Honeynet Project (Gordon Lyon, 2001). “Know Your Enemy: Revealing the Security Tools, Tactics and Motives of the Blackhat Community”. ISBN-10: 0321166469 Addison Wesley, New York, NY

  21. Easy doc. Hacket R: “Do not Download This Scam Mac App! It’s Nasty Malware” Fortune 2016: 7. http://fortune.com/2016/07/06/mac-malware-backdoor-app/, 2016

  22. Oechslin, Philippe (2003-08-17). “Making a Faster Cryptanalytical Time-Memory Trade-Off”. Advances in Cryptology: Proceedings of CRYPTO 2003, 23rd Annual International Cryptology Conference. Lecture Notes in Computer Science (Santa Barbara, California, USA: Springer). ISBN 3-540-40674-3

  23. Takai TM, et al: “Guide for Conducting Risk Assessments”, National Institute of Standards and Technology-Computer Security Division, Gaithersburg, MD, 2012

  24. Scarfone K, et al: “Technical Guide to Information Security and Assessment”. NIST Special Publication 800–115. National Institute of Standards and Technology-Computer Security Division, Gaithersburg, MD, 2008

  25. Sons S: Under the sink: security exercises. Linux J 276:42–58, 2016

    Google Scholar 

  26. Schneier B: Applied Cryptography”. Wiley and Sons, Hoboken, NJ, 1996

    Google Scholar 

  27. Schoen D, Kumar N: Getting Started with Spiceworks”. Packt Publishing, Birmingham, UK, 2013

    Google Scholar 

  28. Carter G: LDAP System Administration”. O’Reilly Media, Sebastopol, CA, 2003

    Google Scholar 

  29. Snedaker S: Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd edition. Elsevier Publishing, Amsterdam, Netherlands, 2013

    Google Scholar 

  30. Davies J: Implementing SSL/TLS Using Cryptography and PKI”. Wiley and Sons, Hoboken, NJ, 2011

    Google Scholar 

  31. Garfinkel S: Pretty Good Privacy”. O’Reilly Media, Sebastopol, CA, 1994

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Mayo Clinic, Rochester, MN, USA

    Steve G. Langer

Authors
  1. Steve G. Langer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steve G. Langer.

Appendix A

Appendix A

To preserve readability, the body of this paper glossed over many details; for those inclined, this Appendix (and the following Glossary) address some of them. For a solid grounding on the topic of cryptography and encryption, the reader is directed to [26]. As mentioned in the section on “White Hat—Motivations” there are six goals the White Hat has to address. Of those, three are fully addressed by encryption and hashing: Authentication, Data Privacy, and Data Integrity. The other three areas (audits, authorization and reliability, and performance) will be addressed in turn.

Audits

As mentioned previously, auditing involves several categories of things to audit. Auditing devices means knowing what devices are on the network, what they do, and who they talk to. These points can be solved with numerous tools [27]. Auditing Users typically means looking at a time window of applications and data they used, and this is typically addressed by looking at HIPAA audit logs. Auditing of cyber-security policies and procedures should be done at least annually to see what is working, what is not, and with an eye to close that gap. Finally, network auditing should be done continuously and automatically to restrict network access to known agents (e.g., Cisco Firepower and ISE, Cisco Systems Inc, San Jose, CA).

Authorization

Authorization relies on tying a User or group of Users to a role, and defining access privileges for resources to that role. For example, members of the Finance Department would have access to the finance folder on the network, but other Users would not. As such, authorization depends critically on accurate authentication. In modern computing systems (i.e., Microsoft environments, Microsoft Corporation Redmond WA), the two areas are linked using a protocol based on LDAP (Lightweight Directory Access Protocol) [28].

Reliability and Performance

As mentioned before, not all service failures are due to Black Hats. The White Hats are also expected to maintain service uptime, at acceptable performance, in the face of hardware, software, and Acts of God failures. The methods for maintaining application uptime are referred to High Availability and are aimed at avoiding single points of failure. The methods to assure that data are never lost are referred to Disaster Recovery. The combination of methods to maintain both application and data availability are referred to as Business Continuity [29].

Authentication, Data Privacy, and Data Integrity

Encryption helps:

authentication, data privacy, and data integrity (non-repudiation)

First consider data confidentiality. The goal is to transfer the “clear text” of the message (say “Patient Name Richard Nixon”) to some cipher-text like “sgsgsdfWE%#%@#$F.” The exact mechanics of the encryption process vary from algorithm to algorithm, but the bottom line is that without the right key(s), non-authorized Users cannot read the message. Tools exist to perform such encryption over the Internet as data is transferred [30]. They also exist to encrypt data at rest on a server [31]. Authentication and non-repudiation make use of both encryption and “hashing” as we will now see.

Hashing helps:

authentication and data integrity (digital signing and non-repudiation)

A reversible encryption algorithm can be used to secure a message from prying eyes. However, the recipient of the message has no way of knowing the absolute identity of the person who sent a message or that the message arrived uncorrupted. With a combination of public key encryption and a process known as “hashing,” all these ends can be achieved.

A hash is a one-way, irreversible process guaranteed to generate a unique number for a unique data input. The importance of this process is that any change to the text document will result in a new value from the hashing algorithm. The two different values (called message digests “MDs”) indicate that the input text has been changed. However, even this is not enough. If an enterprising Black Hat can intercept a message, they may well recompute the MD themselves and send it along with a modified document to the intended User. The User checks the sent MD against the MD they compute from the received message, finds that the numbers match, and has no way of detecting the modification.

This is where digital signing enters the picture. The real author computes the MD and encrypts it (in effect signing it) with their private key. If an intermediate Black Hat intercepts the message, throws out the real MD, falsifies the message, and supplies their own MD, the recipient will not be able to decode the MD with the public key from the presumed author. If the intended recipient User has faith that their public key is correct for the intended author, they will know that something is wrong (see Fig. 1). A side benefit of digital signing is that a document, once digitally signed, can only be repudiated by the signer by claiming one of two things: either that their private key has been stolen or that the public key claimed to be theirs has been forged by Black Hats. The latter argument is mitigated by the existence of trusted third-party PKI certifying authorities (e.g., Entrust DataCard, Entrust Inc., Minneapolis, MN).

Fig. 1
figure 1

(A) X sends a message, and it is altered by M. Y cannot discern the alteration. (B) X computes the document’s message digest (MD) and sends its value (1003) with the document. M alters the message. Y recomputes the MD of the message and detects an alteration, because the MDs do not match (957 ≠ 1003). (C) This time, M recomputes the MD and sends it with the altered message. Now when Y recomputes the MD and checks against the sent MD, the two match, and Y is fooled. (D) X digitally signs the MD, and M cannot reproduce X’s signature without X’s private key. Nevertheless, M alters the message. When Y decodes the MD signed by X and compares it with the recomputed MD of the altered message, Y detects the substitution (957 ≠ 1003)

Full size image

Glossary

Authentication

Is the agent who they claim to be

Authorization

Does the agent have rights to the resource

Confidentiality (data)

Is data secure from the eyes of unintended agents

Cyphertext

The encrypted version of an unencoded “clear” text

Denial of service

An attack that incapacitates a service running on a computer

Encryption

A reversible process to converts a clear text message that can be read by anyone into a cipher-text message that can be read by no one, unless they possess the decryption key(s).

Firewall

A device that contains two network cards on two different networks, and uses a rule base to select what data is passed through and in what direction

Hashing

An algorithm to generate a unique value from a unique text input

Integrity (Data)

Is data unaltered from its original sent state

Internet

The big “I” internet is the world wide network connecting the millions of private local area networks.

Local Area Network

Generally applied to a local Ethernet subnet where all computers have the same address suffix (i.e. xxx.corporationX.com)

Non-repudiation

Can an agent send/alter a message, then later deny having sent/altered it

One/two-factor authentication

One factor authentication may require only one piece of data, perhaps a password. Two factor methods use an additional item, perhaps a biometric (fingerprint, voice, etc.) to perform authentication.

Public Key Infrastructure

A trusted means of distributing individual’s public keys. Required in a large scale implementation of a public key encryption system.

Reliability

Is a service or system available and accurate when needed

Sniffing

Using a network interface card in a promiscuous mode to capture all data on the network, even if it is not meant for the local machine

Spoofing

Faking the Internet address of packets emanating from one’s computer so as to assume the identity of another computer and hide one’s true identity

Switched networks

As opposed to shared networks (which act like a party line in the telephone world), switched networks create private links momentarily between computers

Tripwire

A program that can detect intruder’s changes to a computer system’s critical files

Trojan Horse

A program that masquerades as something benign but actually contains Malware.

Virtual Private Network

A method of encrypting data passed on the open Internet so it is as if the users share a private link

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Langer, S.G. Cyber-Security Issues in Healthcare Information Technology. J Digit Imaging 30, 117–125 (2017). https://doi.org/10.1007/s10278-016-9913-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10278-016-9913-x

Keywords

Search

Navigation