In today’s cyber environment everything is that the tip of society’s fingertip and healthcare is not the exception. Every organization from hospitals to the local family doctor’s office is realizing the cost savings and convenience of having a medical system in place that can store, track, audit, and maintain a patient’s history. Such technology is mutually beneficial to patients alike since searching for providers becomes much easier when login into a medical portal allows the user to find specialist of all sorts without much hassle. However, designing and developing such a medical system must be build and deployed keeping a few things in mind such a privacy, confidentiality, system availability and security.
By ensuring these areas are well developed, the medical industry can have user buy-in (patients) by encouraging consumer confidence. The following document will focus on several crucial aspects of developing and designing a medical database that stores, tracks, audits, and maintains patient’s medical data. We’ll analyze and discuss the security threats and Vulnerabilities of the ITrust database (medical database). The document will identify security measures which address the threats and vulnerabilities found during the analysis phase. A deep dive will be done to the company’s security policies and suggestions made to strengthen its security.
The team began to consider how to prioritize security for the RDBMS to function. The RDBMS should be designed in a way that can offer security and protection to every piece of data saved within the architecture. This is crucial in assuring that the business remains competitive and meets client/customer confidence that sensitive data will not be exposed. These expectations could be meet only if users are sure that information being shared has not been altered or breached. iTrust gives the company great flexibility in terms of allowing an array of information to be stored, shared and maintained within one database. Therefore, it was crucial that the team prioritize security based on confidentiality, integrity, authentication, availability and performance when designing. Additionally, the team performed an analysis based on four different user roles.
These user roles include; police, fire, emergency medical technicians (EMTs), and other medically trained emergency responders who provide care while at, or in transport from, the site of an emergency. The second role include find qualified licensed health care professional, this requirement allows uses the ability to search for and locate health care providers within a certain radius of their home that have dealt with the particular medical condition diagnosed. The third requirement used in the team’s analysis is the diagnosis code table which was mandated by the American Medical Association. The last requirement is analyzed refers to the View access log, here a patient or user is able to note who and/or when a health care provider looked into a record (Williams, Gegick, & Meneely, 2009).
For table # 1, the team worked to give each Database Table a value. The rating represents the level of value that each database table means for an attacker. For example, we felt that the patient’s database table held the highest value to both the company and an intruder because the database table contains highly sensitive information such as patience first name, last name, address, and date of birth just to name a few. The table shown below allowed us to determine which database tablet requires strong security controls to ensure the integrity of the data.
The second table was used to determine the ease of an attack. We used the sum of values from the first tablet #1 to prioritize the requirements that have the highest likelihood of being attacked. As a hacker requirement #2, find qualifies licensed health care professional, is the easiest to attack based on the value points from each table. Followed by the emergency responder requirement which contains valuable information from database tablet such as hospitals. An attack to this database can reveal a person’s medical history. The view access log was considered the third easiest requirement to attack based on although the information is sensitive, it does not reveal patients names or points of contacts. Table # 3 allowed the team to prioritize the security risk from lowest to highest. Our findings and analysis lead us to find that requirement# 2 is the easiest to attack and has the highest security risk of all. This is very concerning from a cyber-security perspective because of the type of information that can be compromised by a breach such as user data containing user IDs, passwords, and security questions (Williams, Gegick, & Meneely, 2009).
Security management policies and vulnerability mitigations
Now that we have identified iTrust security risk, we must find ways to strengthen and mitigate any vulnerabilities that may exist to maintain data integrity. This can be done by implementing user policies, system policies, and network polices. A good user policy can help ensure that the right user with a need to know role is reviewing and accessing iTrust data. Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise (Rouse, n.d.). By implementing this type of user policy the risk level is mitigate because only authorized users can access, edit or retrieve information according to their user profile. To ensure greater security and vulnerability mitigate, cyber security teams and IT professional need to ensure that iTrust is frequently being patched with the lasts software updates. This system policy will mitigate any gaps identified by software develops. Hence reducing the likelihood of being attacked due to outdated software versions.
Lastly, establishing a network security policy will ensure that iTrust has a strong firewall that won’t be easily breached. Having a DMZ (demilitarized zone) is a good way to prevent unauthorized intruders enter a network. A DMZ is a computer host or small network inserted as a “neutral zone” between a company’s private network and the outside public network. It prevents outside users from getting direct access to a server that has company data (Rouse, n.d.). It is also important to have network auditing and penetration testing to ensure that the system is working as designed. Such vulnerability mitigation method can be performed to check if the system is compliant with local, state, and federal mandates for example. However according to Introduction to Computer Security, this approach can help answer question regarding passwords such as: how are passwords being used, are passwords strong enough and the policies in place to ensure password recovery is possible (Goodrich, M. T., & Tamassia, R, 2011).
Goodrich, M. and Tamassia, R. (2011). Introduction to Computer Security. Chapter 9, Security Models and Practice, pp. 460-474 sections: 9.3, 9.4 and 9.5 Rouse, M. (n.d.). What is role-based access control (RBAC)? – Definition from WhatIs.com. Retrieved from http://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC Rouse, M. (n.d.). What is DMZ (demilitarized zone)? – Definition from WhatIs.com. Retrieved from http://searchsecurity.techtarget.com/definition/DMZ UMUC (2014). Software Security Assurance CSEC 630. Module 5.Retrieved from https://leoprdws.umuc.edu Williams, L., Gegick, M., & Meneely, A. (2009). CSEC 630 Team Project iTrust case Study. In Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer. In Proceedings of the 1st International Symposium on Engineering Secure Software and Systems (pp. 122-134). Heidelberg, Berlin: Springer.