Literature Review
The foremost purpose of this paper is to focus on the security issues of network in the healthcare industry. The paper focuses on the threats and vulnerabilities associated with the networking architecture. The readers of this paper will be having a great deal of knowledge about the recent developments in the healthcare networks. The paper also guides the readers to understand the need of the risk mitigation strategies so that the overall productivity of the healthcare industry is maintained. The paper concludes with threat mitigation techniques which are implemented in major healthcare industries to minimize the chances of having any security issues in their private networks.
Networking Architecture, Risk mitigation steps, UPnProxy, Trafficking, TCP/UDP, Ranna Cry Ransomeware,
The foremost determination of this paper is to focus on the security challenges of the network-based application of the healthcare industry. The developments in the field of science and technology led to the extensive use of the network based applications in healthcare industry which are evaluated in this paper. The security issues related to those applications are evaluated in this paper. The literature review of this paper focuses on the different networking devices [2]. The recent developments in the field of healthcare networks are highlighted in the paper with much importance along with the future security issues. The paper concludes with a solution of the identified problems.
According to Patil, Harsh and Ravi (2014), the security issues related to the routers are mostly from UPnProxy. Trafficking is a major issue regarding the security challenges of routers. The authors stated that the distributed denial of service attack is one of the most common security issue related to the routers. Unauthorized access is one of the main security issues related to the switches. According to the authors invalid configurations and the malicious attacks are the other form of security concern for the healthcare network architecture. These networking devices also face threat from different types of cybercrimes such as the Wanna Cry Ransomeware. The other kinds of securities associated with switches are switch spoofing, ARP spoofing, Double Taggings, Spanning tree protocol attack, MAC address flooding, DHCP server, attacks coming from CDP and Telnet. The security issues related to Firewall are the fragmentation attacks, IP spoofing, malformed network packets, network flood. The author of this paper highlighted that the attack coming from the Man in the Middle is one of the main security concerns of this type of networking devices, for this reason 3 different types of firewalls are used such as the packet filters, stateful inspection and proxies.
As discussed by Gope, Prosanta and Tzonelih (2016), the healthcare network is used in the healthcare industry by different types of purposes as it enhances the service provided to the clients and helps increasing the business reach of the healthcare industry. They stated that healthcare industry is a very sensitive area and is prone to numerous external attacks such as the cyber security attacks. According to the authors of this paper the protection of the health care network is ensured by the use of artificial intelligence and business intelligence. Security measures of healthcare networks are always updated according to the needs and situations. All the wireless systems which are connected in the hospital facility are managed by latest technologies which increase the efficiency of those devices. Cloud computing services are increasing adopted by the modern health sector industries. The authors stated that the application of the anti-virus software and the frequent updating of the version of the operating system are helpful in preventing cyber security issues such as the ransomeware.
Recent developments in healthcare networks
As stated by Zhang et al. (2015), the security in health care network is one of the main reasons behind the smooth conduction of the operations in the hospital industry. The security is related to both the network used in the hospital area as well as from the perspective of the patients are stated by the authors of this resource. The entire medical and the non-medical devices such as the MRI scanners and electrical ventilator in operation rooms which are connected to the internet are prone to different cyber security issues. According to the authors, the secured network system helps to provide security to all the internal as well as the external stakeholders of the hospital. The author stated that data theft and sabotage are the reasons why security is concern for all the healthcare industries. The author stated that the privacy and security of the patients as well as the authorities of the hospitals are maintained with the healthcare so it needs to be taken special care.
The three major security issues related to the healthcare network are the famous ransomeware attack, phishing emails and threats coming from the insiders. This section of the report will be focusing on these major security issues. The attack coming from the malicious programs are a major source of concern in the healthcare industry, the data related to the patient as well as the other stakeholders of the hospital may be prone those cyber threats such as ransomeware where essential data are seized by the cyber criminals and ransom amount are demanded from the concerned persons [10]. This puts the entire organization under severe threat, even it is found that even after the amount is paid the seized data is partially given back to the users, ransomeware exploits human element and may cause huge financial loss to the hospital authorities.
Phishing emails are the other type of issue related to the healthcare network. The prime motive behind the phishing attacks in health care industry is to gain access to PHI or provide a medium for cyber-attacks such as the ransomeware [8]. The phishing email concept is strongly associated with making false identities of the users and commit different types of insurance frauds. All the details of the impacted email accounts are used for different purposes during the phishing attacks. The breaching caused due to the phishing emails can last up to many months because it is not detected very easily [4]. Huge volumes of data related to both the hospital authority as well as from the patients perspective is at stake due to the phishing attacks. The healthcare information policies of the hospital sector can be changed by the criminals according to their needs and requirement that might have direct negative impact on the growth and development of the healthcare industry.
Threats coming from the internal stakeholders of the healthcare industry are the most essential threat among all the three discussed threats. Individual personalities of the healthcare industry are at stake considering the security aspects of the healthcare industry. There are two categories of insider threat attacks in healthcare industry, malicious threats are related to the social and personal security of the patients and the non-malicious attacks are like loss of sensitive information related to the medical data. The threats coming from the insiders are not always limited to employees but also from any person who is directly related to the network of the organization such as the sub-contractors of the business associates, researchers and the volunteers [6]. The other types of internal threats of the healthcare industry are different types of non-governmental organization who works with the healthcare industries foe different purposes. The threats coming from the insiders breach the HIPAA rules and regulations, which have the capability to hamper the reputation of the healthcare industry.
The importance of security in healthcare networks
This Cyber security issues such as the ransomware possess maximum threat to the healthcare industry. The cyber security issues related to this type of attacks is not entirely preventable but there are few steps by which the risk coming from this issue can be minimized to a significant extent. The method by which this program is spread to the different computer networks violates all the probable international networking protocols. The different risk mitigation strategies of ransomeware are described in this section of the paper. The data backup processes should be frequently practiced in the healthcare industry so that all the essential data are recoverable. Every hospital authority should be having a dedicated IT departmental team that will be looking for all the network related issues of the organization, and they should be looking forward to evaluating the existing risks of the network [7]. The operating systems used in the healthcare industries should be always updated with the latest patches as the latest versions improve the security of the systems. The anti-virus used in the healthcare industry has to be updated so that the malicious program faces minimum resistance while accessing the network. The wireless connections, which are not used in the hospital premises, should be disconnected from the central networks. Ad blocking extensions should be enabled in all the essential computers of the hospital area. The remote desktop protocol should be disabled by the hospital authorities along with the SSH connections.
The login credential of each stakeholder in the health care industry should be developed with complex alphanumeric characters, which are very difficult to decode. All the email attachments should be evenly scanned with the help of reputed antivirus system so that malicious programs are not installed in the hospital networks. The systems in the healthcare industry should be frequently configured by frequently modifying the group policy editor to prevent the infected executable files. The inbuilt firewalls of the systems should be always enabled as it prevents the entry of unauthorized external threats. The inbound traffic to the TCP/UDP ports 139 and TCP port 445 should be blocked unless it is required [9]. The application of the smart patch management helps in preventing any types of threats and vulnerabilities of a network such as the ransomeware. Robust blacklisting should be practiced more in the healthcare industries so that the threats coming from the cyber securities can be minimized to a significant extent. The network perimeter of the healthcare industry can be secured with the help of the intrusion protection systems such as the network intrusion protection system and the host intrusion protection system. The IPS can alert the network administrators of the healthcare industry in case of any type of unauthorized access to the network.
References
[1] Patil, Harsh Kupwade, and Ravi Seshadri. “Big data security and privacy issues in healthcare.” Big Data (BigData Congress), 2014 IEEE International Congress on. IEEE, 2014.
[2] Manogaran, Gunasekaran, et al. “Big data security intelligence for healthcare industry 4.0.” Cybersecurity for Industry 4.0. Springer, Cham, 2017. 103-126.
[3] Gope, Prosanta, and Tzonelih Hwang. “BSN-Care: A secure IoT-based modern healthcare system using body sensor network.” IEEE Sensors Journal 16.5 (2016): 1368-1376.
[4] Bhatt, Chintan, Nilanjan Dey, and Amira S. Ashour, eds. “Internet of things and big data technologies for next generation healthcare.” (2017): 978-3.
[5] Zhang, Kuan, et al. “Security and privacy for mobile healthcare networks: from a quality of protection perspective.” IEEE Wireless Communications 22.4 (2015): 104-112.
[5] Martínez-Pérez, Borja, Isabel De La Torre-Díez, and Miguel López-Coronado. “Privacy and security in mobile health apps: a review and recommendations.” Journal of medical systems 39.1 (2015): 181.
[6] Hossain, M. Shamim, and Ghulam Muhammad. “Cloud-assisted industrial internet of things (iiot)–enabled framework for health monitoring.” Computer Networks 101 (2016): 192-202.
[8] Moosavi, Sanaz Rahimi, et al. “End-to-end security scheme for mobility enabled healthcare Internet of Things.” Future Generation Computer Systems 64 (2016): 108-124.
[9] Rushanan, Michael, et al. “Sok: Security and privacy in implantable medical devices and body area networks.” 2014 IEEE Symposium on Security and Privacy (SP). IEEE, 2014.
[10] Negra, Rim, Imen Jemili, and Abdelfettah Belghith. “Wireless body area networks: Applications and technologies.” Procedia Computer Science 83 (2016): 1274-1281.
