1. How Secure is the Healthcare Network from Insider Attacks? An Audit Guideline for Vulnerability Analysis
- Author
-
Shahid Al Noor, Md. Munirul Haque, Darrell Burke, Shams Zawoad, and Ragib Hasan
- Subjects
Engineering ,business.industry ,Internet privacy ,020206 networking & telecommunications ,030209 endocrinology & metabolism ,02 engineering and technology ,Audit ,computer.software_genre ,Computer security ,law.invention ,Bluetooth ,03 medical and health sciences ,0302 clinical medicine ,Vulnerability assessment ,law ,0202 electrical engineering, electronic engineering, information engineering ,Malware ,Wireless ,Confidentiality ,business ,Mobile device ,computer ,Block (data storage) - Abstract
The availability of wireless interfaces with the new generation medical devices has spawned numerous opportunities in providing better healthcare support to patients. However, the weaknesses of available wireless communication channels introduce various novel attacks on the medical devices. Since the smart mobile devices, such as smartphones, tablets, laptops are also equipped with the same communication channels (WiFi/Bluetooth), attacks on medical devices can be initiated from a compromised or malware infected mobile device. Attackers can steal confidential medical records from a wireless-enabled medical device. Medical devices or communication channels can also be compromised to feed incorrect medical records to doctors or send life threatening commands to the devices. Moreover, since the compromised mobile devices are already inside the security perimeter of a healthcare network, it is very challenging to block attacks from such compromised mobile devices. In this paper, we systematically analyze the novel threats on healthcare devices and networks, which can be initiated from compromised mobile devices. We provide a detail audit guideline to evaluate the security strength of a healthcare network. Based on our proposed guideline, we evaluate the current security state of a large university healthcare facility. We also propose several mitigation strategies to mitigate some of the possible attacks.
- Published
- 2016
- Full Text
- View/download PDF