Cybersecurity for Medical Devices and Hospital Networks
The purpose and scope of the project
The purpose of this project is to outline the importance of an integrated approach towards securing hospitals’ vital infrastructure and saving the lives of people under the care of the sensitive machines and equipment. The evolvement of cyber-terrorism has led to key drawbacks in institutions that conduct online operations. (Murphy, 2015).
The project allows for the provision of countermeasures against cyber terrorism launched by malicious players for their financial gains. The project is based on a cross-sectional analysis of major institutions like banks, hospitals, government offices, such as military bases and control units based on the reported cases of cyber-attacks and threat to system operations.
However, the project is specific to securing hospital’s computers and respective ICT set-up from increased risks posed by the cyber-attackers. The strategy of guaranteeing network security encompasses the evaluation of the entire system to determine the vulnerabilities and areas that can be exploited by cyber-attackers to initiate an attack (Murphy, 2015). As one of the basic solutions, the project proposes customized logins with distinct personal bio-data to reduce impersonation and access to systems by unauthorized users. This means that the staff must use strong passwords comprising different numeric and alphabetical characters that cannot be easily cracked by hackers. Additionally, the password is synchronized with an advanced software system that enables them to auto-update regularly to deter unauthorized access.
The idea is to secure the hospital infrastructure, which can also be achieved through efficient information sharing about cyber-attack with the relevant law enforcement bodies. Common communication strategy contributes to the establishment of a unified standard in reducing hacktivism and cyber-crimes. Notably, evidence sharing leads to proper use of instructions, policy guidelines to avert any attack on networks (Murphy, 2015). In securing healthcare network system, the use of software algorithms and an easier user interface that can easily be integrated with the employees account is planned in the cyber-security plan.
The project on cyber-security is composed of plans of putting in place detection, analysis, and research skills that are necessary for the fight against cyber-terrorism. Furthermore, the detection of unauthorized activities and access are prevented using high-tech software technologies that are capable of filtrating the malware and spyware installed by the cyber thieves. Scrutiny of the entire network and computer system using different methodologies like gap analysis to evaluate and improve on the susceptible sections susceptible to attack. Moreover, the Gap Analysis provides for an intense and thorough improvements on the loopholes found in the system. This objective in the project involves research on the development of various software and hardware that targets future exploitations by terrorists.
Attaining primary Goals and Objectives
The cyber security project focusses mainly on the protection of hospital electronic medical data, patients’ private information, and the hospital network. Notably, this project has outlined significant approaches in obtaining these critical goals and objectives to prevent hacktivism and compromise of hospitals’ vital information. Consequently, the project voices on the implementation data confidentiality, integrity, and availability as the key principles to achieve the result of preventing cyber-terrorism (Atoum, Otoom & Abu Ali, 2014). Besides, the creation of awareness of the threat posed by cyber-attack among the members of hospital fraternity is to be overemphasized as a way of instilling organizational integrity and maximizing data privacy. Additionally, the accomplishment of these principles produces an ethical atmosphere and safeguarding of individuals that utilize hospitals’ network and electronic devices (Atoum, Otoom & Abu Ali, 2014).
The project provides other alternatives of warranting data integrity by putting detection systems that record running applications, performs intensive data inspections and authorizes the changing of original protocols. Different functions of the network are incorporated with personal staff accounts to authenticate deletion, updating and admission to control centers. The integration of this system is vital to the prevention of malware intrusions and hackers getting access to control systems.
Data confidentiality is the limitation of information accessibility by unauthorized persons and preventing their disclosure to the wrong people (Atoum, Otoom & Abu Ali, 2014). Therefore, the project provides for restrict access to these hospital medical devices by making use of strong user passwords. Additionally, the project proposes the utilization of bio-metric details that involve screening of the eyes and fingers for verifications. Moreover, strong organizational policies are put in place that guide the staff on how to pass sensitive patient’s and hospital’s information. The systems provide for dire penalties for those found culpable of going against the stipulated procedures of keeping the organizational data private. Subsequently, the application of these rules enhances an ethical working environment that encompasses trust, responsibility, and a proper relationship among the members of the hospital fraternity.
Protection of network and human-readable application codes through data encryption is highlighted in the project as a sure way of averting attacks by competitors and hackers thus reducing network vulnerabilities (Atoum, Otoom & Abu Ali, 2014). Notably, non-repudiation is also a technique provided in the project for tracking legal transactions in the control pannel and preventing any subversion by malicious persons.
The project enhances data integrity that stresses on the reliability and dependence ratio of data sources. Fortunately, the proposal prevents misuse, changing and damaging of data by guaranteeing the truthfulness of the information received. Markedly, the rules and measures of the project are imperative in the reduction of data fraud. Confirmation and validation of data are considered in the project as a way of generating data identity and resemblance thus allowing only the flow of authentic data.
Data convenience principle is fundamental to the enactment of the project (Jakobson, 2013). Additionally, a well-timed flow of truthful information and non-disruption of communication are enhanced through the network server systems. Besides the real-time access, control and data monitor by the authorized persons allows for counter attacks of Denial of Service incidences initiated by cyber thieves (Jakobson, 2013). Furthermore, the statistics received and sent through the network system are scrutinized to warrant their authenticity to attain the integrity goals of the task. Subsequently, the projects offer for high and medium levels of availability that is considered in different control systems for increasing responsiveness and reduction of risks in control mechanisms. The high levels of availability are achieved by using over-engineering technologies to safeguard the grid and computer system. Moreover, redundant features are put to prevent cyber-attacks on the control system and to improve the continual movement of information without impacting on the availability of the critical data (Jakobson, 2013).
Manufacturers of security devices play a major part in preventing unauthorized access to the medical devices from their companies (Jakobson, 2013). The project creates partnerships between the hospital management and the manufacturers to enable them pull resources in fighting cybercrime. Besides, the manufacturers develop advanced equipment that allows for authorization codes and limits access to electronic devices to only recognized persons. Additionally, manufacturers are quick to respond to hospital needs in security upgrading by installing updated software and hardware essential in blocking malicious activities in the hospital network system (Jakobson, 2013). Concurrently, personal hospital devices are under routinely deployment and development that involving reduction of updating without the manufacturers approvals. The maintenance of network and device critical functionalities are highly protected and are enabled for fail-safe-modes a factor that allows for recovery due to network disruptions by attackers.
The project goals are attained through the integration of the manufacturer’s security apparatus that involve authentication o personalized IDs, accounts, and passwords (Jakobson, 2013). The inclusion of these security structures protects the patients on critical medical devices and hospitals’ sensitive data information. In the project’s recommendation, it advocates for the manufacturers’ to highly advanced security apparatus that is no easily compromised by hackers. Moreover, manufacturers must have alternatives of preventing future attacks on networks by improving the degraded system, passcodes, and access authentications.
The project proposes to the healthcare facilities to appropriately secure their network and monitor it for any suspicious activities (Scully, 2014). Additionally, routine evaluation are conducted on individual host systems that encompasses the upgrading of security patches and the removal of unwanted ports and outdated software. The hospital administrators contact the manufacturers immediately in case of security breaches, electronic device malfunction, and network disruptions. The working relationship, a provision in the project ensures quick intervention by manufacturers thus essential in protecting the lives of persons thus the attainment of fundamental goals and objectives.
The development and evaluation of strategies that are imperative in the maintenance of critical medical functions are achieved by employing persons of diverse knowledge on cyber-attack prevention (Scully, 2014). The persons responsible put in hardware and physical shield of the network system. These strategies are developed by creating staff awareness programs through different education programs relevant to the cybercrimes. Besides, the project proposes regular network monitoring of essential system parameters to detect escalating processes and non-authorization. These regulations, monitoring, scanning and interception of vital operating system processes are depicted in the project implementation stage.
The effecting of the project has a reporting policy standard for use by the health facilities due to cyber-attack. Besides, it provides for a protocol in which the local control managers of the network system are informed of an appropriate action be taken in securing the system and prevent any unseen damage. Notably, sharing of cyber information by different centers prescribed by the proposal provides for a significant number of solutions in reducing effects of cybercrime to the hospitals. The provision of real-time information on cyber-attacks calls for early integration of defensive measures that results in the attainment of project objectives of protecting the hospitals and patients.
Investing in technical infrastructure in the fight against cybercrime is an opportunity for expanding business and improving different economies (Scully, 2014). The investments include the production of software and hardware targeting various networks of the military and financial institutions. Consequently, cybercrime is skyrocketing, and market opportunities for advanced antivirus and firmware applications can provide many resources to the investors. The project also proposes business expansion on the production of cyber defensive appliances to counter attack the capabilities developed by cyber thieves.
The investments in high-tech cyber-attack prevention plans reduce financial losses incurred by various institutions due to compensations given to clients affected by the cyber-attack (Scully, 2014). Additionally, profits received by selling cyber security components are used in the expansion of small business while the manufacturers develop their infrastructure and the tax thus an improvement in the national economy.
Apart from the mentioned objectives, the project also aims at securing the infrastructures that are used in the running and distribution of vital resources to the community. Notably, to attain this goal, the following additional objectives have to be considered and implemented in various governmental and private institutions. These objectives are narrowed down to the protection and securing the critical hospital resources that are fundamental in saving of lives that depend on the appropriate functioning of the electronic hospital devices.
Detection of unwanted activities is done by personnel that are permanently stationed in offices to monitor any incidence of unscrupulous activity carefully. Consequently, a quick response and reporting of any malicious activity is a requirement, and any staff found liable of contravening the procedures is held accountable. The accountability and quick response ensures that the project objectives are attained through the prevention of security breaches and lapses. Additionally, the use of structured system analysis model put the hospital at a competitive edge in securing hospitals and patients’ sensitive data. Attainment of this objective is done by the removal of vital data from band section. The removal of these assets makes the server and the entire hospital network be inaccessible physically, remotely and reverse engineering by unauthorized persons thus guaranteeing the safety of the electronic information.
Different agencies are co-joined in this project to enable the finishing of the required outcomes and goals. These partnerships involve the hospitals, financial, government and individual branches formed to fight against cyber-terrorism. The coordination among these firms promotes the creation of a shared risk and hence results in improved mechanism for increasing the safety of these foundations networks. The legal frameworks outlined in the project is essential in reducing crime rates given that consequences described through these guidelines and policies are intense thus reducing the number of people that engage in cyber-crime. Furthermore, the partnerships created among different increases international coordination towards the fight in cyber-crime. Through international this platform, more citizens and enterprises are made aware of the risks and consequences involved in the lack of appropriate defense mechanism to curb the spread of terrorism.
Construction of research facilities that are essential in conducting cyber-terrorism forensic tests are echoed in the project’s proposal. Additionally, these forensic laboratories are important investments that help young scientists develop software and hardware applications necessary for monitoring and preventing cyber-attacks. Tracing of suspected cyber-attackers is also possible through the use of these research facilities due to the integration and sharing of cyber information as proposed by the project. The capability of these studies to monitor the activities of terrorists and ultimately punishing them through various laws results in the reduction of information loss (Lee, Balut & Stanford 2015). Therefore, the implementation of these project recommendations results in the total security of security of the hospital and the general population the use electronic equipment.
Cyber-security offers business chances to the investors in producing high-tech software applications. The production of antivirus software that prevents hacking and spying are very critical in cyber-security market. The market opportunity present in this project assures the investors of getting the invested amount within a short period. Moreover, the payback period is shorter due an increased market demand as a result of ever evolving cyber-threats (Lee, Balut & Stanford, 2015). Additionally, the production of highly secure electronic medical equipment to the hospital can provide a lot of money to both manufacturers and contractors that venture in the field of cyber-security. The project provides for the construction of laboratory facilities to be used by research scientists and students in areas of cyber-security. Besides, the establishment of the institutions is sources of income to the manufacturing companies thus generate revenue that can be used in the development of the economy.
The industrialized businesses that work in association with the hospitals must ensure the prompt security of the hospital equipment. The security provisions include encrypted languages that reduce accessibility to the hospital’s life-sustaining equipment by unauthorized personnel. Moreover, the use of biometrics, limitation of public access to passwords and use of physical locks can be used by manufacturers in protecting the portable and non-portable medical electronic devices. Additionally, the manufacturers are obliged to maintain the networks of the hospitals that use their products and have an appropriate response plan in case of cyber-attacks. The response by these manufacturing companies is essential in enabling quick recovery of the network system and hospital operations that are compromised by the attacks. Additionally, the system monitors and observers are given guidelines and procedures for preventing future cyber-attacks through the keeping of the retention methods.
Health care facilities should be in a position to report security comprises as they occur to the right authorities (Scully, 2014). The immediate reporting of security issues is fundamental in putting improved safety controls in order to reduce the events of cyber-crime and preventing future attacks. Additionally, the quick response is critical in the protection of individual networks due to frequent evaluation and updating of security patches. Furthermore, the manufacturers and the medical facilities have a working relationship that enables them to work on the electronic devices that are comprised by security flaws after a cyber-attack (Scully, 2014). The formation of evaluation strategies for maintenance of critical functions during network disruption depicts the importance of integrated approach of fighting hacktivism and ultimately reduces incidences and losses that result from the attacks. The working affiliations between the manufacturers and the medical facilities result in proper coordination in the development of better infrastructure and communication system for defensive counter-measures in cyber-attacks.
Notably, the establishment of defensive response plans includes proper handling of data, evaluation of the extent of the damage on the critical structures and authentication of indispensable security apparatus. The assessment and rectification include the installation of updated operating system and putting firewalls that reduce the penetration of malware and spyware in the computer and network system (Scully, 2014). Besides, the manufacturers also install additional security measures that require two-way authentication to access a medical device. The two-way authentication requires one to answer a significant number of questions correctly to be allowed access to operating any hospital medical device.
Project Deliverables
This section articulates the types of deliverables that have been discussed in the Cyber security for Medical Devices and Hospital Networks project. The deliverables are results of the intents and aims of the Cyber-security project that mainly targets the hospitals (Hahn & Govindarasu, 2011). Deliverables are known as tangible and non-tangible factors in an organization that arise from and aid in project operations (Robinson, Gribbon, Horvath & Robertson, 2013). Additionally, the deliverable can target both external and internal stakeholder depending on the product that result from the project. The non-tangible deliverables are the software used in the securing of the computer system while the tangible deliverables are the hardware that are used to protect network system. Reports prepared for use by the employees concerning the requirements of customers are examples of tangible deliverables. The project on Cyber Security for Medical Devices and Hospital Networks has a significant number of deliverables that are given to both internal and external consumers (Robinson, Gribbon, Horvath & Robertson, 2013). Notably, this project on cyber security has a working schedule of three months after which the implementation of the will start.
The deliverables are organized into internal and external stakeholders about the scope of the project. Besides, internal stakeholders involve the employees given a description of the client, their requirements and problem analysis of the customer’s network system. Notably, the external stakeholders are the administrators of medical facilities, military and financial institutions that are mostly under attack by cyber criminals (Hahn & Govindarasu, 2011). The detailed reports are then passed to persons responsible for the implementation of the particular need of the customers’ descriptions and requests.
Deliverable One Description
Improvement of overall security for patients and those using medical devices.
This deliverable will run for three months in which hardware applications for cyber security systems are mounted into the computers. Installation of high-tech antispyware systems that regularly monitor the network system for malicious activities. Additionally, installation of barriers are recommended to reduce access by unauthorized persons to the healthcare servers and computer system. This deliverable entails lessons to both staff and patients that are to run for one hour from 10 am to 11 am twice a week. Subsequently, provision of user manuals to the hospital personnel and patients that use the electrical devices as a guideline and as a security precaution against any future cyber-attacks.
Deliverable Two Description
Putting the hospitals at a competitive edge makes them safer choices than insurance companies.
The deliverable of making the hospitals more advantageous and more secure than insurance company involve an overhaul of the entire security system and improvement of the safety of the electronic medical devices (Hahn & Govindarasu, 2011). Notably, this task will include the introduction of a friendly user-interface that requires personal login IDs using bio-data. This access design assures the security of the medical information that assure the customers of the utmost security of their medical secrets. Additionally, provision of advanced devices by manufacturers is vital averting the possibility of hacking medical information.
This deliverable includes the provision of network maintenance services and deliverance of an electronic device at a subsidized cost. These reduced costs must be mirrored in the charges levelled on the customers during medication. Online consultancy is provided under this deliverable in which patients are attended to at home, and the prescribed drugs are delivered to their doorsteps for a small fee. The online consultancy encompasses high-security measures that require an individual account managed through the hospital network. Besides, this strategy makes a hospital at a competitive edge by taking its services to the people. Moreover, the security of medical information under these accounts is highly secured with the connections strictly involving the patient, the doctor, and the details safely kept in the hospital’s secure server. Additionally, the implementation of this delivery is to be performed for the three months of the projects working schedule.
Deliverable Three Description
Reduction of financial losses due to legal fees
The network design is user-friendly that allows for patient feedback. These feedbacks are stored in the data base that are later analyzed network professionals. Likewise, the comments on the hospital systems permit reporting of security flaws on the medical devices used by patients. Response team that immediately responds to the network disruptions urgently acts upon these reports. Moreover, the continuous communications between the hospital and the patients on data security prevent cyber-attacks thus reduction of losses due to compensations to the affected patients. This communication deliverable is to be conducted from 7 am to 5 pm during weekdays.
Deliverable Four Description
An increase in repulsiveness during security breaches
Repulsiveness on an occurrence of any network breached is to be implemented for three months. The deliverable integrates training of workforce on the procedures to follow in an event of a cyber-attack. The project proposes a standby response team comprising of device manufacturers and hospital’s network observers. The design is to suspend the system operation to prevent data loss and initiate recovery through the use of integrated security applications. The project applies gap analysis in finding the susceptibility of the system and blocking loopholes misused by the hackers to prevent future attacks of the same nature. Reaction to the security breaches is designed to be an inclusive approach involving law officers under the Department of cybercrime. These insurances are intended for investigations and detaining the culprits responsible for the losses accrued. Subsequently, the law officers and research personnel do more research on advanced technologies on finding solutions to cyber terrorism.
Deliverable Five Description
Work Package: production of reports
A release of reports on the status of various stakeholder networks is done after two weeks of assessments and evaluations (Robinson, Gribbon, Horvath & Robertson, 2013). The reports give a clear view of the threats and vulnerabilities the system faces thus the internal stakeholders can work on the weaknesses to give an efficient defensive mechanism. The analysis of the client’s system is to help find solutions and strategies for securing the systems appropriately and prevent incidences of cyber-crime.
The project will result in the production of guidelines, regulations and user manuals that are to be distributed to the hospital administrators and staff for personal use. The guides are to improve an understanding of working processes among and the needs to secure the electronic systems and the computer network system (Scully, 2014). Besides, the creation of security awareness is crucial in preventing social engineering and technical hacking that result from the provision of vital information unknowingly to unauthorized personnel alongside ensuring that the user manuals are indicating security precautions to be undertaken by various staff in case of a network failure.
Deliverable Six Description
Work Package: production of software applications and hardware products
The project will enable manufactures produce and distributed to various institutions that are frequently facing cyber-attack more improved applications that can reduce the level of exposure to cyber-attack (Scully, 2014). The common bodies under attacks from hackers are banks, government agencies, and military establishments. In this line, vital institutions like banks, government agencies, and military bases ensure that the applications meet the security needs of and also provided proper protection of the most crucial programs. High-tech antivirus and applications that are to secure the medical devices and prevent spyware, malware and cyber intrusions in the sensitive network systems (Robinson, Gribbon, Horvath & Robertson, 2013). Furthermore, this software and hardware deliverable mainly focusses on the business perspective of the project for the generation of profits. Enhancement for product testing and customization is to be given top priority to ensure the manufacture of a final product that guarantees the network security and that of the medical information. This deliverable will run through the period of the project given that the software improvements will frequently be conducted.
Deliverable Seven Description
Work Package for Training
The implementation of the plan includes providing proper training to all the medical staff and patients on the importance of data and information privacy and the effects of cyber-attacks the general organization’s performance (Lee, Balut & Stanford, 2015). The recommended time period for the training should be between one to two months so that the targeted groups can be well-equipped with the necessary information. The first session of the training targets clients and they are informed on the products produced by through the project, its design and how future training programs are to be performed.
Deliverable Eight Description
Work Package systems
The network system designing is a deliverable under the Cyber-security project and requires that hospital systems be redesigned and made hack-proof, and areas of vulnerabilities reduced to avert chances of exploitations by cyber-thieves. The coordination of this network system will give room for trainers, an arrangement of final products, and testing of the produced hardware and software applications.
Conclusion
The goals and objectives under discussion in this project are critical and not limited to the medical facilities, but can be applied in other institutions facing cyberterrorism. Persons responsible for maintenance of the highly secure and vulnerable sites must be of the highest integrity, honesty, and confidentiality (Atoum, Otoom, & Abu Ali, 2014). Besides, these features are the most vital aspects of achieving patients’ and hospital medical information that workers must adhere to. Policies and guidelines on accessing the network should be followed to avoid unauthorized access and network disruption (Atoum, Otoom, & Abu Ali, 2014).
Additionally, deliverables define the effectiveness of the plan. The deliverables are aimed at putting hospitals at an advantageous edge as compared to other institutions. Notably, the plan outlines its deliverables to both the inner and outer stakeholders to ensure efficient service thus attaining its primary aims and purposes. Cyber-terrorism entails a joint contributions of all concerned in its fight through pulling of the necessary resources. The project, therefore, involves all disciplines for effective cyberterrorism fight and it is necessary for it approval to prevent the risks and dangers faced by members of the hospital fraternity (Atoum, Otoom, & Abu Ali, 2014).
The project relays an integrated approach to securing the network systems of institutions to prevent cyber-terrorism that usually leads to economic and social losses. The network security system of any institution should be updated and protected with the current high tech software application that are capable of preventing attacks through the exploitation of susceptible areas (Lee, Balut & Stanford, 2015). Additionally, technical training should be done all he employees on strategies for reducing incidences of cyber-attacks and how to react when the network has been compromised. The deliverables in this case have economic, political and social impacts and require the combined efforts of all stakeholders for effective prevention of cyber-attacks.
The project relays an integrated approach to securing the network systems of institutions to prevent cyber-terrorism that usually leads to economic and social losses. The network security system of any institution should be updated and protected with the current high tech software application that are capable of preventing attacks through the exploitation of susceptible areas (Lee, Balut & Stanford, 2015). Additionally, technical training should be done all he employees on strategies for reducing incidences of cyber-attacks and how to react when the network has been compromised. The deliverables in this case have economic, political and social impacts and require the combined efforts of all stakeholders for effective prevention of cyber-attacks.
Reference
Atoum, I., Otoom, A., & Abu Ali, A. (2014). A holistic cyber security implementation framework. Information Management & Computer Security, 22(3).
Hahn, A., & Govindarasu, M. (2011). Cyber-attack exposure evaluation framework for the smart grid. Smart Grid, IEEE Transactions on, 2(4).
Jakobson, G. (2013, June). Mission-centricity in cyber security: Architecting cyber attack resilient missions. In Cyber Conflict (CyCon), 2013 5th International Conference on. IEEE.
Scully, T. (2014). The cyber security threat stops in the boardroom. Journal of business continuity & emergency planning, 7(2).
Lee, N., Balut, R., & Stanford, J. C. (2015). Cybersecurity Training in Medical Centers: Leveraging Every Opportunity to Convey the Message. In Counterterrorism and Cybersecurity (pp. 287-300). Springer International Publishing.
Murphy, S. (2015). Is Cybersecurity Possible in Healthcare?. National Cybersecurity Institute Journal, 49.
Robinson, N., Gribbon, L., Horvath, V., & Robertson, K. (2013). Cyber-security threat characterization.
Scully, T. (2014). The cyber security threat stops in the boardroom. Journal of business continuity & emergency planning, 7(2), 138-148.