MN502: Overview of Security Challenges in Healthcare Networks Report

Verified

Added on 2023/06/04

AI Summary

This report provides an overview of the security challenges faced by emerging networks in the healthcare industry. It begins with an executive summary highlighting the key threats, including fragmentation attacks, IP spoofing, and ransomware. The report emphasizes the importance of network security for protecting sensitive patient data and maintaining operational efficiency. It explores recent developments in healthcare networks, such as the adoption of AI and cloud computing, and the increasing use of wireless systems. The literature review focuses on the importance of security in healthcare networks, citing the risks of data theft and sabotage. The report then delves into healthcare network architecture, discussing vulnerabilities in routers, switches, and firewalls. It identifies major security issues, including ransomware, phishing emails, and insider threats. The report concludes by outlining threat mitigation techniques, such as data backup, updated operating systems, and the use of firewalls and intrusion protection systems. The report also discusses the importance of complex passwords, email scanning, and blacklisting to protect against various cyber threats. The overall aim is to equip readers with knowledge about the current security landscape and the necessary strategies to safeguard healthcare networks.

Unit Title: Overview of Network Security
Assessment Title: Security Challenges in Emerging Networks
Unit Code: MN502
EXECUTIVE SUMMARY
The foremost purpose of this paper is to focus on the
security issues of network in the healthcare industry. The
paper focuses on the threats and vulnerabilities associated
with the networking architecture. The readers of this paper
will be having a great deal of knowledge about the recent
developments in the healthcare networks. The paper also
guides the readers to understand the need of the risk
mitigation strategies so that the overall productivity of the
healthcare industry is maintained. The paper concludes with
threat mitigation techniques which are implemented in
major healthcare industries to minimize the chances of
having any security issues in their private networks.
Author Keywords
Networking Architecture, Risk mitigation steps, UPnProxy,
Trafficking, TCP/UDP, Ranna Cry Ransomeware,
INTRODUCTION
The foremost determination of this paper is to focus on the
security challenges of the network-based application of the
healthcare industry. The developments in the field of
science and technology led to the extensive use of the
network based applications in healthcare industry which are
evaluated in this paper. The security issues related to those
applications are evaluated in this paper. The literature
review of this paper focuses on the different networking
devices [2]. The recent developments in the field of
healthcare networks are highlighted in the paper with much
importance along with the future security issues. The paper
concludes with a solution of the identified problems.
LITERATURE REVIEW:
HEALTHCARE NETWORK ARCHITECTURE
According to Patil, Harsh and Ravi (2014), the security
issues related to the routers are mostly from UPnProxy.
Trafficking is a major issue regarding the security
challenges of routers. The authors stated that the distributed
denial of service attack is one of the most common security
issue related to the routers. Unauthorized access is one of
the main security issues related to the switches. According
to the authors invalid configurations and the malicious
attacks are the other form of security concern for the
healthcare network architecture. These networking devices
also face threat from different types of cybercrimes such as
the Wanna Cry Ransomeware. The other kinds of securities
associated with switches are switch spoofing, ARP
spoofing, Double Taggings, Spanning tree protocol attack,
MAC address flooding, DHCP server, attacks coming from
CDP and Telnet. The security issues related to Firewall are
the fragmentation attacks, IP spoofing, malformed network
packets, network flood. The author of this paper highlighted
that the attack coming from the Man in the Middle is one of
the main security concerns of this type of networking
devices, for this reason 3 different types of firewalls are
used such as the packet filters, stateful inspection and
proxies.
RECENT DEVELOPMENTS IN HEALTHCARE
NETWORKS
As discussed by Gope, Prosanta and Tzonelih (2016), the
healthcare network is used in the healthcare industry by
different types of purposes as it enhances the service
provided to the clients and helps increasing the business
reach of the healthcare industry. They stated that healthcare
industry is a very sensitive area and is prone to numerous
external attacks such as the cyber security attacks.
According to the authors of this paper the protection of the
health care network is ensured by the use of artificial
intelligence and business intelligence. Security measures of
healthcare networks are always updated according to the
needs and situations. All the wireless systems which are
connected in the hospital facility are managed by latest
technologies which increase the efficiency of those devices.
Cloud computing services are increasing adopted by the
modern health sector industries. The authors stated that the
application of the anti-virus software and the frequent
updating of the version of the operating system are helpful
in preventing cyber security issues such as the
ransomeware.
THE IMPORTANCE OF SECURITY IN HEALTHCARE
NETWORKS
As stated by Zhang et al. (2015), the security in health care
network is one of the main reasons behind the smooth
conduction of the operations in the hospital industry. The
security is related to both the network used in the hospital
area as well as from the perspective of the patients are
stated by the authors of this resource. The entire medical
and the non-medical devices such as the MRI scanners and
electrical ventilator in operation rooms which are connected
to the internet are prone to different cyber security issues.
According to the authors, the secured network system helps
to provide security to all the internal as well as the external
stakeholders of the hospital. The author stated that data
theft and sabotage are the reasons why security is concern
for all the healthcare industries. The author stated that the
privacy and security of the patients as well as the authorities
of the hospitals are maintained with the healthcare so it
needs to be taken special care.
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CRITICAL ANALYSIS
The three major security issues related to the healthcare
network are the famous ransomeware attack, phishing
emails and threats coming from the insiders. This section of
the report will be focusing on these major security issues.
The attack coming from the malicious programs are a major
source of concern in the healthcare industry, the data related
to the patient as well as the other stakeholders of the
hospital may be prone those cyber threats such as
ransomeware where essential data are seized by the cyber
criminals and ransom amount are demanded from the
concerned persons [10]. This puts the entire organization
under severe threat, even it is found that even after the
amount is paid the seized data is partially given back to the
users, ransomeware exploits human element and may cause
huge financial loss to the hospital authorities.
Phishing emails are the other type of issue related to the
healthcare network. The prime motive behind the phishing
attacks in health care industry is to gain access to PHI or
provide a medium for cyber-attacks such as the
ransomeware [8]. The phishing email concept is strongly
associated with making false identities of the users and
commit different types of insurance frauds. All the details
of the impacted email accounts are used for different
purposes during the phishing attacks. The breaching caused
due to the phishing emails can last up to many months
because it is not detected very easily [4]. Huge volumes of
data related to both the hospital authority as well as from
the patients perspective is at stake due to the phishing
attacks. The healthcare information policies of the hospital
sector can be changed by the criminals according to their
needs and requirement that might have direct negative
impact on the growth and development of the healthcare
industry.
Threats coming from the internal stakeholders of the
healthcare industry are the most essential threat among all
the three discussed threats. Individual personalities of the
healthcare industry are at stake considering the security
aspects of the healthcare industry. There are two categories
of insider threat attacks in healthcare industry, malicious
threats are related to the social and personal security of the
patients and the non-malicious attacks are like loss of
sensitive information related to the medical data. The
threats coming from the insiders are not always limited to
employees but also from any person who is directly related
to the network of the organization such as the sub-
contractors of the business associates, researchers and the
volunteers [6]. The other types of internal threats of the
healthcare industry are different types of non-governmental
organization who works with the healthcare industries foe
different purposes. The threats coming from the insiders
breach the HIPAA rules and regulations, which have the
capability to hamper the reputation of the healthcare
industry.
THREAT MITIGATION
This Cyber security issues such as the ransomware possess
maximum threat to the healthcare industry. The cyber
security issues related to this type of attacks is not entirely
preventable but there are few steps by which the risk
coming from this issue can be minimized to a significant
extent. The method by which this program is spread to the
different computer networks violates all the probable
international networking protocols. The different risk
mitigation strategies of ransomeware are described in this
section of the paper. The data backup processes should be
frequently practiced in the healthcare industry so that all the
essential data are recoverable. Every hospital authority
should be having a dedicated IT departmental team that will
be looking for all the network related issues of the
organization, and they should be looking forward to
evaluating the existing risks of the network [7]. The
operating systems used in the healthcare industries should
be always updated with the latest patches as the latest
versions improve the security of the systems. The anti-virus
used in the healthcare industry has to be updated so that the
malicious program faces minimum resistance while
accessing the network. The wireless connections, which are
not used in the hospital premises, should be disconnected
from the central networks. Ad blocking extensions should
be enabled in all the essential computers of the hospital
area. The remote desktop protocol should be disabled by the
hospital authorities along with the SSH connections.
The login credential of each stakeholder in the health care
industry should be developed with complex alphanumeric
characters, which are very difficult to decode. All the email
attachments should be evenly scanned with the help of
reputed antivirus system so that malicious programs are not
installed in the hospital networks. The systems in the
healthcare industry should be frequently configured by
frequently modifying the group policy editor to prevent the
infected executable files. The inbuilt firewalls of the
systems should be always enabled as it prevents the entry of
unauthorized external threats. The inbound traffic to the
TCP/UDP ports 139 and TCP port 445 should be blocked
unless it is required [9]. The application of the smart patch
management helps in preventing any types of threats and
vulnerabilities of a network such as the ransomeware.
Robust blacklisting should be practiced more in the
healthcare industries so that the threats coming from the
cyber securities can be minimized to a significant extent.
The network perimeter of the healthcare industry can be
secured with the help of the intrusion protection systems
such as the network intrusion protection system and the
host intrusion protection system. The IPS can alert the
network administrators of the healthcare industry in case of
any type of unauthorized access to the network.
REFERENCES
[1] Patil, Harsh Kupwade, and Ravi Seshadri. "Big data
security and privacy issues in healthcare." Big Data
2

(BigData Congress), 2014 IEEE International Congress on.
IEEE, 2014.
[2] Manogaran, Gunasekaran, et al. "Big data security
intelligence for healthcare industry 4.0." Cybersecurity for
Industry 4.0. Springer, Cham, 2017. 103-126.
[3] Gope, Prosanta, and Tzonelih Hwang. "BSN-Care: A
secure IoT-based modern healthcare system using body
sensor network." IEEE Sensors Journal 16.5 (2016): 1368-
1376.
[4] Bhatt, Chintan, Nilanjan Dey, and Amira S. Ashour,
eds. "Internet of things and big data technologies for next
generation healthcare." (2017): 978-3.
[5] Zhang, Kuan, et al. "Security and privacy for mobile
healthcare networks: from a quality of protection
perspective." IEEE Wireless Communications 22.4 (2015):
104-112.
[5] Martínez-Pérez, Borja, Isabel De La Torre-Díez, and
Miguel López-Coronado. "Privacy and security in mobile
health apps: a review and recommendations." Journal of
medical systems 39.1 (2015): 181.
[6] Hossain, M. Shamim, and Ghulam Muhammad. "Cloud-
assisted industrial internet of things (iiot)–enabled
framework for health monitoring." Computer Networks 101
(2016): 192-202.
[8] Moosavi, Sanaz Rahimi, et al. "End-to-end security
scheme for mobility enabled healthcare Internet of Things."
Future Generation Computer Systems 64 (2016): 108-124.
[9] Rushanan, Michael, et al. "Sok: Security and privacy in
implantable medical devices and body area networks." 2014
IEEE Symposium on Security and Privacy (SP). IEEE,
2014.
[10] Negra, Rim, Imen Jemili, and Abdelfettah Belghith.
"Wireless body area networks: Applications and
technologies." Procedia Computer Science 83 (2016):
1274-1281.
3