Security & Privacy for Health Data
-
Upload
nawanan-theera-ampornpunt -
Category
Technology
-
view
200 -
download
0
Transcript of Security & Privacy for Health Data
Security & Privacy of Health Data
Nawanan Theera‐Ampornpunt, M.D., Ph.D.Faculty of Medicine Ramathibodi Hospital
Mahidol UniversityAugust 7, 2013
http://www.SlideShare.net/Nawanan
Introduction to Information Privacy & Security Privacy Laws Protecting Information Privacy & Security User Security Malware
Outline
Introduction to Information Privacy &
Security
Malware
Threats to Information Security
Sources of the Threats Hackers Viruses & Malware Poorly‐designed systems Insiders (Employees) People’s ignorance & lack of knowledge Disasters & other incidents affecting information systems
Disclosure of patient’s confidential information Unauthorized modification of patient information
Patient care disrupted Patient’s health risks Organization’s financial losses Damage to reputation & trust
Consequences of Attacks on Health Data & Systems
Privacy: “The ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.” (Wikipedia)
Security: “The degree of protection to safeguard ... person against danger, damage, loss, and crime.” (Wikipedia)
Information Security: “Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction” (Wikipedia)
Privacy & Security
Health Information Privacy Laws
http://www.aclu.org/ordering‐pizza
Privacy Protections: Why?
Respect for Persons (Autonomy) Beneficence Justice Non‐maleficence
Ethical Principles in Bioethics
Hippocratic Oath...
What I may see or hear in the course of treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep myself holding such things shameful to be spoken about....
http://en.wikipedia.org/wiki/Hippocratic_Oath
Thailand’s Health Information Privacy
Law
7. ผปวยมสทธทจะไดรบการปกปดขอมลเกยวกบ
ตนเอง จากผประกอบวชาชพดานสขภาพโดย
เครงครด เวนแตจะไดรบความยนยอมจากผปวย
หรอการปฏบตหนาทตามกฎหมาย ผปวยมสทธท
จะไดรบทราบขอมลอยางครบถวน
คาประกาศสทธผปวย
“มาตรา 7 ขอมลดานสขภาพของบคคล เปนความลบสวนบคคล ผใดจะนาไปเปดเผยในประการทนาจะทาใหบคคลนน
เสยหายไมได เวนแตการเปดเผยนนเปนไปตามความประสงค
ของบคคลนนโดยตรง หรอมกฎหมายเฉพาะบญญตใหตอง
เปดเผย แตไมวาในกรณใด ๆ ผใดจะอาศยอานาจหรอสทธ
ตามกฎหมายวาดวยขอมลขาวสารของราชการหรอกฎหมาย
อนเพอขอเอกสารเกยวกบขอมลดานสขภาพของบคคลทไมใช
ของตนไมได”
พรบ.สขภาพแหงชาต พ.ศ. 2550
Privacy Safeguards
Image: http://www.nurseweek.com/news/images/privacy.jpg
Security safeguards Informed consent Privacy culture User awareness building & education Organizational policy & regulations Enforcement Ongoing privacy & security assessments, monitoring, and protection
Protecting Security
Information Security
Confidentiality Integrity Availability
Examples of Confidentiality Risks
http://usatoday30.usatoday.com/life/people/2007‐10‐10‐clooney_N.htm
Examples of Integrity Risks
http://www.wired.com/threatlevel/2010/03/source‐code‐hacks/http://en.wikipedia.org/wiki/Operation_Aurora
“Operation Aurora”Alleged Targets: Google, Adobe, Juniper Networks, Yahoo!, Symantec, Northrop Grumman, Morgan Stanley, Dow ChemicalGoal: To gain access to and potentially modify source code repositories at high tech, security & defense contractor companies
Examples of Integrity Risks
http://news.softpedia.com/news/700‐000‐InMotion‐Websites‐Hacked‐by‐TiGER‐M‐TE‐223607.shtml
Web Defacements
Examples of Availability Risks
http://en.wikipedia.org/wiki/Blaster_worm
Viruses/worms that led to instability & system restart (e.g. Blaster worm)
Alice
Simplified Attack Scenarios
Server Bob
Eve/Mallory
Alice
Simplified Attack Scenarios
Server Bob
‐ Physical access to client computer‐ Electronic access (password)‐ Tricking user into doing something (malware, phishing & social engineering)
Eve/Mallory
Alice
Simplified Attack Scenarios
Server Bob
‐ Intercepting (eavesdropping or “sniffing”) data in transit
‐ Modifying data (“Man‐in‐the‐middle” attacks)
Eve/Mallory
Alice
Simplified Attack Scenarios
Server Bob
‐ Unauthorized access to servers through‐ Physical means‐ User accounts & privileges‐ Attacks through software vulnerabilities‐ Attacks using protocol weaknesses
‐ DoS / DDoS attacks Eve/Mallory
Alice
Simplified Attack Scenarios
Server Bob
Other & newer forms of attacks possible
Eve/Mallory
Alice
Safeguarding Against Attacks
Server Bob
Administrative Security‐ Security & privacy policy‐ Governance of security risk management & response‐ Uniform enforcement of policy & monitoring‐ Disaster recovery planning (DRP) & Business continuity
planning/management (BCP/BCM)‐ Legal obligations, requirements & disclaimers
Alice
Safeguarding Against Attacks
Server Bob
Physical Security‐ Protecting physical access of clients & servers
‐ Locks & chains, locked rooms, security cameras‐ Mobile device security‐ Secure storage & secure disposition of storage devices
Alice
Safeguarding Against Attacks
Server BobUser Security‐ User account management
‐ Strong p/w policy (length, complexity, expiry, no meaning)‐ Principle of Least Privilege‐ “Clear desk, clear screen policy”‐ Audit trails
‐ Education, awareness building & policy enforcement‐ Alerts & education about phishing & social engineering
Alice
Safeguarding Against Attacks
Server Bob
System Security‐ Antivirus, antispyware, personal firewall, intrusion
detection/prevention system (IDS/IPS), log files, monitoring‐ Updates, patches, fixes of operating system vulnerabilities &
application vulnerabilities‐ Redundancy (avoid “Single Point of Failure”)
Alice
Safeguarding Against Attacks
Server Bob
Software Security‐ Software (clients & servers) that is secure by design‐ Software testing against failures, bugs, invalid inputs,
performance issues & attacks‐ Updates to patch vulnerabilities
Alice
Safeguarding Against Attacks
Server Bob
Network Security‐ Access control (physical & electronic) to network devices‐ Use of secure network protocols if possible‐ Data encryption during transit if possible‐ Bandwidth monitoring & control
Alice
Safeguarding Against Attacks
Server Bob
Database Security‐ Access control to databases & storage devices‐ Encryption of data stored in databases if necessary‐ Secure destruction of data after use‐ Access control to queries/reports
User Security
Need for Strong Password Policy
So, two informaticianswalk into a bar...
The bouncer says, ʺWhatʹs the password.ʺ
One says, ʺPassword?ʺ
The bouncer lets them in.
Credits: @RossMartin & AMIA (2012)
Access control Selective restriction of access to the system
Role‐based access control Access control based on the person’s role (rather than identity)
Audit trails Logs/records that provide evidence of sequence of activities
User Security
Identification Identifying who you are Usually done by user IDs or some other unique codes
Authentication Confirming that you truly are who you identify Usually done by keys, PIN, passwords or biometrics
Authorization Specifying/verifying how much you have access Determined based on system owner’s policy & system configurations
“Principle of Least Privilege”
User Security
Multiple‐Factor Authentication Two‐Factor Authentication
Use of multiple means (“factors”) for authentication Types of Authentication Factors
Something you know Password, PIN, etc.
Something you have Keys, cards, tokens, devices (e.g. mobile phones)
Something you are Biometrics
User Security
Recommended Password Policy Length
8 characters or more (to slow down brute‐force attacks) Complexity (to slow down brute‐force attacks)
Consists of 3 of 4 categories of characters Uppercase letters Lowercase letters Numbers Symbols (except symbols that have special uses by the system or that can be used to hack system, e.g. SQL Injection)
No meaning (“Dictionary Attacks”) Not simple patterns (12345678, 11111111) (to slow down brute‐force attacks & prevent dictionary attacks)
Not easy to guess (birthday, family names, etc.) (to prevent unknown & known persons from guessing)
Personal opinion. No legal responsibility assumed.
Recommended Password Policy Expiration (to make brute‐force attacks not possible)
6‐8 months Decreasing over time because of increasing computer’s speed
But be careful! Too short duration will force users to write passwords down
Secure password storage in database or system (encrypted or store only password hashes)
Secure password confirmation Secure “forget password” policy Different password for each account. Create variations to help remember. If not possible, have different sets of accounts for differing security needs (e.g., bank accounts vs. social media sites) Personal opinion. No legal responsibility assumed.
Techniques to Remember Passwords One easy & secure way: password mnemonic Think of a full sentence that you can remember
Ideally the sentence should have 8 or more words, with numbers and symbols
Use first character of each word as password Sentence: I love reading all 7 Harry Potter books!
Password: Ilra7HPb! Voila!
Personal opinion. No legal responsibility assumed.
Dear mail.mahidol.ac.th Email Account User,
We wrote to you on 11th January 2010 advising that you change the password onyour account in order to prevent any unauthorised account access followingthe network instruction we previously communicated.
all Mailhub systems will undergo regularly scheduled maintenance. Accessto your e‐mail via the Webmail client will be unavailable for some timeduring this maintenance period. We are currently upgrading our data baseand e‐mail account center i.e homepage view. We shall be deleting old[https://mail.mahidol.ac.th/l accounts which are no longer active to createmore space for new accountsusers. we have also investigated a system widesecurity audit to improve and enhanceour current security.
In order to continue using our services you are require to update andre‐comfirmed your email account details as requested below. To completeyour account re‐comfirmation,you must reply to this email immediately andenter your accountdetails as requested below.
Username :Password :Date of Birth:Future Password :
Social Engineering Examples
Real social‐engineering e‐mail received by Speaker
Phishing
Real phishing e‐mail received by Speaker
Poor grammar Lots of typos Trying very hard to convince you to open attachment, click on link, or reply without enough detail
May appear to be from known person (rely on trust & innocence)
Signs of a Phishing Attack
Don’t be too trusting of people Always be suspicious & alert An e‐mail with your friend’s name & info doesn’t have to come from him/her
Look for signs of phishing attacks Don’t open attachments unless you expect them Scan for viruses before opening attachments Don’t click links in e‐mail. Directly type in browser using known & trusted URLs
Especially cautioned if ask for passwords, bank accounts, credit card numbers, social security numbers, etc.
Ways to Protect against Phishing
Malware
Virus Propagating malware that requires user action to propagate
Infects executable files, data files with executable contents (e.g. Macro), boot sectors
Worm Self‐propagating malware
Trojan A legitimate program with additional, hidden functionality
Malware
Spyware Trojan that spies for & steals personal information
Backdoor/Trapdoor A hole left behind by malware for future access
Malware
Rogue Antispyware (Ransomware) Software that tricks or forces users to pay before fixing (real or hoax) spyware detected
Botnet A collection of Internet‐connected computers that have been compromised (bots) which controller of the botnet can use to do something (e.g. do DDoS attacks)
Malware
Installed & updated antivirus, antispyware, & personal firewall Check for known signatures Check for improper file changes (integrity failures) Check for generic patterns of malware (for unknown malware): “Heuristics scan”
Firewall: Block certain network traffic in and out Sandboxing Network monitoring & containment User education Software patches, more secure protocols
Defense Against Malware
Social media spams/scams/clickjacking Social media privacy issues
User privacy settings Location services
Mobile device malware & other privacy risks Stuxnet (advanced malware targeting certain countries)
Advanced persistent threats (APT) by governments & corporations against specific targets
Newer Threats
Q & A