Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices

The escalating integration of network-enabled medical devices raises concerns for both practitioners and academics in terms of introducing new vulnerabilities and attack vectors. This prompts the idea that combining medical device data, security vulnerability enumerations, and attack-modeling data into a single database could enable security analysts to proactively identify potential security weaknesses in medical devices and formulate appropriate mitigation and remediation plans. This study introduces a novel extension to a relational database risk assessment framework by using the open-source tool OVAL to capture device states and compare them to security advisories that warn of threats and vulnerabilities, and where threats and vulnerabilities exist provide mitigation recommendations. The contribution of this research is a proof of concept evaluation that demonstrates the integration of OVAL and CAPEC attack patterns for analysis using a database-driven risk assessment framework

Medical Virtual Public Services

The healthcare enterprises are very disconnected. This paper intends to propose a solution that will provide citizens, businesses and medical enterprises with improved access to medical virtual public services. Referred medical services are based on existing national medical Web services and which support medically required services provided by physicians and supplementary health care practitioners, laboratory services and diagnostic procedures, clinics and hospitals’ services. Requirements and specific rules of these medical services are considered, and personalization of user preferences will to be supported. The architecture is based on adaptable process management technologies, allowing for virtual services which are dynamically combined from existing national medical services. In this way, a comprehensive workflow process is set up, allowing for service-level agreements, an audit trail and explanation of the process to the end user. The process engine operates on top of a virtual repository, providing a high-level semantic view of information retrieved from heterogeneous information sources, such as national sources of medical services. The system relies on a security framework to ensure all high-level security requirements are met. System’s architecture is business oriented: it focuses on Service Oriented Architecture - SOA concepts, asynchronously combining Web services, Business Process Management – BPM rules and BPEL standards.Business Process Management, Service Oriented Architecture, Application Integration, Web services, information technologies, virtual repository, database.

An Investigation of the Security Designs of a Structured Query Language (Sql) Database and its Middleware Application and their Secure Implementation Within Thinclient Environments

The Information Portability and Accountability Act (HIPAA) and The SarbanesOxley (SOX) regulations greatly influenced the health care industry regarding the means of securing financial and private data within information and technology. With the introduction of thinclient technologies into medical information systems (IS), data security and regulation compliancy becomes more problematic due to the exposure to the World Wide Web (WWW) and malicious activity. This author explores the best practices of the medical industry and information technology industry for securing electronic data within the thinclient environment at the three levels of architecture: the SQL database, its middleware application, and Web interface. Designing security within the SQL database is not good enough as breaches can occur through unintended consequences during data access within the middleware application design and data exchange design over computer networks. For example, a hospital\u27s medical records, which are routinely exchanged over computer networks, are subject to the audit control an encryption requirements mandated for data security. (Department of, 2008). While there is an overlapping of security techniques within each of the three layers of architectural security design, the use of 18 methodologies greatly enhances the ability to protect electronic information. Due to the variety of IS used within a medical facility, security conscientiousness, consistency of security design, excellent communication between designers, developers and system engineers, and the use of standardized security techniques within each of the three layers of architecture are required

GINSENG (Global Initiative for Sentinel E-health Network on Grid)

The GINSENG (Global Initiative for Sentinel E-health Network on Grid) project aims to implement a grid infrastructure for ehealthand epidemiology in Auvergne. A distributed medical database is created upon a secure network for epidemiologicalstudies. Our goal is to create a decentralized information system using grid technologies. The medical sites involved in theproject are clustered around two themes: cancer monitoring and perinatal care. On each medical site a server whichduplicates the medical database, is deployed with grid services. At the same time, full control of the information is kept by theorganizations storing patients' files. This solution allows for a high level of security, privacy, availability, and fault tolerance.Queries made on the distributed medical databases are made via a secure web portal. Public health authorities use thisinfrastructure for health monitoring, epidemiological studies and evaluation of specific medical practices

Cybersecurity, Identity Theft, and the Limits of Tort Liability

This article considers to what extent database possessors (such as credit card companies and universities) can be held liable for harm caused to data subjects (such as consumers, applicants, and alumni) when information relating to those persons is hacked or otherwise subject to improper access. Addressing common-law and statutory sources (including new legislation in 17 states) the article clearly differentiates the duty to safeguard data from the duty to notify data subjects that the security of their information has been breached. By analogy to the “medical-monitoring damages” which some states award in toxic-exposure cases, the article argues that “security-monitoring damages” should be available in database-intrusion cases. More specifically, the article proposes that, in cases of ordinary negligence, the interests of society will be best served by limiting recoverable economics losses to the cost of security-monitoring damages once a database possessor discloses to the affected individual the fact that data has been improperly accessed. This approach will encourage database possessors to discover and reveal instances of data intrusion. It will also place data subjects in a position to protect their own interests by monitoring their economic and personal security when there is heightened vulnerability

Applications of Difital Image Stegnographic Techniques in Medical Image Analysis

In this digitized world maintaining the security of the secret information is a challenging task. While, sending secret information through the internet draws the attention of hackers.  The highly authenticated information can be hidden by using Steganography. Image processing plays a very important role in such stenographic techniques. The advantage of stenography can be enhanced to medical images and creation of database for a particular patient under one authentication with security. Steganography techniques used in bio-medical field to hide the person medical data like prescription, X-ray, Iris, MRI, CT scan images behind a single cover media. In this paper the embedding Schemes to store complete medical data under one authentication is done by using Spatial and transform domains. The performance of the techniques is compared and the best method to hide medical information by using steganographic techniques with high PSNR, less MSE and high SSIM is identified for different modalities. Implementation of steganography in bio-medical field yields high imperceptibility and embedding capacit