Thursday, February 11, 2010

IT security problems continue (Designing a Secure HIE)


A new articile “IT security problems continue” is one of many articles that seem to hint that Healthcare IT, EHR, PHR, and all of the Healthcare Internet are stalled because of IT Security Issues. Yet Nowhere is there an list of these Issues. This article points at a press release “Hacker Attacks Targeting Healthcare Organizations Doubled in the 4th Quarter of 2009 according to SecureWorks’ Data” by a security vendor “SecureWorks”.

Actually the security vendor press release is more informative than the ‘news’ article. The press release is pointing out that based on statistics that they have from their customers, attacks on healthcare have increased where others have not. This seems to indicate an intentional shift in the attacker community.
SecureWorks®, Inc., a leading global provider of information security services protecting 2,700 clients worldwide, reported today that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009. Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter. More
This vendor then goes on to advocate for “Defense-In-Depth”, and implementation of the kinds of services that they offer. All good ideas. What they don’t cover is some architectural solutions that can be put inplace.

The concern that people are having with Healthcare IT movement today is that this is an effort that will connect many healthcare organizations to each other. This connection can be done the way it is today with point-to-point solutions. This kind of a solution means that each connection between two organizations requires that one of them open up a hole in their defenses, and sometimes can mean both must open up.

The alternative architecture that I have been advocating for, due to my involvement, is the model around an XDS based HIE. In this model each healthcare organization will be making outbound connections to some common infrastructure, and only needs to have one inbound connection. There is a central set of services (Registry, PIX Manager, PDQ Manager, Audit Record Repository, Time Source, and XCA Gateways) that do need to be highly protected.

These central services are critical, but contain very minimal healthcare information as they are focused on different types of indexes and cross-references. In all cases IHE has also provided in the ATNA profile a way to highly-authenticate both sides of any connection and protect all communications. Any hacker would be incapable of this authentication step, so would not be able to attempt other secondary attacks like SQL injections. This is also true of the potential inbound connection to the healthcare organization to give access to the high-fidelity documents in the Repository (this could also be outsourced for the really small organizations).

As an architecture the XDS family has other Privacy and Security benefits that are beyond this core approach. These are nicely outlined in an IHE white paper on Security and Privacy in an HIE