Discussion of Cybersecurity in Healthcare System and Other Organizations

Introduction

On May 12th, 2017, a ransomware called “WannaCry” burst out on the internet. This ransomware attacked Microsoft Windows Systems which were built into hundreds of thousand computers from more than 100 different countries (Jesse, 2017). Extremely significant number of important files and information were encrypted and users were asked for money in the form of Bitcoins to decrypt the data, otherwise the hard drive would be formatted, and the data would be lost. Hospitals from some countries, such as Britain which were affected the most, were attacked as the computers containing a huge amount of important information of the patients were locked and doctors were threatened to pay to recover the data.

WannaCry attacked over 60 National Hospital Systems in Britain, and thousands of patients were affected by cancelling appointments or receiving delayed treatments (Martin, Ghafur, Kinross, Hankin, Darzi, 2018). The attack also had a huge influence on some other industries such as financial, IT, education and manufacture since the computers were locked and access to the data was controlled. This Paper will mainly discuss about the issues healthcare system faces; a new technology would protect healthcare system from attack; and the suggestions to prevent cyberattacks in health care system.

Issues in Healthcare Cybersecurity System

Information security issues are accompanied by the development of the Internet. In the Internet era, we must appreciate the benefits of information explosion and social convenience. On the other hand, we need to bear with the risk of information leakage. In the internal management of hospitals, information construction has become an irreversible development trend. Therefore, if hospitals want to use the Internet to improve management efficiency and optimize medical and health services, they should face up to the security problems in the construction of network systems.

Strict and feasible management measures must be implemented to prevent network security risks, so that medical information and management information can better serve patients and ensure the effective operation of hospitals.Healthcare faces an even larger portion of cybersecurity problem than any other sectors. The outdated system and weaknesses make it the easiest one to attack by hackers. According to Guy and his colleagues, the main reasons that healthcare is an “attractive target” is large amount of valuable data.

There are several common cyberattack types in healthcare system: Data theft for financial gain (Identity theft, stealing personal information for financial benefit), data theft for impact (exposing celebrities’ medical treatment to public), ransomware (building malware to system, and request money to decrypt), data corruption (tampering medical record for financial benefit), denial of service attacks (sending superfluous requests to block network), business email compromise (pretending to be doctors and initiating fake communications), and the unwitting insider (unintentional actions caused by staff by using outdated system) (Guy, Paul, Chris, Ara, James 2017).

When Software Company, such as Microsoft, releases a security patch on their operational systems, there will be vulnerability of the software which exposes to the public. Hackers will actively notice on these vulnerabilities and start to hack the imperfect system to earn money. Microsoft release the security patches for free for their latest Windows system, however, for the users using older Windows system, it may cost a huge amount of money to update these patches (Tobias, 2017). Most originations would like to avoid network or system management fee like this, so they decided not to purchase and install the patch. Hackers will easily find out these imperfect systems and start the criminal activities.

New Technology that Protects Healthcare from CyberattacksHealthcare is always one of the most important issue that people are dealing with. It is very challenging to design an IoT-based system because the sensor collecting patients’ information, as big data must be very efficient. Also, some sensors have a relatively low computing speed, memory, transmission speed and power. In some cases, real-analysis of the data should be performed.

In this paper, regardless of the transmission speed, power consumption of the devices, the issue of the cybersecurity will be discussed. Cloud storage, such as iCloud, OneDrive and Google Drive, has been widely accepted by people because of the storage, ease of access and price. Most of the healthcare system stores their data in the cloud storage. Nearly everyone who have the access to the Internet has a cloud storage space from GB to TB. People tend to save their private data in the cloud in order to access them whenever he needs.

However, there are advantages and disadvantages. As cyber threats are growing up with the development of cloud technology, it might not be safe anymore to save personal or confidential data in the cloud. According to Tian, there are various kinds of cyber threats in cloud storage service, such as data loss, malicious modification, cloud server crash, etc. There are some serious cyber accidents. For example, Apple iCloud data leakage accident in 2016. The leakage influenced about 64 million accounts. (Tian, 2018).

Cloud computing service cannot meet user’s requirement for a higher cyber security anymore. So the fog computing, also termed edge computing appears in people’s sight as a more intelligent computing model. In cloud storage service, user uploads their file to the cloud directly. Then the Cloud Server Provider (CSP) will take the responsibility of the users to control the data. So, users do not actually control the physical storage of their data which results in a barrier between ownership and management of data.In such case, the possibility of the leakage of the data is increased. Currently, the number of devices such as Apple Watch, Garmin, Fitbit, etc., that collect data, as well as the amount of data processed, is growing exponentially.

Typically, public cloud computing provides computing space to process this data through a remote server. However, it takes time to upload the acquired data to a remote server for analysis and then the results are transmitted back to the original location. This slows down the process that requires immediate response from professionals, especially in healthcare aspect. In addition, when the Internet connection is not reliable, relying on the remote server becomes the core of the problem.

And in other cases, Data that does not require immediate response is mainly still analyzed, processed and stored in the cloud to perform historical and big data analyses. Therefore, the proposed use of fog computing differs from cloud computing. Although there are also private clouds residing in firms’ data centers and not shared with others, these usually provide more computing-intensive services for several devices or even the firms’ entire IT infrastructures, but at the same time private clouds may still have higher latency compared to fog computing.

Further, especially small or medium-sized firms might not have the capabilities to manage their own private clouds. Fog computing allows them to build up IT resources to automatize and control their production without running their own cloud or transmitting large amounts of data to public clouds. (Christian, 2018). It has been proposed in 2011 by Cisco that the fog computing may become the next technology in IoT. Fog computing is not a server but consists of various functional computers or sensors.

It is widely accepted in electrical appliances, manufactures, vehicles or even street lamps. Fog computing is as vivid as cloud computing which is between the personal computing and cloud computing.The computing resources are provided on the edges of the network. Compared to cloud computing, fog computing is more decentralized. The data are processed locally in large amount. The analysis is operated on-premise, and fully portable. It is a decentralized computing infrastructure where data, computing, storage, and applications are most logically distributed between data sources and the cloud, which is the most efficient location.

Fog calculations have several distinct features: low latency, position sensing, extensive geographic distribution, mobility-adapted applications, and support for more edge nodes. These features make mobile service deployment more convenient and meet a wider range of node access.

A review of the advantages of implementing fog computing system in iot

Reduced Latency

To reduce the physical distance between the data collecting device and the processor, the latency time and potential response can be decreased compared to a device-to cloud architecture. To mitigate the computational tasks for device-only architecture, the latency time can also be reduced. The motivation can also be to keep the latency predictable.

Privacy

To reduce the propagation of data, the data can be analyzed on a local gateway but not a data center that is out of the users’ control. Thus, the protection of the users’ privacy can be improved compared to the device-to-cloud architecture.

Energy Efficiency

There are couple of ways to improve energy efficiency within sensor devices on fog platform. With then increase of the length of the sensor devices sleep cycles, the gateway can be responsible for any requests or updates and then the sensor is waken up to process the request. Also, the heavy-duty computation and some other services can be offloaded from the battery-driven nodes.

Bandwidth

Compared to a device-to-cloud architecture, the number of data to be sent into data center can be reduced with fog computing. First of all, raw data is to be filtered, analyzed, pre-processed or compressed so that not all of the data has to be sent to the center. Secondly, local nodes can also perform some analyses from the devices with the cached data.E. ScalabilityFrom more centralized resources, local computation can reduce the work load and can be expended as needed so that the fog computing can improve the scalability of a system.

Dependability

Fog computing can increase system dependability in either to realize redundancy by letting a few nodes in the network provide the same functionality or to execute computation closer to the sensor nodes so that they are not so dependent on the network connection.

However, safety is another major reason why companies are looking for fog calculations. Application data, such as health care and point-of-sale transactions, are the primary sensitive targets for cybercrime analysis and identity thief targeting. However, fog computing is able to make such data strictly protected. According to the OpenFog Consortium, the fog system is responsible for protecting the information communication between the IoT device and the cloud, providing security for real-time applications.

The fog system can also be used to securely store devices internally, away from vulnerable public networks. Secure storage of data backups can be achieved by deploying reliable backup services, such as the storage services provided by Mozy, allowing enterprises to schedule automated backups of military-grade encryption protection.

• Various systems are implemented to detect and prevent malicious cyberattacks on the for platform.
• Privacy preserving can minimize the data communication with fog nodes to reduce the risk in order to preserve personal and critical data while communicating.
• Mitigating insider data combines the behavior profiling and decoy approaches to mitigate the security threats.
• Policy-driven secure management of resources enhances the secure interaction, sharing and interoperablility among user-requested resources.
• Authentication in fog platform will enable the fog platform and end-user to keep from the attacks with the help of a public key infrastructure, Diffien-Hellman key exchange, intrusion detection techniques and monitoring for modified input values.
• additionally, using advance encryption standard (AES) as the encryption algorithm is suitable for fog platform. (Khan, S., 2017)

Many other efforts have also been made to improve the security and privacy issue in the environment. More secure and efficient protocols are implemented to reducing the power consumption without sacrificing the performance. With the fog computing, a light-weight encryption algorithm can be introduced between the fog and devices to enhance the efficiency of the communication process.

Fog computing also provides various opportunities to detect unusual behaviors and attacks with a signature or anomaly-based system. In the application of healthcare IoT, security is one of the most important aspect. Thus, a high level of security can be provided by using operating system level techniques at gateways such as IPtable which is basically a table of rules that permissions to some ports are granted while other ports are blocked to prevent undesired traffic. (Rahmani, A. M. 2018)

Preventing Cyberattacks in Health Care System

There are so many aspects that a health care system would be attacked by hackers. But how to prevent cyberattacks like WannaCry happen again, there are still many ways.

First of all, the organizations need to make network security a much-focused topic around employees. Well-trained employees and managers will help the organization to discover potential threats on time. With special training and education on cybersecurity, employees will have their personalized anti-spam methods right away, which will highly protected system from threat.

Organizations should inform employees the influences and consequences on cyberattacks and offer employ free education on cybersecurity classes. Second, clear communication progress within the organization is also very important. To set up a good progress and policy in the operation team will give employee a better understanding so they can resolve network incidents effectively.

In the progress of communication, network virus spreads in hidden files within e-mails and webpages. After the user opens the file, virus starts to run, and user's information will be stolen and destroyed. Organizations need to inform employees that all the spam messages sent to the workplace email should not be opened or replied.

If users accidently open the spam file, the well-established virus detection program should notify users and smash the virus to better improve the security of the organization network system. Data backups are also very important for each day. Finally, the most importantly, is the updated technology.

Updated technology not only includes the software, but also the hardware. Organizations should make sure all software patches and updates are completely installed on time on the operating system, antivirus system, browsers, and other applications.For the antivirus system, it should always have the latest version (Mohurle, Patil 2017).

Windows Firewall should always be turned on and operated properly. Managers should also be aware of new invested technologies which can help to prevent attacks.

Discussion

After this ransomware attack, Microsoft had released a Bcritical patch to help the victims to solve this problem (Jesse, 2017). However, there still were many organizations cannot apply this patch successfully to resolve the virus. This is mainly because most of these organizations were still using outdated Windows System on their computers. These organizations did not realize the importance of the updated system which caused by the infection of WannaCry virus. We have already detected the problem of the healthcare system, but why it is hard to prevent the system from cyberattacks?

First of all, the vulnerable data of healthcare has extremely limited resources, segmented governance, and incomplete cultural behaviors (Guy, Paul, Chris, Ara, James 2017). Compared to other major parts, healthcare is always underinvested in the information technology infrastructure. Furthermore, the demand for cybersecurity experts are very high and most financial institutes will spend large amount of money to hire these people, which make the healthcare organizations hard to find perfect people and leak of funds to maintain the outdated system. Finally, segmented governance also causes the healthcare system failure. The responsibility for cybersecurity system and data is not clarified by a specific department among the healthcare system.

In conclusion, to get fully functioned cybersecurity is still big issue in today’s life. People need to raise the awareness of the importance of cybersecurity and come up with more useful technology solutions to face the problem.