Saifuddin Akber Ali

Cyber Security CYBER SECURITY By The Name of the Class Professor(Tutor) The Name of the School(University) The City and State where it is located 1 Cyber Security CYBER SECURITY: RISKS AND SOLUTIONS Executive Summary “Threat is a mirror of security gaps. Cyber-threat is mainly a reflection of our weaknesses. An accurate vision of digital and behavioral gaps is crucial for a consistent cyberresilience.”-( Stephane Nappo). Cyber attacks are usually discussed in terms of their costs, but seldom do we hear about how frequently they are inflicted . With the proliferation of internet and emerging technologies like Internet of Things the prospect of a cyber attack is not if but when. Among the the top three risks to global stability are natural disasters, extreme weather and cyber attacks, according to World Economic Forum’s, Global Risk Report 2018. With the advancement in data communication , sensors and protocols the concept of Internet of Things introduced in 1999 by Kevin Ashton, is rapidly finding its uses in various fields such as education, health care, transportation and environment control to name a few. While IOT on one hand is creating new and exciting opportunities for businesses, on the other hand it has also given new opportunities to cyber criminals to inflict damage upon these systems with impunity. Within the past decade there has been a steady increase in cyber breaches with the total cost to all industries of 3.92 million dollars world wide in 2019(Statista 2020). Information, Finance , Education and Healthcare being the worst hit sectors(Statista 2020). Cyber security has therefore become an important priority for the industries and business. This study aims to highlight the implementation of one of the three given scenarios of an IOT based system and to assess the security risks it faces, using STRIDE and DREAD risk modeling techniques. Also a Business Continuity Plan has been suggested in case of security breach and the final presentation is a Legal and Ethical consideration connected to the handling of data, 2 Cyber Security 3 . TABLE OF CONTENTS 1. EXECUTIVE SUMMARY………………………………………………………………………….2 2. INTRODUCTION…………………………………………………………………………………...5 Background of the task………………………………………………………………………………5 Scenarios……………………………………………………………………………………………..5 Requirements………………………………………………………………………………………...5 The chosen scenario………………………………………………………………………………….6 3. RISK ASESSEMENT……………………………………………………………………………….7 System Framework…………………………………………………………………………………..8 Risk Assessment……………………………………………………………………………………..8 Attack aimed at device(Type 1)…………………………………………………………………..9 Attack aimed at Communication(Type 2)……………………………………………………....10 Attack aimed at manufacturers and cloud Providers(Type3)………………………………….10 Threat Modelling…………………………………………………………………………….……..10 STRIDE Methodology………………………………………………………………………..…12 Identifying Assets……………………………………………………………………………..13 Identifying threats……………………………………………………………………….….…14 Mitigating threats…………………………………………………………………….………..15 DREAD Methodology…………………………………………………………………..………16 Profiling threats with STRIDE and DREAD…….17 Conclusion…………………………………………………………………………………………20 4. BUSINESS CONTINUITY PLAN………………………………………………………………...21 APPENDIX A-BUSINESS IMPACT ANALYSIS………………………………………………...31 5. LEGAL AND ETHICAL CONSIDERATION…………………………………………………….37 Cyber Security 4 Conclusion………………………………………………………………………………………….40 6. References…………………………………………………………………………………………..41 Cyber Security INTRODUCTION Background of Scenario and Task This coursework involves the choice of any one of the three given scenarios and the task is to, implement the system, present a risk assessment for the system using STRIDE and DREAD risk modeling methodologies, draw up a Business Continuity Plan in case of a cyber breach and present a Legal and Ethical consideration viz a viz handling of data. Scenarios: 1. University student record and Virtual Learning Environment (VLE)system 2. A patient care system that monitors a patient in the home 3. An automatic environmental control system for an office building. Requirements The basic requirements of the system, for the implementation all of the above scenarios, are 1. It must connect to the internet 2. It should have various types of sensors 3. It should be capable of storing multiple types of historical data 4. It should have a control node 5. It should be accessible through a mobile device 5 Cyber Security 6 The chosen Scenario For the purpose of this coursework, Scenario#2 i.e, “A patient care system that monitors a patient in the home “, has been selected. Fig 1 shows a typical implementation of a Patient Care Home Monitoring system that is in line with the basic requirement of such a system as required for this study. Such a system will not only provide integration of IOT technology in remote healthcare monitoring and delivery, but through cloud computing, it also effectively addresses the issues pertaining to data such as storage, handling two and fro movement between devices, preservation , confidentiality and universal access.. As compared to internet , which allows data exchange between a few devices and humans, IOT is a wide-ranging system of interconnected and interrelated devices capable of taking smart intelligent decisions without human involvement. Human vital signs such as heart beats(HR), oxygen inhalation and exhalation rate and blood pressure can be transported to a remote location wwirelessly..( L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, Electronics 8(7), 768), 2019) Fig1 Components of the Patient Care Home Monitoring System are ( L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, 2019, 2) The Key components of the Patient Care Home Monitoring System are ( L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, 2019, 17) 1. Electrocardiogram Monitoring Cyber Security 7 2. Temperature Monitoring 3. Blood Pressure Monitoring 4. Asthma Monitoring 5. Mood Monitoring 6. Oxygen Saturation Monitoring 7. Zigbee node for mesh networking among the IOT devices and data exchange 8. Wifi and Bluetooth for the transmission of IOT devices data via routers and mobile network to the Hosipital, Patient’s Gaurdian, Emergency services, Electronic Health Record, Remote Monitoring 9. Fog Node: The Fog node is a combination of data storage and connectivity providing devices that extends reach of the Cloud nearer to the IOT devices which is the main source of IOT data, The devices that make up Fog node may include routers, servers , security cameras, switches etc. 10. Cloud Platform: Set of servers hosted over internet to provide on demand storage and data processing RISK ASESSMENT REPORT In this section framework of the IOT Based home care monitoring system will be presented with a detailed risk assessment for the system. The STRIDE and DREAD methodologies will be used to produce prioritized actions and risk treatment options. Cyber Security 8 System Framework: Framework is the basis of integration of IOT in health-care . The healthcare applications are able to make optimum use of IOT and computation through the frame work . Due to the protocols provided by the frame work it is possible to transfer medical data between the sensors and smart devices and the fog node. As shown in Figure 2, there are three main sections of the framework, which are topology, structure, and platform. Fig-2 Framework for IOT based health care monitoring system .( L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, 2019, 5) Topology for a given IOT application may be defined as the placement of the IOT system building blocks in a particular order . In Figure 3 is shown a classical IOT and cloud computational model used in healthcare. There are three potions of this model. A Publisher, a broker and a subscriber. Publisher is a group of interconnected sensors and hand held devices , that continuously sends patients’s vital sighs such as electrocardiogram (ECG), electromyography (EMG), temperature, blood glucose (BG), and the respiration rate to a broker. The Broker analysis and processes the Publisher’s data, herein refereed to as the Cloud . The Subscriber may be the caretaker at any remote station monitoring the Publisher’s data and is able to respond immediately in case of a medical emergency . The framework combines all the three parts of the toplogy into coherent unit.. .( L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, 2019, 6) Cyber Security 9 Fig-3 Typical topology in the IoT framework for healthcare .( L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, , 2019, 6) Risk Assessment Depending which part of the system the attack is aimed at, the threats to and vulnerability of the IOT health care system may be divided in three broad categories 1. Attack aimed at the Device(Type 1) In-spite of becoming more efficient, cheaper, and smarter, the monitoring devices are more likely to become a potential attack target due to their continuous reception and transmission of data ,and because of their low storage and low power storage capacity, they cannot hold the necessary security software to ward off an attack. Due to the attack, a medical device can experience functional failure or may affect other medical devices in the same network, which can affect patient health. In the worst scenarios, it can even lead to human casualties. An attack on one device may allow the attacker to exploit confidential data and this could lead to complete grid failure. .( L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, , 2019, 33) Cyber Security 10 2. Attack aimed at communication(Type 2) Communication between medical devices may be intervened by the attackers, by monitoring and altering messages. Due to sensitivity and confidentiality in the data exchanged between the devices, the impact of such an attack on the overall system is severe. The attacker can intercept, capture and manipulate the information during transmission. Thus not only the trust in data and messages but the trust in the entire system may be compromised due to such an attack.( L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, , 2019, 33) 3. Attack aimed at Manufacturers and Cloud Providers (Type 3) A breach aimed at the service-providers of Cloud, and IOT and the manufacturers of the devices may raise trust issues for these companies. Whether it is an IOT or Cloud service provider or the manufacturer of the devices, the data they entrusted handle, analyze and generate are highly sensitive and confidential in a health care system . Any breach will raise questions about their ability to safeguard they are entrusted to protect. Moreover, any disruption in service may halt their operations which are of continuous nature and this may lead to catastrophic consequences for the patient whose date is being generated, handled, and analyzed . {L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon, , 2019, 33) Threat Modeling Threat modeling is is an exercise to analyze the most likely and unlikely type of attacks that may be carried out , and to prioritize the safety of the most vulnerable assets . The threats identified during the threat modeling are linked to a security risk in order to prioritize the safety of some assets. An Cyber Security 11 asset may be defined as anything that an organization considers valuable for profitability, operability, and continuity of the business in line with the organizations mission statement. .( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 2) Threat Categories mHealth Security Perspective Spoofing: Attacker poses as an authorized user or entity Attacker using user authentication information to access sensitive medical data Tampering: Modifying data maliciously Attacker modifying data in transit (e.g. from BAN to LAN) or at rest Repudiation: Filtering malicious actions if proof is missing Authorized user performs illegal operations and system cannot trace it, other parties cannot prove this Information disclosure: Exposing information to any unauthorized entity Leaking raw data or medical records Denial of Service: Denying service to valid users Attacker jamming BAN or DoS’ing hospital environment Elevation of Privilege: User gains privilege rights and manipulates the system Attacker gains access to security systems as a trusted entity Table -1 Connection between STRIDE and the given environment ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 2) STRIDE Mehoedology The first methodology of threat- modeling undertaken in this study is STRIDE, acronym for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege . Table I lists and defines each threat category under STRIDE methodology and links it to a specific Health care monitoring attack scenario. STRIDE threat modeling consists of undertaking the following three exercises • Identifying assets • Identifying threats Cyber Security • 12 Mitigating threats 1. Identifying Assets In fig 4 a graphical illustration of the flow of data and critical points in a IOT based health care monitoring system is presented. The generation of the threat model begins with the acquisition of data from one or more than one sensors on a wearable and pushed to a central sensor controller. The data is collected and persisted. Fig. 4. Data Flow and critical points ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 2) Next the data is pushed to the application via Bluetooth LE connection. Again the application sends configuration data to sensor controller, acknowledges data receipt and retains data. The Rate of sampling of a particular sensor can be considered as configuration data. The patient then gets access to the application by authenticating. From the device the sensor data is transmitted via internet. Acknowledgement and then the storage of data follows. Authenticating oneself on the application is the first requirement for a person who wants to monitor the patient’s condition. If instructions are to be sent to the patient, by the monitoring supervisor, then first he/she needs to authenticate on the application and then send the instructions over the cloud. An acknowledgement is sent after the patient has read the instructions. In this way from three different group of Cyber Security 13 constituents of the system a threat model can be generated. . ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 2) Identifying Threats In case of a failure , the impact each of the already identified assets makes on the system is depicted in Table2 1. Non Availability It is commonly caused by alteration of an asset . Since the Patient remote monitoring solution should provide close to real-time feedback or instructions to the patient, a loss of availability for just a few seconds could be harmful for patient’s safety in the context of patent’s condition. For a patient in need of cardiac monitoring even a few seconds could prove devastating whereas for a patient in need of mood monitoring (depression monitoring) even 15 minutes could not be considered as life threatening. ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 2) Asset Impact Network devices through which a user connects to the system Network deices that connect sensor to the Application Access and authentication Storage and Database Eavesdropping on Communication Loss of Information due to Non availability Loss of information due to Non availability Loss of user login login data Non Availability Loss of User login Confidentiality infringement Confidentiality infringement Table-2 Asset and Impact Cyber Security ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 2) 2. Confidentiality Infringement Other important impact is confidentiality infringement. By virtue of its makeup, medical data is very personal and is therefore very sensitive. This makes the safety and confidentiality of medical data all the more important and demands protection of highest order.. ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 2) 3.Loss of Information The key aspect of Patient Care Monitoring is the authentication process which demands authentication and validation from all the users of the system. Loss of this information or nonavailability of the system will not allow the user or other components of the system to access the system( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 2) Mitigating Threats On the basis of various types of technologies and processes used, assets can be divided in various categories, each category having its unique threat mitigating strategy. The rapid progress in sensor and smart device technology has led to the ever increasing cross-operability between systems and devices ,without losing the focus on on security and privacy. Therefore in this study a wide ranging threat mitigation strategy is proposed covering all the aspects of IOT base Health care Monitorig system. distributed system like the presented prototypical Patient Care Health Monitoring System. Such a system can be harmed by two independent classes of attacks. • Physical Attack • Non-Physical Attack Physical Attack The attacks aimed at destruction of a device, building or any other asset may be termed as physical 14 Cyber Security 15 attack. For example an attack aimed at destruction of sensors, devices and cloud service. Cyber security measures are not sufficient to prevent such attacks Non-Physical Attack The manipulation of the system components may be termed as Non physical Attack. Authority, access nd data confidentiality threats can be termed as non-physical attacks. These threats can be circumvented with the help of modern verification and encryption techniques. But encryption without authentication in not enough to create a highly private system, because unlike the previous generation of devices, modern devices are interconnected wirelessly. In these networks where data is accessed by more than one device each having different rights. In this scenario due to authentication no adversary is able to put on a wearable device and start transmitting to the system. Instead the wearable is authenticated by the smart phone and a smart phone is authenticated by the Patient care system to approve the integrity of the system components. An encrypted authentication capable of identifying human and machine has been used in this study. This system is capable of mutual authentication between each component of the system along with full data and communication encryption built on the last authentication. Each of the system components has two public key and a certificate. Sensors with less computing power use symmetric key only with the smart phone acting as authenticator. The sensor has to pair with the smart phone in the first step. Two symmetric keys are generated during the pairing process. One is stored in the mobile phone while the other is transmitted to the cloud. The cloud uses the key to check encryption and data integrity while communicating with the sensor. The smart phone uses the stored key to generate one time secret key to communicate with the sensor. In this way encryption and authentication by using symmetric and asymmetric key, is achieved ticking all the boxes for achieving trust, liability, integrity and authenticity. Cyber Security 16 DREAD Methodology Having identified the assets and the impact of their loss to the system, we will use the DREAD model to evaluate the likelihood of an attack by exploiting a particular threat. The DREAD is the acronym for Damage capacity, Reproducibility, Exploitability, Affected Users and Discoverability. The DREAD risk can be calculated as follows: RiskD = (DAMAGE + REPRODUCIBILITY+ EXPLOITABILITY + AFFECTEDUSERS+ DISCOV ERABILITY ) Values from 1 (low) to 3 (high) are assigned to each addend of equation 1. The sum is calculated and the result can fall in the range of 5-15. Afterwards one can rank threats with overall ratings of 12-15 as high risk, 8-11 as medium risk, and 5-7 as low risk. Profiling threats with STRIDE and DREAD We will now create a profile of the threats highlighted earlier and assign them the level and ranking of STRIDE and DREAD methodologies 1. Loss of information Earlier we saw that the major cause of loss of Information is the identity theft . InfoTable -3 shows the threats to user identity can be categorized as misuse of login information and spoofing the sensors. . Generally,the level of threat is higher if the identity of admin level user is compromised because it could effect the data of thousand of patient , whereas a compromise on a single user identification data is a low in comparison because it poses threat to a single user. Description STRIDE DREAD Cyber Security Patient identity sharing or loss S Medium Personnel identity sharing or loss S High S Low Patient and Personnel Identity Theft E Medium Sysadmin Identity Theft S High Identity spoofing Sensor Spoofing S,D Medium Smartphone Spoofing S,D Medium EHR/PHR Spoofing S 17 High Table-3 ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 3) 2. Confidentiality Infringement he threats for gaining unauTthorized access are spoofing, Elevation of privileges and data tampering and disclosure.. Table-4 shows this in the STRIDE column. A user could try to raise his rights and gain access to the Electronic Health Record . The raise could lead to leakage of confidential information from other users. the threats posed by such illegal access are at a minimum are medium but most of the time they are rated high because gaining admin rights even at local can cause considerable damage to patients and health care providers alike, Spoofed sensors and smart phone may be used to flood the system with unwanted request, which may result in denial of Service as the system cannot respond to such high level of requests. For unauthorized Access to the system data the STRIDE ranking is elevation of Privileges and ranked high because it could the confidentiality of the entire system data. The unauthorized access at a level lower than the admin level is again represented by E in the STRIDE, and ranked medium in the DREAD is medium because it can not cause a system wide breach but still could do a considerable damage at local level as well. ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 3) Cyber Security Description STRIDE Unauthorized Access to system data E High Unauthorized Access beyond authorized privileges E Medium Tampering to modify access control T Medium Impersonation of a Patient E,D Medium Impersonation of Personnel E,D High Unauthorized access to admin functionality E,T High 18 DREAD Table-4 Authorization and Access threats ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 3) 3. Privacy Threats As shown in Fig5 the importance of patient data cannot be underestimated. Specially for patients suffering from critical diseases, The right to make their disease public, is entirely their own and this right should be preserved at all costs. While tampering with or loss of individual sensors may limit the damage as the amount of information that can be accessed will be limited to last few readigs. The information lost from a stolen or lost mobile phone may be bigger that of a sensor still it may not be bigger as it does not containe information about Electronic Health Record. Description STRIDE DREAD Patient Data Disclosure I High Administration Data Disclosure I High Lost Smartphone I Medium Lost Wearable I Low Stolen Smartphone I Medium Stolen Sensor I Low Weak access control smartphone I Medium Weak access control wearable I Low Fig 5 Privacy Threats Cyber Security 19 ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 3) 4. Adversary Threats The threats in this category are aimed at the decision making capability of the system . As shown in Fig 6 that the minimum DREAD rating given to this threat is medium because of its importance to the integrity of the system. In this type of attack the system components which analyses the IOT data is made to return incorrect results by the attacker. For example while monitoring heart rate the data analytics may be forced by the attacker to return the result as cardiac disease whereas in reality the patient may be healthy. This may be achieved by the attacker irrespective of the input data. A more pin point attack could be that all the patients look like suffering from tachycardia will be diagnosed with an infarction. This clearly demonstrates how an attacker may gain access to a smart phone or is an active rival in the same system as he wants to manipulate the data sent to the system. Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 5 Description STRIDE Potential altering of training data DREAD T High Non-targeted adversarial attack T Medium Targeted adversarial attack T Medium Table-6 Advisary Threat ( Cagnazzo M, Hertlein M, Holz T and Pohlmann N,2018, 5) Conclusion This study has attempted to make a risk assessment to a Patient care health monitoring system, by classifying attacks according to the entity they are directed against. The class of attacks may be, attacks Cyber Security 20 aimed at the device, attacks aimed at the communication and attacks aimed at the manufacturers and cloud providers. A detailed study of Risk modeling has been undertaken with respect to the attacks and their impact on the system using the STRIDE methodology by identifying assets, identifying threats and mitigating the threats. These threats have been ranked using the DREAD methodology to determine and prioritize the threat mitigating actions based on the ranking of the threat. Cyber Security BUSINESS CONTINUITY PLAN https://www.smartsheet.com/business-continuity-templates VERSION HISTORY BUSINESS CONTINUITY PLAN ABC HOSPITAL Bolton Avenue Houston, TX 74700 abchospital.com VERSION 0.0.1 07/27/2020 VERSION APPROVED BY REVISION DATE DESCRIPTION OF CHANGE 0.0.1 a.bsdha 7/27/2020 NEW AUTHOR PREPARED BY TITLE DATE APPROVED BY TITLE DATE 21 21 Cyber Security 22 TABLE OF CONTENTS 1. BUSINESS FUNCTION RECOVERY PRIORITIES ................................................................................. 24 2. RELOCATION STRATEGY ....................................................................................................................... 24 3. ALTERNATE BUSINESS SITE.................................................................................................................. 24 4. RECOVERY PLAN...................................................................................................................................... 25 5. RECOVERY PHASES ................................................................................................................................. 25 A. DISASTER OCCURRENCE............................................................................................................................................. 25 B. PLAN ACTIVATION ....................................................................................................................................................... 25 C. ALTERNATE SITE OPERATION ....................................................................................................................................... 26 D. TRANSITION TO PRIMARY SITE ..................................................................................................................................... 26 6. RECORDS BACKUP ................................................................................................................................... 26 7. RESTORATION PLAN ............................................................................................................................... 26 8. RECOVERY TEAMS .................................................................................................................................. 27 A. TEAM ROLES..................................................................................................................................................................27 B. TEAM CONTACTS ......................................................................................................................................................... 27 C. TEAM RESPONSIBILITIES ................................................................................................................................................ 27 D. DEPARTMENTAL RECOVERY TEAMS .......................................................................................................................... 28 9. A. RECOVERY PROCEDURES ...................................................................................................................... 28 POTENTIAL RECOVERY PROCEDURE ......................................................................................................................... 28 10. APPENDICES .............................................................................................................................................. 29 A. Business Impact Analysis ............................................................................................................................................ 29 22 Cyber Security 1. BUSINESS FUNCTION RECOVERY PRIORITIES 1. Detect intrusion, isolate system node, repair/replace sensors, routers 2. Change Password to communication equipment 3. Change Password and access permissions 2. RELOCATION STRATEGY 1. Transfer critical patients to the Hospital 2. Transfer patients data to Hospital host system 23 Cyber Security 3. ALTERNATE BUSINESS SITE 1. Address 1 In case of non availability of beds in the hospital ABC for patients transfer form home 2. Address 2 In case of non availability of beds for patients transfer from home 4. RECOVERY PLAN 1. Transfer critical patients to hospital or the alternative site 1 or 2 2. Fault detection, isolation and repair 3. Password change and limit access 24 Cyber Security 5. RECOVERY PHASES A.DISASTER OCCURRENCE The company declares a disaster and makes the decision to activate the rest of the recovery plan. B. PLAN ACTIVATION During this phase, the company puts the business continuity plan into effect. This phase continues until the company secures the alternate business site and relocates the business operations. C.ALTERNATE SITE OPERATION This phase continues until the business can restore the primary facility. 25 Cyber Security D.TRANSITION TO PRIMARY SITE This phase continues until the company can appropriately move business operations back to the original business site. 6. RECORDS BACKUP 7. RESTORATION PLAN 26 Cyber Security 8. RECOVERY teams A.TEAM ROLES Team Leader, Backup Team Leader, Team Member B. TEAM CONTACTS Stored in the Contact List Appendix 27 Cyber Security C.TEAM RESPONSIBILITIES Incident Commander, HR/PR Officer, Information Technology, Finance/Admin, Legal/Contacts D.DEPARTMENTAL RECOVERY TEAMS Business Continuity Coordinator, EOC Communications Team, EOC Human Resources Team, EOC Administration Team, Emergency Response Team, Information Technology Recovery Team 9. RECOVERY PROCEDURES A.POTENTIAL RECOVERY PROCEDURE 28 Cyber Security i. Disaster Occurrence ii. Notification of Management iii. Preliminary Damage Assessment iv. Declaration of Disaster v. Plan Activation vi. Relocation to Alternate Site vii. Implementation of Temporary Procedure viii. Establishment of Communication ix. Restoration of Data Process and Communication with Backup Location x. Commencement of Alternate Site Operations xi. Management of Work xii. Transition Back to Primary Operations xiii. Cessation of Alternate Site Procedures xiv. Relocation of Resources Back to Primary Site 29 Cyber Security 10. APPENDICES A.Business Impact Analysis 30 Cyber Security 31 APPENDIX A- BUSINESS IMPACT ANALYSIS ABC HOSPITAL Business Impact Analysis Document https://www.resolver.com/resource/bia-template/ Business Processes and Recovery Time Objectives (RTO) Business Process PATIENT CARE HOME MONITORING Process Description Patient vitals monitored remotely and inerventions suggested What alternate What alternate What alternate What alternate What alternate processing Current recovery processing strategy is processing strategy is processing strategy is processing strategy is Can this process be performed 100% strategy is available during strategy/alternate available during loss of available during loss of available during loss of available during loss of remotely? loss of applications? processing strategy building? phones? staff? power? Patient Vitals Monitoring Yes Interventions No Transfer Patients to Hosipital Transfer to Back up building Contact via emergency hotline Recovery Time Objective (RTO) Emergency Staffing Unit Back up power generator As per documentation 1-6 hrs Known single point of failure # of FTEs normally assigned to this process Staff needed during a disaster Internal 10 20 Process Owner Hospital IT head Cyber Security ABC HOSPITAL Business Impact Analysis Document 32 https://www.resolver.com/resource/bia-template/ Application Information Process Name Application Name Patient Care Home Monitoring System PCHM ABC HOSPITAL Application Type Third Party Hosted Application Description Application Owner Monitors Patient Vitals at ABC Hospital patient's home Application Vendor XYZ Corporation Business Impact Analysis Document Outage Workaround Transfer patients to Hospital Additional Details This application is accessible to the computers deployed in PCHM department https://www.resolver.com/resource/bia-template/ Process Inputs Business Process Patient Care Home Monitoring System Contributor Name PCHM Department Input Frequency 24/7 Process Input Description This system has been deployed to provide healthcare facilities to patients with long term illness,disabilities which greatly reduces the cost of dispensation of these facilities while freeing up hospital facilities for patients with immediate need Cyber Security ABC HOSPITAL Business Impact Analysis Document https://www.resolver.com/resource/bia-template/ Process Outputs Business Process Patient Care Home Monitoring System ABC HOSPITAL Recipient Name Output Frequency PCHM 24/7 Process Output Description Electronic Health Record Cardiology Department Duty Physichian Pharmacy Patient's Wards Business Impact Analysis Document https://www.resolver.com/resource/bia-template/ Process Impacts Business Process Patient Care Home Monitoring System Impact Type (Financial, Customer Service, Brand/Reputation, Contractual or Legal/Regulatory) Level of Impact (High/Medium/Low) Customer Service High Reputation Regulatory Financial High Medium Medium Potential Financial Impact Amount USD1000 per patient per day 33 Comments Cyber Security ABC HOSPITAL Business Impact Analysis Document 34 https://www.resolver.com/resource/bia-template/ Vendors Process Name Vendor Name Service Provided Address Patient Care Home Monitoring System Application Sensors XYZ Coprporation 123 Systems Ltd Remote host of the XYZ Builing, Z boulevard, application GA Providers of body sensors 123 Center, NY Communication 456 Inc Providers of data communication equipment 456 Plaza ABC HOSPITAL Address 2 City State Zip Atlanta Georfia New York City New York Houstom Business Impact Analysis Document Country 74700 United States 123456 United States Texas Dependency Contact Name High PAC Phone Alternate Phone Fax Number - - Email -- 48910 United States https://www.resolver.com/resource/bia-template/ Customers Customer Name Address 1 Address 2 City State Zip Country Contact Name Phone Alternate/After Hours Phone Fax Number Web Site Cyber Security ABC HOSPITAL Business Impact Analysis Document https://www.resolver.com/resource/bia-template/ Key Personnel Business Process Patient Data Monitoring Assitant Customer Service Attendant System Recovery Incharge 35 Key Personnel Name Are they set up to work remotely? Has there been cross training? ABC 123 789 Yes Yes Yes EFG- Cyber Security ABC HOSPITAL Business Impact Analysis Dhttps://www.resolver.com/resource/bia-template/ Recovery Teams and Tasks Team Name Description Patient Recovery Team Transfer critical patients to H Customer Service RecovContact customer ward System Recovery Team Resolution of the issue in the Freezing of customers record and do record keeping manually or Electronic Health Recordthrough back up system Team Leader Name A B C D Team Leader Tasks Co-Ordinate with Customer service for immediate transfer of critical patients Contact and coordinate with Emergency services, Patient Ward, Electronic Health Record Department and relavent wards for quick transfer of critical patients Ensure Data safety, System isolation and reolve the issue in cordination with the concerned vendors Liase with customer service department for freezing the accounts of the effected patients and recording expenses on back up system Team Leader Alternate Team Leader Alternate Tasks Recovery Members E Will be working in close cordination with team leader I, J, K, L, M. O F Will be working in close cordination with team leader P, Q, R. S. T G Will be working in close cordination with team leader U, V, W H Will be working in close cordination with team leader X. Y. Z 36 Cyber Security 37 Legal and Ethical Considerations In order to consider the legal and ethical issues that are attached with modern day healthcare data it is imperative that we consider what modern Electronic Health Record is today and what it was in the past , because it is this record that is at the heart of all the legal and Ethical issues facing the healthcare industry . Health record , whether paper based or electronic is the record of healthcare business, written during the conduct of normal day to day business activities. But unlike other business record it also contains very sensitive and private information about the people who are the foundation of this business- the patients. It is therefore needless to say that besides providing health care services to patients, the security , confidentiality, privacy, integrity and availability of the health record has and will always remain the sole responsibility of the service provider. (Harman L, 2012, 712) The electronic health record is interactive, and there are many stakeholders, reviewers, and users of the documentation and it utilizes a host of information technology tools. Patients routinely review their electronic medical records and are keeping personal health records (PHR), which contain clinical documentation about their diagnoses (from the physician or health care websites). Because the government is increasingly involved with funding health care, agencies actively review documentation of care. There are three major ethical priorities for electronic health records: privacy and confidentiality, security, and data integrity and availability. (Harman L, 2012, 712) Medical record in the past was maintained on paper manually. It had its limitations in accessibility, availability, agility, security, integrity, control, and storage. Today the primary purpose of the medical record is the same but most of the shortcomings of the paper base system have been resolved. But technology has brought its own new set of problems to the fore, Cyber Security 38 regarding security , confidentiality and privacy. Although the organization, practice or the physician are still the owner of the health record as it is their business record, but the patient owns the information contained in the record which must guarded against breach of privacy, confidentiality . Privacy of the patient’s record refers to the right of the patient to control the disclosure of information about his/her health. It therefore may be termed as private information and without the patient’s consent the disclosure of this information must be guarded at all times to maintain its confidentiality. This information can take the shape of medical test reports, drug prescriptions, and may be stored in different media. In the context of this study this information may come from the monitoring sensors attached to the patient’s body and the interventions carried out by medical personal monitoring the data from a remote sight. The patient consent is often required for sharing the information for treatment, finance or other other administrative reason (Harman L, 2012, 713) Limiting the access of information only to authorized users is the first step in maintaining confidentiality . The admin staff of the organization or practice is responsible for maintaining confidentiality of the patient’s record by authorizing specific persons through user ID and password. In the modern complex patient care home monitoring system state of the authentication and encryption techniques are used to maintain the confidentiality of the. (Harman L, 2012, 713) Protecting patient information against loss of confidentiality, privacy and integrity comes under the gambit of information security. With the wide use of body sensors, internet, the cloud and smart hospitals and smart phones the security of information is faced with multi dimentional issues such as identity theaft, eavesdropping , spoofing, authentication and encryption of widely exchanged data over the internet and the cloud. In order to maintain the trust of the Cyber Security 39 patients in the modern health care system , all these concerns need to be addressed effectively and new set of rules and regulations should be devised to control the misuse of modern communication devices such as smart phone . To keep things in perspective a recent survey found that 73 percent of physicians text other physicians about work. So it must be a concern as to how to limit such exchange of information (Harman L, 2012, 714) Information cannot be controlled completely however control can be exercised in the manner the information is transmitted by introducing very strict authentication and encryption techniques. Smart phones have found their way in healthcare, as we have found in this study that increasingly smart phone are being used in remote patient monitoring system and are a key system component not only monitor the patient remotely anywhere , anytime but to provide interventions as and when requried . Encrypting mobile devices that are used to transmit confidential information is of the utmost importance. But how to control the loss of the device itself.(Harman L, 2012, 714) Unauthorized access, hacking and manipulation or destruction of data by internal or external users is also a potential threat to the security of modern healthcare data. In this regard frequent change of password, limited authorization at various levels, encryption , authentication , firewalls, anti virus and anti intrusion software, audit trails may prove to be the savior for modern day healthcare system security against potential threats. (Harman L, 2012, 714) Audit trails. It is a system whereby organization keep track of the access of electronic healthcare record information. It is done by tracking all system activites by monitoring the data access record with the help of time and date stamps, detailed logs of access activity recording who accessed the record , what was accessed , when and for how long. This Cyber Security process has been atomized 40 Unlike paper record activity, all EHR activity can be traced based on the login credentials. Audit trails do not prevent unintentional access or disclosure of information but can be used as a deterrent to ward off would- be violators. (Harman L, 2012, 714) Conclusion Patient information has always been at the heart of the legal and ethical issues facing healthcare industry. The most important patient information document is the Health Record which is the business record document of the healthcare provider . The health record is owned by the healthcare provider whereas the patient is the owner of the information. Therefore being the owner of the record it is the responsibility of the healthcare provider to protect, the privacy , confidentiality, integrity and accessibility of the patient information. Privacy can be protected by limiting the disclosure of the information to patient consent. The security of the information in this time and age has taken new dimensions and increased the role of audit trails, authentication and encryption techniques as the prime weapons against the threats being faced in the shape of smart phones and cyber attacks (Harman L, 2012, 714) Cyber Security 41 References: 1. Nappo Stephane, S,2020, Cyber Security Quotes Available at7/23/2020 2. L. Minh Dang, Md. Jalil Piran, Dongil Han, Kyungbok Min and Hyeonjoon Moon , 2019, A Survey of Internet of Things and cloud computing for Healthcare Department of Computer Science and Engineering, Sejong University, Seoul-), Korea (7/9/ 2019) 3. Matteo Cagnazzo and Markus Hertlein and Thorsten Holz and Norbert Pohlmann,2018 Threat Modelling for mobile Health Systems, AvailabletAvailable 7/23/2020 4. Laurinda B. Harman, 2012, State and Art of Science, Electronic Health Record: Privacy, Confidentiality and Security, Virtual Mentor, American Medical Journal of Ethics vol:14 September 2012, Available at< https://journalofethics.ama-assn.org/article/electronic-healthrecords-privacy-confidentiality-and-security/2012-09>7/27/2020 5. Business Continuity Plan https://www.smartsheet.com/business-continuity-templates 6. Business Impact Analysis https://www.resolver.com/resource/bia-template/