Consumer Health Informatics, Mobile Health, and Social Media for Health: Part...
Â
Health Information Privacy and Security (August 3, 2019)
1. Health Information
Privacy & Security
Nawanan Theera-Ampornpunt, M.D., Ph.D.
Faculty of Medicine Ramathibodi Hospital
Mahidol University
For the Faculty of Pharmacy, Silpakorn University
August 3, 2019
http://www.SlideShare.net/Nawanan
14. National Healthcareâs Worst Nightmare
https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-
patients-including-pm-lee-stolen-in-singapores-most
15. Sources of the Threats
⊠Hackers
⊠Viruses & Malware
⊠Poorly-designed systems
⊠Insiders (Employees)
⊠Peopleâs ignorance & lack of knowledge
⊠Disasters & other incidents affecting
information systems
16. ⊠Information risks
⊠Unauthorized access & disclosure of confidential information
⊠Unauthorized addition, deletion, or modification of information
⊠Operational risks
⊠System not functional (Denial of Service - DoS)
⊠System wrongly operated
⊠Personal risks
⊠Identity thefts
⊠Financial losses
⊠Disclosure of information that may affect employment or other
personal aspects (e.g. health information)
⊠Physical/psychological harms
⊠Organizational risks
⊠Financial losses
⊠Damage to reputation & trust
⊠Etc.
Consequences of Security Attacks
18. ⊠Privacy: âThe ability of an individual or group
to seclude themselves or information about
themselves and thereby reveal themselves
selectively.â (Wikipedia)
⊠Security: âThe degree of protection to safeguard
... person against danger, damage, loss, and
crime.â (Wikipedia)
⊠Information Security: âProtecting information
and information systems from unauthorized
access, use, disclosure, disruption, modification,
perusal, inspection, recording or destructionâ
(Wikipedia)
Privacy & Security
21. Examples of Integrity Risks
http://news.softpedia.com/news/700-000-InMotion-Websites-Hacked-by-TiGER-M-TE-223607.shtml
Web Defacements
22. Examples of Availability Risks
http://en.wikipedia.org/wiki/Blaster_worm
Viruses/worms that led to instability &
system restart (e.g. Blaster worm)
23. Examples of Availability Risks
http://en.wikipedia.org/wiki/Ariane_5_Flight_501
Ariane 5 Flight 501 Rocket Launch Failure
Cause: Software bug on rocket acceleration due to data conversion
from a 64-bit floating point number to a 16-bit signed integer without
proper checks, leading to arithmatic overflow
26. ⊠Attack
⊠An attempt to breach system security
⊠Threat
⊠A scenario that can harm a system
⊠Vulnerability
⊠The âholeâ that is used in the attack
Common Security Terms
27. ⊠Identify some possible means an
attacker could use to conduct a
security attack
Class Exercise
29. Alice
Simplified Attack Scenarios
Server Bob
- Physical access to client computer
- Electronic access (password)
- Tricking user into doing something
(malware, phishing & social
engineering)
Eve/Mallory
30. Alice
Simplified Attack Scenarios
Server Bob
- Intercepting (eavesdropping or
âsniffingâ) data in transit
- Modifying data (âMan-in-the-
middleâ attacks)
- âReplayâ attacks
Eve/Mallory
31. Alice
Simplified Attack Scenarios
Server Bob
- Unauthorized access to servers through
- Physical means
- User accounts & privileges
- Attacks through software vulnerabilities
- Attacks using protocol weaknesses
- DoS / DDoS attacks Eve/Mallory
33. Alice
Safeguarding Against Attacks
Server Bob
Administrative Security
- Security & privacy policy
- Governance of security risk management & response
- Uniform enforcement of policy & monitoring
- Disaster recovery planning (DRP) & Business continuity
planning/management (BCP/BCM)
- Legal obligations, requirements & disclaimers
34. Alice
Safeguarding Against Attacks
Server Bob
Physical Security
- Protecting physical access of clients & servers
- Locks & chains, locked rooms, security cameras
- Mobile device security
- Secure storage & secure disposition of storage devices
35. Alice
Safeguarding Against Attacks
Server Bob
User Security
- User account management
- Strong p/w policy (length, complexity, expiry, no meaning)
- Principle of Least Privilege
- âClear desk, clear screen policyâ
- Audit trails
- Education, awareness building & policy enforcement
- Alerts & education about phishing & social engineering
36. Alice
Safeguarding Against Attacks
Server Bob
System Security
- Antivirus, antispyware, personal firewall, intrusion
detection/prevention system (IDS/IPS), log files, monitoring
- Updates, patches, fixes of operating system vulnerabilities &
application vulnerabilities
- Redundancy (avoid âSingle Point of Failureâ)
- Honeypots
37. Alice
Safeguarding Against Attacks
Server Bob
Software Security
- Software (clients & servers) that is secure by design
- Software testing against failures, bugs, invalid inputs,
performance issues & attacks
- Updates to patch vulnerabilities
38. Alice
Safeguarding Against Attacks
Server Bob
Network Security
- Access control (physical & electronic) to network devices
- Use of secure network protocols if possible
- Data encryption during transit if possible
- Bandwidth monitoring & control
39. Alice
Safeguarding Against Attacks
Server Bob
Database Security
- Access control to databases & storage devices
- Encryption of data stored in databases if necessary
- Secure destruction of data after use
- Access control to queries/reports
- Security features of database management systems (DBMS)
44. ⊠Access control
⊠Selective restriction of access to the system
⊠Role-based access control
⊠Access control based on the personâs role
(rather than identity)
⊠Audit trails
⊠Logs/records that provide evidence of
sequence of activities
User Security
45. ⊠Identification
⊠Identifying who you are
⊠Usually done by user IDs or some other unique codes
⊠Authentication
⊠Confirming that you truly are who you identify
⊠Usually done by keys, PIN, passwords or biometrics
⊠Authorization
⊠Specifying/verifying how much you have access
⊠Determined based on system ownerâs policy & system
configurations
⊠âPrinciple of Least Privilegeâ
User Security
46. ⊠Nonrepudiation
⊠Proving integrity, origin, & performer of an
activity without the personâs ability to refute
his actions
⊠Most common form: signatures
⊠Electronic signatures offer varying degrees of
nonrepudiation
⊠PIN/password vs. biometrics
⊠Digital certificates (in public key
infrastructure - PKI) often used to ascertain
nonrepudiation
User Security
47. ⊠Multiple-Factor Authentication
⊠Two-Factor Authentication
⊠Use of multiple means (âfactorsâ) for authentication
⊠Types of Authentication Factors
⊠Something you know
⊠Password, PIN, etc.
⊠Something you have
⊠Keys, cards, tokens, devices (e.g. mobile phones)
⊠Something you are
⊠Biometrics
User Security
48. Need for Strong Password Policy
So, two informaticians
walk into a bar...
The bouncer says,
"What's the password."
One says, "Password?"
The bouncer lets them
in.
Credits: @RossMartin & AMIA (2012)
49. Unknown Internet sources, via
http://pikabu.ru/story/interesno_kakoy_zhe_u_nikh_parol_4274737,
via Facebook page âāļŠāļāļāđāļŪāļāđāļ§āđāļāđāļāļāđāļĄāļ§āđâ
Whatâs the Password?
51. Recommended Password Policy
⊠Length
⊠8 characters or more (to slow down brute-force attacks)
⊠Complexity (to slow down brute-force attacks)
⊠Consists of 3 of 4 categories of characters
⊠Uppercase letters
⊠Lowercase letters
⊠Numbers
⊠Symbols (except symbols that have special uses by the
system or that can be used to hack system, e.g. SQL Injection)
⊠No meaning (âDictionary Attacksâ)
⊠Not simple patterns (12345678, 11111111) (to slow down brute-
force attacks & prevent dictionary attacks)
⊠Not easy to guess (birthday, family names, etc.) (to prevent
unknown & known persons from guessing)
Personal opinion. No legal responsibility assumed.
52. Recommended Password Policy
⊠Expiration (to make brute-force attacks not possible)
⊠6-8 months
⊠Decreasing over time because of increasing computerâs
speed
⊠But be careful! Too short duration will force users to write
passwords down
⊠Secure password storage in database or system
(encrypted or store only password hashes)
⊠Secure password confirmation
⊠Secure âforget passwordâ policy
⊠Different password for each account. Create variations
to help remember. If not possible, have different sets of
accounts for differing security needs (e.g., bank
accounts vs. social media sites) Personal opinion. No legal responsibility assumed.
55. Techniques to Remember Passwords
⊠http://www.wikihow.com/Create-a-Password-You-Can-
Remember
⊠Note that some of the techniques are less secure!
⊠One easy & secure way: password mnemonic
⊠Think of a full sentence that you can remember
⊠Ideally the sentence should have 8 or more words, with
numbers and symbols
⊠Use first character of each word as password
⊠Sentence: I love reading all 7 Harry Potter books!
⊠Password: Ilra7HPb!
⊠Voila!
Personal opinion. No legal responsibility assumed.
68. ⊠Poor grammar
⊠Lots of typos
⊠Trying very hard to convince you to open
attachment, click on link, or reply without
enough detail
⊠May appear to be from known person (rely on
trust & innocence)
Signs of a Phishing Attack
69. ⊠Donât be too trusting of people
⊠Always be suspicious & alert
⊠An e-mail with your friendâs name & info doesnât have
to come from him/her
⊠Look for signs of phishing attacks
⊠Donât open attachments unless you expect them
⊠Scan for viruses before opening attachments
⊠Donât click links in e-mail. Directly type in browser
using known & trusted URLs
⊠Especially cautioned if ask for passwords, bank
accounts, credit card numbers, social security numbers,
etc.
Ways to Protect against Phishing
83. ⊠Most common reason for security bugs is
invalid programming assumptions that
attackers will look for
⊠Weak input checking
⊠Buffer overflow
⊠Integer overflow
⊠Race condition (Time of Check / Time of
Use vulnerabilities)
⊠Running programs in new environments
Software Security
Adapted from Nicholas Hopperâs teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
84. ⊠Consider a log-in form on a web page
Example of Weak Input Checking:
SQL Injection
⊠Source code would look
something like this:
statement = "SELECT * FROM users
WHERE name = '" + userName + "';"
⊠Attacker would enter as username:
' or '1'='1
⊠Which leads to this always-true query:
⊠statement = "SELECT * FROM users
WHERE name = '" + "' or '1'='1" + "';"
statement = "SELECT * FROM users WHERE name = '' or '1'='1';"
http://en.wikipedia.org/wiki/SQL_injection
85. ⊠Defense in Depth
⊠Multiple layers of security defense are placed
throughout a system to provide redundancy
in the event a security control fails
⊠Secure the weakest link
⊠Promote privacy
⊠Trust no one
Some Security Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopperâs teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
http://en.wikipedia.org/wiki/Defense_in_depth_(computing)
86. ⊠Modular design
⊠Check error conditions on return values
⊠Validate inputs (whitelist vs. blacklist)
⊠Avoid infinite loops, memory leaks
⊠Check for integer overflows
⊠Language/library choices
⊠Development processes
Secure Software Best Practices
Adapted from Nicholas Hopperâs teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
102. ⊠āđāļāđāļāđāļāđāļ 11 āļŦāļĄāļ§āļ (Domains)
⊠Security policy
⊠Organization of information security
⊠Asset management
⊠Human resources security
⊠Physical and environmental security
⊠Communications and operations management
⊠Access control
⊠Information systems acquisition, development and
maintenance
⊠Information security incident management
⊠Business continuity management
⊠Regulatory compliance
āļĄāļēāļāļĢāļāļēāļ Security āļāļēāļĄāļ§āļīāļāļĩāļāļēāļĢāđāļāļāļāļĨāļāļāļ āļąāļĒ