The Ministry of Health is studying the feasibility of delinking some PCs permanently from the internet.
I agree with this approach. There is no need for some PCs used by the staff for processing the work to be connected to the internet. They should be connected to the healthcare database through a secure intranet.
However, there is a wider community of doctors and health care workers that need to connect to the database through the public internet.
These users can have their access restricted only to certain portions of the database. The doctor need to know the patient visit records.
We should avoid imposing more security or other restrictions that hinder the authorized access by doctors to these records.
There will always be a risk that somebody may steal the identity of the doctor and have unauthorized access to the records of patients. This cannot be prevented by the use of more security protocols.
A good way to deal with this risk is to log all the access by each user to the record.
A audit script should be run at regular intervals, say each hour, to count the number of access by each user to the patient records, and to highlight any case of unusual activity.
We can expect each doctor to access not more than 10 patient records in a hour, or 100 records in a day. Any excess activity can be highlighted immediately for audit review.
Similarly, the staff have access to details of visits by patients for each day or longer period. The access should also be logged. An audit script should also be run at regular intervals to identify the excess activity by the staff.
It is possible for a hacker to get the credentials of a staff to access these records. The restriction of access to the intranet will reduce this risk but it cannot be totally prevented.
It is also possible for a crook to bribe a authorized staff to access the record and steal the information. This cannot be prevented through access control.
I caution against the excessive reliance of access control or security protocol to manage this risk. It is costly and can make life difficult for the regular users.
My suggestion of the audit log and regular check of the log will manage this risk better. It cannot totally prevent some patient records from being stolen but it can alert the audit staff immediately to prevent the damage from getting worse.
It will certain stop the hacking after a few hundred records, rather than be sleeping while 1.5 million records are accessed and the data stolen.
The biggest risk is the access by the database administrators. They can also be bribed. The access by these administrators, who have almost unrestricted access to the database, have to be monitored closely, perhaps to the minute.
The best risk management measure is prevention. If the hacker knows that there is an effective audit log and that unusual activities will be detected early, they will avoid hacking the database. The risk of being detected early is high.
It is easy to implement the access log and the audit scripts. It is also quite effective. I suggest that this approach be considered immediately.
I have assumed that the security and access protocols are adequate, but the weakness is in other areas.
Tan Kin Lian
I agree with this approach. There is no need for some PCs used by the staff for processing the work to be connected to the internet. They should be connected to the healthcare database through a secure intranet.
However, there is a wider community of doctors and health care workers that need to connect to the database through the public internet.
These users can have their access restricted only to certain portions of the database. The doctor need to know the patient visit records.
We should avoid imposing more security or other restrictions that hinder the authorized access by doctors to these records.
There will always be a risk that somebody may steal the identity of the doctor and have unauthorized access to the records of patients. This cannot be prevented by the use of more security protocols.
A good way to deal with this risk is to log all the access by each user to the record.
A audit script should be run at regular intervals, say each hour, to count the number of access by each user to the patient records, and to highlight any case of unusual activity.
We can expect each doctor to access not more than 10 patient records in a hour, or 100 records in a day. Any excess activity can be highlighted immediately for audit review.
Similarly, the staff have access to details of visits by patients for each day or longer period. The access should also be logged. An audit script should also be run at regular intervals to identify the excess activity by the staff.
It is possible for a hacker to get the credentials of a staff to access these records. The restriction of access to the intranet will reduce this risk but it cannot be totally prevented.
It is also possible for a crook to bribe a authorized staff to access the record and steal the information. This cannot be prevented through access control.
I caution against the excessive reliance of access control or security protocol to manage this risk. It is costly and can make life difficult for the regular users.
My suggestion of the audit log and regular check of the log will manage this risk better. It cannot totally prevent some patient records from being stolen but it can alert the audit staff immediately to prevent the damage from getting worse.
It will certain stop the hacking after a few hundred records, rather than be sleeping while 1.5 million records are accessed and the data stolen.
The biggest risk is the access by the database administrators. They can also be bribed. The access by these administrators, who have almost unrestricted access to the database, have to be monitored closely, perhaps to the minute.
The best risk management measure is prevention. If the hacker knows that there is an effective audit log and that unusual activities will be detected early, they will avoid hacking the database. The risk of being detected early is high.
It is easy to implement the access log and the audit scripts. It is also quite effective. I suggest that this approach be considered immediately.
I have assumed that the security and access protocols are adequate, but the weakness is in other areas.
Tan Kin Lian
1 comment:
Interest in PM'S DATA. There is a saying if something bad happens, first was to look into family. Hopefully not dishonorable siblings?
Post a Comment