Skip to main content

Risk Mitigations for Custom Applications

 In many healthcare applications, often due to the cloistered nature of the use cases – e.g. it will only be accessed by users authorized in a particular facility, such as an operating room suite – the needs for Authentication and Authorization are minimized when the system is designed and implemented. This presents a risk as soon as you allow for the possibility of users with ill-intent or that otherwise want to operate outside their given roles.

Custom applications need to consider these possibilities and implement the following measure to ensure the integrity of the system.

1.  Authentication and Authorization Controls:

Multi-Factor Authentication (MFA): Implement MFA for all user logins. This adds an extra layer of security beyond just a username and password.

Role-Based Access Control (RBAC): Grant users access only to the data and functionalities they need for their specific role. This minimizes the potential for unauthorized access.

Strong Password Policies: Enforce strong password creation policies with minimum length, complexity requirements, and regular password changes.

Regular User Reviews: Periodically review user access privileges to ensure they remain appropriate and prevent unauthorized access due to role changes or employee departures.

2. Secure Data Storage Practices:

Data Encryption at Rest: Encrypt all sensitive healthcare data (PHI) stored on databases and servers. This renders the data unreadable in case of a breach. And be sure to do sensible things with keys – make them complex and use a key management or identity management system to aid in the process.

Data Encryption in Transit: Encrypt data transmission between the application and users' devices or other systems. This protects sensitive information from interception during network traffic.

Data Minimization: Only collect and store the minimum amount of data necessary for the application's functionality. This reduces the attack surface and potential impact of a breach.

3. Patched Software:

Use every means at your disposal to ensure you use patched software, updating quickly and regularly.

Patch Management System: Implement a system for timely identification, acquisition, and deployment of patches for all software components used in the application.

Vulnerability Scanning: Regularly conduct automated vulnerability scans to identify potential weaknesses in the software and prioritize patching accordingly.

Software Update Policy: Establish a clear policy for software updates, outlining the process, approval procedures, and timelines for implementing updates.

4. Encryption:

Implement Transport Layer Security (TLS) to encrypt communication between the applications and users' devices. This ensures a secure connection and protects data from eavesdropping.

Data Encryption at Rest and in Transit (as mentioned above): Encrypting data at rest and in transit are crucial security measures to safeguard sensitive healthcare information.

5. Additional Considerations:

Secure Coding Practices: Developers – internal and external - follow secure coding practices to minimize vulnerabilities introduced during the development process. Be sure to understand and enforce the strongest security practices of 3rd party developers. Static code analysis tools can help identify potential security flaws.

Penetration Testing: Regularly conducting penetration testing simulates real-world attacks to identify and address exploitable weaknesses in the application's security posture.

Security Awareness Training: Train staff involved in developing, maintaining, and using the application on cybersecurity best practices and potential threats.

Labels:

Comments

Post a Comment

Popular posts from this blog

You don't really know who you're talking to online...

The following is a story that I think highlights the assumptions that get you into trouble online... https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media This is particularly scary since we found so much utility in online connections during the pandemic and out of necessity, started trusting more online. Please note the timeline for this breach - it was a long, slow process, a key factor in many 'cons'. "Build trust" is a key first step, once someone has identified you as a party. You think...you're convinced you know who your talking to, but if you don't triangulate the identity with some non-online, ideally in-person information, you shouldn't trust. And even if you do get what seems like real-life confirmations of identity, you must look at questioning motives, needs, and keeping danger at arms-length. Online includes email, texting (sms), application chatbots, voice communicati...
Post a Comment
Read more

Threat Modeling Manifesto

Secure Your Code with Threat Modeling As a software developer, security should be a top priority. By proactively identifying and addressing potential vulnerabilities, you can significantly reduce the risk of breaches and data loss. What is Threat Modeling?   Threat modeling is a systematic approach to identifying, assessing, and mitigating security threats. It involves looking at your system from a hacker's perspective to uncover weaknesses and devise strategies to protect against attacks. See the  OWASP Cheat Sheet   Why is Threat Modeling Important? Proactive Security: By anticipating potential threats, you can take steps to prevent them. Risk Mitigation: Identify and address vulnerabilities before they can be exploited. Regulatory Compliance: Adhere to industry standards and regulations. Enhanced Security Posture: Strengthen your overall security posture. How to Get Started with Threat Modeling   The Threat Modeling Manifesto provides a valuable framewor...
Post a Comment
Read more

Where threat modeling can shine - an example from the EU MDCG-2019

From the  EU  MDCG 2019-16 Guidance on Cybersecurity for medical devices, December 2019 , this is the guidance on foreseeable risks.  Medical device manufacturers should ensure that a medical device is designed and manufactured in a way that ensures that the risks associated with reasonably foreseeable environmental conditions are removed or minimised. This may include the infield monitoring of the software’s vulnerabilities and the possibility to perform a device update (outside the context of a field safety corrective action) through, for example delivering patches to ensure the continued security of the device. During the risk management process, the manufacturer should foresee or evaluate the potential exploitation of those vulnerabilities that may be a result of reasonably foreseeable misuse. This, however, may depend on the specific situation. For example, using an unsecured memory-stick to enter data into a medical IT system can be considered “reasonably foreseeabl...
Post a Comment
Read more