Wireless Security in Mobile Health

Introduction

Major concerns in the health sector include breaches in disclosure and veracity of “patient–doctor confidentiality,” which both possess great legal and professional consequences, and not running the risk of endangering the lives of patients. The U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule gives federal protections for individual health information possessed by enclosed entities and provides patients with a range of rights with reference to such information. ¹ The Privacy Rule affects every structure of individuals' secured health information, whether electronic, written, or oral. The Security Rule, a U.S. Federal law that guards health information in electronic form, necessitates bodies covered by HIPAA to make certain that electronic protected health information is safe. ²

Thus, before important medical information is transmitted via a wireless network, the appropriate network security mechanisms must be installed. Mobile health (m-health) can be defined as “emerging mobile communications and network technologies for healthcare.” The evolution of electronic health (e-health) structures from the old-fashioned desktop telemedicine applications to wireless and mobile structures signifies this emerging concept. ³ The advent of m-health has facilitated a huge amount of clinical openness and opportunities to software applications quintessential to healthcare, which in turn has a direct linkage to accessibility and mobility irrespective of the geographical location of the health practitioners. M-health information is marked by the existence of handy hardware in conjunction with appropriate software application merged with the patient's personal profile, which is in turn transmitted through a wireless network. For example, mobile devices may be used by a health practitioner to view his or her patients' e-health record in order to prescribe the appropriate medication for the patient and also to properly document other health discoveries. The transfer of patient information is achieved through common technologies such as Wi-Fi, Bluetooth^® (Bluetooth SIG), mobile phone, and infrared, all of which are components of an existing network. In cases of emergency, m-health devices are usually of great advantage in healthcare due to their ability to provide instant and accurate personal information concerning the victims of such emergencies, and this information provides a basis for further research on such occurrences. Apart from the above-mentioned merits, m-health is cost-effective for both the health practitioner and the patient. ⁴

Business Opportunities in m-Health

Chronic disease conditions such as arrhythmia, diabetes, hypertension, and many other cardiovascular diseases are monitored through the aid of electronic devices such as the Holter and events monitors. ⁵ These disease conditions are expensive to treat or cure, and they can also limit life span. Research has shown that nearly €7.6 billion was the value of home health one-to-one care in 2010, which is expected to increase by 9% yearly, ⁶ all generated from monitoring tools, non-reusable materials, and services. An assessment made by Berg Insight showed that home monitoring can turn out to be a positive option for treating over 200 million people in the United States and Europe, and the number of patients who made use of home monitoring care with devices connected to the Internet was close to a million by the end of 2010. ⁷ Cohesive answers have been provided by many companies concerning the monitoring of several chronic diseases with examples such as Honeywell, Philips, MedApps, Cardiocom, and Bosch. Sales of medical devices and provision of services that focus on medical conditions and symptoms by medical companies have increased on a large scale. Because m-health is technologically inclined, many information technology (IT) and telecommunication companies have placed huge amounts of resources and investments into the sector, thus creating business prospects for service providers and manufactures of healthcare equipment that are into the business of providing home healthcare monitoring services to patients.

Smartphone applications such as diet guides, sport tracking applications, exercise guides, and other chronic disease management applications have been developed for further ease of home health monitoring. There is a high probability that the future of healthcare is largely dependent on the use of smartphones as a medium of monitoring individual health conditions, with the help of Bluetooth technology used to connect personal computers or mobile sets to meters used in reading vital signs. A typical example is the AirstripOB™ app, an iPhone^® (Apple) app that enables safe access for observing patient information like pulse, blood pressure, temperature, and weight from e-health records. ⁸

Development of new forms of medical treatment and technology has led to the acceptance of wireless home health monitoring, and this development comes with the challenge of monitoring and securing delicate information generated by these new technologies. Out of the hospital, technologies such as Telcare's cellular-enabled glucose meter from Healthrageous helps amend a diabetic patient's health, lifestyle, and habits, exploiting an evidence-based protocol for diabetes management. ⁹ It is asserted that SkyLight's smartphone microscope adapter can join just about any smartphone to any microscope, and it will be on the market by March 2012. It is designed to improve older microscopes for the digital era. The gadget permits clients to control their smartphone's camera to take photographs and create videos via the eyepiece of the microscope. The captured images can then be uploaded and shared. Real-time sharing of captured images and mutual videoconferencing is also enabled. ¹⁰ These and many more smartphone applications can also make use of the 4G services that provide good data services when clients of these m-health devices are out of their homes. A massive increase of m-health applications, devices, and other related services was observed between years 2010 to 2011. ¹¹

M-health is a multibillion dollar industry; thus the security of clients' information and the security of various stakeholders are paramount. Risk of attacks can either take the form of passive attack, where sensitive data transmitted between the client at home and the clinic are being captured by an attacker who views the data and sends them on without being detected, or active attack, where the contents of the transmitted data are interrupted and modified before being sent on. These two forms of attacks are generally referred to as “man-in-the-middle” attacks or transmission control protocol/Internet protocol hijacking attacks, and they are regularly done by installing phony access points. ¹² Another form of risk is faced when an attacker tries to bring down the network of the server in a clinic so as to extract data sent by clients who make use of m-health devices connected to the clinic's main server. This can be carried out by preventing the server from transmitting through flooding the server's radio frequency signal with noise. This form of attack can be used to gain access into the accounts section of the clinic and/or the client, finally resulting in Internet theft of private funds. These and other forms of attacks, which will be discussed later on in this article, show how much a stakeholder stands to lose if proper security measures are not put in place for the wireless network used in propagating its m-health devices.

OPEN IN VIEWER

Fig. 1.

Global smartphone mobile health applications market, 2011. Mobile health application revenues include applications downloads, marketing, transaction, service, and device sales. Source: research2guidance.

Home treatment and preventive methods such as early diagnosis aided by improved technology happen to be the major focus of healthcare in reducing cost. Health IT still may be slow to catch on, but rare is the hospital today that doesn't have a broad wireless infrastructure to enable the use of mobile devices, give Internet access to patients and visitors, and boost network capacity without running more wires. Based on a understanding of how well-funded the m-health sector is and with the kernel of transactions involving m-health devices established in hospitals and clinics, the next section of this article will elaborate more on the various forms of attacks that can be carried out on the wireless network made use of by m-health devices.

Threats Faced by Wireless Technology in Hospitals

The need to protect confidentiality, integrity, and accessibility of information forms the basis of IT security, which is of major importance to the confidentiality–integrity–availability triad. It is regrettable that the “availability” part of wireless networks is usually threatened by the innate features of wireless communication. There are six categories of attackers that can compromise the security of a wireless network: hackers, crackers, script kiddies, spies, employees and cyber terrorists, all with varying intents. ¹¹ The Computer Emergency Response Team Coordination Center, Forum of Incident Response and Security Teams, InfraGard, Information Systems Security Association, National Security Institute, and SysAdmin, Audit, Network, Security Institute are security organizations with the sole purpose of providing training, information, and assistance on network security. In research performed by experts working with the International Data Group, the use of wireless in healthcare is viewed as a means to “monitor medication packages as ordered by the physician and match it to the bar-coded wristband of the patient, make use of wireless badges for voice communication, and to access and update electronic medical records at patient's bedside.” ¹³ Thus hospitals with related requirements to the wireless setup will make wireless security the main concern in order to protect delicate patient data. Another threat faced by wireless technologies in and out of the hospital is that of having to provide training for users of m-health devices.

Access points with the ability to discover malicious traffic on the wireless network, load-share traffic, and also discover rogue access points are provided by several wireless vendors, but because of the primary defects present within the characteristics of wireless networks these measures can still be countered by an attacker using methods like congestion of radio frequency signals or by invading layer 1 or 2 of a wireless user or even the wireless card. Also, minute security is made available to hardware situated at the ground layers of the Open System Interconnection model ¹⁴ ; this defect can be used by attackers to break into the wireless network of the connected gadget, thus having absolute command over the entire system by attacking the core of the gadget.

Hospitals are advised when choosing their vendors to configure their wireless networks to work with Wi-Fi Protected Access 2 and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol rather than Temporary Key Integrity Protocol (TKIP) because of current advancements in equipment that take advantage of TKIP. ¹⁵

The Hack in the Box security symposium of 2008 was an avenue for Kris Kaspersky to show in a presentation models of codes that can take advantage of Intel central processing units (CPUs). Mr. Kaspersky noted in the presentation abstract ¹⁶ that “irrespective of the patches applied and running applications, Intel CPUs possess exploitable bugs susceptible to invasions that are restricted and isolated hence work in opposition to all operating system.” The ENTER code to be imputed into the CPU when analyzing the Inter Errata records in order to produce a form of error is anonymous. Nebulous techniques are seldom used in deriving the code. However, potential invaders are given clues by Intel on where to target their codes in Errata. There is a recording of what the pointer figure is meant to be by Intel with the location of where the CPU activates. Fortified with such data, an invader is likely to produce the essential malicious code that generates this situation; if achieved, there would be implementation of all commands in the CPU. There is every possibility that the first call of invasion is the defenseless wireless card that has excessive buffering so as to coerce the CPU into implementing the invader's instructions. The use of a current method and twisting by the invader can help in setting the instruction indicator to the site/area of the invader's shell code by overrunning the buffer. An invader gets complete access and control of the gadget by illegal entry and use of an unpatched wireless device, thereby entering the core level of the CPU and take advantage of it by:

• Installing other destructive software

Thus the invader is been able to compromise the confidentiality–integrity–availability triad that the security experts are vigorously protecting.

It is pertinent to note that the policy of operational patch management is not exclusive to operating system and application patches but also to other important areas such as BIOS updates and driver updates to wireless hardware components. Mitigating the above-mentioned invasion cases can only be achieved through regular auditing of wireless networks. We were informed by an IT staff of a clinic in a questioning segment that large numbers of printers situated in the clinic had wireless installations before being brought to the clinic, and this was discovered during the process of auditing. There was no confirmation from the IT staff if the printers had wireless access after their installation or if they had come from the factory with preconfigured wireless settings.

Research on Google showed that many printer sales companies, such as Samsung, Dell, and HP, among others, have printers with wireless capabilities in stock. Examining the mechanical composition of the HP deskjet printer series, the configuration of the Service Set Identifiers (SSID) had some disturbing specifics. With an open SSID, the deskjet is enabled to connect instantly to any available wireless network in that vicinity; put differently, the availability of numerous networks in that vicinity prompts the deskjet to instantly connect to the strongest wireless service. With the use of a directional antenna and proper additional software, an invader might take advantage of this vulnerability. A vivid example is the use of WiFi Predator, which does not require an invader to be close to the wireless printer but can be linked to the local area network if the preconfigured settings are still intact and the printer has routing abilities. Important patient records can be accessed illegally by an invader if the information is printed by a staff of the hospital from a printer whose network has been invaded. As a corollary to the above, because health centers and hospitals are more or less public oriented, an invader might create an illegal entry port from the defenseless network jacks of the reception. However, this illegal entry's implications can be exacerbated because of a process of hiding the port of entry from a wireless audit with tools like WKnock by the invader. ¹⁷ The configuration of this tool from an access point enables the invader to persistently snoop for wireless traffic without being detected by any intrusion detection systems. The only method by which the access point running on WKnock can return back to its previous state is if the invader sends a specific sequence of packets to the access point.

Getting mechanical specifications of hardware is not so hard, and by thorough search in the records of previous activities, there is a likelihood of the use of a previous structure like Metasploit^® (Rapid 7) by an invader to launch an invasion against the wireless network interface card, thus executing a code straight into the CPU. Other forms of wireless invasions include the “man-in-the-middle” attack, which is commonly done by setting up fake access point denial-of-service attack, which is done by either flooding the radio frequency spectrum with noise or sending a series of disassociation frames to a wireless device, forcing it to continually dissociate and reassociate with the access point.

Mitigating Wireless Security Threats

The three categories of wireless local area network protections are:

• Access control, which is used to protect availability of information and limit the user's admission to the access point.

Having gotten an illegal entry to the network, an invader is able to collate network traffic accessed from the clinic's network at time-out, thereby gathering domain administrator identifications or classified patient information. However, these invasions can be mitigated through the following ways:

1. Comprehensive threat investigation on wireless networks and devices that are prone to invasions should be carried out on a regular basis. This investigation must be able to pinpoint parts of devices that possess defenseless applications and program. It must also make sure that preconfigured settings are removed and reconfigured to suit the present security system such as changing the factory SSID of the access point to a private SSID. Recording of all parts of devices might become useless if there happens to be a breach.

It is regrettable that deployment of a wireless audit through a patched system does not mean that it is protected against invasions that are carried on the lesser levels of the operating system through signal jamming because by nature it is defenseless. At this stage the above described methods are ahead of the capacities of many organizations, with emphasis on health centers that possess high-perimeter walls, windows, or paints with signal-reducing dampening effects. ¹⁸ With the confidentiality–integrity–availability triad embedded at the heart of protection or security, the availability clause will always be failed because of the fact that it cannot be certain. In brief, precarious systems or life-saving machines are not to be connected to wireless devices as the only approach of information safekeeping. All threat investigations done by hospitals and other healthcare facilities should rate the possibility of risking people's lives as vital and more important than other things, and this would push the solutions that are affected.

Conclusions

Establishments have been advised to carry out regular site survey analysis of the wireless network being used through site survey analyzers like the AirMagnet site surveyor or Wireless Valley and to use advanced encryption standard in collaboration with other security tools such as virtual private networks, captive portals, and wireless intrusion detection systems because devices with the ability to take advantage of TKIP have been developed. Regular training of m-health devices users in and out of the hospital will also help in educating the users of the threats they face and easy methods of avoiding such threats. These security measures will help safeguard the investments of stakeholders in the m-health industries as well as the private client data transmitted via the wireless networks used in hospitals and their homes. Invaders will therefore start looking for other possible methods of invading the wireless network either by directing malicious attacks on wireless network interface cards with outmoded drivers or other parts of the network with little or no security.