Protecting the confidentiality, integrity and availability of patient information is not only the best practices of the organization of health, but also the legal requirements. Health Insurance Portability and Accountability Act (HIPAA) mandates all health care organizations to deal effectively with administrative, technical and physical measures to protect the confidentiality of patient information, as well as to maintain data integrity for employees, customers and shareholders(Arbaugh et al., 1997).
Health organizations rely heavily on critical e-health and enterprise systems that are more accessible through the Internet. As a result, it has become more complex and important to protect the integrity and availability of these systems, and confidentially of sensitive patient and medical data. Host Intrusion Prevention is a security best practice and complements the company's defense, in-depth strategy.
Intrusion Detection and Prevention
Many medical organizations, beyond the firewall and intrusion detection technologies and rely on intrusion-prevention products to protect their systems. In health care, we have increased our security, we can better give up worms, viruses, a firewall can not prevent(Allen 2001).
In the health conditions, a powerful virus can cause tremendous chaos - not only the kind of viruses that make patients sick, but computer viruses that can cripple-electronic medical records and other information, the patient-systems. If doctors do not have access to electronic patient records and digital images such as X-rays in the treatment of patients because of system failure caused by worms, viruses, or denial of service attack, care can be significantly compromised. In addition, health insurance and Accountability Act requires the protection of patient information.
Closer inspection equipment will give surprising variety of manufacturers. While a typical office can make a list of 10-20 brands, original equipment manufacturers and industrial companies may cover 50-100 manufacturers in the medical host the widest range of products of the manufacturer - in fact we can say that just about any device if it looks a little different from any other is likely to come from another manufacturer. (Alberts Dorofee 2002)
Herein lies the main problem. Although most "smart" medical devices using common embedded operating systems, you can not upgrade or repair them as if they were regular computing devices. Just because a portable defibrillator and maternity wards ultrasound machine running Microsoft Windows 95 for their embedded operating system, it does not mean that the same approach ...