By Timothy L. Kelley
When it comes to security, they have a lot in common. In July 2015 the magazine Wired published an article in which two known hackers, Charlie Miller and Chris Valasek, hacked into a Jeep Cherokee via the internet from their basement. This attack was not a surprise to the driver, Andy Greenberg, since he was the article writer and guinea pig for the test. As Andy was driving in St. Louis, the hackers started up the air conditioning, messed with the wipers, applied the brakes, put hip-hop loudly on the radio, and eventually just killed the ignition. This was all fun and games until an 18 wheeler was barreling up on Andy, and he panicked. The hackers released their control and Andy drove to safety. Fortunately, this was a test and car hacking has not become a widespread threat. So how does a problem with this much impact on people get resolved from a security perspective? What if this happened to you? Would want the most secure method of security available?
Most healthcare institutions agree that security is the number one concern in the movement or exchange of patient images. The most common method today is the tangible exchange of CDs or DVDs. Some of these are encrypted, but nonetheless they can be broken, are cumbersome, and still lack security. Another method is to send the studies from a web interface to cloud storage to be downloaded by a credentialed user at another location with the same HTTPS web interface. HTTPS is considered secure, but when J.P. Morgan Chase was hacked, affecting 2 out 3 households in America, the technology was insufficient – and this is where your money is kept!1
Now let’s assume that hackers could access your car and download controls to it from a weak HTTPS site – this would wreak havoc on the highways and be a target for terrorism. To deal with this potential disaster, car manufacturers turned to defense contractors to develop a secure, unbreachable solution.
The solution is to employ a peer-to-peer (P2P) hardware recognition program to create a secure P2P network that has trust management by having the sender and receiver recognize each other from independent end points. Basically, the receiver (car) allows the data to be sent to it because it recognizes the sender’s hardware signature, which cannot be replicated by a hacker. If the trust recognition is not present, then no code will be received. Running these kinds of updates and transfer of data via the internet, even if utilizing HTTPS, is unsecure and ultimately dangerous. No one likes the thought of their car being taken over by a hacker going through a website.
A P2P solution can also be employed in healthcare. From a security standpoint, P2P networks offer inherent robustness and technology properties that are not easy to achieve in a traditional network design. For example, an attacker wishing to effect a denial of service in a traditional network can focus an attack on a relatively small number of centralized servers, whereas in a P2P network the attacker must compromise a relatively large number of servers in order to fully disconnect the network. P2P networks provide the highest level of security when exchanging any type of data, including the transfer of medical images.
Secure P2P networks can be used as a foundation for supporting medical applications. P2P networks have been developed to transfer medical images and patient data while eliminating the need to store excess data and images in the cloud. Typical exchange systems today involve long term storage of data that is at risk of a security breach, while P2P exchange does not involve this high risk of stored data or cost. This is something to consider the next time you’re reviewing your medical image and patient data exchange systems.
- Pagliery J. Banks are skimping on website security. CNN. June 23, 2015. http://money.cnn.com/2015/06/23/technology/bank-websites-encryption/
Timothy L. Kelley is the president and CEO at Nautilus Medical in Barrington, IL. He can be reached at firstname.lastname@example.org. You can find more information about Nautilus Medical at www.NautilusMedical.com.