BackgroundIt is very important for enterprises to think about security at the

Table of Contents

BackgroundIt is very important for enterprises to think about security at the design phase. This way can lead to a more secure product that have less security flaws at the design. Internal data sharing between hospital departments is important for the hospital staff and patients. Therefore, it is essential for these transmitted data to be secured while in transmission and not be tampered with because these data may be used to identify an illness or be used at an operation so ensuring integrity of these data is essential. Network ArchitectureThe design of the network architecture must be based on the requirement. The device will have to operate at the current location only and cannot be operated outside. This can be achieved by modifying the device to only connect to a roaming switch that is managed by a controller connected to the local hospital network. We will secure the connection from the device to the server by using 256 bit AES encryption algorithm to secure transfering of data to the server and prevent eavesdropping. The picture below shows network architecture to be followed. We will also implement authentication method to only accept data from specific IP ranges and mac addresses. Security Goals for Health SystemsThe security of an individual health data must be taken serious when designing health monitoring devices. Some of the security goals we are following that are derived from HIPPA are not limited to but includes: 1. Protect patient data privacy by allowing individuals to control access to their own health-care information. This goal is achieved by providing unique login credentials. 2. Allow only fully authenticated and specifically authorized individuals access to data. This is achieved because only nurses and doctors are allowed to see these data.3. Preserve integrity of data sent over the network. This is achieved by checking if data are coming from the correct location, implementing mechanism to detect data tampering, and by keeping an audit trail.