Project Apa Style
JamVic
ProjectProposal.docxIoT SECURITY 2
How to Secure IoT Devices in XYZ Hospital
Student’s Name
Institutional Affiliation
Running head: IoT SECURITY 1
Abstract
XYZ hospital was established in 1995 and focuses on patient care, research, and education. Enabling technologies include remote healthcare monitoring, healthcare solutions using smart phones, ambient assisted living, and wearable devices. The problem faced by XYZ hospital is insecurity of IoT devices. The insecurity of IoT devices in the hospital compromises the confidentiality, integrity, and availability of information and information systems, which contribute to poor service delivery and financial losses. XYZ should impalement a radio frequency identification authentication protocol based on elliptic curve cryptography to eliminate vulnerabilities.
How to Secure IOT Devices in XYZ Hospital
Introduction
1.1 Description of the Organization
1.1.1 Evolution of the Organization
XYZ hospital was established in 1995 to provide healthcare services to residents. The hospital started with one doctor and three nurses who would provide health care services to residents from the local church. In 2005, the hospital was expanded when a facility was put up solely for providing healthcare services. The number of doctors increased to five while the number of nurses increased to twenty. Today, XYZ is a 500-bed hospital that focuses on improving the wellbeing residents.
1.1.2 Core Functions
The core functions of XYZ hospital include patient care, research, and education. The hospital offers highly specialized medical care, including serving patients referred from smaller clinics and hospitals. XYZ hospital researchers play a vital role in understanding disease processes, promoting best clinical practices, translating findings into clinical practice. The XYZ College of Science and Medicine was established in 2006 to offer educational programs embedded in the hospital’s clinical practice and biomedical research activities.
1.1.3 Enabling Technologies
Enabling technologies include remote healthcare monitoring, healthcare solutions using smart phones, ambient assisted living, and wearable devices. The four technologies make up the Internet of Health Things, which is an IoT-based solution made up of a network of architecture that connect patients to the healthcare facility (Rodrigues, Segundo, & Sabino, 2018).
1.2 Business Problem
The problem faced by XYZ hospital is insecurity of IoT devices. There is an increased rate at which connected devices in the hospital are hacked, which compromises system and information security. The fact that IoT devices are network-connected poses threats of attack and are vulnerable to physical attacks. The insecurity of IoT devices compromises confidentiality, integrity and availability, and affects all departments in the institution.
1.3 Supporting Research
The growing presence of IoT devices fosters new attack methods and surfaces for hackers to exploit, which poses serious privacy and security issues. Physical attacks, including side channel attacks that help in extracting the secret key from electronic devices are common in organizations (O’Neill, 2016). The increase in the use of IoT devices in healthcare contributes to security breaches, which threaten technology development in the field and financial loses when not addressed (Jeyanthi & Thandeeswaran, 2017). A 2015 study found that 68,000 medical systems were exposed online because the devices were connected to the internet through computers running very older versions of Windows XP (Chacko & Hayajneh, 2018).
Impact
2.1 Organizational Impact
The insecurity of IoT devices has adverse effects on XYZ hospital. The insecurity of IoT devices in the hospital compromises the confidentiality, integrity, and availability of information and information systems, which contribute to poor service delivery and financial losses. An attack on the enabling technologies, such as remote healthcare monitoring, healthcare solutions using smart phones, ambient assisted living, and wearable devices, which connect patients to the facility limits service delivery and results in financial losses in restoring the devices. This results in infectiveness and inefficiencies, which result in poor healthcare and patient outcomes.
2.2 Key Stakeholders
The insecurity of IoT devices in XYZ hospital affects most of the stakeholders, including customers, physicians, and employees in the IT department. An attack on IoT devices makes it difficult for healthcare consumers to contact the facility for healthcare services because of connectivity problems. This implies that patients do not get timely healthcare assistance, which negatively impacts their health. Physicians experience problems, such as delays in delivering healthcare services to clients because when the availability, confidentiality, and integrity of information are experienced. Constant attacks on IoT devices demotivate employees in the IT department.
Solutions
3.1 Potential Solutions
There are several potential solutions to the problem of insecurity of IoT devices in XYZ hospital. these include incorporating security measures into the design of IoT devices, including conducting a risk assessment before releasing the device in the market, ensuring that authentication is strictly adhered to and access to devices is limited, and implementing a defense in depth strategy to include several layers of security for protection against specific risks (Chacko & Hayajneh, 2018). Other potential solutions include putting in place proper access controls to limit unauthorized access to IoT devices and networks, testing the security of devices and monitoring security throughout the lifecycle, and establishing a culture of security where employees recognize vulnerabilities.
3.2 Previous Attempts to Solve the Problem
To promote the security of IoT devices, XYZ hospital implemented access controls and promoted a culture of security. Access controls limited unauthorized access to data, IoT devices, and networks, but hackers would still attack the devices. Promoting a culture of security where employees recognize threats to the security of IoT devices is less effective because most of the employees are not experts in IT.
Recommendation
XYZ should impalement a radio frequency identification authentication protocol based on elliptic curve cryptography to eliminate vulnerabilities. A shared key should be developed to encrypt the transmitted messages. The new protocol achieves various security properties, such as anonymity, mutual authentication, forward security, resistance of replay attack, and confidentiality (Dewangan & Mishra, 2018).
References
Chacko, A., & Hayajneh, T. (2018). Security and Privacy Issues with IoT in Healthcare. EAI Endorsed Transactions on Pervasive Health and Technology , 4 (14), 1-7.
Dewangan, K., & Mishra, M. (2018). A Review: Security of IOT Based Healthcare System. CCET Journal of Science and Engineering Education , 3, 25-28.
Jeyanthi, N., & Thandeeswaran, R. (2017). Security Breaches and Threat Prevention in the Internet of Things. Hershey, PA: IGI Global.
O’Neill, M. (2016). Insecurity by Design: Today’s IoT Device Security Problem. Engineering , 2, 48–49.
Rodrigues, J., Segundo, D., & Sabino, M. H. (2018). Enabling Technologies for the Internet of Health Things. EEE Access , 1 (1), 1-14.
