Risk analysis of information security in a mobile instant messaging and presence system for healthcare

https://doi.org/10.1016/j.ijmedinf.2006.06.002Get rights and content

Abstract

Introduction

Instant messaging (IM) is suited for immediate communication because messages are delivered almost in real time. Results from studies of IM use in enterprise work settings make us believe that IM based services may prove useful also within the healthcare sector. However, today's public instant messaging services do not have the level of information security required for adoption of IM in healthcare. We proposed MedIMob, our own architecture for a secure enterprise IM service for use in healthcare. MedIMob supports IM clients on mobile devices in addition to desktop based clients.

Methods

Security threats were identified in a risk analysis of the MedIMob architecture. The risk analysis process consists of context identification, threat identification, analysis of consequences and likelihood, risk evaluation, and proposals for risk treatment.

Results

The risk analysis revealed a number of potential threats to the information security of a service like this. Many of the identified threats are general when dealing with mobile devices and sensitive data; others are threats which are more specific to our service and architecture. Individual threats identified in the risks analysis are discussed and possible counter measures presented.

Discussion

The risk analysis showed that most of the proposed risk treatment measures must be implemented to obtain an acceptable risk level; among others blocking much of the additional functionality of the smartphone. To conclude on the usefulness of this IM service, it will be evaluated in a trial study of the human–computer interaction. Further work also includes an improved design of the proposed MedIMob architecture.

Introduction

Use of instant messaging services is becoming increasingly popular with Internet based systems like America Online's Instant Messaging, AIM (http://www.aim.com/), Microsoft's MSN Messenger (http://messenger.msn.com/), Yahoo! Messenger (http://messenger.yahoo.com/), and ICQ (http://www.icq.com/).

However, public instant messaging systems have been criticised for having a number of security weaknesses [1], [2], [3]. These weaknesses include the facts that the IM clients are always on, that logs can contain sensitive information, and that the communication goes via an externally controlled server. Most IM services were never intended for secure communication in the first place [2]. The rapid growth in the number of public IM users has created a new security concern for IT managers. New worms and viruses are increasingly using IM to spread, and 5–10% of the IM traffic today can be categorised as spam over IM (SPIM) [4].

Within the healthcare sector information security aspects are of vital importance, and may be of serious hindrance for the adoption of IM based services. In this paper we will examine the feasibility of using instant messaging systems in the healthcare sector from the viewpoint of information security.

Healthcare professionals are working in a mobile environment with rapid changes in their availability status, and they are exposed to interruptions at any time, anywhere. In addition to traditional desktop IM clients, IM for use in healthcare settings should therefore also offer clients on mobile devices.

In order to take care of both mobility and security aspects, we have proposed our own architecture: the MedIMob system. An overview of the MedIMob architecture is presented in this paper. Components of the MedIMob system have been further developed at the Norwegian Centre for Telemedicine (NST).

The main contribution of the paper is the results from a risk analysis of the MedIMob system, based on the architectural design of the system. The results of this risk analysis may be valid to other systems with a similar approach. In the risk analysis the assumed environment for the system was a hospital department, and communication within the department and between IM clients inside the department and IM clients outside. Information security challenges were identified as a number of security threats of different risk levels. Solutions are proposed for improvements of the unacceptable threats.

Section snippets

Background

Instant messaging (IM) is a lightweight near-synchronous communication technology. Technically it offers asynchronous communication, but it is used as synchronous communication because the messages are delivered almost in real time. Additional functionality for publishing and subscribing to presence information makes it possible for the users to see which other users and resources are available at any time. Presence information can be based on, e.g. schedules and calendar information, user

Architecture of the MedIMob system

To study the information security properties of IM we devised a preliminary architecture for an enterprise IM which embeds a number of the information security techniques usually deployed in areas with high security requirements. This architecture served as basis for the risk analysis presented later in the paper.

In our architecture we propose to use instant messaging and presence techniques to handle the availability and presence aspects, with mobile clients to support the mobility aspects of

Risk analysis method

To analyse the security challenges of an IM service for healthcare, we performed a qualitative risk analysis of the information security aspects of our proposed architecture and the intended environment. The goal was to identify security threats to the use of our instant messaging service within a hospital department, and find acceptable solutions to the threats.

Based on our experience from the CORAS project [15], [16], we performed the risk analysis by going through the five main steps

Risk analysis results

Table 2 shows the threats that were identified during the risk analysis. Fig. 2 shows for each threat the estimated likelihood and consequences.

Many of the identified threats are general when dealing with mobile devices and sensitive data (threat ID 1–10 in Fig. 2); others are threats which are more specific to our application and architecture.

In our risk analysis we found five threats which had an unacceptably high risk level, as can be seen from the risk matrix in Fig. 2. Three of these

Discussion

There are basically four different approaches to handle a risk [23]:

  • Accept the risk, in accordance with the organisation's security policy. These are the risks that are low enough to be acceptable. It is worth remembering that accepting the risk does not mean accepting the unwanted incident indicated by the threat.

  • Reduce the risk to an acceptable level. Since the risk is a product of likelihood and consequence, this means to reduce the likelihood, the consequence, or both. It is most often

Conclusion

The success of IM in other fields makes us believe that there is a potential for use also in the healthcare sector. Since the security level supported by existing public instant messaging services are insufficient, we have described a secure architecture for use within healthcare, based on the XMPP protocol. For our service we included the use of mobile devices, because healthcare workers are operating in a mobile environment with rapid changes in their availability status.

During the design

Future work

The use of instant messaging and presence services within organisations has been the focus of several evaluation studies [5], [6], [7], [8]. To our knowledge, no similar evaluation studies have been performed within healthcare settings with the purpose to understand the usefulness and limitations of IM technology in the healthcare domain.

To conclude on the usefulness of a service like this, a thorough observation and evaluation of the use of a messaging service will be conducted, focusing on

Acknowledgement

We would like to thank our colleagues at Norwegian Centre for Telemedicine who have given valuable feedback on this paper.

References (23)

  • B.D. Beardmore, Process-Driven, Wireless Computing & Enterprise Messaging in Healthcare, UnBound Technologies...

    • Cited by (0)

    View full text
    Copyright © 2006 Elsevier Ireland Ltd. All rights reserved.