Health-Care Telematics in Germany - Design and Application of a Security Analysis Method

Foreword

Abstract

Contents

List of Figures

List of Tables

1 Introduction

1.1 Motivation

1.2 Objectives of the Thesis

1.3 Research Methodology

1.3.1 Design Science

1.3.2 Research Design

1.3.3 Design Theory

1.3.4 Theoretical Contribution and Research Outcome

1.4 Practical Implications, Users, and Beneficiaries

2 Healthcare Telematics in Germany with Respect to Security Issues

2.1 German Healthcare

2.1.1 Structure of German Healthcare

2.1.2 Characteristics of the German Healthcare Sector

2.1.2.1 Information Exchange and Distributed Information Flows in German HealthcareSystem

2.1.2.2 Current Problems

2.1.2.3 Specifics of the German Healthcare Domain

2.2 Information Systems in Healthcare

2.2.1 Seamless Healthcare

2.2.2 Interoperability, Standards and Standardization Approaches in Healthcare

2.2.2.1 Communication Standards

2.2.2.2 Documentations Standards and Standardization Approaches

2.2.3 Healthcare IS Architecture Types

2.2.3.1 Monolithic System

2.2.3.2 Heterogeneous System

2.2.3.3 Service-Oriented IS Architecture

2.2.4 Implications for Security Issues of Healthcare Information Systems

2.3 Healthcare Telematics

2.3.1 Definitions and Objectives of Healthcare Telematics

2.3.2 German Healthcare Telematics

2.3.2.1 Healthcare Telematics Infrastructure

2.3.2.2 Electronic Health Card

2.3.3 Risk and Security Issues of Healthcare Telematics

2.4 Summary

3 Catalogue of IS Healthcare Security Characteristics

3.1 Legal Framework

3.1.1 Privacy

3.1.2 Legal Requirements

3.2 Protection Goals

3.2.1 Dependable Healthcare Information Systems

3.2.2 Controllability of Healthcare Information Systems

3.3 Characteristics of IS Security Approaches with Respect to Healthcare

3.3.1 Literature Review

3.3.2 Overview of Healthcare IS Security Approach Characteristics

3.3.2.1 General IS Security Approach Characteristics

3.3.2.2 General IS Security Approach Characteristics with Reference to Healthcare

3.4 Summary

4 Analysis of IS Security Analysis Approaches

4.1 Overview

4.2 Review of Literature

4.3 Existing Literature Reviews

4.4 Theoretical Background

4.5 Systematization of IS Security Analysis Approaches

4.5.1 Checklists

4.5.2 Assessment Approaches

4.5.2.1 Risk Assessment Approaches

4.5.2.2 Security Control Assessment Approaches

4.5.3 Risk Analysis Approaches

4.5.4 IT Security Management Approaches

4.5.4.1 The Plan-Do-Check-Act Approach of ISO 27001

4.5.4.2 Best Practice Models

4.5.5 Legislation Accommodations

4.6 Analysis of IS Security Analysis Approaches with Respect to Healthcare

4.6.1 Examination of IS Security Approaches with Respect to General IS Security Approach Characteristics

4.6.2 Examination of IS Security Approaches with Respect to General IS Security Approach Characteristics with Reference to Healthcare

4.6.3 Examination of IS Security Approaches with Respect to Healthcare Specific IS Security Approach Characteristics

4.7 Summary

5 Designing a Security Analysis Method for Healthcare Telematics in Germany

5.1 Introduction

5.2 Research Approach

5.3 Method Engineering

5.4 Description of Method Elements

5.4.1 Method Chains and Alliances

5.4.2 Method Fragments

5.4.3 Method Chunks

5.4.4 Method Components

5.4.5 Theoretical Background

5.5 Formal Description of the Concept of Method Engineering

5.6 HatSec Security Analysis Method

5.6.1 From Plan-Do-Check-Act Approach to a IS Security Analysis Method for Healthcare Telematics

5.6.2 Design of the HatSec Security Analysis Method

5.6.2.1 Method Blocks and Method Fragments

5.6.2.2 Overview of the Building Blocks of the HatSec Method

5.6.2.3 Perspectives of the HatSec Method

5.6.2.4 Context and Preparation of the Security Analysis

5.6.2.5 Security Analysis Process

5.6.2.6 Security Analysis Product

5.6.2.7 Two Sides of the HatSec Method

5.6.2.8 HatSec Structure

5.7 Review of the HatSec Security Analysis Method

5.8 Summary

6 Practical Application of the HatSec Method

6.1 Selected Case Studies

6.2.1 Overview

6.2.2 Identification and Classification of the Attackers

6.2.3 Identification and Classification of the Attack Types

6.2.4 Summary

6.2 Assessment and Classification of Threats around the Electronic Health Card

6.2.1 Overview

6.2.4 Summary

6.3 Analysis of the Applications of the Electronic Health Card

6.4 Analysis of a Proposed Solution for Managing Health Professional Cards in Hospitals Using a Single Sign-On Central Architecture

6.4.1 Overview

6.4.2 Induced Process Changes

6.4.2.1 General Changes

6.4.2.2 Discharge Letter Process

6.4.3 Existing Approaches for Managing Smart Cards in Hospitals

6.4.3.1 The Decentralized Approach

6.4.3.2 The VerSA Approach

6.4.3.3 Disadvantages

6.4.4 The Clinic Card Approach

6.4.4.1 Technical Architecture

6.4.4.2 Smart Card Management Unit

6.4.4.3 The Clinic Card and Card Middleware

6.4.4.4 Connector

6.4.4.5 Remote Access

6.4.4.6 Unique Characteristics of the Central Approach

6.4.4.7 Discharge Letter Process

6.4.5 Comparison of the Presented Approaches

6.4.5.1 Evaluation Framework

6.4.5.2 Hardware Requirements and Integration

6.4.5.3 Session Management

6.4.5.4 Usability

6.4.5.5 Further Value-Adding Aspects

6.4.6 Summary

6.5 Security Analysis of the German Electronic Health Card’s Components on a Theoretical Level

6.5.1 Overview

6.5.2 Components and Documents Considered in this Security Analysis

6.5.2.1 Security Analysis of the Electronic Health Card’s Components

6.5.2.2 Analysis of the Connector

6.5.2.3 Analysis of the Primary System

6.5.2.4 Additional Deficiencies Found During this Security Analysis

6.5.3 Attack-Tree Analysis

6.5.4 Summary

6.6 Security Analysis of the German Electronic Health Card’s Peripheral Parts in Practice

6.6.1 Overview

6.6.2 Laboratory’s / Physician’s Practice Configuration

6.6.3 Network Traffic Analyzes and its Consequences

6.6.4 Attacking the German Electronic Health Card

6.6.4.1 Permanent-Card-Ejection

6.6.4.2 Fill or Delete Prescriptions

6.6.4.3 Block a Card’s PIN

6.6.4.4 Destroy a Card

6.6.4.5 Spy Personal Information

6.6.5 Summary

6.7 Case Studies: Lessons Learned

7 Appraisal of Results

7.1 Overview

7.2 Progress of Cognition

7.3 Design Proposals for Healthcare Telematics

Bibliography

Appendix