Addressing Security Issues of Electronic Health Record Systems through Enhanced SIEM Technology

Abstract

Electronic Health Records (EHR) are digital documents containing citizen medical information that can be used for advanced eHealth services, like emergency patient summary retrieving, historical data and events analysis, remote medical report access, e-Prescription. In this work we present the case study of an EHR management infrastructure, namely the InFSE, which implements a federated network of regional autonomous districts deployed on national scale. Despite the adoption of access control mechanisms based on authenticated transactions and assertions, the InFSE can be illegitimately used to retrieve patient health data and violate the citizen's privacy. We propose an enhanced Security Information and Event Management (SIEM) system, namely MASSIF, which is able to discover business logic anomalies and protect the identities of involved parties. In particular we focus on the software modules that perform sophisticated data aggregation and analysis, and provide fault and intrusion tolerant storage facilities, namely the Generic Event Translator, the Security Probes and the Trustworthy Event Storage. The components have been integrated on the widely used open source OSSIM SIEM and validated on a realistic test bed based on elements of the InFSE infrastructure.