Cyber security

Cybersecurity

FBIvs. Apple

InFebruary 2016, the Federal Bureau of Investigation sought thejudiciary’s help in compelling Apple Inc. to provide them withaccess to Syed Farook’s IPhone. Syed Farook was the mainperpetrator of the December 2015 San Bernardino shootings. The FBIcould not attempt to use a trial and error method on the IPhone sinceafter ten failed login attempts the IPhone deletes all the content.Thus in January they asked Apple to give them a backdoor to theIPhone’s Operating System. Apple refused because they felt thatgiving out the phone’s operating system’s source code was aninfringement on their First Amendment Rights. Also, Apple did notwant to compromise the integrity of their security system, an actionthat would have caused a lot of public backlash. In the end, the FBIhad to contract a third party to hack the phone. In response to theFBI’s actions, Apple increased the level of data encryption acrossall IPhones (Kharpal, 2016 Khamooshi, 2016).

Appleis justified in refusing to grant the FBI access to Farook’s phonesince the FBI had wanted to be given backdoor access to IPhones. Thisprocess would involve handing the Justice Department with “keys”to all IPhone models. Apple could not guarantee that the governmentwould not misuse the code for other purposes. Further, by creating abackdoor to their phones, Apple would also be making their phonesvulnerable to foreign spies (Khamooshi, 2016). Lastly, Apple’sFirst Amendment rights would have been infringed upon since accordingto the case of Bernstein v. the United States coding is a form ofspeech (Pollicino and Romeo, 2016)

Onthe other hand, the FBI puts forth a compelling argument. Syed Farookwas a terrorist who probably had other accomplices within the US. Ifsuch accomplices exist then decrypting the phone is a time sensitivematter that could save many lives. Apple and the Department ofJustice can reach a compromise in the following ways. One, the FBIshould drop their request for a backdoor since it is Apple’sbiggest worry. In future, the FBI should partner with Apple engineersto access a culprit’s phone in a way that does not require Apple togive out the IPhone Operating System (IOS) source code.

Further,Apple would have to lose its First Amendment privileges. BenjaminFranklin held the belief that people had to lose some degree ofliberty to gain a corresponding amount of security. Apple’s FirstAmendment argument is also shallow, and it fails to view thesituation holistically. Syed Farook was a terrorist who might haveaccomplices who are plotting similar attacks. National security(backed by compelling evidence) supersedes Apple’s First Amendmentconcerns.

Cyber-securityin hospitals

Computersin hospitals are becoming increasingly interconnected because theyease the sharing of patient information across different departmentsand various hospitals. Also, they support evidence-based practices.Evidence-based practices rely on the exchange of information amonghealth practitioners to determine the best treatment alternatives.Security risks associated with medical devices can be lifethreatening. For instance, in 2010, a New Jersey VA catheterizationlaboratory was infected by malware causing the facility to stopservices. Additionally, research data has to be protected. Medicalcenters spend a lot of money in the development of treatment methods.If such information were to leak, researchers would incur significantlosses (Coronado and Wong, 2014 Fu and Blum, 2013).

Thesharing of patient data across numerous facilities puts theinformation at risk of being corrupted or hacked thus infringing on aperson’s privacy. Furthermore, research by Fu and Blum (2013) showsthat many hospitals till rely on old operating systems such asWindows XP for their computers and devices. Security updates for SP1,and SP2 versions of Windows XP ended in 2014. Thus many of thepatients’ records are vulnerable to attack. Also, the sharing ofinformation across many devices, facilities, and platforms means thatpatient data is becoming increasingly accessible by many people.Therefore, these interconnected systems inadvertently make privateinformation public (Ayala, 2016).

Healthcarecyber-security threats can be mitigated through the following ways.One, manufacturers of medical products should integratecyber-security features within their products. Two, they shouldprovide periodic security updates for a reasonable amount of time tothe end users. Three, health facilities should make use of up to datecomputer systems to prevent vulnerabilities that arise from oldsystems. If the facility intends on using an old system, they shouldnegotiate with the system manufacturer to provide them with securityupdates. Lastly, data access privileges should be restricted to onlythe relevant parties. For example, only the practitioners handling acertain patient’s case should have access to the data.

Shortcomingsof HealthCare.gov

Duringthe 2013 rollout phase of the HealthCare.gov website, it crashed. Thefirst 18 months of operation were challenging for the administratorsof Healthcare.gov since they found themselves having to patch upnumerous security flaws in their website. For example, the websitedid not have proper restrictions on access. As such, it gave manyunauthorized users access to the clients’ data. Further, securitypatches on the website were not consistent. Some areas were fixedwhile others were not. This has been particularly true for state-runhealth insurance websites that did not receive timely securitypatches (IBPU, 2013).

Further,in 2014 hackers gained access to the HealthCare.gov internet site.The hack was made possible because contrary to regulations the testserver was connected to the web and the default password was still inuse (IBPU, 2013 Pear and Perlroth, 2014). A 2015 report by theUnited States Department of Health and Human Services found, evenmore, vulnerabilities on the Multidimensional Insurance Data System(MIDAS). During testing, the system showed that it was incapable ofencrypting 100 percent of the active sessions. Moreover, the systemcould neither detect nor generate vulnerability reportsautomatically, and it failed to identify generic accounts that weredesigned to test the system. If MIDAS were working properly, it wouldhave auto-deleted the generic accounts. According to the Office ofthe Inspector General report in 2014, MIDAS had 22 high risk and 62medium risk weaknesses (Batchelor, 2015).

Theproblems plaguing HealthCare.gov are more of administrational thantechnical since they had very competent developers at hand. Toprevent further data breaches, the operations of the front and backend developers need to be synchronized. The main homepage and thedatabase seem to be made by different people because the maininterface may work fine but when a person inputs data it generates anerror message. The lack of unison creates a loophole for hackers.Also, the Chief Information Officer needs to ensure that new featuresare rolled out in beta mode before being released to the public.Further, the Office of Management and Budget need to take a moreproactive role in the management of the Healthcare.gov websitethrough proper funding, administration, and activity coordination(Bleiberg and West, 2015).

References

Ayala,L. (2016).&nbspCybersecurityfor Hospitals and Healthcare Facilities: A Guide to Detection andPrevention.Berkeley, CA: Apress.

Batchelor,J. (2015). HHSReport Outlines More HealthCare.gov Vulnerabilities – Law360.Law360.com.Retrieved 7 November 2016, fromhttp://www.law360.com/articles/707077/hhs-report-outlines-more-healthcare-gov-vulnerabilities

Bleiberg,J. and West, D. (2015). Alook back at technical issues with Healthcare.gov | BrookingsInstitution.Brookings.edu.Retrieved 6 November 2016, fromhttps://www.brookings.edu/blog/techtank/2015/04/09/a-look-back-at-technical-issues-with-healthcare-gov/

Coronado,A. and Wong, T. (2014). Healthcare Cybersecurity Risk Management:Keys To an Efective Plan. AdvancingSafety in Medical Technology.

Fu,K. and Blum, J. (2013). Controlling for cybersecurity risks ofmedical device software. CommunicationsOf The ACM,56(10),35.

I.B.P. U. (2013).&nbspUnitedstates healthcare sector organization, management and payment systemshandbook.Place of publication not identified: International BusinessPublications US.

Khamooshi,A. (2016). BreakingDown Apple’s iPhone Fight With the U.S. Government.Nytimes.com.Retrieved 6 November 2016, fromhttp://www.nytimes.com/interactive/2016/03/03/technology/apple-iphone-fbi-fight-explained.html?_r=0

Kharpal,A. (2016). Applevs FBI: All you need to know.cnbc.com.Retrieved 6 November 2016, fromhttp://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html

Pear,R. and Pelroth, N. (2014). HackersBreach Security of HealthCare.gov.Nytimes.com.Retrieved 6 November 2016, fromhttp://www.nytimes.com/2014/09/05/us/hackers-breach-security-of-healthcaregov.html?_r=0

Pollicino,O., and In Romeo, G. (2016).&nbspTheinternet and constitutional law: The protection of fundamental rightsand constitutional adjudication in Europe.London New York: Routledge.