Introduction The Risk Assessment plan is needed for this Fictional Enterprise as this uses the automated information to deal with the patient records and to process this information for better support of their mission risk management plan plays a critical role in protecting the organization's information assets. This risk assessment is to evaluate risk in the areas of technical, operational and management of EMR systems. This report will provide the detail summary of possible risk that can cause damage to the EMR records in the distributed environment. Its gives the detail analysis of current controls, recommend solutions and methodologies.
2. System Characterization
o Servers, routers, LAN cables, switch.
o Microsoft Exchange Server is an e-mail-based communication server for businesses which is used for sharing emails, calendaring, contacts, storing files centrally creating the meeting requests.
o Microsoft SQL Server contains the patient data and used to retrieve their data using queries based on the requirement.
o Domain Controller job is to facilitate the collection of user accounts that are grouped together so that they can be centrally managed.
o Citrix Server that provides server and desktop virtualization, networking, and cloud computing technologies.
o Web Server running IIS to present main application as web pages
ï‚· System Interface
o The servers are connected to the LAN using routers and switches.
o The servers are connected to the internet using a single Firewall via a single connection to a single Internet Service Provider (ISP).
o The servers do connect to a WAN using this internet connection using a VPN and the nodes on this WAN (clinics around the state) each have a single connection to an ISP in their local area.
o Physically all the Servers are in a single unlocked room that has no fire suppression equipment other than the typical building sprinkler system and there are two sprinkler systems in the server room.
o The servers are connected to a trunk electrical line that is not part of the medical center's emergency power system and there is no line conditioning.
o For temperature control, the server room relies on the existing building HVAC system with heat exchangers located on the roof of the building. There is one air conditioning vent and one room thermostat serving the server room.
ï‚· Data and information
o The patient data is stored in the Microsoft SQL server.
ï‚· Persons who support and use the IT system
o All the employees in the hospital, doctors, patients and guests use this to get the information.
ï‚· System and data criticality
o This EMR is needed on a 24 hour basis as this is a cardiology specialty and is used in clinic rooms AND importantly, it is used by emergency physicians in the local trauma center for treatment of patients suffering from life threatening heart issues. This requires a WAN connection to be made available 24 hours a day.
3. Threat Identification
ï‚· The common Threat Sources that can occur to any IT system is Natural Threats, Human Threats and Environmental Threats.
ï‚· The Natural Threats like Floods, earthquakes, tornadoes, landslides, avalanches, electrical storms and other such events are unpredictable and the damage caused by them is complete loss of the equipment and the data. The only thing that helps after affected by this position is having a disaster recovery plan and back up's. The current environment doesn't have any of those so it is a high risk thing if any of these threats happen.
ï‚· The Human Threats that are unintentional acts like deleting the databases or wrong entry of data cause the damage to the system and the intentional acts like network based attacks, malicious software upload, unauthorized access to confidential information and SQL injection causes the loss of data and miss use of the patients data by the hackers.
ï‚· Environmental Threats like Long-term power failure, pollution, chemicals, liquid leakage and other create a high dame to the servers and the data as these are connected to a trunk electrical line that is not part of the medical center's emergency power system and there is no line conditioning.
4. Vulnerability Identification
ï‚· Potential vulnerabilities
o The previous employees who are no longer working with the agency accounts has to be removed and their access to any of the servers must be denied if this doesn't happen then there is a chance for those users to get the important information or to make changes and cause Sevier damage to the servers.
o The Citrix Presentation Server Client for Windows includes support for making ICA connections through proxy servers. An implementation flaw in this functionality may allow an attacker to execute arbitrary code in the context of the client process.
o This vulnerability could potentially be exploited by any malicious Web site visited by the user. This vulnerability is likely to be exploitable in most client deployments.
o The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for Web Ready Document Viewing is running in the Local Service account. The Local Service account has minimum privileges on the local computer and presents anonymous credentials on the network.
o If there is a false alarm or fire or negligence of the person the sprinkler system will be activated in the room and this will damage the servers.
o The Domain Controller has two vulnerabilities null session / password NetBIOS Access and NetBIOS Remote User List Disclosure
o Web server running IIS is vulnerable to run remote code and SQL injection.
o Microsoft SQL server allows remote code execution and allows elevation of privileges and the data in it is stored in not encrypted form and the confidential data can be seen by everyone.
o Three vulnerabilities reported in Microsoft Internet Information Services (IIS) could lead to a denial of service attack, escalation of privilege, and remote code execution.
5. Control Analysis
ï‚· All the previous employee access must be removed and they should not have any access to any of the servers.
ï‚· The guest users should not be given complete rights and right to access the data as soon as their work is done their accounts must be removed.
ï‚· All the data that is transmitted from the hospital to outside must be encrypted.
ï‚· The vulnerability has been addressed in the Citrix Presentation Server Client for Windows version 10.0 and later and it is strongly recommended that up gradation has to be done from their Citrix Presentation Server Client for Windows to version 10.0 and later.
ï‚· The security update is rated Critical for all supported editions of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010.
ï‚· The security control that should be taken should be in a documented format meeting the policies and procedures of the security.
ï‚· There should be a team working on the implementation of disaster recovery and the measures that need to be taken in order to recover from the damage.
ï‚· Documentation of security controls used for the IT systems. These controls should meet the requirements of the policy, standards.
Vulnerabilities and likelihood table Vulnerability
Untrained Professional or terminated employees
Hackers and Third party access
Long Term Power Loss