• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.21-29
• /
• 2016

Our society is currently exposed to environment of various information that is exchanged real time through networks. Especially regarding medical policy, the government rushes to practice remote medical treatment to improve the quality of medical services for citizens. The remote medical practice requires establishment of medical information based on big data for customized treatment regardless of where patients are. This study suggests establishment of regional medical cluster along with defense and protection cooperation models that in case service availability is harmed, and attacks occur, the attacks can be detected, and proper measures can be taken. For this, the study suggested forming networks with nationwide local government hospitals as regional virtual medical cluster bases by the same medical information system. The study also designed a mutual cooperation security model that can real time cope with IP Spoofing attack that can occur in the medical cluster and DDoS attacks accordingly, so that the limit that sole system and sole security policy have can be overcome.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.641-643
• /
• 2021

The Internet of Things (IoT) connects all markets and industries, enabling new business models for a variety of services and service providers. The Internet of Medical Things (IoMT) not only accelerates medical advances, but also enables treatment with a more human approach. In addition, it improves treatment methods and quality of precision medical care through data, enables timely treatment, and improves operational productivity of medical institutions through a simplified workflow. However, since the medical field directly affects human health and life, securing security has become an issue above all else, and is a target for hackers trying to exploit it. Therefore, in this study, IoMT technology and security threats and countermeasures in the medical field are analyzed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.2
• /
• pp.374-379
• /
• 2005

In the most of medical institution medical information is totally stored in a database and many number of researchers and staffs of the hospital access these information anytime. This can be caused patient's privacy to be violated. Introducing a tool for security should be considered as one of the most important requirement especially in the case that today's medical information service expands into an integrated one. In this paper we review the matters of security threat on a medical information system and propose a secure medical information service model equipped on mobile device such as PDA. Also we propose a security architecture employing a digital signature mechanism to protect the personal information on the model. Proposed architecture can lead the doctor to diagnose with high responsibility, help to build a reliable medical information system. and through the signed data, we can get some useful information against medical strife.

• Electronics and Telecommunications Trends
• /
• v.36 no.5
• /
• pp.21-31
• /
• 2021

Ransomware attacks, such as Conti, Ryuk, Petya, and Sodinokibi, that target medical institutions are increasing rapidly. In 2020, in the United States., ransomware attacks affected over 600 separate clinics, hospitals, and organizations, and more than 18 million patient records. The cost of these attacks is estimated to be almost $21 billion USD. The first death associated with a ransomware attack was reported in 2020 by the University Hospital of Düesseldorf in Germany. In the case of medical institutions, as introduced in the Medjack report issued by TrapX Labs, in many cases, attackers target medical devices that are relatively insecure and then penetrate deep into more critical network infrastructure, such as EMR servers. This paper introduces security vulnerabilities of hospital medical devices, considerations for ransomware response by medical institutions, and related technology trends.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04b
• /
• pp.1173-1176
• /
• 2001

정보통신의 발달로 인하여 의료분야에서도 컴퓨터 기반 환자기록이 보편화되었다. 이러한 의료정보에는 가족 병력 기록, 과거 병력 기록, 정신 질환 기록 등 개인의 텍스트 정보뿐만 아니라 X-ray 등과 같은 영상 정보들이 의료기관간의 내 외부로 이동되고 있다. 이러한 정보들은 네트워크 환경 하에서 자연히 노출될 수 있는 보안상의 문제가 대두되고 있다. 이를 위하여 기존의 의료 정보 시스템과 잘 호환되고, 안전하고, 효율적인 보안 장치가 필요한데 이러한 장치 중의 하나가 견고한 암호 알고리즘의 구축이다. 이 논문에서는 현재 PACS의 표준 프로토콜인 DICOM의 데이터 구조와 같은 크기의 블록으로 나누어 암호화는 알고리즘을 제안한다.

• Journal of radiological science and technology
• /
• v.31 no.4
• /
• pp.347-353
• /
• 2008

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.951-960
• /
• 2015

The smart screening in the medical field as diffusion of smart devices and development of communication technologies is emerging some medical security concerns. Among of them its necessary to taking risk management measures to identify, evaluate and control of the security risks that can occur in Telemedicine because of the Medical information interchanges as Doctor to Doctor (D2D), Doctor to Patient (D2P). This research paper studies and suggests the risk analysis and evaluation methods of risk security that can occur in Telemedicine based on the verified results of Telemedicine system and equipment from the direct site which operating in primary clinics, public health centers and it's branches, etc.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.49-58
• /
• 2005

We propose a specific ubiquitous sensor network (USN) architecture as a promising candidate of the future telemedicine model which offers the patient's mobility and more cost-efficient medical care system. This new USN architecture is a kind of cell-based secure sensor network supporting encrypted multi-casting communications and it has a hybrid routing protocol by adapting flat routing to hierarchical routing. For the patient's privacy and the protection of patient's vital information from eavesdropping, we adopt a lightweight PKI-based secure communication protocol with some formal presentation on its core procedure.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.7 no.1
• /
• pp.45-49
• /
• 2014

In this paper, we propose a secure and efficient RFID-based patient authentication protocol to not only authenticate patients' authenticity but also protect patients' personal medical informations for u-Healthcare environments. Since the proposed RFID-based patient authentication protocol provides strong security and efficiency, it can be used practically for patient authentication and personal medical information protection on the high technology medical environments such as u-Hospital and u-Healthcare.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1095-1098
• /
• 2004

IP VPN의 사용은 현재 보편화 되었고 네트워크 장비의 통합 추세에 따라 IP VPN과 방화벽 통합제품의 생산이 활발히 이루어지고 있다. 통합 보안 제품은 비용 효율성과 관리의 편리성, 확장성, 유연성과 같은 장점을 제공하지만 높은 성능 지원을 요구한다. 방화벽의 성능 인자의 하나로서 정책의 개수는 그 수에 비례하여 검색 시간이 지연되는 문제를 발생시키고, 이러한 성능 저하 문제는 VPN과 통합 시 더욱 가중된다. 더욱이 차세대 네트워크인 IPv6로 환경에서는 IP의 비트수가 증가하여 검색 성능 문제 해결이 필수적으로 요구된다. 본 논문에서는 이러한 통합 제품의 검색 성능 문제에 관한 해결 방안으로 IPv6 주소의 특성을 사용한 메커니즘을 제안한다. 제시한 메커니즘은 보안 정책 테이블의 주소 필드를 IPv6 주소에 포함된 인터페이스 식별자로 대체하여 보안 정책 테이블의 검색 속도를 향상시키는 방법이다. 이 방법은 차세대 네트워크 환경에서 주목 되고 있는 보안 및 성능 문제에 대해 큰 역할을 할 것으로 기대된다.