Paul Miller writes, about the risks of connecting a surgery to the
Internet:

> Patient data theoretically available to a determined hacker.  This
> always strikes me as unlikely as if IP address is allocated
> dynamically how will they find us ?

It also strikes me as fairly unlikely. Have a look at the BMA Guidelines
on www.cl.cam.ac.uk/users/rja14/#Med. Keep the threats in perspective:
by far the most serious is carelessness with the phone and fax. Why
should a private investigator hack your system, if he ring up and claim
to be from a hospital that has just admitted your patient in a coma; or
send faxes that look like they come from insurance companies? By far the
most important precaution to take is to have well thought out procedures
for answering requests for personal health information. See the
guidelines for our suggestions.

As far as attacks over the net are concerned, one needs to draw a
sensible line between prudence and paranoia. I don't know how your ISP
does things, but many of them offer a firewall service as well as random
IP address allocation. I would probably feel fairly comfortable with
that, so long as I knew their service was well managed and so long as my
own local configuration was also well managed.

Even without a firewall you may well be OK if your local security
management is good. In fact there are capable organisations that have
dispensed with firewalls, and there are capable security people who
believe that they are part of the problem rather than part of the
solution. The critical thing is whether your local system is tight
enough that even if a bad person got physical access to a terminal, he
couldn't do much harm.

One problem for the average organisation is that there may not be anyone
who understands what good security management is. Of course it means
things like tight password discipline and careful configuration
management; but the latter is very system dependent. Never having worked
with Novell systems, I can't comment on your specific problem in detail.
If you can't get to the point that you are comfortable about your ability
to handle network security threats, then do what many people on this list
do: have a separate PC for network access.

> The digital virus risk.  If we protect our workstations and server
> with, say, Dr Solomons, would this be adequate ?

NO! NO! NO! The primary protection against bacterial infection is
washing your hands between patients. Antibiotics are the secondary line
of defence.  Exactly the same applies to preventing computer viruses:
prevention first and cure second. If you don't know where a disk came
from, don't put it in the machine. Don't tolerate computer games. Insist
that everything comes in the original packaging, as you would for
surgical instruments.

This won't stop all viruses - even Microsoft has distributed viruses
from time to time - but it will cut the risk by orders of magnitude. Of
course it is sensible to use an antivirus product as well, but remember
that virus writers spend a lot of energy producing code that will get
past the common products - just as bacteria spend a lot of generations
evolving antibiotic resistance. Better keep them out in the first place.

> I know NHS.net will allow managed access to the net through
> appropriate firewalls, but we cannot wait for that.

It won't make any difference. We don't accept that the NHSnet will be
any safer than the Internet. The presentations we got on its security
were completely unconvincing.

John Hearns added:

> I'm setting up an ATM based imaging network.  We would like to firewall
> this off - and indeed were talking at length this morning on how to
> implement the firewall.
> We were always under the impression that it was forbidden to connect
> our Trust network to anything other than NHSnet.

It is perfectly clear that the Code of Connection has nothing to do with
security and everything to do with creating a cosy monopoly for BT. Your
ATM network will threaten them as it won't fit their business model of
charging 1p per kilobyte and putting everything through a stupid X400
system. But if they get away with that you can say goodbye to medical
images over the network anyway - they will be too expensive. You can
also say goodbye to your links to the academic community through Janet.

Don't worry, some hospitals have it even worse. Addenbrookes, for
example, is an integral part of our Granta backbone network. We have
repeatedly asked Ray Rogers and Kenny Calman where the million or two
pounds to rewire it will come from. We have yet to get an answer.

> Anyone any idea of the approved firewall products?
> We were thinking of starting with a Linux-based firewall.

There are a number of free software sources, such as the TIS kit - see
www.tis.com/docs/products/fwtk/index.html.

In any case, the BMA position is still that connecting clinical systems
to the NHSnet is unethical. So if your trust is under pressure to join
up, then buy a PC, put it in the chief executive's office and connect it
to the NHSnet - but not to anything else. This will put off the problem
for a while at least.

Ross



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%