FEB - MAY 2019Encrypting patients' data across hospital networks
GoClinic is a digital healthcare provider that connects hospitals and patients, building a bridge between hospital ICT and patients' mobile phones. The goal of GoClinic system is to provide a secure data exchange for the optimal treatment, care and aftercare of hospital patients. GoClinic solution accustoms healthcare providers of various sizes: from small private clinics to academic hospitals.
As GoClinic team already used Cossack Labs' open source library Themis to build encryption engine for mobile and backend apps, their next challenge was building balanced security system around cryptographic core. This effort included cryptography design verification, application security analysis and bringing together technical parts of ISMS: technical standards and operational procedures.
Industry
Healthcare
EHR exchange
Technology stack
Google Cloud Platform (KMS, GKE, Redis, VerneMQ)
iOS
server-side Swift
Regulations
GDPR
ISO 27001, ISO 27002
Dutch Act on the Medical Treatment Agreement (WGBO)
Technology requirements
Compliance to healthcare regulations
Correspondence of security architecture and chosen security controls to the risk profile and healthcare regulations.
End-to-end encryption of medical data
End-to-end encryption of medical data from hospital networks to patients devices while preserving the usability of GoClinic mobile apps and making patients' lives less stressful.
Strong cryptography
Soundness of cryptographic protocol and key management procedures (including QR code-based key exchange) to prevent access to sensitive data without required keys.
Challenges
Extensive technology stack
GoClinic system operates within extensive technology stack, supports numerous mobile apps, cloud backend and databases. Data protection should be consistent and easily maintained across all infrastructure components.
Legacy hospital networks
Legacy hospital networks require careful integration, isolation of patients' data, and providing fully fledged data lifecycle and it's security.
Customer's data isolation and insider risks
Cryptographic engine should be closely tied with platform-specific security controls. The security solution should prevent abuse and misuse from hospitals staff and “curious patients”.
Solution
We've performed a security architecture evaluation and cryptographic protocol assessment, verified and improved overall application and infrastructure security, advised on improving security roadmap for GoClinic solution.
Security advisory, security architecture assessment and risk modelling:
- We've defined a general security roadmap after assessing business risks (via FAIR), compliance demands, industry standard maturity / systems lifecycle planning approaches (NIST 800-160, OWASP SAMM) and potential threats. The roadmap includes security team decision scope, application security baseline, data/risk classification, security goals, internal security standards.
- Based on security roadmap and current architecture, we've established a detailed risk model, security model and plan of improving security measures to create well-rounded data security.
- We've performed review of the security controls across architecture, application, infrastructure levels and provided a list of advice on their improvements.
Cryptographic audit:
- GoClinic already featured solid cryptographic design and clever usage of Themis cryptographic library. This allowed us to focus on maintainability and execution security aspects of the encryption layer.
- We've assessed the cryptographic protocol and key management procedures, modelled attacks and corner-cases and suggested mitigations for found caveats.
- We've verified that Themis is integrated and used correctly, with respect to data flow and platforms' limitations.
- We've provided a set of recommendations on data minimisation and clean-up, key management and memory management, crypto coding guidelines and usage of platform-specific security controls (Google Cloud KMS, integration with Keychain/SecureEnclave, biometric protection).
Products and services involved
Themis, a cross-platform crypto library
We used cryptographic library Themis as a building block for transport layer encryption on application level, relying on its interoperability among required platforms and OSs.
Read moreThemis, a cross-platform crypto library
Security architecture assessment
We've built risk, threat and trust models, analysed and prioritised attack vectors, assessed the fitness of selected security controls and their correspondence to ISMS.
Read moreSecurity architecture assessmentSecurity advisory
We work closely on establishing the ISMS: objectives, processes and procedures related to risk management and internal security standards.
Read moreSecurity advisoryCryptographic audit
We've assessed the cryptographic protocol design, reviewed and tested the code implementation, found design caveats and advised on fixing them.
Read moreCryptographic audit
Results and outcomes
GoClinic team acquired a basis for company-wide and product-specific security policy, solid security foundation and development plan for improving their system.
Sustainability of security architecture, deep integration of security controls and defined security roadmap allowed GoClinic team to target not only private hospitals, but also governmental healthcare companies, and provided a clear advantage over their competitors.
Improve your system security using our solutions
We help you focus on serving your customers better, while relieving your team from security engineering pains and making your users confident that their data is safe with you.
