Side Effects of End-User Applications
An Analysis of Application Traffic and Associated Risks in Healthcare Environments
Healthcare organizations around the world are faced with a long list of challenges not the least of which is protection of patient data that includes health (last physical, recent test results), personal (social security number, age, address), and financial information (credit card numbers, bank accounts, income). An analysis of application traffic on 41 different healthcare organizations around the world confirms what most administrators already know – employees make the assumption that they are entitled to use any application they desire, without taking into account the possible business and security risks. The key findings include:
- Applications that enable users to bypass controls are in use.
Applications that enable employees to bypass security or policy controls were found with relatively high frequency. Specifically, external proxies were found on 80% of the networks while remote desktop access and non-VPN connectivity related encrypted tunnel applications were found 98% and 34% of the time respectively. - Peer-to-peer file sharing applications were found in more than 90% of the organizations.
Eighteen peer-to-peer (P2P) applications were found across 93% of the networks with an average of 5 P2P variants found on each network. The use of P2P applications increases the risk of inadvertent healthcare records transfer and adding to these risks, a new threat—Mariposa—is spreading rapidly across nine commonly used P2P networks. - Browser-based file sharing applications show significant usage.
An average of 7 browser-based file sharing application variants were found across 76% of the participating healthcare organizations. While not as common as P2P, these applications simplify the transfer of large files via the web. - Healthcare employees keep themselves entertained.
Out of the 506 applications found, 32% (161) of them qualify as entertainment oriented (social networking, media, file sharing and web browsing). Bandwidth consumed by these applications was approximately 44% of the total bandwidth consumed (11 terabytes). - Application accessibility features make visibility and control difficult.
Of the 506 applications found, 57% (289) of them can use port 80, port 443, or hop ports as a means of enabling user access. Accessibility features make an application easier to use, but can introduce business and security risks because traditional port-based offerings cannot see or control these applications.
The breadth of applications found during the analysis, along with the diversity of users highlights the challenges that IT departments face. On one hand, they are asked to enable network access for a demanding set of users, while on the other, they are required to protect the network and a wide range of patient data. As the drive towards regulatory compliance (PCI, HIPAA, N3, etc.) and electronic medical records (EMR) accelerates, the magnitude of this challenge is only amplified by the fact that many of these applications can easily evade detection and therefore are uncontrollable by existing firewall, IPS, Proxy or URL filtering solutions.
