Tracing masquerading attacks in distributed healthcare information systems

Several states in the European Union started to introduce distributed clinical information systems to develop new communication channels, and enhance a more effective collaboration among different healthcare institutions. These systems exchange Electronic Health Records, containing critical private information regarding patients. Not encouraging is the fact that masquerading attacks, although not massively popular, have a massive impact on the security of a system in terms of confidentiality and integrity. Not unaware of the problem the Integrating the Healthcare Enterprise initiative defines the Audit Trail and Node Authentication profile which specifies audit messages for reporting security, and privacy related events. Unfortunately as of yet, the initiative does not define a detection methodology that can be used for uncovering masquerading attacks. Hence, no implementations exist that help security personnel to analyse these audit records automatically. Based on challenges derived via expert interviews we designed a detection methodology in form of a conceptual masquerader detection framework tailored to the IHE context.