Healthcare organizations host sensitive data that many attackers and hackers would like to have. Health IT experts and CIOs usually keep sensitive data on protected database servers. The secure server may reside on-premise or in the cloud. However, healthcare systems also implement dozens of HL7 interfaces for system integration. Unfortunately, most of the transmission of HL7 messages contains patient health data that moves from one system to another without encryption. An HL7 interface monitoring dashboard will show all the messages moving from system to system without adequate protection. Such information can be hacked, sorted, structured, and sold to people with ulterior motives. That’s why we highlight some of the security risks inherent in the HL7 interfaces and how your organization can mitigate them.
1. Understand the Security Vulnerabilities of HL7
Various types of HL7 messages contain patient data, including:
- ADT messages (for admission),
- ORM messages (for ordering drugs and tests), and
- DFT messages (for detailed financial transactions)
HL7 International designed the messaging standard with a focus on the OSI application layer. The organization leaves security to the developer or interface builder implementing the standard.
In fact, despite the sensitivity of the information in an HL7 message, many messages are sent and received as plain text, while encryption may take place at endpoints.
The insecurities in sending and receiving messages with HL7 are similar to those found in the file transfer protocol (FTP). Unfortunately, HL7 is less secure than FTP.
While FTP requires some amount of authentication, HL7 does not need authentication when making a connection. While most IT teams will avoid using insecure FTP, most allow HL7 messages to convey sensitive healthcare data.
2. Block All Unauthorized Access to Your Network
If you can’t encrypt the messages that flow between one information system and another, you must do all you can to prevent an attack on insecure messages. If hackers have access to your network, they can poison the address resolution protocol (ARP) by spoofing it.
If spoofing is successful, the intruder can use a packet sniffer to intercept the messages transmitted on the network. Subsequently, the hacker can block communication to obtain patient information or alter network traffic.
Similarly, a hacker may quietly pick up medical records. If the HL7 interfaces work without any service disruptions, data extraction can continue for months or years. Hackers can use such records for identity fraud and quick cash on the dark web.
The best way to handle this is to ensure all HL7 messages are transmitted as encrypted messages that a criminal can’t read with any spoofing tool.
3. Deploy Strong Encryption
Study your HL7 interfaces carefully. If you discover that health data moves through different network segments or on the Internet, you need to deploy encryption.
Remember that apart from “stealing” sensitive data, a cybercriminal may alter plain text HL7 messages. For instance, an attacker may modify DFT messages to evade billing or swap patient names on billing statements.
Examine HL7 messages and ensure that no plain text messages are transmitted from one system to another.
4. Use Secure FHIR Implementations
If you create new interfaces in your healthcare facility, adopt FHIR instead of HL7 version 2 or 3. And if you have a large number of HL7 interfaces in place, create a plan to migrate to FHIR.
FHIR makes use of application programming interfaces. It uses an HTTP-based protocol in JSON or XML formats to send and receive data.
However, since the standard does not enforce encryption but recommends it, your team needs to ensure that all data transmitted with FHIR is adequately encrypted.
Monitoring HL7 interfaces is essential to prevent security breaches. When properly implemented, securely transmitted data can save your organization thousands of dollars and avoid losing confidence that follows a data breach.