Health security defeats RAF testers
- 14 January 2009
A team of RAF security experts recently spent three days attempting to penetrate the wireless networking component of a managed service covering healthcare for British Forces in Germany – and failed.
The secure networking is part of a managed service, PAS 2.0, built and hosted by Dataline Software for Guy’s and St Thomas’ NHS Foundation Trust. The trust has a contract with the Ministry of Defence to procure and manage hospital care for the population of British Forces Germany, totalling 55,000 service personnel, civilians and their immediate families.
Secondary care for BFG patients is not provided directly by the trust but procured by it from selected German hospitals. Primary care is delivered by MoD medical and dental centres serving the five garrison regions in Germany.
Dataline explained: “Outsourcing BFG healthcare in this way provides the MoD with assured standards of high quality healthcare, but necessitates a sophisticated, efficient and highly secure tool for the co-ordination and administration of all the activity this involves.”
PAS 2.0 manages the administration of a broad array of healthcare processes including referral, inpatient and outpatient appointments, A&E episodes and the financial accounting relating to GSTT’s contracts with its German hospital healthcare providers. It also has to meet the MoD’s very stringent security standards.
The operational goal of the three day ‘assault’ on the security of the system was for the RAF to penetrate the network via one of the wireless access points in the network architecture.
Dataline said: “The RAF team were particularly concerned that ‘going wireless’ might pose significant security problems and expose PAS 2.0 to the host of malicious attacks to which applications maintaining strategically sensitive information are frequently subjected.
“The network withstood the assault and passed the RAF’s testing with distinction, demonstrating in the process that the wireless deployment of complex web-based applications, hosted in a managed service environment can be implemented without fear of compromise over data security.”
A case study with further information about PAS 2.0 can be viewed here.