Systems and methods for preventing an attack on healthcare data processing resources in a hospital information system
First Claim
1. A system, comprising:
- healthcare data processing resources;
non-healthcare data processing resources;
a switching entity disposed between the healthcare data processing resources and the non-healthcare data processing resources;
a communication link connected to the switching entity and connectable to an end user device;
the switching entity being operative to alternatively support, over the communication link, either a healthcare session between the end user device and the healthcare data processing resources, or a non-healthcare session between the end user device and the non-healthcare data processing resources;
the switching entity being configured to prevent the healthcare data processing resources and the non-healthcare data processing resources from communicating with each other via the switching entity.
6 Assignments
0 Petitions
Accused Products
Abstract
A system comprising a switching entity disposed between healthcare data processing resources and non-healthcare data processing resources. The switching entity is capable of operation in a first state in which an end user device is communicatively coupled to the healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to the non-healthcare data processing resources to support a non-healthcare session. If the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a memory purge at the end user device. Attacks on the healthcare data processing resources, both from the non-healthcare resources directly and via the end user device, are thus prevented.
75 Citations
81 Claims
-
1. A system, comprising:
-
healthcare data processing resources;
non-healthcare data processing resources;
a switching entity disposed between the healthcare data processing resources and the non-healthcare data processing resources;
a communication link connected to the switching entity and connectable to an end user device;
the switching entity being operative to alternatively support, over the communication link, either a healthcare session between the end user device and the healthcare data processing resources, or a non-healthcare session between the end user device and the non-healthcare data processing resources;
the switching entity being configured to prevent the healthcare data processing resources and the non-healthcare data processing resources from communicating with each other via the switching entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. An access controller, disposed between healthcare data processing resources and non-healthcare data processing resources, and connectable to an end user device via a communication link, the access controller comprising:
-
a switching entity capable of operation in a first state in which the end user device is communicatively coupled to the healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to the non-healthcare data processing resources to support a non-healthcare session; and
a control entity for controlling the state in which the switching entity operates. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
-
58. A method, comprising:
-
receiving an authentication request message from a user along a communication link;
determining, from the authentication request message, whether the user is claiming to be a healthcare user or a non-healthcare user;
sending the authentication request message to a selected one of a healthcare authentication entity and a non-healthcare authentication entity in dependence upon the determining;
responsive to successful authentication by the selected authentication entity, controlling the state in which a switching entity operates, wherein the switching entity is capable of operation in a first state in which the end user device is communicatively coupled to healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to non-healthcare data processing resources to support a non-healthcare session. - View Dependent Claims (59)
-
-
60. A computer-readable storage medium containing a program element for execution by a computing device to implement an access controller, said access controller including:
-
a switching entity capable of operation in a first state in which an end user device is communicatively coupled to healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to non-healthcare data processing resources to support a non-healthcare session; and
a control entity for controlling the state in which the switching entity operates. - View Dependent Claims (61)
-
-
62. An end user device, comprising:
-
a processing unit operative to support, during non-overlapping time periods, distinct communications sessions with corresponding data processing resources in a network, the communications session supported during each of the time periods being one of a healthcare session and a non-healthcare session;
a memory for storing data exchanged between the processing unit and the network during the communications sessions;
the memory being responsive to termination of communications sessions that are non-healthcare sessions to purge data stored into the memory during said sessions. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80)
-
-
81. A computer-readable storage medium containing a program element for execution by a computing device to implement an end user device, said end user device including:
-
a processing entity operative to support, during non-overlapping time periods, distinct communications sessions with corresponding data processing resources in a network, the communications session supported during each of the time periods being one of a healthcare session and a non-healthcare session;
a memory entity for storing data exchanged between the processing entity and the network during the communications sessions;
the memory entity being responsive to termination of communications sessions that are non-healthcare sessions to purge data stored into the memory entity during said sessions.
-
Specification