Towards Securing Medical Documents from Insider Attacks

Medical organizations have sensitive health related documents. Unauthorized access attempts for these should not only be prevented but also detected in order to ensure correct treatment of the patients and to capture the malicious intent users. Such organizations normally rely on the principle of least privileges together with the deployment of some commercial available software to cope up this issue. But such methods can't be helpful in some of the misuse methods e.g. covert channels. As insiders may be the part of the team which developed such software, he may have deliberately inserted such channels in the source code of that software. The results may be catastrophic not only to that organization but for the patients too. This paper presents an application for securely exchange of documents in medical organizations of our country. The induction of water marking and hash protected documents enhances its security and make it fit to deploy in medical related organizations. The deployment is done in such a way that only higher management has access to the source code for reviewing. Results demonstrate its effectiveness in preventing and detecting majority of the information misuse channels.