CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWRAF > CWE List > CWRAF Vignette Details - Domain pub-health  
ID

CWRAF Vignette Details - Domain pub-health

The MITRE Corporation
Copyright © 2013
http://cwe.mitre.org/cwraf/

CWRAF version: 0.8.3

Date: April 3, 2013

Project Coordinator:

Bob Martin (MITRE)

Document Editor:

Steve Christey (MITRE)
CWRAF Vignettes - pub-health
CWRAF Vignettes - pub-health

Within the Common Weakness Risk Analysis Framework (CWRAF), a vignette provides a shareable, formalized way to define a particular environment, the role that software plays within that environment, and an organization's priorities with respect to software security. It identifies essential resources and capabilities, as well as their importance relative to security principles such as confidentiality, integrity, and availability. For example, in an e-commerce context, 99.999% uptime may be a strong business requirement that drives the interpretation of the severity of discovered weaknesses.

Vignettes allow CWSS to support diverse audiences who may have different requirements for how to prioritize weaknesses. CWSS scoring can occur within the context of a vignette.

This page currently contains details for 2 vignettes within the "pub-health" domain. These are illustrative only; the CWRAF community will help to refine these and develop others. Feedback is welcome.

Vignette Summary
Vignette Summary
NameDescription
Medical BillingMedical encoding and billing. Data used includes Electronic Health Records (EHR), financial management, and interactions with insurance companies.
Human Medical DevicesMedical devices - "implantable" or "partially embedded" in humans, as well as usage in clinic or hospital environments ("patient care" devices). Includes items such as pacemakers and automatic drug delivery. Control or monitoring of the device might be performed by smartphones. The devices are not in a physically secured environment.
Vignette Details
Vignette Details

Vignette Definition: Medical Billing

NameMedical Billing
IDmed-billing
Maturityunder-development
Domainpub-health
DescMedical encoding and billing. Data used includes Electronic Health Records (EHR), financial management, and interactions with insurance companies.
ArchetypesWeb browser, Web server, Database, General-purpose OS, B2B Communications
Business Value Context (BVC)Privacy is very important, claimed by one source to be the largest obstacle for sharing medical records; yet life-and-death situations in (critical care) may have different criteria than in a clinical setting. Electronic medical breaches could lead to discrimination, not just personal embarrassment or discomfort.

Availability is less important - could cause delays in billing but do not directly affect health of the patient.

Notes
References
  • Blog entry - privacy considerations and EHR

    quote: Privacy concerns have been the main deterrent to "wiring" medical records... in life-and-death cases, ease of access to patient records can make a critical difference. Electronic medical record breaches open the door to new kinds of discrimination. Imagine a healthy person losing a job opportunity because her family history suggests an elevated risk of a debilitating disease. Imagine embarrassing disclosures based on prescription drug information. Imagine insurers -- let's assume for a moment that not every insurer is scrupulous -- basing payment decisions on information they are not legally allowed to see.

  • Hospital Employee's Stolen Laptop Contained Info for 21K Patients

    Birth dates, SSN, insurance information stolen from laptop; employee had downloaded this data to a personal laptop, where it was stored unencrypted.

  • Usenix HealthSec '10 report

Technical Impact Scorecard

ImpactLayerSubscoreNotes
Modify dataSystem
Modify dataApplication8Attacker could modify billing amount or recipient, leading to financial loss.
Modify dataNetwork
Modify dataEnterprise
Read dataSystem
Read dataApplication6Privacy / HIPAA violations if unauthorized people can read medical records or financial PII.
Read dataNetwork
Read dataEnterprise
DoS: unreliable executionSystem
DoS: unreliable executionApplication4Billing is delayed, but other methods may be utilized if an outage is extended.
DoS: unreliable executionNetwork
DoS: unreliable executionEnterprise
DoS: resource consumptionSystem
DoS: resource consumptionApplication4Billing is delayed, but other methods or channels may be utilized if an outage is extended.
DoS: resource consumptionNetwork
DoS: resource consumptionEnterprise
Execute unauthorized code or commandsSystem10Attacker could shut down the system or disable the application.
Execute unauthorized code or commandsApplication10Attacker could read or modify billing data, private patient information (financial and medical), shut down the system.
Execute unauthorized code or commandsNetwork
Execute unauthorized code or commandsEnterprise
Gain privileges / assume identitySystem
Gain privileges / assume identityApplication7
Gain privileges / assume identityNetwork
Gain privileges / assume identityEnterprise
Bypass protection mechanismSystem7
Bypass protection mechanismApplication7
Bypass protection mechanismNetwork
Bypass protection mechanismEnterprise
Hide activitiesSystem2Inability to identify source of attack; cannot obtain sufficient evidence for criminal prosecution.
Hide activitiesApplication2Inability to identify source of attack; cannot obtain sufficient evidence for criminal prosecution.
Hide activitiesNetwork2Inability to identify source of attack; cannot obtain sufficient evidence for criminal prosecution.
Hide activitiesEnterprise2Inability to identify source of attack; cannot obtain sufficient evidence for criminal prosecution.

Vignette Definition: Human Medical Devices

NameHuman Medical Devices
IDmed-device
Maturityunder-development
Domainpub-health
DescMedical devices - "implantable" or "partially embedded" in humans, as well as usage in clinic or hospital environments ("patient care" devices). Includes items such as pacemakers and automatic drug delivery. Control or monitoring of the device might be performed by smartphones. The devices are not in a physically secured environment.
ArchetypesWeb client, General-purpose OS, Embedded Device, Smartphone
Business Value Context (BVC)Power consumption and privacy a concern. Key management important. Must balance ease-of-access during emergency care with patient privacy and day-to-day security. Integrity and availability are essential - improper execution or failure of the device could lead to illness or death.
Notes
References

Technical Impact Scorecard

ImpactLayerSubscoreNotes
Modify dataSystem10Device failure or instability could cause sudden medical emergency due to modification of critical settings such as amount and frequency of treatment delivery.
Modify dataApplication10Device failure or instability could cause sudden medical emergency due to modification of critical settings such as amount and frequency of treatment delivery.
Modify dataNetwork
Modify dataEnterprise
Read dataSystem
Read dataApplication7Violate patient expectations of privacy, leading to embarrassment or abuse.
Read dataNetwork
Read dataEnterprise
DoS: unreliable executionSystem10Device failure or instability could prevent treatment and suddenly cause medical emergency.
DoS: unreliable executionApplication
DoS: unreliable executionNetwork
DoS: unreliable executionEnterprise
DoS: resource consumptionSystem8Slowdown of device operation could lead to eventual medical emergency. Could significantly increase power consumption.
DoS: resource consumptionApplication
DoS: resource consumptionNetwork
DoS: resource consumptionEnterprise
Execute unauthorized code or commandsSystem10Device failure or instability could suddenly cause medical emergency.
Execute unauthorized code or commandsApplication
Execute unauthorized code or commandsNetwork
Execute unauthorized code or commandsEnterprise
Gain privileges / assume identitySystem1Device is typically not multi-user.
Gain privileges / assume identityApplication
Gain privileges / assume identityNetwork
Gain privileges / assume identityEnterprise
Bypass protection mechanismSystem7Successful attack could lead to device failure or slowdown.
Bypass protection mechanismApplication
Bypass protection mechanismNetwork
Bypass protection mechanismEnterprise
Hide activitiesSystem3Unable to identify source of attack. Failure symptoms might not indicate that an attack even took place.
Hide activitiesApplication3Unable to identify source of attack. Failure symptoms might not indicate that an attack even took place.
Hide activitiesNetwork
Hide activitiesEnterprise
Page Last Updated: April 02, 2018