Murder in Hospital – Crime Scene Unknown
The murder victim was killed in hospital but no one knew where the murderer committed the crime since one of his weapons was the internet.
Is this scenario science-fiction or has it actually happened somewhere? No such case has ever been published, but the conditions that would make it possible (still) exist.
What sounds like the plot of a bad crime novel is technically realisable. A murderer could hack his way into a hospital’s IT network, free to look up patient details and where, how, why and when they will be treated. Not much left to do to deliberately influence the electronic devices on the wards. It could just be a playful experiment or it could be an attempt at targeted manipulation. Maybe it will hurt a patient, just by chance, maybe the patient was the killer’s rich uncle. That the murderer will also receive confidential hospital data, including personal details on all the patients and staff along the way, is not to be further contemplated.
This fictional scenario may already have been the reason for „incidents“ where „unexplainable events“ took place. The fact is that no infrastructure that needs to meet demands of integration and remote maintenance, as well as protect the rights of third parties, can be built reliably on the hardware components currently available.
The challenge lies in connecting different devices with various functions together in such a way that they form a functional system. In order for the security of the complete system to be legally guaranteed, each individual part needs to be secure by itself. Since every subsystem may demand a different interpretation of „security“, inevitable gaps will emerge that can only be closed by making sure that every subsystem remains secure, in IT terms, and reliable despite weaknesses in other parts of the system.
The weakness in these systems exists in the hardware of the processors. Practically all standard makes of these hardware components are based on an architecture that has existed for around eighty years. The software that has been constructed upon this architecture can compensate for some, but not all, of the deficiencies that adhere to these systems. Even multiple systems which monitor each other and offer mutual redundancies can be „switched off“ by malware attacks. The most important deficiency is the non-existent separation between instructions (to be executed by the hardware) and data (information to be worked with) in the memory. The resulting muddle leads to the high success rate of hacking attempts that are being reported more and more often. These attacks usually run along these lines: instructions disguised as data are channelled into the computer over an interface (internet, modem, external memories) to be executed by the processors.
A new hardware architecture, which demands and supports a clean and thorough separation between the data categories that exist in the system, could remedy these issues. This is achieved by the technology advertised here. It prevents software from being installed without the user’s intent. This allows the user to maintain complete configuration control over the systems, thus creating a mark of quality and a risk-minimising criterion in such systems’ performance.
This hardware architecture is patented and succeeded in the hardware category of competition „INNOVATION PRIZE – IT 2015“. IT security „Made in Germany“.