environmental or mechanical accidents (e.g., backhoe damage during construction) do not interrupt vital links beyond tolerable periods.

Backup procedures, redundant facilities, and practice drills are much less common in more decentralized and loosely affiliated equipment sites. Often, personal workstations are dependent on users themselves for regular backup, a procedure frequently forgotten in the press of routine work activities. As indicated above, almost no attention is paid in current operations to protecting the content of backup media against snooping, other than physical security in the strongest sites: intruders would have to enter a physically locked facility to steal tape copies of backup information. There is no use of encryption technologies or cryptographic checksum technologies to protect backup stores against snooping or theft or to detect points at which unauthorized modifications might have been made to software or other file system content.

System Backup Procedures Not Yet Deployed in Health Care Settings

One of the key future technological challenges comes from needing to back up increasingly large file systems; often these contain terabytes of information (1 terabyte = 1012 bytes) when radiological image data are stored on-line. Off-line or mirrored storage is still relatively expensive, and the long time required to fully back up such large file stores means that times between full dumps increase. Systems that use time-stamped incremental backups will have to become routine.

System Self-Assessment and Attention to Technological Awareness

Concerns about computer security have been voiced for decades—historically most loudly in areas of national security and business—and procedural and technological solutions have been worked out for all but the most assiduous kinds of attacks. More recently, with the growth of the Internet and distributed computing, these issues have been felt more broadly, and a whole new class of problems centered on powerful new means of remote access to computers of all kinds has raised additional security challenges. Again procedural and technological solutions have been devised that offer prudent protection but recognize that concerted, directed, professional attacks on almost any computer facility will likely succeed despite the most rigorous protection. However, these ''prudent practice" solutions have not been adopted uniformly, partly because the number of affected computers has grown exponentially and partly because people responsible for these systems are not trained to select and apply these solutions or are unable to enforce workable solutions within an organization.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement