Project Description: HealthHub Medical Systems is a fictional organization that aims to revolutionize the healthcare industry through the integration of technology. The organization plans to develop a centralized healthcare management system that will allow patients to book appointments, access medical records, communicate with healthcare professionals, and manage prescriptions. Your task as a system security engineer is to create a proposal for the design of this secure system. Background: HealthHub Medical Systems is based in Metroville, a large metropolitan city. The organization aims to serve a diverse community of over two million people. With the recent rise in cyber-attacks targeting healthcare systems, security is a top priority for HealthHub. Components: Introduction: Introduce HealthHub and its vision. Discuss the importance of security in healthcare systems. System Purpose and Requirements: Define the purpose of the centralized healthcare management system and identify the security requirements to protect patient data and ensure uninterrupted services. Risk Assessment: Conduct a risk assessment to identify potential security threats and vulnerabilities that could affect the healthcare management system. Security Design Principles: Propose security design principles to safeguard patient data and ensure compliance with healthcare regulations. Security Architecture: Include a schematic diagram of the proposed security architecture, incorporating encryption, secure access controls, and intrusion detection systems. Implementation Plan: Propose a plan for implementing security measures, including employee training, system testing, and third-party security evaluations. Conclusion: Summarize the proposed secure system design and emphasize its significance in protecting patient data and promoting healthcare innovation. Scenario: HealthHub Medical Systems has recently received a government grant to develop a state-of-the-art healthcare management system. However, the grant requires adherence to strict security protocols to ensure the protection of patient data. Additionally, the company is located in a region with a history of cyber-attacks on healthcare systems.

Project Rubric

This criterion is linked to a Learning OutcomePre-engagement and Information Gathering Includes description of target system (you can create the scenario and base your submission off the included penetration testing report template). - Properly scoped target system - Collected relevant information This criterion is linked to a Learning OutcomeThreat Modeling and Vulnerability Analysis Learner - Identified vulnerabilities - Assessed risk and prioritized targets This should be included in findings of document based on vulnerability scans. This criterion is linked to a Learning OutcomeExploitation and Post-Exploitation The exploitation description of the report should include information on how you hacked into the target and what vulnerability you used to get in. - Successfully exploited vulnerabilities - Demonstrated understanding of gained access