Journal of Control Engineering and Applied Informatics
Hospital Asset Management By MAC Address-Based "Terminal Connected Status" Detection On Private Network
Abstract
Enhancement of computer technology enables the medical field to include
networked electronic medical record system. Also, progress in evidence-based medicine
reveals the demands of Internet connection service for medics who cite online records for
strategic diagnosis and therapy. Advanced medical information system is needed to connect
the whole region network of hospitals is necessary. Therefore, conventional private network
system must arm with several kinds of unauthorized access protection. Especially, a
reasonable solution against the access from Internet to internal is desired. This paper
proposes a method that provides an effective prevention of unauthorized access which is also
easy to install and manage. Additionally, the system supports asset management by detecting
the status of a connected terminal. The proposed method provides the attack detection of the
terminal by collaboration of MAC address access control list with the ARP log of layer-3
switching routers. The proposed method presents the exact location of the detected terminals.
The developed system was installed on medical information network of Kyoto University
Hospital (KUHP). As a result of real operation, the system proved its effectiveness as easy to
install, low maintenance cost, and asset management without sacrificing confidentiality,
integrity, and accessibility. Every suspicious access was notified by e-mail to make rapid
corrective action such as the physical exclusion. The required functions were confirmed by
the unauthorized access experiment. Besides these features, the disconnection experiment
that detected a registered terminal removal confirmed the function of lost terminal detection
service which is inevitable for hospital asset management.
networked electronic medical record system. Also, progress in evidence-based medicine
reveals the demands of Internet connection service for medics who cite online records for
strategic diagnosis and therapy. Advanced medical information system is needed to connect
the whole region network of hospitals is necessary. Therefore, conventional private network
system must arm with several kinds of unauthorized access protection. Especially, a
reasonable solution against the access from Internet to internal is desired. This paper
proposes a method that provides an effective prevention of unauthorized access which is also
easy to install and manage. Additionally, the system supports asset management by detecting
the status of a connected terminal. The proposed method provides the attack detection of the
terminal by collaboration of MAC address access control list with the ARP log of layer-3
switching routers. The proposed method presents the exact location of the detected terminals.
The developed system was installed on medical information network of Kyoto University
Hospital (KUHP). As a result of real operation, the system proved its effectiveness as easy to
install, low maintenance cost, and asset management without sacrificing confidentiality,
integrity, and accessibility. Every suspicious access was notified by e-mail to make rapid
corrective action such as the physical exclusion. The required functions were confirmed by
the unauthorized access experiment. Besides these features, the disconnection experiment
that detected a registered terminal removal confirmed the function of lost terminal detection
service which is inevitable for hospital asset management.