-
Journal of Medical Internet Research Aug 2023The health care sector experiences 76% of cybersecurity breaches due to basic web application attacks, miscellaneous errors, and system intrusions, resulting in...
The health care sector experiences 76% of cybersecurity breaches due to basic web application attacks, miscellaneous errors, and system intrusions, resulting in compromised health data or disrupted health services. The European Commission proposed the European Health Data Space (EHDS) in 2022 to enhance care delivery and improve patients' lives by offering all European Union (EU) citizens control over their personal health data in a private and secure environment. The EU has taken an important step in homogenizing the health data environment of the European health ecosystem, although more attention needs to be paid to keeping the health data of EU citizens safe and secure within the EHDS. The pooling of health data across countries can have tremendous benefits, but it may also become a target for cybercriminals or state-sponsored hackers. State-of-the-art security measures are essential, and the current EHDS proposal lacks sufficient measures to warrant a cybersecure and resilient environment.
Topics: Humans; Ecosystem; Computer Security; Europe; European Union; Health Care Sector
PubMed: 37616048
DOI: 10.2196/48824 -
Sensors (Basel, Switzerland) Aug 2023In the era of interconnected and intelligent cyber-physical systems, preserving privacy has become a paramount concern. This paper aims a groundbreaking proof-of-concept...
In the era of interconnected and intelligent cyber-physical systems, preserving privacy has become a paramount concern. This paper aims a groundbreaking proof-of-concept (PoC) design that leverages consortium blockchain technology to address privacy challenges in cyber-physical systems (CPSs). The proposed design introduces a novel approach to safeguarding sensitive information and ensuring data integrity while maintaining a high level of trust among stakeholders. By harnessing the power of consortium blockchain, the design establishes a decentralized and tamper-resistant framework for privacy preservation. However, ensuring the security and privacy of sensitive information within CPSs poses significant challenges. This paper proposes a cutting-edge privacy approach that leverages consortium blockchain technology to secure secrets in CPSs. Consortium blockchain, with its permissioned nature, provides a trusted framework for governing the network and validating transactions. By employing consortium blockchain, secrets in CPSs can be securely stored, shared, and accessed by authorized entities only, mitigating the risks of unauthorized access and data breaches. The proposed approach offers enhanced security, privacy preservation, increased trust and accountability, as well as interoperability and scalability. This paper aims to address the limitations of traditional security mechanisms in CPSs and harness the potential of consortium blockchain to revolutionize the management of secrets, contributing to the advancement of CPS security and privacy. The effectiveness of the design is demonstrated through extensive simulations and performance evaluations. The results indicate that the proposed approach offers significant advancements in privacy protection, paving the way for secure and trustworthy cyber-physical systems in various domains.
PubMed: 37631699
DOI: 10.3390/s23167162 -
Studies in Health Technology and... Dec 2023Electronic patient data use and handling are critical issues in terms of privacy, confidentiality, security, and the Health Insurance Portability and Accountability Act...
Electronic patient data use and handling are critical issues in terms of privacy, confidentiality, security, and the Health Insurance Portability and Accountability Act (HIPAA) regulations. The risks associated with electronic patient data are not limited to identity theft but rather include a person's social, economic, and psychological well-being. However, there have not been many studies that have focused on the associated risk factors that could lead to these situations. This paper identifies those risks related to electronic patient data breaches by means of a grounded theory approach and develops a systemic risk management plan that enables engineering managers and risk managers to more effectively and efficiently overcome risks associated with electronic patient data. Purpose: The purpose of this paper is to identify the risks associated with electronic patient data breach using a grounded theory approach and also to recommend a set of guidelines to support a better, effective, and efficient system and thereby overcome these risks. Patients and methods: No patients were involved either to participate in this study or any of their opinions are reflected with this research.
Topics: United States; Humans; Electronic Health Records; Confidentiality; Health Insurance Portability and Accountability Act; Privacy; Risk Management; Computer Security
PubMed: 34047283
DOI: 10.3233/SHTI200016 -
ISA Transactions Oct 2023Domain adaption has become an effective solution to train neural networks with insufficient training data. In this paper, we investigate the vulnerability of domain...
Domain adaption has become an effective solution to train neural networks with insufficient training data. In this paper, we investigate the vulnerability of domain adaption that potentially breaches sensitive information about the training dataset. We propose a new membership inference attack against domain adaption models, to infer the membership information of samples from the target domain. By leveraging the background knowledge about an additional source-domain in domain adaptation tasks, our attack can exploit the similar distributions between the target and source domain data to determine if a specific data sample belongs in the training set with high efficiency and accuracy. In particular, the proposed attack can be deployed in a practical scenario where the attacker cannot obtain any details of the model. We conduct extensive evaluations for object and digit recognition tasks. Experimental results show that our method can achieve the attack against domain adaptation models with a high success rate.
PubMed: 36702690
DOI: 10.1016/j.isatra.2023.01.021 -
Risk Analysis : An Official Publication... Jan 2024Recent history has shown both the benefits and risks of information sharing among firms. Information is shared to facilitate mutual business objectives. However,...
Recent history has shown both the benefits and risks of information sharing among firms. Information is shared to facilitate mutual business objectives. However, information sharing can also introduce security-related concerns that could expose the firm to a breach of privacy, with significant economic, reputational, and safety implications. It is imperative for organizations to leverage available information to evaluate security related to information sharing when evaluating current and potential information-sharing partnerships. The "fine print" or privacy policies of firms can provide a signal of security across a wide variety of firms being considered for new and continued information-sharing partnerships. In this article, we develop a methodology to gauge and benchmark information security policies in the partner-selection process that can help direct risk-based investments in information sharing security. We develop a methodology to collect and interpret firm privacy policies, evaluate characteristics of those policies by leveraging natural language processing metrics and developing benchmarking metrics, and understand how those characteristics relate to one another in information-sharing partnership situations. We demonstrate the methodology on 500 high-revenue firms. The methodology and managerial insights will be of interest to risk managers, information security professionals, and individuals forming information sharing agreements across industries.
PubMed: 38246627
DOI: 10.1111/risa.14267 -
JMIR MHealth and UHealth Feb 2024Smart home technology (SHT) can be useful for aging in place or health-related purposes. However, surveillance studies have highlighted ethical issues with SHTs,... (Review)
Review
BACKGROUND
Smart home technology (SHT) can be useful for aging in place or health-related purposes. However, surveillance studies have highlighted ethical issues with SHTs, including user privacy, security, and autonomy.
OBJECTIVE
As digital technology is most often designed for younger adults, this review summarizes perceptions of SHTs among users aged 50 years and older to explore their understanding of privacy, the purpose of data collection, risks and benefits, and safety.
METHODS
Through an integrative review, we explored community-dwelling adults' (aged 50 years and older) perceptions of SHTs based on research questions under 4 nonmutually exclusive themes: privacy, the purpose of data collection, risk and benefits, and safety. We searched 1860 titles and abstracts from Ovid MEDLINE, Ovid Embase, Cochrane Database of Systematic Reviews, and Cochrane Central Register of Controlled Trials, Scopus, Web of Science Core Collection, and IEEE Xplore or IET Electronic Library, resulting in 15 included studies.
RESULTS
The 15 studies explored user perception of smart speakers, motion sensors, or home monitoring systems. A total of 13 (87%) studies discussed user privacy concerns regarding data collection and access. A total of 4 (27%) studies explored user knowledge of data collection purposes, 7 (47%) studies featured risk-related concerns such as data breaches and third-party misuse alongside benefits such as convenience, and 9 (60%) studies reported user enthusiasm about the potential for home safety.
CONCLUSIONS
Due to the growing size of aging populations and advances in technological capabilities, regulators and designers should focus on user concerns by supporting higher levels of agency regarding data collection, use, and disclosure and by bolstering organizational accountability. This way, relevant privacy regulation and SHT design can better support user safety while diminishing potential risks to privacy, security, autonomy, or discriminatory outcomes.
Topics: Aged; Humans; Middle Aged; Independent Living; Perception; Privacy; Technology
PubMed: 38335026
DOI: 10.2196/48526 -
International Journal of Medical... Sep 2023Widespread electronic health information exchange (HIE) across hospitals remains an important policy goal for reducing costs and improving the quality of care....
OBJECTIVE
Widespread electronic health information exchange (HIE) across hospitals remains an important policy goal for reducing costs and improving the quality of care. Meanwhile, cybersecurity incidents are a growing threat to hospitals. The relationship between the electronic sharing of health information and cybersecurity incidents is not well understood. The objective of this study was to empirically examine the impact of hospitals' HIE engagement on their data breach risk.
MATERIALS AND METHODS
A balanced panel dataset included 4,936 US community hospitals spanning the period 2010-2017, which was assembled by linking the American Hospital Association annual survey database and the Information Technology (IT) supplement, and the Department of Health and Human Services reports of health data breaches. The relationship between HIE engagement and hospital data breaches was modeled using a difference-in-differences specification controlling for time-varying hospital characteristics.
RESULTS
The percentage of hospitals electronically exchanging information has more than tripled (from 18% to 68%) from 2010 to 2017. Hospital data breaches increased concurrently, largely due to the rise in hacking and unauthorized access. HIE engagement was associated with a 0.672 percentage point increase in the probability of an IT breach three years after the engagement. Hospitals actively engaging in a health information organization and exchanging data with outside providers were associated with a higher risk of IT related breaches in the long run; however, hospitals actively engaging in HIE and exchanging data with inside providers were not associated with any significant risk of IT related breaches.
DISCUSSION
Over time, the increasing amount and complexity of patient information being exchanged can create challenges for cybersecurity if data protection is not up to date. Additionally, data security depends on the weakest link of HIE, and providers with fewer resources for data governance and infrastructure are more vulnerable to data breaches.
CONCLUSION
Moving toward widespread health information exchange has important cybersecurity implications that can significantly impact both patients and healthcare organizations.
Topics: United States; Humans; Health Information Exchange; Hospitals; Computer Security; Information Technology; Electronic Health Records
PubMed: 37453177
DOI: 10.1016/j.ijmedinf.2023.105149 -
Science Advances Feb 2024Modern machine learning models toward various tasks with omic data analysis give rise to threats of privacy leakage of patients involved in those datasets. Here, we...
Modern machine learning models toward various tasks with omic data analysis give rise to threats of privacy leakage of patients involved in those datasets. Here, we proposed a secure and privacy-preserving machine learning method (PPML-Omics) by designing a decentralized differential private federated learning algorithm. We applied PPML-Omics to analyze data from three sequencing technologies and addressed the privacy concern in three major tasks of omic data under three representative deep learning models. We examined privacy breaches in depth through privacy attack experiments and demonstrated that PPML-Omics could protect patients' privacy. In each of these applications, PPML-Omics was able to outperform methods of comparison under the same level of privacy guarantee, demonstrating the versatility of the method in simultaneously balancing the privacy-preserving capability and utility in omic data analysis. Furthermore, we gave the theoretical proof of the privacy-preserving capability of PPML-Omics, suggesting the first mathematically guaranteed method with robust and generalizable empirical performance in protecting patients' privacy in omic data.
Topics: Humans; Privacy; Algorithms; Data Analysis; Machine Learning; Technology
PubMed: 38295178
DOI: 10.1126/sciadv.adh8601 -
Journal of Medical Internet Research May 2024A large language model (LLM) is a machine learning model inferred from text data that captures subtle patterns of language use in context. Modern LLMs are based on...
BACKGROUND
A large language model (LLM) is a machine learning model inferred from text data that captures subtle patterns of language use in context. Modern LLMs are based on neural network architectures that incorporate transformer methods. They allow the model to relate words together through attention to multiple words in a text sequence. LLMs have been shown to be highly effective for a range of tasks in natural language processing (NLP), including classification and information extraction tasks and generative applications.
OBJECTIVE
The aim of this adapted Delphi study was to collect researchers' opinions on how LLMs might influence health care and on the strengths, weaknesses, opportunities, and threats of LLM use in health care.
METHODS
We invited researchers in the fields of health informatics, nursing informatics, and medical NLP to share their opinions on LLM use in health care. We started the first round with open questions based on our strengths, weaknesses, opportunities, and threats framework. In the second and third round, the participants scored these items.
RESULTS
The first, second, and third rounds had 28, 23, and 21 participants, respectively. Almost all participants (26/28, 93% in round 1 and 20/21, 95% in round 3) were affiliated with academic institutions. Agreement was reached on 103 items related to use cases, benefits, risks, reliability, adoption aspects, and the future of LLMs in health care. Participants offered several use cases, including supporting clinical tasks, documentation tasks, and medical research and education, and agreed that LLM-based systems will act as health assistants for patient education. The agreed-upon benefits included increased efficiency in data handling and extraction, improved automation of processes, improved quality of health care services and overall health outcomes, provision of personalized care, accelerated diagnosis and treatment processes, and improved interaction between patients and health care professionals. In total, 5 risks to health care in general were identified: cybersecurity breaches, the potential for patient misinformation, ethical concerns, the likelihood of biased decision-making, and the risk associated with inaccurate communication. Overconfidence in LLM-based systems was recognized as a risk to the medical profession. The 6 agreed-upon privacy risks included the use of unregulated cloud services that compromise data security, exposure of sensitive patient data, breaches of confidentiality, fraudulent use of information, vulnerabilities in data storage and communication, and inappropriate access or use of patient data.
CONCLUSIONS
Future research related to LLMs should not only focus on testing their possibilities for NLP-related tasks but also consider the workflows the models could contribute to and the requirements regarding quality, integration, and regulations needed for successful implementation in practice.
Topics: Delphi Technique; Humans; Natural Language Processing; Machine Learning; Delivery of Health Care; Medical Informatics
PubMed: 38739445
DOI: 10.2196/52399 -
Sexual and Reproductive Health Matters Dec 2023The COVID-19 pandemic highlighted the harm reduction potential of virtual sex work (VSW) such as video or audio calls with clients. VSW limits exposure to COVID-19 and...
The COVID-19 pandemic highlighted the harm reduction potential of virtual sex work (VSW) such as video or audio calls with clients. VSW limits exposure to COVID-19 and STIs. However, sex workers using digital technologies face high risks of technology-facilitated intimate partner violence (IPV), such as non-consensual distribution of intimate images. This study explored perceived risks and benefits of VSW, including the salience of STI harm reduction. Ethnographic interviews and participant observation with self-identified cis women sex workers in Dakar between January 2018 and August 2019 informed a further period of focused data collection in June 2022, in which two key research participants and the author devised a goal of concrete community benefit: a list of contextually relevant digital privacy precautions and resources. Brainstorming this list during workshops with 18 sex workers provided prompts for participant perspectives. While participants generally preferred VSW, citing STI prevention as a key reason, most resumed in-person sex work after COVID-19 curfews lifted; social risks of digital privacy breach and potential outing outweighed physical risks of contracting STIs. Participants proposed privacy features for mobile applications to make VSW viable and benefit from STI prevention. Their reflections call on tech companies to embed values of informed consent and privacy into platform design, shifting the burden of protecting privacy from individuals to companies. This study addresses a gap in technology-facilitated IPV research, which has concentrated on Euro-American contexts. Participant perspectives can inform action in technology policy sectors to advance criminalised communities' rights to sexual health, privacy, and autonomy.
Topics: Humans; Female; Sex Work; Sexual Health; Senegal; Pandemics; Privacy; COVID-19; Sexually Transmitted Diseases
PubMed: 37982806
DOI: 10.1080/26410397.2023.2272741