-
Journal of Medical Internet Research Sep 2020Cybersecurity threats are estimated to cost the world US $6 trillion a year by 2021, and the number of attacks has increased five-fold after COVID-19. Although there is...
Cybersecurity threats are estimated to cost the world US $6 trillion a year by 2021, and the number of attacks has increased five-fold after COVID-19. Although there is substantial literature on the threats technological vulnerabilities have on the health care industry, less research exists on how pandemics like COVID-19 are opportunistic for cybercriminals. This paper outlines why cyberattacks have been particularly problematic during COVID-19 and ways that health care industries can better protect patient data. The Office for Civil Rights has loosened enforcement of the Health Insurance Portability and Accountability Act, which, although useful in using new platforms like Zoom, has also loosened physical and technical safeguards to cyberattacks. This is especially problematic given that 90% of health care providers had already encountered data breaches. Companies must implement well-defined software upgrade procedures, should use secure networks like virtual local area networks, and conduct regular penetration tests of their systems. By understanding factors that make individuals, health care organizations, and employers more susceptible to cyberattacks, we can better prepare for the next pandemic.
Topics: COVID-19; Computer Security; Coronavirus Infections; Delivery of Health Care; Electronic Health Records; Humans; Pandemics; Pneumonia, Viral; Privacy
PubMed: 32897869
DOI: 10.2196/23692 -
Mathematical Biosciences and... Sep 2023In conventional message communication systems, the practice of multi-message multi-receiver signcryption communication encounters several challenges, including the...
In conventional message communication systems, the practice of multi-message multi-receiver signcryption communication encounters several challenges, including the vulnerability to Key Generation Center (KGC) attacks, privacy breaches and excessive communication data volume. The KGC necessitates a secure channel to transmit partial private keys, thereby rendering the security of these partial private keys reliant on the integrity of the interaction channel. This dependence introduces concerns regarding the confidentiality of the private keys. Our proposal advocates for the substitution of the KGC in traditional certificateless schemes with blockchain and smart contract technology. Parameters are publicly disclosed on the blockchain, leveraging its tamper-proof property to ensure security. Furthermore, this scheme introduces conventional encryption techniques to achieve user identity privacy in the absence of a secure channel, effectively resolving the issue of user identity disclosure inherent in blockchain-based schemes and enhancing communication privacy. Moreover, users utilize smart contract algorithms to generate a portion of the encrypted private key, thereby minimizing the possibility of third-party attacks. In this paper, the scheme exhibits resilience against various attacks, including KGC leakage attacks, internal privilege attacks, replay attacks, distributed denial of service attacks and Man-in-the-Middle (MITM) attacks. Additionally, it possesses desirable security attributes such as key escrow security and non-repudiation. The proposed scheme has been theoretically and experimentally analyzed under the random oracle model, based on the computational Diffie-Hellman problem and the discrete logarithm problem. It has been proven to possess confidentiality and unforgeability. Compared with similar schemes, our scheme has lower computational cost and shorter ciphertext length. It has obvious advantages in communication and time overhead.
PubMed: 38052552
DOI: 10.3934/mbe.2023806 -
Health Services Research Oct 2019To estimate the relationship between breach remediation efforts and hospital care quality.
OBJECTIVE
To estimate the relationship between breach remediation efforts and hospital care quality.
DATA SOURCES
Department of Health and Human Services' (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016.
MATERIALS AND METHODS
Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations.
STUDY DESIGN
The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram.
PRINCIPAL FINDINGS
Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach.
CONCLUSION
Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.
Topics: Computer Security; Confidentiality; Electronic Health Records; Hospitals; Humans; Medicare; Quality of Health Care; United States
PubMed: 31506956
DOI: 10.1111/1475-6773.13203 -
The Journal of Law, Medicine & Ethics :... Mar 2020This article examines the privacy and security issues associated with mobile application-mediated health research, concentrating in particular on research conducted or...
This article examines the privacy and security issues associated with mobile application-mediated health research, concentrating in particular on research conducted or participated in by independent scientists, citizen scientists, and patient researchers. Building on other articles in this issue that examine state research laws and state data protection laws as possible sources of privacy and security protections for mobile research participants, this article focuses on the lack of application of federal standards to mobile application-mediated health research. As discussed in more detail below, the voluminous and diverse data collected by some independent scientists who use mobile applications to conduct health research may be at risk for unregulated privacy and security breaches, leading to dignitary, psychological, and economic harms for which participants have few legally enforceable rights or remedies under current federal law. Federal lawmakers may wish to consider enacting new legislation that would require otherwise unregulated health data holders to implement reasonable data privacy, security, and breach notification measures.
Topics: Confidentiality; Data Collection; Government Regulation; Health Insurance Portability and Accountability Act; Humans; Mobile Applications; Research; Research Personnel; Telemedicine; United States
PubMed: 32342741
DOI: 10.1177/1073110520917041 -
Frontiers in Digital Health 2022Healthcare is facing a growing threat of cyberattacks. Myriad data sources illustrate the same trends that healthcare is one of the industries with the highest risk of... (Review)
Review
BACKGROUND
Healthcare is facing a growing threat of cyberattacks. Myriad data sources illustrate the same trends that healthcare is one of the industries with the highest risk of cyber infiltration and is seeing a surge in security incidents within just a few years. The circumstances thus begged the question: are US hospitals prepared for the risks that accompany clinical medicine in cyberspace?
OBJECTIVE
The study aimed to identify the major topics and concerns present in today's hospital cybersecurity field, intended for non-cyber professionals working in hospital settings.
METHODS
structured literature searches of the National Institutes of Health's and Tel Aviv University's databases, 35 journal articles were identified to form the core of the study. Databases were chosen for accessibility and academic rigor. Eighty-seven additional sources were examined to supplement the findings.
RESULTS
The review revealed a basic landscape of hospital cybersecurity, including primary reasons hospitals are frequent targets, top attack methods, and consequences hospitals face following attacks. Cyber technologies common in healthcare and their risks were examined, including medical devices, telemedicine software, and electronic data. By infiltrating any of these components of clinical care, attackers can access mounds of information and manipulate, steal, ransom, or otherwise compromise the records, or can use the access to catapult themselves to deeper parts of a hospital's network. Issues that can increase healthcare cyber risks, like interoperability and constant accessibility, were also identified. Finally, strategies that hospitals tend to employ to combat these risks, including technical, financial, and regulatory, were explored and found to be weak. There exist serious vulnerabilities within hospitals' technologies that many hospitals presently fail to address. The COVID-19 pandemic was used to further illustrate this issue.
CONCLUSIONS
Comparison of the risks, strategies, and gaps revealed that many US hospitals are unprepared for cyberattacks. Efforts are largely misdirected, with external-often governmental-efforts negligible. Policy changes, e.g., training employees in cyber protocols, adding advanced technical protections, and collaborating with several experts, are necessary. Overall, hospitals must recognize that, in cyber incidents, the real victims are the patients. They are at risk physically and digitally when medical devices or treatments are compromised.
PubMed: 36033634
DOI: 10.3389/fdgth.2022.862221 -
European Journal of Human Genetics :... Jul 2022Findings from genomic sequencing can have important implications for patients and relatives. For this reason, most professional guidelines support that patients have an... (Review)
Review
Findings from genomic sequencing can have important implications for patients and relatives. For this reason, most professional guidelines support that patients have an ethical duty to inform relatives and, when disclosure does not occur, most guidelines allow health-care professionals (HCPs) to breach confidentiality. Translating the ethical duties to respect the patient's confidentiality and prevent harm in at-risk relatives into legislation is a complex issue due to the both personal and familial nature of genetic information. In many countries there is no specific guideline or law addressing family communication of genetic information and thus it is unclear what duties patients and HCPs have towards at-risk relatives. Using Belgium as an example for countries in which this is the case, we examined the existing Belgian legislation in relation to three central topics: (1) patients' duties to family members, (2) respect for patient confidentiality and privacy, and (3) HCPs' duties to family members. We then investigated international legal frameworks and compared it with the Belgian context to see to what degree international precedent could aid in the interpretation of Belgian law. Based on our review of the legislation, we make recommendations for the interpretation of current law and examine whether there is sufficient legal precedent to answer the questions central to family communication of genetic information. Although we focus on the specific Belgian legislation, the discussions are relevant for many other countries that have similar legislative approaches.
Topics: Belgium; Confidentiality; Disclosure; Family; Genetic Testing; Humans
PubMed: 34997232
DOI: 10.1038/s41431-021-01016-3 -
JMIR MHealth and UHealth Jun 2021During the COVID-19 pandemic, contact tracing apps have received a lot of public attention. The ongoing debate highlights the challenges of the adoption of data-driven... (Review)
Review
BACKGROUND
During the COVID-19 pandemic, contact tracing apps have received a lot of public attention. The ongoing debate highlights the challenges of the adoption of data-driven innovation. We reflect on how to ensure an appropriate level of protection of individual data and how to maximize public health benefits that can be derived from the collected data.
OBJECTIVE
The aim of the study was to analyze available COVID-19 contact tracing apps and verify to what extent public health interests and data privacy standards can be fulfilled simultaneously in the process of the adoption of digital health technologies.
METHODS
A systematic review of PubMed and MEDLINE databases, as well as grey literature, was performed to identify available contact tracing apps. Two checklists were developed to evaluate (1) the apps' compliance with data privacy standards and (2) their fulfillment of public health interests. Based on both checklists, a scorecard with a selected set of minimum requirements was created with the goal of estimating whether the balance between the objective of data privacy and public health interests can be achieved in order to ensure the broad adoption of digital technologies.
RESULTS
Overall, 21 contact tracing apps were reviewed. In total, 11 criteria were defined to assess the usefulness of each digital technology for public health interests. The most frequently installed features related to contact alerting and governmental accountability. The least frequently installed feature was the availability of a system of medical or organizational support. Only 1 app out of 21 (5%) provided a threshold for the population coverage needed for the digital solution to be effective. In total, 12 criteria were used to assess the compliance of contact tracing apps with data privacy regulations. Explicit user consent, voluntary use, and anonymization techniques were among the most frequently fulfilled criteria. The least often implemented criteria were provisions of information about personal data breaches and data gathered from children. The balance between standards of data protection and public health benefits was achieved best by the COVIDSafe app and worst by the Alipay Health Code app.
CONCLUSIONS
Contact tracing apps with high levels of compliance with standards of data privacy tend to fulfill public health interests to a limited extent. Simultaneously, digital technologies with a lower level of data privacy protection allow for the collection of more data. Overall, this review shows that a consistent number of apps appear to comply with standards of data privacy, while their usefulness from a public health perspective can still be maximized.
Topics: COVID-19; Child; Contact Tracing; Humans; Mobile Applications; Pandemics; Privacy; Public Health; SARS-CoV-2
PubMed: 34033581
DOI: 10.2196/23250 -
Genetics in Medicine : Official Journal... Oct 2009Modern biobanking efforts consist of prospective collections of tissues linked to clinical data for patients who have given informed consent for the research use of... (Review)
Review
Modern biobanking efforts consist of prospective collections of tissues linked to clinical data for patients who have given informed consent for the research use of their specimens and data, including their DNA. In such efforts, patient autonomy and privacy are well respected because of the prospective nature of the informed consent process. However, one of the richest sources of tissue for research continues to be the millions of archived samples collected by pathology departments during normal clinical care or for research purposes without specific consent for future research or genetic analysis. Because specific consent was not obtained a priori, issues related to individual privacy and autonomy are much more complicated. A framework for accessing these existing samples and related clinical data for research is presented. Archival tissues may be accessed only when there is a reasonable likelihood of generating beneficial and scientifically valid information. To minimize risks, databases containing information related to the tissue and to clinical data should be coded, no personally identifying phenotypic information should be included, and access should be restricted to bona fide researchers for legitimate research purposes. These precautions, if implemented appropriately, should ensure that the research use of archival tissue and data are no more than minimal risk. A waiver of the requirement for informed consent would then be justified if reconsent is shown to be impracticable. A waiver of consent should not be granted, however, if there is a significant risk to privacy, if the proposed research use is inconsistent with the original consent (where there is one), or if the potential harm from a privacy breach is considerable.
Topics: Algorithms; Biological Specimen Banks; Ethics, Medical; Genomics; Humans; Informed Consent; Models, Biological; Personal Autonomy; Privacy; Specimen Handling
PubMed: 19745750
DOI: 10.1097/GIM.0b013e3181b2e168 -
Scientific Reports Oct 2023Cyberphysical systems connect physical devices and large private network environments in modern communication systems. A fundamental worry in the establishment of large...
Cyberphysical systems connect physical devices and large private network environments in modern communication systems. A fundamental worry in the establishment of large private networks is mitigating the danger of transactional data privacy breaches caused by adversaries using a variety of exploitation techniques. This study presents a privacy-preserving architecture for ensuring the privacy and security of transaction data in large private networks. The proposed model employs digital certificates, RSA-based public key infrastructure, and the blockchain to address user transactional data privacy concerns. The model also guarantees that data in transit remains secure and unaltered and that its provenance remains authentic and secure during node-to-node interactions within a large private network. The proposed model has increased the encryption speed by about 17 times, while the decryption process is expedited by 4 times. Therefore, the average overall acceleration obtained was 16.5. Both the findings of the security analysis and the performance analysis demonstrate that the proposed model can safeguard transactional data during communications on large private networks more effectively and securely than the existing solutions.
PubMed: 37816836
DOI: 10.1038/s41598-023-44101-x -
Sensors (Basel, Switzerland) Mar 2022Secure and reliable sensing plays the key role for cognitive tracking i.e., activity identification and cognitive monitoring of every individual. Over the last years...
Secure and reliable sensing plays the key role for cognitive tracking i.e., activity identification and cognitive monitoring of every individual. Over the last years there has been an increasing interest from both academia and industry in cognitive authentication also known as biometric recognition. These are an effect of individuals' biological and physiological traits. Among various traditional biometric and physiological features, we include cognitive/brainwaves via electroencephalogram (EEG) which function as a unique performance indicator due to its reliable, flexible, and unique trait resulting in why it is hard for an un-authorized entity(ies) to breach the boundaries by stealing or mimicking them. Conventional security and privacy techniques in the medical domain are not the potential candidates to simultaneously provide both security and energy efficiency. Therefore, state-of-the art biometrics methods (i.e., machine learning, deep learning, etc.) their applications with novel solutions are investigated and recommended. The experimental setup considers EEG data analysis and interpretation of BCI. The key purpose of this setup is to reduce the number of electrodes and hence the computational power of the Random Forest (RF) classifier while testing EEG data. The performance of the random forest classifier was based on EEG datasets for 20 subjects. We found that the total number of occurred events revealed 96.1% precision in terms of chosen events.
Topics: Biometric Identification; Biometry; Cognition; Delivery of Health Care; Humans; Privacy
PubMed: 35336276
DOI: 10.3390/s22062101