Abstract
The digitalisation of healthcare has increased the risk of cyberattacks in this sector, targeting sensitive personal information. In this paper, we conduct a systematic review of existing solutions for data breach mitigation in healthcare, analysing 99 research papers. There is a growing trend in research emphasising the security of electronic health records, data storage, access control, and personal health records. The analysis identified the adoption of advanced technologies, including Blockchain and Artificial Intelligence, alongside encryption in developing resilient solutions. These technologies lay the foundations for addressing the prevailing cybersecurity threats, with a particular focus on hacking or malicious attacks, followed by unauthorised access. The research highlights the development of strategies to mitigate data breaches and stresses the importance of technological progress in strengthening data security. The paper outlines future directions, highlighting the need for continuous technological progress and identifying the gaps in the attack mitigations.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
Due to rapid digitalisation, cybersecurity has become vital to the technological world [1]. Healthcare services have been integrating electronic health records (EHRs) and the Internet of Medical Things (IoMT), which represent a shift towards a more connected and data-driven approach to healthcare. This transformation offers unprecedented opportunities to improve patient care and operational efficiency and, on the other hand, significant liability to healthcare cybersecurity threats. The sensitive nature of personal health information makes it an attractive target for cybercriminals. In the healthcare sector a breach could comprise patient privacy and security.
In the ENISA threat landscape of 2023, the health sector is one of the most targeted sectors of reported incidents [2]. The healthcare sector is also the preferred target of attackers, because of the data’s high commercial value [3]. Lack of consumers’ knowledge of data storage and the increase of internal and external hackers may reduce consumers’ trust in data storage, and, furthermore, highlight the urgent need for reliable and scalable cybersecurity mechanisms capable of defending against an evolving threat landscape.
The landscape of cybersecurity within the healthcare sector is fraught with vulnerabilities, leading to a spectrum of potential data breaches; among the most common are hacking or malicious attacks and unintentional disclosure [3]. Human factors also have an important influence on data breaches in healthcare, often serving as a critical vector through which breaches can occur [4]. The most common threats in the healthcare sector identified by ENISA are ransomware, data-related threats, intrusion, Distributed Denial of Service, Denial of Service or Ransom Denial of Service (DDoS/DoS/RDoS), supply chain attacks, malware, etc [5]. There were also numerous instances of data leaks during the COVID-19 pandemic from different healthcare institutions globally, typically with the collaboration of malicious insiders, or due to inadequate system configurations. In Europe, as reported by ENISA, the most common attacks were on patient data or electronic health records, followed by attacks on non-medical IT systems, networks, health information systems, and services [5]. Any hacking of medical devices or services can present a threat, or lower the users’ trust in medical systems. Medical systems carry sensitive information, and this is why it is important to develop solutions that can prevent or mitigate attacks that target them.
Some reviews have already been done on the topic of cybersecurity and healthcare. For instance, one study delved into cybersecurity risks faced by hospitals, with particular emphasis on the implications for non-cyber professionals [1]. Another notable review of 31 research articles performed in 2016 aggregated insights on modern threats and trends in cybersecurity in healthcare [6]. In a short review, the authors presented cybersecurity research topics focused partly on healthcare [7]. Moreover, the influence of human factors on cybersecurity within healthcare organisations has been explored, underscoring the complex interplay between technology and human behaviour [4]. In a paper on the state-of-the-art security and privacy issues in healthcare, the authors did a comprehensive review [8]. The onset of the COVID-19 pandemic introduced new dimensions to these challenges and potential solutions applicable in the healthcare domain [9]. None of those reviews mentioned above has done a systematic review of data breach solutions developed for healthcare.
Although research on cybersecurity is abundant and growing, there is a notable research gap in studies that focus specifically on the unique challenges and requirements of the healthcare sector. Generic cybersecurity solutions often fail to take into account the critical needs of healthcare data protection. This study seeks to fill this gap by providing a comprehensive analysis of cybersecurity mechanisms tailored to the healthcare industry. We aim to assess the current state of data breaches in healthcare, identify the specific vulnerabilities and threats faced by the sector, and review the effectiveness of various security solutions in mitigating these risks.
The rest of the paper is organised as follows. In Sect. 2, we present the literature review. In Sect. 3, we describe the systematic review methodology, research questions and selection of studies. In Sect. 4, we present the results, first focusing on bibliometric data, and then on the systematic analysis of publications. We discuss the findings in Sect. 5 and conclude in Sect. 6.
2 Background
Healthcare information is very sensitive and important, and data breach incidents can compromise patient privacy and even pose a concrete threat to their well-being. Recognising the gravity of these risks, legislators have been agile in updating regulations to strengthen data protection. In the EU, for example, the General Data Protection Regulation (GDPR) and the Directive on measures for a high standard level of cybersecurity across the Union (NIS2) exemplify rigorous efforts to enforce pseudonymisation and encryption of patients’ personal data [10, 11]. In the USA, the Health Information Portability and Accountability Act (HIPAA) establishes data protection, although it is not yet focused on specific sectors such as healthcare [12]. The COVID-19 pandemic has raised additional concerns about the need to protect modern healthcare systems against cyber attacks, which frequently target healthcare institutions [13, 14].
From 2011 to 2021, 3,822 personal health information breaches were identified in the United States, affecting more than 283 million people [15]. Most of the data breaches were hacking/IT-related. Furthermore, hospitals accounted for one-third of data breaches among different types of healthcare providers based on the research done on the data from 2009 to 2016 [16]. There have been a few data breaches in healthcare in recent years, and some have had severe impacts. Brno University Hospital was attacked through ransomware, and they had to postpone surgeries and appointments [17]. Similarly, at the University of Vermont Health Network, a ransomware attack was carried out, costing around 50 million US dollars [18]. Gilead Sciences, Inc. suffered a phishing attack, leading to impersonation and exfiltration [19]. High-profile ransomware attacks on institutions have caused immense financial losses and disruption to operations, which demonstrates the serious consequences of such breaches.
Many applications connected to Healthcare 4.0 are now moving to cloud computing, fog computing, the Internet of Things, and other mechanisms, to improve information sharing between different stakeholders [20]. Internet of Things devices, and especially the Internet of Medical Things (IoMT), present a significant risk in hospital networks, where unwanted persons could gain access to the system and attack it, which poses a major risk to patients [21].
In today’s healthcare systems, the amount of data collected is enormous, and data stored by the systems pose substantial privacy and security challenges. These concerns are a priority on the agenda for developers and managers of healthcare systems, who are trying to protect patient data from unauthorised access and cyber threats. To mitigate such risks, cryptography is used to reduce the vulnerability of data storage systems to potential breaches significantly. Security and privacy measures, in this context, include a range of protocols and practices designed to control access to patient data closely, to ensure that it is protected from unauthorised access. Healthcare systems strive to maintain the highest standards of data integrity and confidentiality, using advanced cryptographic techniques and robust security and privacy protocols to ensure patients’ trust and security.
Although the understanding of cybersecurity in the healthcare sector is well established, there is still a gap, in particular in the development of applications and robust solutions that address the vulnerabilities of healthcare systems, which are of a critical nature. This study will present specific threats and possible solutions to mitigate the attacks, and therefore aims to improve data privacy and security, as well as the resilience of healthcare systems. A wide range of cybersecurity solutions are presented, from encryption methods to the use of Machine Learning. The important concepts in the fields of data security and healthcare are introduced in the following subsections.
2.1 Healthcare and data
Data within the healthcare sector are both sensitive and invaluable, and that is why the healthcare field is among crucial industries where data have to be saved securely, and access to these data has to be adjusted to the needs. Secure data storage and well-implemented access control are both important for achieving the highest security and privacy of electronic or personal health records, especially with the records in Healthcare 4.0.
Healthcare data can be stored in two forms: electronic health records (EHRs) or personal health records (PHRs). EHRs usually collect and store clinical information data associated with patients’ healthcare, and are used by hospital staff and similar [22, 23]. PHRs typically allow individuals to access and control the use of their health information. This poses even bigger privacy and security issues, since these systems usually cannot be put behind a wall, and are normally accessible from anywhere. Both types of data storage can be connected to each other, or can be separate.
2.2 The development of technological solutions
The development of technological solutions for healthcare data must be updated continuously, considering the needs of the market or possible attacks. One of the technologies that is often involved in the development is Blockchain. Systems that have Blockchain technologies implemented can enhance the security and reliability of healthcare data, and offer access control for patients and other healthcare institutions more comprehensively [24]. Similarly, Machine Learning is utilised widely to detect any malfunctions, or to confirm the authenticity of data, which is crucial in countering data manipulation attacks, which also makes data unreliable and useless [25].
Furthermore, it is required by legislation that encryption is used in the development of healthcare technologies. However, current encryption protocols might be vulnerable due to the advancements in quantum computing [26]. Yet, healthcare data need to be secured in the best way possible. We distinguish between asymmetric and symmetric encryption. In symmetric encryption, the same key is used for encryption and decryption. The most used symmetric algorithm is AES (Advanced Encryption Standard).
For asymmetric encryption, data are encrypted with the public key, and can be decrypted only with the private key. The most widely recognised asymmetric encryption methods are the RSA algorithm, Elliptic-curve cryptography (ECC), homomorphic encryption and identity-based encryption. The RSA (Rivest-Shamir-Adleman) algorithm, introduced in 1977, remains the most widely used algorithm, applied frequently in the cloud, image, and wireless domains [27]. Homomorphic encryption is often used in healthcare because it processes data while maintaining confidentiality. In addition to other encryption protocols, where key generation, encryption and decryption algorithms are needed, property is also required in homomorphic encryption [28]. Identity-based encryption utilises a random character sequence as a public key, to reduce the key exchange overhead before communication, while elliptic-curve cryptography is based on elliptic curves, and its functionalities are similar to RSA, but simplifies calculations [29].
Hash functions are used to ensure the integrity of content, i.e., detecting any content modification. A hash function takes input of any size and generates a fixed-size output. The output is the same if the same content is hashed for the second time. It is also used for password verification and other applications. Among the most prevalent hash functions are SHA-1 (Secure Hash Algorithm) and SHA-2, developed by the U.S. National Security Agency [30]. SHA-1, though somewhat outdated, is capable of providing 160-bit message digests. SHA-2 consists of SHA-224, SHA-256, SHA-384 and SHA-512, each generating outputs of the size their names suggest (measured in bits).
2.3 Types of attacks
Cyberattacks fall into different classifications and threat levels, including hacking or malicious attacks, where ransomware is among the top threats. Kruse, et al. [6] identified cybersecurity trends, including ransomware, showing that healthcare professionals lack awareness of cybersecurity threats. Ransomware frequently catalyses the dysfunction of hospital systems, leading to the shutdown of operating rooms and other appointments, thereby endangering patient health, as well as causing financial losses. Ransomware typically encrypts all the data, and, in this way, denies a system and all of its legitimate users access to the data. For the decryption key, an organisation generally needs to pay a tremendous amount of money.
Phishing attacks represent another severe risk for data security. These, along with other, less common social engineering attacks, typically gain attackers access to the system, from where they can escalate their attack (e.g. by installing ransomware or malware). Typically, attackers install malware on the victim’s device, allowing them to access data, or obtain sensitive information that can be sold on the dark web. An impersonation attack can also present a threat, where someone is pretending to be a coworker or the head of an organisation and can gain access to data, credentials, or funds. This can lead to unauthorised access, where authentication credentials might have been stolen, and the hackers can gain access to data in the system. Other notable hacking attacks include injection attacks, where attackers can get access to unauthorised data which can also be modified or deleted. Man-in-the-middle attacks are also critical to mention, where the attacker positions himself between the client and server, and by impersonating the server to the client, and vice versa, can gain information that was not intended for them.
Insider threats are a recurring issue in healthcare, where staff, whether intentionally or unintentionally, may expose credentials or data. A stolen or lost device can also lead to losing sensitive information that can be used for extortion, unauthorised access, or selling it on the dark web. Human behaviour remains a fundamental risk to the organisation, and often companies do not educate their employees adequately about the potential threats [31]. Additionally, the type of personnel involved at the healthcare facilities can have a significant impact on the likelihood of data breaches [32].
3 Methodology
The objective of our study was to carry out a systematic review of the existing solutions for data breach mitigation in healthcare. We followed the guidelines for reporting systematic reviews – the PRISMA 2020 statement [33].
3.1 Research questions
In this study, we proposed the following research questions:
-
RQ1: How have the solutions for data breach mitigation in healthcare evolved over time?
-
RQ2: How have the proposed solutions addressed data breach mitigation in healthcare?
-
RQ3: What are the trends in technologies used for data breach mitigation solutions in healthcare?
3.2 Data sources and study criteria
We included the following electronic databases:
-
PubMed,
-
Scopus,
-
Clarivate Analytics—Web of Science (WoS),
-
Medline EBSCO,
-
ACM Digital Library (ACM).
Three reviewers preformed the review, and the primary search returned 1,128 results. The search was performed in online libraries in July 2023. The query string was defined to answer the proposed research questions: (“data breach*” OR “data hack*”) AND (“*health*” OR “medic*”). The search string was intentionally broad, so as to include all possible papers on this topic.
We established the following inclusion criteria:
-
original research studies;
-
only journal, conference papers, or book chapters;
-
published within the last ten years (2014–2023);
-
contains in abstract or title: (“data breach*” OR “data hack*”) AND (“*health*” OR “medic*”);
-
papers proposing solutions in the form of frameworks, protocols, algorithms, architecture, or models to mitigate data breaches in healthcare.
We established the following exclusion criteria:
-
papers not written in English;
-
review papers;
-
reports;
-
position papers.
The flow diagram is presented in Fig. 1.
Flow diagram of search
In the first stage, we identified 1,128 results from five electronic databases. In this stage, we had already limited the search results to the ones published in the last ten years (2014–2023) and included only English publications. We then excluded the 546 duplicates found across the five electronic databases. This left us with 582 records for screening. During this phase, we screened the abstracts, keywords and titles, and verified whether the papers were published as journals, conference papers or book chapters. We also verified if the paper output was a solution in the form of a framework, protocol, algorithm, architecture or model for the mitigation of data breaches in healthcare. We excluded review papers and reports. We ended up removing 475 records, and were left with 107 papers where we tried to access the full-text articles. Eight articles were excluded due to the unavailability of the full text. Ultimately, we were left with 99 full-text papers to be included in a review [25, 34, 35, 40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,135].
3.3 Data collection
In the data collection we gathered different information from the selected papers. First, we collected bibliographic data like authors, title, year of publication, publication type, and name of the journal or conference. Subsequently, we retrieved the number of citations from Google Scholar for each paper. Then, we read the whole papers, and extracted information on the field of healthcare, what the paper addressed, what the contribution of the paper was, what technologies, encryption and hash functions were used, and what attacks the solutions were trying to mitigate.
For the healthcare field, we categorised them into different groups:
-
Electronic health records (EHRs);
-
Personal health records (PHRs);
-
Data storage;
-
Access control.
Next, we analysed and collected information on whether the paper addressed privacy or, security issues, or both. We also noted information for which platform the solution was developed, categorising this into Cloud, IoT, or not defined.
Regarding the contributions of the paper, we classified them into four groups:
-
Framework;
-
Architecture;
-
Algorithm / protocol;
-
Model.
We collected data from the papers, to determine if they had developed a framework for a solution, created architecture, developed an algorithm/protocol, or presented a model. Framework and architecture are often structural designs of technologies or sequences used, and can also be implemented in part. Algorithms or protocols are typically solutions that are implemented to some extent. Models, on the other hand, often present a conceptual design, but are not implemented. A single paper could include more than one of these categories.
Next, we analysed the technologies that the paper used. In the final analysis, we separated them into five groups:
-
Blockchain;
-
Artificial Intelligence (AI);
-
Encryption;
-
Methods;
-
Other.
When assigning the papers, we initially extracted a comprehensive description of technologies and then sorted them into different fields. We identified whether the authors used Blockchain or AI methods. When the authors developed a theoretical model, they used mostly existing methods to illustrate the theoretical model, and they fitted them into the methods category. Encryption was used in many papers, but, for encryption, we selected specifically the solutions that focused solely on encryption. Additionally, we conducted a more thorough analysis of the encryption methods used in the proposal separately.
For the encryption methods used in the proposals, we organised them into four groups and seven subgroups:
-
Asymmetric encryption:
-
RSA;
-
Homomorphic encryption;
-
Elliptic-curve cryptography (ECC) encryption;
-
Identity-based encryption;
-
Other.
-
-
Symmetric encryption:
-
AES;
-
Other.
-
-
Unclassified;
-
Not Mentioned.
As for the hash functions used, we categorised them into these subgroups:
-
SHA1;
-
SHA256;
-
SHA512;
-
Used, but unclassified;
-
Not used.
We also documented how the solutions were evaluated or verified, usually through comparison with existing methods or other types of evaluation and verification.
For the possible attacks, we used existing literature classifications [3, 34], and adapted them to the information found in the selected publications:
-
hacking / malicious attack;
-
unauthorised access;
-
man-in-the-middle attack;
-
impersonation attack;
-
insider threat;
-
loss or theft of a device;
-
undefined.
Although man-in-the-middle attacks could be grouped under hacking attacks, and impersonation attacks and insider threats could be classified under unauthorised access, we maintained these three groups separately, because they appeared in more than three solutions. For the remainder of the papers, we tried to classify them into outlined groups based on the attack name or description.
4 Results
4.1 Bibliometric overview
In this Section, we provide a bibliometric overview of the selected publications. A complete Table of the selected papers with bibliometric data is presented in Appendix A. The 99 selected publications comprise 1 book section, 50 conference papers and 48 journal papers.
Figure 2 illustrates the total number of publications per year, including the breakdown by journals, conferences and the book section. The year 2023 is not included fully, because the search was done in July 2023.
Distribution of publication types by year of publication
The journals or conferences that had more than one publication out of all the 99 selected publications published are presented in Table 1. This information offers valuable insights for researchers aiming to publish future papers on similar topics.
An analysis of the citation count per paper was performed in September 2023. Remarkably, one paper from 2018 had 726 citations [35], highlighting the dynamic nature of the research area. On average, each paper received 19.42 citations, which shows a high level of interest and impact.
4.2 Analysis of publications
In this Section we will present the analysis of the content of publications that have developed solutions for data breach mitigation in healthcare.
4.2.1 Data breach mitigation solutions in healthcare
As presented in Fig. 3, various solutions were developed across different healthcare fields for data protection. The area of electronic health records protection has been rising in the last few years, being incorporated into 51 solutions altogether. Moreover, data storage for various data types (e.g. health insurance, medical image sharing) has been researched more in the last few years, and was presented in 44 solutions. Access control was implemented in 17 solutions, while personal health records were addressed in 7 solutions.
Distribution of solutions developed by year and field
Regarding privacy or security, our findings indicate that 50 solutions addressed the users’ data privacy, and 82 focused on data security. Interestingly, one-third of all papers addressed both aspects. Out of all publications, 21 were developed specifically for the cloud, 11 for IoT, and the remainder did not specify any platform.
In terms of the contribution of the publication, Fig. 4 reveals that the majority of contributions were frameworks (36), followed by architecture (32), algorithms or protocols (28), and the development of models appeared in 8 publications. Six publications contributed to two of the four available contributions. More frameworks, architecture and algorithms have been developed in recent years.
Overview of publication contributions
In Fig. 5, the technologies used most frequently in the solutions were Blockchain (45 solutions), AI or encryption (15 solutions each), and methods (7 solutions). An additional 28 solutions used technologies that did not fit under the previously mentioned categories. Notably, Blockchain has already been used in solutions since 2018, and AI methods began appearing in 2019, with both seeing increased use in recent years. Methods were typically theoretical solutions proposing models without technical implementation.
Technologies used in publications over time
Figure 6 outlines how the contributions were verified or evaluated. Comparisons to other models, algorithms, or similar approaches were utilised in 50 publications. Meanwhile, 12 used other methods, such as testing the results on various datasets, or validating the solution using developed validation tools. A notable gap in verification was observed in model contributions, because they were typically not technically implemented, and in framework contributions, which, in some cases, also lacked implementation.
Contributions and verification methods
4.2.2 Encryption and hash functions in the proposed solutions
Regarding data encryption, 81% of papers mentioned its use, whether symmetric or asymmetric, or not classified under any of the categories as presented in Table 2. There were 21 solutions with asymmetric encryption; the most common encryption was Elliptic-curve cryptography, used in 7 papers, followed by homomorphic encryption (6 papers), RSA algorithm (4 papers), and identity-based encryption (2 papers). Symmetric encryption was used in 20 solutions, with AES being the encryption method in 13 papers. In 44 publications, encryption was mentioned but could not be categorised as either asymmetric or symmetric. In 21 publications, the authors did not mention encryption.
Hash functions were implemented in 56 solutions, out of which the most common algorithms used were SHA256 in 8 cases, SHA1 in 4 cases, and SHA512 was used in 1 case. SHA1 was used in 3 solutions from 2016 and one from 2020, while SHA256 algorithms were used from 2020 on. In 43 solutions, hash functions were used, but remained unclassified. In the remaining 43 publications, hash functions were not mentioned.
4.2.3 Mitigation of attacks
Table 3 presents the types of attacks addressed by the reviewed solutions, based on classifications from the literature on trends in data breaches [3, 34]. The most common mitigation was for hacking or malicious attacks, addressed in 15 publications. Following, mitigation strategies for man-in-the-middle attacks were formed in 9 publications, while unauthorised access was mitigated in 12 publications. In 5 publications, there was mitigation of impersonation attack, and in 4 publications mitigation of insider threat. Loss or theft of the device was dealt with in a publication. It is noteworthy that a significant portion, two-thirds of the reviewed papers, did not specify the attacks targeted by their proposed solutions.
In the context of technological solutions employed against these attack types, Fig. 7 outlines the technologies adopted in the mitigative approaches. For this analysis, we excluded 66 publications with undefined attack mitigation strategies. Blockchain technology stood out as a versatile defence, proposed across all categories of cyberattacks. Secondly, technological solutions focusing only on encryption were used for countering hacking / malicious attacks, impersonation attacks and man-in-the-middle attacks. Furthermore, AI technologies were implemented to mitigate hacking / malicious attacks and impersonation attacks.
Technological responses to various attack types
5 Discussion
In this section, we will present the trends in the intersection of healthcare and data breaches by answering the research questions.
5.1 RQ1: How have the solutions for data breach mitigation in healthcare evolved over time?
Our comprehensive review of the last decade shows a consistent and marked growth in the research devoted to the development of solutions for data breach mitigation within the healthcare sector. In the first years there were up to 5 publications on this topic; however, the landscape began to shift, starting in 2019, also presented in Fig. 2. This interest has focused mainly on the protection of EHRs and the protection of data storage capacity as well as improving the access control systems and security of PHRs as outlined in Fig. 3.
The proposals often included technological interventions with developed frameworks, architecture, or algorithms/protocols. The development of models has been relatively infrequent, since these papers typically involve mainly theoretical methods that could be used for the future practical implementation. The most frequently used contribution of publications were frameworks. In Fig. 5 we have presented the technologies used through time for the selected proposals, and we can see a significant rise in Blockchain and AI technologies in recent years. The selected solutions include these technologies to mitigate the attacks, and are novel technologies in the healthcare sector [36].
These advancements reflect a proactive response to the evolution of cyberthreats in healthcare information systems, but nonetheless this field needs an even clearer direction and more technologically advanced solutions to cope with the increasing frequency of attacks.
5.2 RQ2: How have the proposed solutions addressed data breach mitigation in healthcare?
The scope of the proposed solutions reveals a multifaceted approach to confront data breaches namely integrating frameworks, architecture, algorithms / protocols, and theoretical models, as shown in Fig. 4. The technologies used encompass Blockchain, AI, encryption methods, other non-technical methods and other technologies, as presented in Fig. 5. Most importantly, these solutions are to mitigate different attacks, with a comprehensive breakdown provided in Table 3.
Emerging trends point to a shift towards addressing hacking / malicious attacks’ and unauthorised access incidents, which was similarly found in prior research [34]. Improper disposal of hard drives, or loss and theft of physical devices is not as common any more, since more attacks happen from distant locations or from insiders. These attacks were mitigated by using different technologies, as presented in Fig. 7. Blockchain technologies, in particular, were an answer for each of the mentioned attacks, offering novel defence mechanisms in the research, especially when it comes to secure data storage and sharing, and this is very important in the healthcare field. Further, the solutions used encryption and hashing while storing data in the proposed solutions, as presented in Table 2. The reviewed solutions apply various technologies, in particular Blockchain and AI, to address data breach mitigation in healthcare.
5.3 RQ3: What are the trends in technologies used for data breach mitigation solutions in healthcare?
Notably, Blockchain technology has become a major player because of its reliable data security capabilities. The adoption of Blockchain has been used since 2018, and the number of proposals with Blockchain is increasing annually as shown in Fig. 5. Similarly, AI was first used in 2019 for a proposal, and has risen annually. Some proposals only included encryption methods, and those have somehow maintained a constant flow through the years.
In recent years, most proposals have been creating frameworks, architecture or algorithms / protocols as presented in Fig. 4. Evaluation methods, as presented in Fig. 6, involve predominantly comparisons to existing methods or frameworks to evaluate their technical solutions, although some papers also used other types of verification. Further on, as presented in Table 2, most proposals included some form of encryption; in 21 cases, it was asymmetric encryption, and in some it was symmetric encryption, where the AES algorithm was the leading algorithm. As for the hash functions, 56% of solutions used them, and, in most cases where it was possible to identify the hash functions, they used SHA 256being the preferred algorithm since 2020, while the older SHA1 algorithm has not been used in the last three years.
6 Conclusion
Digital transformation in healthcare has improved patient care but also increased the vulnerability of sensitive data to cyberattacks. The sensitive nature of healthcare data therefore requires stringent protection measures, as well as cybersecurity strategies to avoid the sophisticated tactics used by malicious actors. Research highlights the urgent need for training hospital employees and that collaboration with experts is necessary to reduce breaches [1, 37]. Our comprehensive analysis of 99 research papers revealed the evolution of mechanisms to mitigate data breach attacks’ over the past decade, focusing on the protection of electronic health records, data storage, access control and personal health records. The solutions examined ranged from frameworks and architecture to algorithms / protocols and models, and reflected the efforts of the research community to develop innovative strategies to protect healthcare data. Particularly noteworthy are the roles of Blockchain technologies and AI which are key to addressing healthcare data security. In addition, cryptography is essential in securing the data, and is also needed because of the legislative requirements. The predominant use of encryption methods and hash functions in the reviewed solutions is in line with the recommendations from previous studies [38].
The nature of threats addressed by the solutions includes mainly hacking or malicious attacks, followed by unauthorised access and insider threats, which is also in line with the findings of Lee, who used a text mining approach to find insider threats in the healthcare industry, and found that theft of devices and employee negligence were among the top reasons for threats [39]. To mitigate data breach attacks, careful planning, timely implementation of solutions and tracking attack trends are crucial, and systems should be updated regularly.
In conclusion, this paper provides an overview of the current state of solutions to mitigate data breach attacks and also serves as a valuable resource for stakeholders in Healthcare 4.0. In addition, the research identifies several gaps that also point to future research directions, ranging from the full adaptation and integration of Blockchain and AI technologies, to the development and implementation of specific cybersecurity training programmes for healthcare employees. There is also a noticeable gap in aligning cybersecurity solutions with regulatory requirements. Addressing these gaps could increase the resilience of healthcare systems to cyberattacks significantly, and ensure the protection of sensitive healthcare information. The widespread use of IoMT devices and the increasing shift towards cloud storage bring additional threats to the system integrity and patient privacy, hence, future research should also emphasise IoT and cloud security. In addition, patient access to their personal health data introduces complex security considerations, and highlights the need for robust access control measures. Nonetheless, advances in quantum computing, could make many encryption methods vulnerable, so more research on reliable encryption is also crucial in future research.
Data availability
No datasets were generated or analysed during the current study.
References
Wasserman, L., Wasserman, Y.: Hospital cybersecurity risks and gaps: Review (for the non-cyber professional), (in eng). Front. Digit. Health. 4, 862221 (2022). https://doi.org/10.3389/fdgth.2022.862221
Threat Landscape 19/10/2023 2023. Accessed: 14/3/2024. [Online]. Available: (2023). https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
Seh, A.H., et al.: Healthcare Data Breaches: Insights and Implications, (in eng), Healthcare (Basel), vol. 8, no. 2, May 13 (2020). https://doi.org/10.3390/healthcare8020133
Nifakos, S., et al.: Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review, (in eng), Sensors (Basel), vol. 21, no. 15, Jul 28 (2021). https://doi.org/10.3390/s21155119
Health Threat Landscape, 5/7/2023 2023. Accessed: 7/3/2024. [Online]. Available: https://www.enisa.europa.eu/publications/health-threat-landscape
Kruse, C.S., Frederick, B., Jacobson, T., Monticone, D.K.: Cybersecurity in healthcare: A systematic review of modern threats and trends, (in eng), Technol Health Care, vol. 25, no. 1, pp. 1–10, (2017). https://doi.org/10.3233/thc-161263
Suryotrisongko, H., Musashi, Y.: Review of Cybersecurity Research Topics, Taxonomy and Challenges: Interdisciplinary Perspective, in IEEE 12th Conference on Service-Oriented Computing and Applications (SOCA), 18–21 Nov. 2019 2019, pp. 162–167, (2019). https://doi.org/10.1109/SOCA.2019.00031
Martínez, A.L., Pérez, M.G., Ruiz-Martínez, A.: A Comprehensive Review of the state-of-the-art on security and privacy issues in Healthcare. ACM Comput. Surv. 55(12) (2023). https://doi.org/10.1145/3571156
He, Y., Aliyu, A., Evans, M., Luo, C.: Health Care Cybersecurity challenges and solutions under the climate of COVID-19: Scoping review, (in eng). J. Med. Internet Res. 23(4), e21747 (Apr 20 2021). https://doi.org/10.2196/21747
Data protection: Commission adopts new rules to ensure stronger enforcement of the GDPR in cross-border cases European Comission. (2024). https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3609 (accessed 12
Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive): European Comission. https://digital-strategy.ec.europa.eu/en/policies/nis2-directive (2024). accessed 12 March
Health Information Privacy. U.S: Department of health and human services. (2024). https://www.hhs.gov/hipaa/index.html (accessed 12
Sendelj, R., Ognjanovic, I.: Cybersecurity Challenges in Healthcare, (in eng), Stud Health Technol Inform, vol. 300, pp. 190–202, Oct 26 (2022). https://doi.org/10.3233/shti220951
Sardi, A., Rizzi, A., Sorano, E., Guerrieri, A.: Cyber Risk in Health Facilities: A Systematic Literature Review, Sustainability, vol. 12, no. 17, (2020). https://doi.org/10.3390/su12177002
Tin, D., Hata, R., Granholm, F., Ciottone, R.G., Staynings, R., Ciottone, G.R.: Cyberthreats: A primer for healthcare professionals, (in eng). Am. J. Emerg. Med. 68, 179–185 (Jun 2023). https://doi.org/10.1016/j.ajem.2023.04.001
Gabriel, M.H., Noblin, A., Rutherford, A., Walden, A., Cortelyou-Ward, K.: Data breach locations, types, and associated characteristics among US hospitals, (in eng). Am. J. Manag Care. 24(2), 78–84 (Feb 2018)
Porter, S.: March. Cyberattack on Czech hospital forces tech shutdown during coronavirus outbreak Healthcare IT News. (2024). https://www.healthcareitnews.com/news/emea/cyberattack-czech-hospital-forces-tech-shutdown-during-coronavirus-outbreak (accessed 12
Benninghoff, G.: March,. Malware on employee’s company computer led to cyber attack on UVM Medical Center VT digger. (2024). https://vtdigger.org/2021/07/21/malware-on-employees-company-computer-led-to-cyber-attack-on-uvm-medical-center/ (accessed 12
Stubbs, J., Bing, C.: Exclusive: Iran-linked hackers recently targeted coronavirus drugmaker Gilead - sources. Reuters. https://www.reuters.com/article/us-healthcare-coronavirus-gilead-iran-ex-idUSKBN22K2EV (accessed 12 March 2024)
Hathaliya, J.J., Tanwar, S.: An exhaustive survey on security and privacy issues in Healthcare 4.0. Comput. Commun. 153, 311–335 (2020). https://doi.org/10.1016/j.comcom.2020.02.018 03/01/ 2020, doi
Cartwright, A.J.: The elephant in the room: cybersecurity in healthcare, Journal of Clinical Monitoring and Computing, 2023/04/24 2023, https://doi.org/10.1007/s10877-023-01013-5
Cowie, M.R., et al.: Electronic health records to facilitate clinical research. Clin. Res. Cardiol., 106, 1, pp. 1–9, 2017/01/01 2017, https://doi.org/10.1007/s00392-016-1025-6
Hoerbst, A., Kohl, C.D., Knaup, P., Ammenwerth, E.: Attitudes and behaviors related to the introduction of electronic health records among Austrian and German citizens, (in English). Int. J. Med. Inf. 79(2), 81–89 (Feb 2010). https://doi.org/10.1016/j.ijmedinf.2009.11.002
Hölbl, M., Kompara, M., Kamišalić, A., Nemec Zlatolas, L.: A Systematic Review of the Use of Blockchain in Healthcare, Symmetry, vol. 10, no. 10, p. 470, [Online]. Available: (2018). https://www.mdpi.com/2073-8994/10/10/470
Farook, C.: Blockchain & Machine learning Based Secure Personal Medical Record Storage and Sharing Platform - DataBlock, in 4th International Conference on Information Technology Research (ICITR), 10–13 Dec. 2019 2019, pp. 1–6, (2019). https://doi.org/10.1109/ICITR49409.2019.9407796
Raheman, F.: The Future of Cybersecurity in the Age of Quantum Computers, Future Internet, vol. 14, no. 11, p. 335, [Online]. Available: (2022). https://www.mdpi.com/1999-5903/14/11/335
Imam, R., Areeb, Q.M., Alturki, A., Anwer, F.: Systematic and critical review of RSA Based Public Key Cryptographic schemes: Past and Present Status. IEEE Access. 9, 155949–155976 (2021). https://doi.org/10.1109/ACCESS.2021.3129224
Munjal, K., Bhatia, R.: A systematic review of homomorphic encryption and its contributions in healthcare industry. Complex. Intell. Syst., 9, 4, pp. 3759–3786, 2023/08/01 2023, https://doi.org/10.1007/s40747-022-00756-z
Almuflih, A.S., Popat, K., Kapdia, V.V., Qureshi, M.R.N.M., Almakayeel, N., Mamlook, R.E.A.: Efficient Key Exchange Using Identity-Based Encryption in Multipath TCP Environment, Applied Sciences, vol. 12, no. 15, p. 7575, [Online]. Available: (2022). https://www.mdpi.com/2076-3417/12/15/7575
Ghoshal, S., Bandyopadhyay, P., Roy, S., Baneree, M.: A Journey from MD5 to SHA-3, Singapore, 2020: Springer Singapore, in Trends in Communication, Cloud, and Big Data, pp. 107–112
Aljuraid, R., Justinia, T.: Classification of challenges and threats in Healthcare Cybersecurity: A systematic review, (in eng). Stud. Health Technol. Inf. 295, 362–365 (Jun 29 2022). https://doi.org/10.3233/shti220739
Khanijahani, A., Iezadi, S., Agoglia, S., Barber, S., Cox, C., Olivo, N.: Factors Associated with Information Breach in Healthcare Facilities: A Systematic Literature Review, (in eng), J Med Syst, vol. 46, no. 12, p. 90, Nov 2 (2022). https://doi.org/10.1007/s10916-022-01877-1
Page, M.J., et al.: The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. PLoS Med. 18(3), e1003583 (2021). https://doi.org/10.1371/journal.pmed.1003583
Mezher, M., Hellmuth, N., Ibrahim, A.: Secure Health Information Exchange (S-HIE) Protocol with Reduced Round-Trip Count, in IEEE 9th International Conference on Healthcare Informatics (ICHI), 9–12 Aug. 2021 2021, pp. 280–288, (2021). https://doi.org/10.1109/ICHI52183.2021.00051
Dagher, G.G., Mohler, J., Milojkovic, M., Marella, P.B.: Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustainable Cities Soc., 39, pp. 283–297, 2018/05/01/ 2018, doi: https://doi.org/10.1016/j.scs.2018.02.014
Tagde, P., et al.: Blockchain and artificial intelligence technology in e-Health. Environ. Sci. Pollut. Res., 28, 38, pp. 52810–52831, 2021/10/01 2021, https://doi.org/10.1007/s11356-021-16223-0
Garcia-Perez, A., Cegarra-Navarro, J.G., Sallos, M.P., Martinez-Caro, E., Chinnaswamy, A.: Resilience in healthcare systems: Cyber security and digital transformation, Technovation, vol. 121, p. 102583, 2023/03/01/ 2023, https://doi.org/10.1016/j.technovation.2022.102583
Hussien, H.M., Yasin, S.M., Udzir, N.I., Ninggal, M.I.H., Salman, S.: Blockchain technology in the healthcare industry: Trends and opportunities. J. Industrial Inform. Integr., 22, p. 100217, 2021/06/01/ 2021, doi: https://doi.org/10.1016/j.jii.2021.100217
Lee, I.: Analysis of Insider Threats in the Healthcare Industry: A Text Mining Approach, Information, vol. 13, no. 9, p. 404, [Online]. Available: (2022). https://www.mdpi.com/2078-2489/13/9/404
Bamiah, M.A., Brohi, S.N., Chuprat, S., Ab Manan, J.L.: Trusted cloud computing framework for healthcare sector. J. Comput. Sci. Article vol. 10(3), 240–250 (2014). https://doi.org/10.3844/jcssp.2014.240.250
Tu, M., Spoa-Harty, K., Xiao, L.: Data loss prevention management and control: Inside activity incident monitoring, identification, and tracking in healthcare enterprise environments. J. Digit. Forensics Secur. Law. 10(1), 3 (2015)
Khan, M.F.F., Sakamura, K.: A patient-centric approach to delegation of access rights in healthcare information systems, in International Conference on Engineering & MIS (ICEMIS), 22–24 Sept. 2016 2016, pp. 1–6, (2016). https://doi.org/10.1109/ICEMIS.2016.7745308
Khan, M.F.F., Sakamura, K.: A secure and flexible e-health access control system with provisions for emergency access overrides and delegation of access privileges, in 18th International Conference on Advanced Communication Technology (ICACT), 2016: IEEE, pp. 541–546. (2016)
Luca, G.D., Brattstrom, M., Morreale, P.: Designing a secure e-health network system, in Annual IEEE Systems Conference (SysCon), 18–21 April 2016 2016, pp. 1–5, (2016). https://doi.org/10.1109/SYSCON.2016.7490528
Gheorghe, G., Asghar, M.R., Lancrenon, J., Ghatpande, S.: SPARER: Secure Cloud-Proof Storage for e-Health Scenarios, in 11th International Conference on Availability, Reliability and Security (ARES), 31 Aug.-2 Sept. 2016 2016, pp. 444–453, (2016). https://doi.org/10.1109/ARES.2016.14
Joshi, M., Joshi, K., Finin, T.: Attribute Based Encryption for Secure Access to Cloud Based EHR Systems, in IEEE 11th International Conference on Cloud Computing (CLOUD), 2–7 July 2018 2018, pp. 932–935, (2018). https://doi.org/10.1109/CLOUD.2018.00139
Sreeja, C.S., Misbahuddin, M., Bindhumadhava, B.S.: DNA based Cryptography to Improve Usability of Authenticated Access of Electronic Health Records. In: Ubiquitous Communications and Network Computing. UBICNET 2017. Ubiquitous Communications and Network Computing, pp. 208–219. Springer International Publishing (2018)
Almulhim, M., Zaman, N.: Proposing secure and lightweight authentication scheme for IoT based E-health applications, in 20th International Conference on Advanced Communication Technology (ICACT), 11–14 Feb. 2018 2018, pp. 481–487, (2018). https://doi.org/10.23919/ICACT.2018.8323802
Fernandes, A.M., Pai, A., Colaco, L.M.M.: Secure SDLC for IoT Based Health Monitor, in Second International Conference on Electronics, Communication and Aerospace Technology (ICECA), 29–31 March 2018 2018, pp. 1236–1241, (2018). https://doi.org/10.1109/ICECA.2018.8474668
Elizabeth, M., Jobin, J., Dona, J.: A fog based security model for electronic medical records in the cloud database. Int. J. Innovative Technol. Exploring Eng. 8, 2552–2560 (2019)
Adlam, R., Haskins, B.: A Permissioned Blockchain Approach to the Authorization Process in Electronic Health Records, in 2019 International Multidisciplinary Information Technology and Engineering Conference (IMITEC), 21–22 Nov. 2019 2019, pp. 1–8, https://doi.org/10.1109/IMITEC45504.2019.9015927
Misra, M.K., Chaturvedi, A., Tripathi, S.P., Shukla, V.: A unique key sharing protocol among three users using non-commutative group for electronic health record system. J. Discrete Math. Sci. Crypt., 22, 8, pp. 1435–1451, 2019/11/17 2019, https://doi.org/10.1080/09720529.2019.1692450
Yin, X.C., Liu, Z.G., Ndibanje, B., Nkenyereye, L., Riazul Islam, S.M.: An IoT-Based Anonymous Function for Security and Privacy in Healthcare Sensor Networks, Sensors, vol. 19, no. 14, p. 3146, [Online]. Available: (2019). https://www.mdpi.com/1424-8220/19/14/3146
Ighravwe, D.E., Mashao, D.: Development of a Differential Evolution-based Fuzzy Cognitive Maps for Data Breach in Health-care Sector Fuzzy Cognitive Maps for Data Breach, in 2019 IEEE AFRICON, 25–27 Sept. pp. 1–5, (2019). 2019 https://doi.org/10.1109/AFRICON46755.2019.9134010
Kendzierskyj, S., Jahankhani, H.: Healthcare Patient and Clinical Research, in Blockchain and Clinical Trial: Securing Patient Data, H. Jahankhani, S. Kendzierskyj, A. Jamal, G. Epiphaniou, and H. Al-Khateeb Eds. Cham: Springer International Publishing, pp. 53–88. (2019)
Raisaro, J.L., et al.: MedCo: Enabling secure and privacy-preserving exploration of distributed clinical and genomic. IEEE/ACM Trans. Comput. Biol. Bioinf. 16(4), 1328–1341 (2019). https://doi.org/10.1109/TCBB.2018.2854776 Data
Tao, H., Bhuiyan, M.Z.A., Abdalla, A.N., Hassan, M.M., Zain, J.M., Hayajneh, T.: Secured data Collection with Hardware-based ciphers for IoT-Based Healthcare. IEEE Internet Things J. 6(1), 410–420 (2019). https://doi.org/10.1109/JIOT.2018.2854714
Hashim, M.M., Taha, M.S., Aman, A.H.M., Hashim, A.H.A., Rahim, M.S.M., Islam, S.: Securing Medical Data Transmission Systems Based on Integrating Algorithm of Encryption and Steganography, in 7th International Conference on Mechatronics Engineering (ICOM), 30–31 Oct. 2019 2019, pp. 1–6, (2019). https://doi.org/10.1109/ICOM47790.2019.8952061
Farzana, S., Islam, S.: Symmetric key-based patient controlled secured electronic health record management protocol. J. High. Speed Networks. 25, 221–237 (2019). https://doi.org/10.3233/JHS-190613
Algarni, A., Ahmad, M., Attaallah, A., Agrawal, A., Kumar, R., Khan, R.A.: A fuzzy multi-objective covering-based security quantification model for mitigating risk of web based medical image processing system. Int. J. Adv. Comput. Sci. Appl., 11, 1, (2020)
Okikiola, F.M., Mustapha, A.M., Akinsola, A.F., Sokunbi, M.A.: A New Framework for Detecting Insider Attacks in Cloud-Based E-Health Care System, in International Conference in Mathematics, Computer Engineering and Computer Science (ICMCECS), 18–21 March 2020 2020, pp. 1–6, (2020). https://doi.org/10.1109/ICMCECS47690.2020.240889
Adlam, R., Haskins, B.: A permissioned blockchain approach to electronic health record audit logs, presented at the Proceedings of the 2nd International Conference on Intelligent and Innovative Computing Applications, Plaine Magnien, Mauritius, 2020. [Online]. Available: https://doi.org/10.1145/3415088.3415118
Arunkumar, B., Kousalya, G.: Blockchain-Based Decentralized and Secure Lightweight E-Health System for Electronic Health Records, in Advances in Intelligent Systems and Computing, Singapore, 2020: Springer Singapore, in Intelligent Systems, Technologies and Applications, pp. 273–289
Sharma, B., Halder, R., Singh, J.: Blockchain-based Interoperable Healthcare using Zero-Knowledge Proofs and Proxy Re-Encryption, in International Conference on COMmunication Systems & NETworkS (COMSNETS), 7–11 Jan. 2020 2020, pp. 1–6, (2020). https://doi.org/10.1109/COMSNETS48256.2020.9027413
Purkayastha, S., Goyal, S., Phillips, T., Wu, H., Haakenson, B., Zou, X.: Continuous Security through Integration Testing in an Electronic Health Records System, in 2020 International Conference on Software Security and Assurance (ICSSA), 28–30 Oct. 2020 2020, pp. 26–31, https://doi.org/10.1109/ICSSA51305.2020.00012
Mallissery, S., et al.: Data Leakage Detection for Health Information System based on Memory Introspection, presented at the Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan, 2020. [Online]. Available: https://doi.org/10.1145/3320269.3405437
Abugabah, A., Nizamuddin, N., Alzubi, A.A.: Decentralized Telemedicine Framework for a Smart Healthcare Ecosystem. IEEE Access. 8, 166575–166588 (2020). https://doi.org/10.1109/ACCESS.2020.3021823
Mukherji, A., Ganguli, N.: Efficient and Scalable Electronic Health Record Management using Permissioned Blockchain Technology, in 4th International Conference on Electronics, Materials Engineering & Nano-Technology (IEMENTech), 2–4 Oct. 2020 2020, pp. 1–6, (2020). https://doi.org/10.1109/IEMENTech51367.2020.9270106
Palani, U., Mahesh, S.S., Vasanthi, D., Kumar, D.S.: Ethereum blockchain based healthcare Industry ecosystem, in 7th International Conference on Smart Structures and Systems (ICSSS), 23–24 July 2020 2020, pp. 1–5, (2020). https://doi.org/10.1109/ICSSS49621.2020.9202232
Kumar, U., Pathak, R.K., Kumar, A.: Handling Secure Healthcare Data Streaming using R2E Algorithm, in 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC), 2–4 July 2020 2020, pp. 732–737, https://doi.org/10.1109/ICESC48915.2020.9156006
Vyas, J.D., Han, M., Li, L., Pouriyeh, S., He, J.S.: Integrating Blockchain Technology into Healthcare, presented at the Proceedings of the 2020 ACM Southeast Conference, Tampa, FL, USA, 2020. [Online]. Available: https://doi.org/10.1145/3374135.3385280
Zalloum, M., Alamleh, H.: Privacy Preserving Architecture for Healthcare Information Systems, in 2020 IEEE International Conference on Communication, Networks and Satellite (Comnetsat), 17–18 Dec. 2020 2020, pp. 429–432, https://doi.org/10.1109/Comnetsat50391.2020.9328985
Sultana, M., Hossain, A., Laila, F., Taher, K.A., Islam, M.N.: Towards developing a secure medical image sharing system based on zero trust principles and blockchain technology. BMC Med. Inf. Decis. Mak., 20, 1, p. 256, 2020/10/07 2020, https://doi.org/10.1186/s12911-020-01275-y
Harnal, S., Chauhan, R.: Towards secure, flexible and efficient role based hospital’s cloud management system: Case study. EAI Endorsed Trans. Pervasive Health Technol., 6, 23, (2020)
Priyadarshini, I., et al.: A new enhanced cyber security framework for medical cyber physical systems. SICS Software-Intensive Cyber-Physical Syst., 35, 3, pp. 159–183, 2021/12/01 2021, https://doi.org/10.1007/s00450-021-00427-3
Mahima, K.T.Y., Ginige, T.N.D.S.: A Secured Healthcare System Using Blockchain and Graph Theory, presented at the Proceedings of the 2020 4th International Symposium on Computer Science and Intelligent Control, Newcastle upon Tyne, United Kingdom, 2021. [Online]. Available: https://doi.org/10.1145/3440084.3441217
Gull, S., Mansour, R.F., Aljehane, N.O., Parah, S.A.: A self-embedding technique for tamper detection and localization of medical images for smart-health. Multimedia Tools Appl., 80, 19, pp. 29939–29964, 2021/08/01 2021, https://doi.org/10.1007/s11042-021-11170-x
Saharan, R., Prasad, R.: Blockchain Technology for Healthcare Data, in Rising Threats in Expert Applications and Solutions, Singapore: Springer Singapore, in Rising Threats in Expert Applications and Solutions, pp. 671–677. [Online]. Available: https://link.springer.com/chapter/10.1007/978-981-15-6014-9_81. [Online]. Available: https://link.springer.com/chapter/ (2021). https://doi.org/10.1007/978-981-15-6014-9_81
Naresh, V.S., Reddi, S., Allavarpu, V.V.L.D.: Blockchain-based patient centric health care communication system. Int. J. Commun Syst, https://doi.org/10.1002/dac.474934, 7, p. e4749, 2021/05/10 2021, doi: https://doi.org/10.1002/dac.4749
Chandol, M.K., Rao, M.K.: Border Collie Cat optimization for intrusion detection system in Healthcare IoT Network using deep recurrent neural network. Comput. J. 65(12), 3181–3198 (2021). https://doi.org/10.1093/comjnl/bxab136
Shakor, M.Y., Surameery, N.M.S.: Built-in Encrypted Health Cloud Environment for Sharing COVID-19 Data, in 3rd International Conference on Computer Communication and the Internet (ICCCI), 25–27 June 2021 2021, pp. 96–101, (2021). https://doi.org/10.1109/ICCCI51764.2021.9486774
Grishin, D., et al.: Citizen-centered, auditable and privacy-preserving population genomics. Nat. Comput. Sci., 1, 3, pp. 192–198, 2021/03/01 2021, https://doi.org/10.1038/s43588-021-00044-9
Joshi, M., Joshi, K.P., Finin, T.: Delegated Authorization Framework for EHR services using attribute-based encryption. IEEE Trans. Serv. Comput. 14(6), 1612–1623 (2021). https://doi.org/10.1109/TSC.2019.2917438
Reno, S., Chowdhury, S.S.R.A.: Hyperledger Based Private Blockchain Technology in Pharmaceutical Manufacturing Industry for Preventing Substandard Drug Production, in International Conference on Smart Generation Computing, Communication and Networking (SMART GENCON), 29–30 Oct. 2021 2021, pp. 1–8, (2021). https://doi.org/10.1109/SMARTGENCON51891.2021.9645869
Seh, A.-H., Al-Amri, J.-F., Subahi, A.-F., Agrawal, A., Kumar, R., Khan, R.-A.: Machine Learning Based Framework for Maintaining Privacy of Healthcare Data, Intelligent Automation \& Soft Computing, vol. 29, no. 3, pp. 697–712, [Online]. Available: (2021). http://www.techscience.com/iasc/v29n3/43042
Krall, A., Finke, D., Yang, H.: Mosaic privacy-preserving mechanisms for Healthcare Analytics. IEEE J. Biomedical Health Inf. 25, 2184–2192 (2021). https://doi.org/10.1109/JBHI.2020.3036422
Akashe, V., Neupane, R.L., Alarcon, M.L., Wang, S., Calyam, P.: Network-based Active Defense for Securing Cloud-based Healthcare Data Processing Pipelines, in International Conference on Computer Communications and Networks (ICCCN), 19–22 July 2021 2021, pp. 1–9, (2021). https://doi.org/10.1109/ICCCN52240.2021.9522267
Kasyap, H., Tripathy, S.: Privacy-preserving Decentralized Learning Framework for Healthcare System, ACM Trans. Multimedia Comput. Commun. Appl, vol. 17, no. 2s, p. Article 68, (2021). https://doi.org/10.1145/3426474
Reis, L.H.A., Oliveira, M.T., Mattos, D.M.F., Olabarriaga, S.D.: Private Data Sharing in a Secure Cloud-based Application for Acute Stroke Care, in 2021 IEEE 34th International Symposium on Computer-Based Medical Systems (CBMS), 7–9 June 2021 2021, pp. 568–573, https://doi.org/10.1109/CBMS52027.2021.00039
Mahdy, M.M.: Semi-Centralized Blockchain Based Distributed System for Secure and Private Sharing of Electronic Health Records, in International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE), 26 Feb.-1 March 2021 2021, pp. 1–4, (2020). https://doi.org/10.1109/ICCCEEE49695.2021.9429554
Janith, K., Iddagoda, R., Gunawardena, C., Sankalpa, K., Abeywardena, K.Y., Yapa, K.: SentinelPlus: A Cost-Effective Cyber Security Solution for Healthcare Organizations, in 3rd International Conference on Advancements in Computing (ICAC), 9–11 Dec. 2021 2021, pp. 359–364, (2021). https://doi.org/10.1109/ICAC54203.2021.9670892
Faruk, M.J.H., Shahriar, H., Valero, M., Sneha, S., Ahamed, S.I., Rahman, M.: Towards Blockchain-Based Secure Data Management for Remote Patient Monitoring, in IEEE International Conference on Digital Health (ICDH), 5–10 Sept. 2021 2021, pp. 299–308, (2021). https://doi.org/10.1109/ICDH52753.2021.00054
Barman, S., Chattopadhyay, S., Samanta, D., Barman, S.: A blockchain-based approach to secure electronic health records using fuzzy commitment scheme. Secur. Priv. 5(4), e231 (2022). https://doi.org/10.1002/spy2.231
Kaur, J., Rani, R., Kalra, N.: A Blockchain-based Framework for Privacy Preservation of Electronic Health Records (EHRs), Transactions on Emerging Telecommunications Technologies, https://doi.org/10.1002/ett.4507 vol. 33, no. 9, p. e4507, 2022/09/01 2022, doi: https://doi.org/10.1002/ett.4507
Mahamud, S., Alvi, S.T.: A Framework for Covid-19 Vaccine Management System Using Blockchain Technology, in 4th International Conference on Recent Trends in Computer Science and Technology (ICRTCST), 11–12 Feb. 2022 2022, pp. 417–422, (2021). https://doi.org/10.1109/ICRTCST54752.2022.9781924
Bharathi, V., Vinoth Kumar, C.N.S.: A real time health care cyber attack detection using ensemble classifier. Comput. Electr. Eng., 101, p. 108043, 2022/07/01/ 2022, doi: https://doi.org/10.1016/j.compeleceng.2022.108043
Maathavan, K.-S.-K., Venkatraman, S., A Secure Encrypted Classified Electronic Healthcare Data for Public Cloud Environment:, Intelligent Automation \& Soft Computing, vol. 32, no. 2, pp. 765–779, [Online]. Available: (2022). http://www.techscience.com/iasc/v32n2/45604
Pilares, I.C.A., Azam, S., Akbulut, S., Jonkman, M., Shanmugam, B.: Addressing the Challenges of Electronic Health Records Using Blockchain and IPFS, Sensors, vol. 22, no. 11, p. 4032, [Online]. Available: (2022). https://www.mdpi.com/1424-8220/22/11/4032
Yadav, K., Alharbi, A., Jain, A., Ramadan, R.-A.: An IoT Based Secure Patient Health Monitoring System, Computers, Materials \& Continua, vol. 70, no. 2, pp. 3637–3652, [Online]. Available: (2022). http://www.techscience.com/cmc/v70n2/44716
Akter, S., Reza, F., Ahmed, M.: Convergence of Blockchain, k-medoids and homomorphic encryption for privacy preserving biomedical data classification. Internet Things Cyber-Physical Syst., 2, pp. 99–110,2022/01/01/ 2022, doi: https://doi.org/10.1016/j.iotcps.2022.05.006
Puranik, A., Akkihal, A.V., Honnavalli, P.B., Eswaran, S.: CoreMedi: Secure Medical Records Sharing Using Blockchain Technology, in 2022 International Conference on Data Analytics for Business and Industry (ICDABI), 25–26 Oct. pp. 33–37, (2022). 2022 https://doi.org/10.1109/ICDABI56818.2022.10041522
Khalifeh, S., Georgi, J., Shakhatreh, S.: Design and Implementation of a Steganography-based System that Provides Protection for Breast Cancer Patient’s Data, in 56th Annual Conference on Information Sciences and Systems (CISS), 9–11 March 2022 2022, pp. 19–24, (2022). https://doi.org/10.1109/CISS53076.2022.9751183
Lakshmi, C., Jayarin, P.J.: Design and implementation of the reconfigurable area and power-efficient steganography for Medical Information’s in MIMO-OFDM Channel Coding. Wireless Pers. Commun., 124, 3, pp. 2271–2298, 2022/06/01 2022, https://doi.org/10.1007/s11277-022-09464-w
Saidi, H., Labraoui, N., Ari, A.A.A., Maglaras, L.A., Emati, J.H.M.: DSMAC: Privacy-Aware Decentralized Self-Management of Data Access Control Based on Blockchain for Health Data, IEEE Access, vol. 10, pp. 101011–101028, (2022). https://doi.org/10.1109/ACCESS.2022.3207803
Sawalka, S., Lahiri, A., Saveetha, D.: EthInsurance: A Blockchain based alternative approach for Health Insurance Claim, in International Conference on Computer Communication and Informatics (ICCCI), 25–27 Jan. 2022 2022, pp. 1–9, (2022). https://doi.org/10.1109/ICCCI54379.2022.9740765
Lapwattanaworakul, J., Srisa-An, C., Angsirikul, S.: Guideline for Data Anonymization for Data Privacy in Thailand, in 6th International Conference on Information Technology (InCIT), 10–11 Nov. 2022 2022, pp. 211–215, (2022). https://doi.org/10.1109/InCIT56086.2022.10067859
Jannat, U.K., MohanKumar, M., Islam, S.A.: Human Face Detection and Recognition in eHealth Implications for Blockchain Data Theory, in 2022 IEEE International Conference on Data Science and Information System (ICDSIS), 29–30 July 2022 2022, pp. 1–7, https://doi.org/10.1109/ICDSIS55133.2022.9915845
Wajiha, Patil, S.R.: Implementing Blockchain Technology in Healthcare Systems utilizing Machine learning Techniques, in 2022 IEEE North Karnataka Subsection Flagship International Conference (NKCon), 20–21 Nov. 2022 2022, pp. 1–7, https://doi.org/10.1109/NKCon56289.2022.10126874
Sharmin, S., Sarker, I.H., Shamim Kaiser, M., Arefin, M.S.: InterPlanetary File System-Based Decentralized and Secured Electronic Health Record System Using Lightweight Algorithm, in Proceedings of the International Conference on Big Data, IoT, and Machine Learning, Singapore: Springer Singapore, in Proceedings of the International Conference on Big Data, IoT, and Machine Learning, pp. 691–702. [Online]. Available: https://link.springer.com/chapter/10.1007/978-981-16-6636-0_52. [Online]. Available: https://link.springer.com/chapter/ (2022). https://doi.org/10.1007/978-981-16-6636-0_52
Vaghela, A., Kumar, S.A.: Medical health data privacy preservation using smart contract, AIP Conference Proceedings, vol. 2451, no. 1, p. 020052, (2022). https://doi.org/10.1063/5.0095361
Demirci, H., Lenzini, G.: Privacy-preserving Copy Number Variation Analysis with Homomorphic Encryption, presented at the 15th International Conference on Health Informatics (HEALTHINF) held as part of 15th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC), Vienna, Austria, (2022)
Cui, Y., Li, Z., Liu, L., Zhang, J., Liu, J.: Privacy-preserving Speech-based Depression Diagnosis via Federated Learning, in 2022 44th Annual International Conference of the IEEE Engineering in Medicine & Biology Society (EMBC), 11–15 July 2022 2022, pp. 1371–1374, https://doi.org/10.1109/EMBC48229.2022.9871861
Anand, J., Shobika, M., Sneha, T.: Programmable Stickers to Monitor Perishable Goods using Blockchain, in Second International Conference on Computer Science, Engineering and Applications (ICCSEA), 8–8 Sept. 2022 2022, pp. 1–5, (2022). https://doi.org/10.1109/ICCSEA54677.2022.9936484
Settipalli, L., Gangadharan, G.R.: Quorum based Federated Blockchain Network for Healthcare System to avoid multiple benefits and data breaches. IEEE Consum. Electron. Mag. 1–11 (2022). https://doi.org/10.1109/MCE.2022.3188880
Butt, G.Q., Sayed, T.A., Riaz, R., Rizvi, S.S., Paul, A.: Secure Healthcare Record Sharing Mechanism with Blockchain, Applied Sciences, vol. 12, no. 5, p. 2307, [Online]. Available: (2022). https://www.mdpi.com/2076-3417/12/5/2307
Dhanalakshmi, G., George, V.S.: Security threats and approaches in E-Health cloud architecture system with big data strategy using cryptographic algorithms, Materials Today: Proceedings, vol. 62, pp. 4752–4757, 2022/01/01/ 2022, https://doi.org/10.1016/j.matpr.2022.03.254
Dhasarathan, C., Shanmugam, M., Kumar, M., Tripathi, D., Khapre, S., Shankar, A.: A nomadic multi-agent based privacy metrics for e-health care: a deep learning approach, Multimedia Tools and Applications, /06/06 2023, (2023). https://doi.org/10.1007/s11042-023-15363-4
Saha, S., Chowdhury, C., Neogy, S.: A novel two phase data sensitivity based access control framework for healthcare data, Multimedia Tools and Applications, 2023/06/13 2023, https://doi.org/10.1007/s11042-023-15427-5
Settipalli, L., Gangadharan, G.R., Bellamkonda, S.: An extended lightweight blockchain based collaborative healthcare system for fraud prevention. Cluster Comput., 2023/01/24 2023, https://doi.org/10.1007/s10586-023-03973-4
Kaur, J., Rani, R., Kalra, N.: Attribute-based access control scheme for secure storage and sharing of EHRs using blockchain and IPFS. Cluster Comput., 2023/06/09 2023, https://doi.org/10.1007/s10586-023-04038-2
Goswami, P., de Albuquerque, V.H.C., Aggarwal, L.: Blockchain Based B-Health Prototype for Secure Healthcare Transactions, in Big Data Analytics in Astronomy, Science, and Engineering. BDA 2022, Cham, 2023: Springer Nature Switzerland, in Big Data Analytics in Astronomy, Science, and Engineering, pp. 70–85
Anjelin, D.P., Kumar, S.G.: Blockchain Technology to Improve Security in Healthcare Data Breaches, International Journal of Intelligent Systems and Applications in Engineering, vol. 11, no. 7s, pp. 332–339, (2023)
Hurrah, N.N., Khan, E., Khan, U.: CADEN: Cellular automata and DNA based secure framework for privacy preserving in IoT based healthcare. J. Ambient Intell. Humaniz. Comput., 14, 3, pp. 2631–2643, 2023/03/01 2023, https://doi.org/10.1007/s12652-022-04510-8
Soni, P., Pradhan, J., Pal, A.K., Islam, S.H.: Cybersecurity attack-resilience authentication mechanism for Intelligent Healthcare System. IEEE Trans. Industr. Inf. 19(1), 830–840 (2023). https://doi.org/10.1109/TII.2022.3179429
Weng, H., Hettiarachchi, C., Nolan, C., Suominen, H., Lenskiy, A.: Ensuring security of artificial pancreas device system using homomorphic encryption. Biomed. Signal Process. Control, 79, p. 104044, 2023/01/01/ 2023, doi: https://doi.org/10.1016/j.bspc.2022.104044
Hegde, G., Gupta, S., Prabhu, G.M., Bhandary, S.V.: EyeEncrypt: A Cyber-Secured Framework for Retinal Image Segmentation, in Applications and Techniques in Information Security. ATIS 2022, Singapore, 2023: Springer Nature Singapore, in Applications and Techniques in Information Security, pp. 109–120. [Online]. Available: https://link.springer.com/chapter/10.1007/978-981-99-2264-2_9. [Online]. Available: https://link.springer.com/chapter/https://doi.org/10.1007/978-981-99-2264-2_9
Angelin, P.B., Franklin, S.W.: Hyper contour cryptography with master Birch-Brown Paruvala-SLSTM model for enhanced healthcare security. Trans. Emerg. Telecommunications Technol. 34, e4799 (2023). no. 7https://doi.org/10.1002/ett.4799
Jeyanthi, D.V., Indrani, B.: IoT-based intrusion detection system for healthcare using RNNBiLSTM deep learning strategy with custom features, Soft Computing, vol. 27, no. 16, pp. 11915–11930, 2023/08/01 2023, https://doi.org/10.1007/s00500-023-08536-8
Kiyani, F., Qureshi, K.N., Ghafoor, K.Z., Jeon, G.: ISDA-BAN: Interoperability and security based data authentication scheme for body area network. Cluster Comput., 26, 4, pp. 2429–2442, 2023/08/01 2023, https://doi.org/10.1007/s10586-022-03823-9
Chandini, A.G., Basarkod, P.I.: Patient centric pre-transaction signature verification assisted smart contract based blockchain for electronic healthcare records. J. Ambient Intell. Humaniz. Comput., 14, 4, pp. 4221–4235, 2023/04/01 2023, https://doi.org/10.1007/s12652-023-04526-8
Semantha, F.H., Azam, S., Shanmugam, B., Yeo, K.C.: PbDinEHR: A Novel Privacy by Design Developed Framework Using Distributed Data Storage and Sharing for Secure and Scalable Electronic Health Records Management, Journal of Sensor and Actuator Networks, vol. 12, no. 2, p. 36, [Online]. Available: (2023). https://www.mdpi.com/2224-2708/12/2/36
Gowri, S.S., Sadasivam, S., Priya, N.H., D., T.A., P: Secured machine learning using Approximate homomorphic scheme for healthcare, in International Conference on Intelligent Systems for Communication, IoT and Security (ICISCoIS), 9–11 Feb. 2023 2023, pp. 361–364, (2023). https://doi.org/10.1109/ICISCoIS56541.2023.10100547
Hebballi, A.K., Agarwal, J.B.A., Challa, M.: Securing Medical Data Records using Blockchain in a Cloud Computing Environment, in Third International Conference on Advances in Electrical, Computing, Communication and Sustainable Technologies (ICAECT), 5–6 Jan. 2023 2023, pp. 1–5, (2023). https://doi.org/10.1109/ICAECT57570.2023.10118338
Srinivas, D.B., K, M.D., H, P.R.: and H. L, Securing Sharable Electronic Health Records on Cloud Storage, in 7th International Conference on Computing Methodologies and Communication (ICCMC), 23–25 Feb. 2023 2023, pp. 1054–1059, (2023). https://doi.org/10.1109/ICCMC56507.2023.10083743
Raj, A., Prakash, S.: Smart Contract-based Secure Decentralized Smart Healthcare System. Int. J. Softw. Innov. (IJSI). 11(1), 1–20 (2023). https://doi.org/10.4018/ijsi.315742
Acknowledgements
The authors acknowledge the financial support from the Slovenian Research and Innovation Agency (Research Core Funding No. P2-0057) and institutional resources of the Czech Technical University in Prague.
Author information
Authors and Affiliations
Contributions
L.N.Z. wrote the main manuscript text, and L.L. and T.W. read and revised the manuscript. All authors reviewed the selected publications and the whole manuscript.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Electronic supplementary material
Below is the link to the electronic supplementary material.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Nemec Zlatolas, L., Welzer, T. & Lhotska, L. Data breaches in healthcare: security mechanisms for attack mitigation. Cluster Comput (2024). https://doi.org/10.1007/s10586-024-04507-2
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10586-024-04507-2