Skip to main content

SOK: Evaluating Privacy and Security Vulnerabilities of Patients’ Data in Healthcare

  • 64 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13176)

Abstract

Interactions in healthcare systems, by necessity, involve sharing sensitive information that must be protected. Thus, to understand the existing privacy and security research conducted in the context of healthcare organizations, we conducted a systematic literature review of \(N=205\) papers that examine the security and privacy of patient data . We found that current research focuses heavily on the technological solutions, which are presented to benefit large-scale medical facilities such as hospitals, but generally ignore the unique security challenges of smaller private practices which might not have the resources to protect patient data. Additionally, only 18 (<9%) papers have conducted user studies to understand the patient and staff’s risk perception of healthcare data. We conclude by identifying research gaps and provide potential solutions to enable robust data security for sensitive patient data.

Keywords

  • Literature review
  • Healthcare Data Privacy and Security

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-031-10183-0_8
  • Chapter length: 29 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-031-10183-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.

Notes

  1. 1.

    Throughout this work, we will refer to all individuals with access and responsibility for protecting healthcare data, including patients and healthcare workers, as users.

  2. 2.

    https://harzing.com/resources/publish-or-perish.

References

  1. Abd-alrazaq, A.A., et al.: Patients and healthcare workers experience with a mobile application for self-management of diabetes in Qatar: a qualitative study. Comput. Methods Program. Biomed. Update 1, 100002 (2021)

    Google Scholar 

  2. Abouelmehdi, K., Beni-Hessane, A., Khaloufi, H.: Big healthcare data: preserving security and privacy. J. Big Data 5(1), 1–18 (2018). https://doi.org/10.1186/s40537-017-0110-7

    CrossRef  Google Scholar 

  3. Abouelmehdi, K., Beni-Hssane, A., Khaloufi, H., Saadi, M.: Big data security and privacy in healthcare: a review. Procedia Comput. Sci. 113, 73–80 (2017)

    CrossRef  Google Scholar 

  4. Abraham, C., Chatterjee, D., Sims, R.R.: Muddling through cybersecurity: insights from the us healthcare industry. Bus. Horiz. 62(4), 539–548 (2019)

    CrossRef  Google Scholar 

  5. Acharya, S., Susai, G., Pillai, M.: Patient portals: Anytime, anywhere, pp. 779–781 (2015)

    Google Scholar 

  6. Aiswarya, R., Divya, R., Sangeetha, D., Vaidehi, V.: Harnessing healthcare data security in cloud, pp. 482–488 (2013)

    Google Scholar 

  7. Al Hamid, H.A., Rahman, S.M.M., Hossain, M.S., Almogren, A., Alamri, A.: A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography. IEEE Access 5, 22313–22328 (2017)

    Google Scholar 

  8. Al-Karaki, J.N., Gawanmeh, A., Ayache, M., Mashaleh, A.: Dass-care: a decentralized, accessible, scalable, and secure healthcare framework using blockchain, pp. 330–335 (2019). https://doi.org/10.1109/IWCMC.2019.8766714

  9. Alam, M.G.R., Munir, M.S., Uddin, M.Z., Alam, M.S., Dang, T.N., Hong, C.S.: Edge-of-things computing framework for cost-effective provisioning of healthcare data. J. Parallel Distrib. Comput. 123, 54–60 (2019)

    CrossRef  Google Scholar 

  10. Albarrak, A.I.: Information security behavior among nurses in an academic hospital. Health Med. 6(7), 2349–2354 (2012)

    Google Scholar 

  11. Alboaie, S., Nita, L., Stefanescu, C.: Executable choreographies for medical systems integration and data leaks prevention, pp. 1–4 (2015). https://doi.org/10.1109/EHB.2015.7391612

  12. Almehmadi, T., Alshehri, S., Tahir, S.: A secure fog-cloud based architecture for MIoT, pp. 1–6 (2019). https://doi.org/10.1109/CAIS.2019.8769524

  13. Alshalali, T., M’Bale, K., Josyula, D.: Security and privacy of electronic health records sharing using hyperledger fabric, pp. 760–763 (2018). https://doi.org/10.1109/CSCI46756.2018.00152

  14. Altuntaş, G., Semerciöz, F., Eregez, H.: Linking strategic and market orientations to organizational performance: the role of innovation in private healthcare organizations. Procedia-Soc. Behav. Sci. 99, 413–419 (2013)

    CrossRef  Google Scholar 

  15. Alyami, H., Feng, J.L., Hilal, A., Basir, O.: On-demand key distribution for body area networks for emergency case (2014). https://doi.org/10.1145/2642668.2642684

  16. Anghelescu, P.: Encryption of multimedia medical content using programmable cellular automata, pp. 11–16 (2012)

    Google Scholar 

  17. Anghelescu, P., Ionita, S., Sofron, E.: Block encryption using hybrid additive cellular automata, pp. 132–137 (2007)

    Google Scholar 

  18. Arumugham, S., Rajagopalan, S., Rayappan, J.B.B., Amirtharajan, R.: Networked medical data sharing on secure medium-a web publishing mode for DICOM viewer with three layer authentication. J. Biomed. Inf. 86, 90–105 (2018)

    CrossRef  Google Scholar 

  19. Asija, R., Nallusamy, R.: Data model to enhance the security and privacy of healthcare data, pp. 237–244 (2014). https://doi.org/10.1109/GHTC-SAS.2014.6967590

  20. Aski, V., Dhaka, V.S., Kumar, S., Parashar, A., Ladagi, A.: A multi-factor access control and ownership transfer framework for future generation healthcare systems, pp. 93–98 (2020). https://doi.org/10.1109/PDGC50313.2020.9315840

  21. Ayad, H., Khalil, M.: A semi-blind information hiding technique using DWT-SVD and QAM-16 for medical images, pp. 1–7 (2017)

    Google Scholar 

  22. Ayad, H., Khalil, M.: A semi-blind information hiding technique using DWT-SVD and QAM-16 for medical images (2017). https://doi.org/10.1145/3090354.3090433

  23. Ayanlade, O., Oyebisi, T., Kolawole, B.: Health information technology acceptance framework for diabetes management. Heliyon 5(5), e01735 (2019)

    CrossRef  Google Scholar 

  24. Baker, A., Vega, L., DeHart, T., Harrison, S.: Healthcare and security: understanding and evaluating the risks, pp. 99–108 (2011)

    Google Scholar 

  25. Balamurugan, G., Joseph, K.S., Arulalan, V.: An iris based reversible watermarking system for the security of teleradiology, pp. 1–6 (2016)

    Google Scholar 

  26. Bao, S.D., Chen, M., Yang, G.Z.: A method of signal scrambling to secure data storage for healthcare applications. IEEE J. Biomed. Health Inf. 21(6), 1487–1494 (2017). https://doi.org/10.1109/JBHI.2017.2679979

    CrossRef  Google Scholar 

  27. Basavegowda, R., Seenappa, S.: Electronic medical report security using visual secret sharing scheme, pp. 78–83 (2013)

    Google Scholar 

  28. Bechtel, J.M., Lepoire, E., Bauer, A.M., Bowen, D.J., Fortney, J.C.: Care manager perspectives on integrating an mhealth app system into clinical workflows: a mixed methods study. Gener. Hospital Psychiatry 68, 38–45 (2021)

    CrossRef  Google Scholar 

  29. Besher, K.M., Subah, Z., Ali, M.Z.: IoT sensor initiated healthcare data security. IEEE Sens. J. 21(10), 11977–11982 (2020)

    CrossRef  Google Scholar 

  30. Bharghavi, G., Kumar, P.S., Geetha, K., Sasikala Devi, N.: An implementation of slice algorithm to enforce security for medical images using DNA approach, pp. 0984–0988 (2018). https://doi.org/10.1109/ICCSP.2018.8524413

  31. Bharghavi, G., Kumar, P.S., Geetha, K., Devi, N.S.: An implementation of slice algorithm to enforce security for medical images using DNA approach, pp. 0984–0988 (2018)

    Google Scholar 

  32. Bhola, J., Soni, S., Cheema, G.K.: Recent trends for security applications in wireless sensor networks-a technical review, pp. 707–712 (2019)

    Google Scholar 

  33. Bhuiyan, M.Z.A., Zaman, A., Wang, T., Wang, G., Tao, H., Hassan, M.M.: Blockchain and big data to transform the healthcare, pp. 62–68 (2018)

    Google Scholar 

  34. Binobaid, S., Fan, I.S., Almeziny, M.: Investigation interoperability problems in pharmacy automation: a case study in Saudi Arabia. Procedia Comput. Sci. 100, 329–338 (2016)

    CrossRef  Google Scholar 

  35. Boddy, A., Hurst, W., Mackay, M., El Rhalibi, A.: A study into detecting anomalous behaviours within healthcare infrastructures, pp. 111–117 (2016)

    Google Scholar 

  36. Bodur, G., Gumus, S., Gursoy, N.G.: Perceptions of Turkish health professional students toward the effects of the internet of things (IOT) technology in the future. Nurse Educ. Today 79, 98–104 (2019)

    CrossRef  Google Scholar 

  37. Branley-Bell, D., et al.: Your hospital needs you: eliciting positive cybersecurity behaviours from healthcare staff using the aide approach. Ann. Disaster Risk Sci. 3(1), 1–16 (2020)

    CrossRef  Google Scholar 

  38. Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: A blockchain based proposal for protecting healthcare systems through formal methods. Procedia Comput. Sci. 159, 1787–1794 (2019)

    CrossRef  Google Scholar 

  39. Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: Formal modeling for magnetic resonance images tamper mitigation. Procedia Comput. Sci. 159, 1803–1810 (2019)

    CrossRef  Google Scholar 

  40. Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: Radiomic features for medical images tamper detection by equivalence checking. Procedia Comput. Sci. 159, 1795–1802 (2019)

    CrossRef  Google Scholar 

  41. Burke, W., Oseni, T., Jolfaei, A., Gondal, I.: Cybersecurity indexes for ehealth, pp. 1–8 (2019)

    Google Scholar 

  42. Cao, F., Huang, H.K., Zhou, X.: Medical image security in a HIPAA mandated PACS environment. Computer. Med. Imaging Graph. 27(2–3), 185–196 (2003)

    CrossRef  Google Scholar 

  43. Chan, K.G., Pawi, S., Ong, M.F., Kowitlawakul, Y., Goy, S.C.: Simulated electronic health documentation: a cross-sectional exploration of factors influencing nursing students’ intention to use. Nurse Educ. Pract. 48, 102864 (2020)

    CrossRef  Google Scholar 

  44. Chaudhry, J., Qidwai, U., Miraz, M.H.: Securing big data from eavesdropping attacks in scada/ics network data streams through impulsive statistical fingerprinting, pp. 77–89 (2019)

    Google Scholar 

  45. Chen, Y., Chen, W.: Finger ECG-based authentication for healthcare data security using artificial neural network, pp. 1–6 (2017)

    Google Scholar 

  46. Choi, S.J., Johnson, M.E., Lee, J.: An event study of data breaches and hospital IT spending. Health Policy Technol. 9(3), 372–378 (2020)

    CrossRef  Google Scholar 

  47. Coventry, L., Branley, D.: Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas 113, 48–52 (2018)

    CrossRef  Google Scholar 

  48. Coventry, L., et al.: Cyber-risk in healthcare: Exploring facilitators and barriers to secure behaviour, pp. 105–122 (2020)

    Google Scholar 

  49. Currie, W.: Health organizations’ adoption and use of mobile technology in France, the USA and UK. Procedia Comput. Sci. 98, 413–418 (2016)

    CrossRef  Google Scholar 

  50. Dagher, G.G., Mohler, J., Milojkovic, M., Marella, P.B.: Ancile: privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain. Cities Soc. 39, 283–297 (2018)

    CrossRef  Google Scholar 

  51. Das, S., Kim, A., Tingle, Z., Nippert-Eng, C.: All about phishing: Exploring user research through a systematic literature review. arXiv preprint arXiv:1908.05897 (2019)

  52. Das, S., Wang, B., Tingle, Z., Camp, L.J.: Evaluating user perception of multi-factor authentication: a systematic review. In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) (2019)

    Google Scholar 

  53. Demjaha, A., Caulfield, T., Sasse, M.A., Pym, D.: 2 fast 2 secure: a case study of post-breach security changes, pp. 192–201 (2019)

    Google Scholar 

  54. Duque, H., Montagnat, J., Pierson, J.M., Brunie, L., Magnin, I.: Dm2: a distributed medical data manager for grids, pp. 138–147 (2003)

    Google Scholar 

  55. Dwivedi, A.D., Srivastava, G., Dhar, S., Singh, R.: A decentralized privacy-preserving healthcare blockchain for IoT. Sensors 19(2), 326 (2019)

    CrossRef  Google Scholar 

  56. Dykstra, J., Mathur, R., Spoor, A.: Cybersecurity in medical private practice: results of a survey in audiology, pp. 169–176 (2020). https://doi.org/10.1109/CIC50333.2020.00029

  57. El Bouchti, A., Bahsani, S., Nahhal, T.: Encryption as a service for data healthcare cloud security, pp. 48–54 (2016)

    Google Scholar 

  58. Elmogazy, H., Bamasak, O.: Towards healthcare data security in cloud computing, pp. 363–368 (2013)

    Google Scholar 

  59. Esposito, C., Castiglione, A.: Cloud-based management of healthcare data: security and privacy concerns and a promising solution

    Google Scholar 

  60. Essa, Y.M., Hemdan, E.E.D., El-Mahalawy, A., Attiya, G., El-Sayed, A.: IFHDS: intelligent framework for securing healthcare bigdata. J. Med. Syst. 43(5), 1–13 (2019)

    CrossRef  Google Scholar 

  61. Garner, S.A., Kim, J.: The privacy risks of direct-to-consumer genetic testing: a case study of 23 and Me and ancestry. Wash. UL Rev. 96, 1219 (2018)

    Google Scholar 

  62. Geetha, R., Geetha, S.: Efficient high capacity technique to embed EPR information and to detect tampering in medical images. J. Med. Eng. Technol. 44(2), 55–68 (2020)

    CrossRef  Google Scholar 

  63. Georgiou, D., Lambrinoudakis, C.: Compatibility of a security policy for a cloud-based healthcare system with the EU general data protection regulation (GDPR). Information 11(12), 586 (2020)

    CrossRef  Google Scholar 

  64. Gordon, L.A., Loeb, M.P., Zhou, L., et al.: Investing in cybersecurity: insights from the Gordon-Loeb model. J. Inf. Secur. 7(02), 49 (2016)

    Google Scholar 

  65. Goudar, V., Potkonjak, M.: Addressing biosignal data sharing security issues with robust watermarking, pp. 618–626 (2014). https://doi.org/10.1109/SAHCN.2014.6990402

  66. Goudar, V., Potkonjak, M.: On admitting sensor fault tolerance while achieving secure biosignal data sharing, pp. 266–275 (2014). https://doi.org/10.1109/ICHI.2014.44

  67. Goudar, V., Potkonjak, M.: A robust watermarking technique for secure sharing of basn generated medical data, pp. 162–170 (2014)

    Google Scholar 

  68. Gritzalis, D.: A baseline security policy for distributed healthcare information systems. Comput. Secur. 16(8), 709–719 (1997)

    CrossRef  Google Scholar 

  69. Gritzalis, D., Katsikas, S., Keklikoglou, J., Tomaras, A.: Determining access rights for medical information systems. Comput. Secur. 11(2), 149–161 (1992)

    CrossRef  Google Scholar 

  70. Gritzalis, D., Lambrinoudakis, C.: A security architecture for interconnecting health information systems. Int. J. Med. Inf. 73(3), 305–309 (2004)

    CrossRef  Google Scholar 

  71. Gritzalis, D., Tomaras, A., Katsikas, S., Keklikoglou, J.: Data security in medical information systems: the Greek case. Comput. Secur. 10(2), 141–159 (1991)

    CrossRef  Google Scholar 

  72. Gross, M.S., Miller Jr, R.C.: Ethical implementation of the learning healthcare system with blockchain technology. Blockchain in Healthcare Today, Forthcoming (2019)

    Google Scholar 

  73. Guennoun, M., El-Khatib, K.: Securing medical data in smart homes, pp. 104–107 (2009). https://doi.org/10.1109/MEMEA.2009.5167964

  74. Guizani, K., Guizani, S.: IoT healthcare monitoring systems overview for elderly population, pp. 2005–2009 (2020)

    Google Scholar 

  75. Gupta, A., Bansiya, A.: Utilizing cloud computing for stronger healthcare data security. Int. J. Sci. Res. Eng. Trends 6, 2384 (2020)

    Google Scholar 

  76. Gupta, V., Metha, G.: Medical data security using cryptography, pp. 866–869 (2018)

    Google Scholar 

  77. Hammouchi, H., Cherqi, O., Mezzour, G., Ghogho, M., El Koutbi, M.: Digging deeper into data breaches: an exploratory data analysis of hacking breaches over time. Procedia Comput. Sci. 151, 1004–1009 (2019)

    CrossRef  Google Scholar 

  78. Hollis, K.F.: To share or not to share: ethical acquisition and use of medical data. AMIA Summits Transl. Sci. Proc. 2016, 420 (2016)

    Google Scholar 

  79. Holmgren, A.J., Adler-Milstein, J.: Health information exchange in us hospitals: the current landscape and a path to improved information sharing. J. Hospital Med. 12(3), 193–198 (2017)

    CrossRef  Google Scholar 

  80. Hsu, W.W.Q., Chan, E.W.Y., Zhang, Z.J., Lin, Z.X., Bian, Z.X., Wong, I.C.K.: Chinese medicine students’ views on electronic prescribing: a survey in Hong Kong. Eur. J. Integr. Med. 7(1), 47–54 (2015)

    CrossRef  Google Scholar 

  81. Huang, C.D., Behara, R.S., Goo, J.: Optimal information security investment in a healthcare information exchange: An economic analysis. Decis. Support Syst. 61, 1–11 (2014)

    CrossRef  Google Scholar 

  82. Ibrahim, A., Mahmood, B., Singhal, M.: A secure framework for sharing electronic health records over clouds, pp. 1–8 (2016). https://doi.org/10.1109/SeGAH.2016.7586273

  83. Ibrahim, A., Mahmood, B., Singhal, M.: A secure framework for sharing electronic health records over clouds, pp. 1–8 (2016)

    Google Scholar 

  84. Ivaşcu, T., Frîncu, M., Negru, V.: Considerations towards security and privacy in internet of things based ehealth applications, pp. 275–280 (2016). https://doi.org/10.1109/SISY.2016.7601512

  85. Izza, S., Benssalah, M., Drouiche, K.: An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment. J. Inf. Secur. Appl. 58, 102705 (2021)

    Google Scholar 

  86. Jabeen, T., Ashraf, H., Khatoon, A., Band, S.S., Mosavi, A.: A lightweight genetic based algorithm for data security in wireless body area networks. IEEE Access 8, 183460–183469 (2020)

    CrossRef  Google Scholar 

  87. Jabeen, T., Ashraf, H., Ullah, A.: A survey on healthcare data security in wireless body area networks. J. Ambient Intell. Humanized Comput. 1–14 (2021)

    Google Scholar 

  88. Jaigirdar, F.T.: Trust based security solution for internet of things healthcare solution: an end-to-end trustworthy architecture, pp. 1757–1760 (2018)

    Google Scholar 

  89. Jalali, M.S., Razak, S., Gordon, W., Perakslis, E., Madnick, S.: Health care and cybersecurity: bibliometric analysis of the literature. J. Med. Internet Res. 21(2), e12644 (2019)

    CrossRef  Google Scholar 

  90. Janjic, V., et al.: The serums tool-chain: Ensuring security and privacy of medical data in smart patient-centric healthcare systems, pp. 2726–2735 (2019)

    Google Scholar 

  91. Jayanthilladevi, A., Sangeetha, K., Balamurugan, E.: Healthcare biometrics security and regulations: biometrics data security and regulations governing PHI and HIPAA act for patient privacy, pp. 244–247 (2020)

    Google Scholar 

  92. Joshitta, R.S.M., Arockiam, L., Malarchelvi, P.S.K.: Security analysis of sat_jo lightweight block cipher for data security in healthcare IoT, pp. 111–116 (2019)

    Google Scholar 

  93. Kamoun, F., Nicho, M.: Human and organizational factors of healthcare data breaches: the swiss cheese model of data breach causation and prevention. Int. J. Healthcare Inf. Syst. Inf. (IJHISI) 9(1), 42–60 (2014)

    CrossRef  Google Scholar 

  94. Karthick, R., Ramkumar, R., Akram, M., Kumar, M.V.: Overcome the challenges in bio-medical instruments using IoT-a review. Materials Today: Proceedings (2020)

    Google Scholar 

  95. Kaur, J., et al.: Security risk assessment of healthcare web application through adaptive neuro-fuzzy inference system: a design perspective. Risk Manage. Healthcare Policy 13, 355 (2020)

    CrossRef  Google Scholar 

  96. Kausar, F.: Iris based cancelable biometric cryptosystem for secure healthcare smart card. Egyptian Inf. J. (2021)

    Google Scholar 

  97. Kaw, J.A., Loan, N.A., Parah, S.A., Muhammad, K., Sheikh, J.A., Bhat, G.M.: A reversible and secure patient information hiding system for IoT driven e-health. Int. J. Inf. Manage. 45, 262–275 (2019)

    CrossRef  Google Scholar 

  98. Kelkar, V., Tuckley, K.: Reversible watermarking for medical images with added security using chaos theory, pp. 84–87 (2018). https://doi.org/10.1109/CESYS.2018.8724039

  99. Kenny, G., O’Connor, Y., Eze, E., Ndibuagu, E., Heavin, C.: A ground-up approach to mHealth in Nigeria: a study of primary healthcare workers’ attitude to mHealth adoption. Procedia Comput. Sci. 121, 809–816 (2017)

    CrossRef  Google Scholar 

  100. Khaloufi, H., Abouelmehdi, K., Beni-hssane, A., Saadi, M.: Security model for big healthcare data lifecycle. Procedia Comput. Sci. 141, 294–301 (2018)

    CrossRef  Google Scholar 

  101. Khan, F.A., Ali, A., Abbas, H., Haldar, N.A.H.: A cloud-based healthcare framework for security and patients’ data privacy using wireless body area networks. Procedia Comput. Sci. 34, 511–517 (2014)

    CrossRef  Google Scholar 

  102. Khan, J., et al.: Medical image encryption into smart healthcare IoT system, pp. 378–382 (2019). https://doi.org/10.1109/ICCWAMTIP47768.2019.9067592

  103. Khan, J., et al.: Medical image encryption into smart healthcare IoT system, pp. 378–382 (2019)

    Google Scholar 

  104. Kierkegaard, P.: Medical data breaches: notification delayed is notification denied. Comput. Law Secur. Rev. 28(2), 163–183 (2012)

    CrossRef  Google Scholar 

  105. Kim, J., Feng, D.D., Cai, T.W., Eberl, S.: Integrated multimedia medical data agent in e-health. In: Proceedings of the Pan-Sydney area Workshop on Visual Information Processing, vol. 11, pp. 11–15 (2001)

    Google Scholar 

  106. Kiourtis, A., Mavrogiorgou, A., Kyriazis, D., Graziani, A., Torelli, F.: Improving health information exchange through wireless communication protocols, pp. 32–39 (2020). https://doi.org/10.1109/WiMob50308.2020.9253374

  107. Kiruba, W.M., Vijayalakshmi, M.: Implementation and analysis of data security in a real time IoT based healthcare application, pp. 1460–1465 (2018)

    Google Scholar 

  108. Ko, J., Lu, C., Srivastava, M.B., Stankovic, J.A., Terzis, A., Welsh, M.: Wireless sensor networks for healthcare. Proc. IEEE 98(11), 1947–1960 (2010)

    CrossRef  Google Scholar 

  109. Kondawar, S.S., Gawali, D.H.: Security algorithms for wireless medical data, pp. 1–6 (2016)

    Google Scholar 

  110. Krishna, R., Kelleher, K., Stahlberg, E.: Patient confidentiality in the research use of clinical medical databases. Am. J. Public Health 97(4), 654–658 (2007)

    CrossRef  Google Scholar 

  111. Krombholz, K., Busse, K., Pfeffer, K., Smith, M., von Zezschwitz, E.: “If https Were Secure, i Wouldn’t need 2fa”-end User and Administrator Mental Models of https, pp. 246–263 (2019)

    Google Scholar 

  112. Kumar, M., Chand, S.: Medhypchain: a patient-centered interoperability hyperledger-based medical healthcare system: regulation in covid-19 pandemic. J. Netw. Comput. Appl. 179, 102975 (2021)

    CrossRef  Google Scholar 

  113. Kumar, S., Namdeo, V.: Enabling privacy and security of healthcare-related data in the cloud

    Google Scholar 

  114. Kumar, V.N., Rochan, M., Hariharan, S., Rajamani, K.: Data hiding scheme for medical images using lossless code for mobile HIMS, pp. 1–4 (2011)

    Google Scholar 

  115. Kuo, M.H., Chrimes, D., Moa, B., Hu, W.: Design and construction of a big data analytics framework for health applications, pp. 631–636 (2015)

    Google Scholar 

  116. Lee, C.Y., Ibrahim, H., Othman, M., Yaakob, R.: Reconciling semantic conflicts in electronic patient data exchange, pp. 390–394 (2009)

    Google Scholar 

  117. Lees, P.J., Chronaki, C.E., Simantirakis, E.N., Kostomanolakis, S.G., Orphanoudakis, S.C., Vardas, P.E.: Remote access to medical records via the internet: feasibility, security and multilingual considerations, pp. 89–92 (1999). https://doi.org/10.1109/CIC.1999.825913

  118. Li, P., Xu, C., Luo, Y., Cao, Y., Mathew, J., Ma, Y.: Carenet: building regulation-compliant home-based healthcare services with software-defined infrastructure, pp. 373–382 (2017)

    Google Scholar 

  119. Li, X., Huang, X., Li, C., Yu, R., Shu, L.: Edgecare: leveraging edge computing for collaborative data management in mobile healthcare systems. IEEE Access 7, 22011–22025 (2019)

    CrossRef  Google Scholar 

  120. Liu, H., Kadir, A., Liu, J.: Color pathological image encryption algorithm using arithmetic over galois field and coupled hyper chaotic system. Opt. Lasers Eng. 122, 123–133 (2019)

    CrossRef  Google Scholar 

  121. Lohiya, S., Ragha, L.: Privacy preserving in data mining using hybrid approach, pp. 743–746 (2012). https://doi.org/10.1109/CICN.2012.166

  122. Lomotey, R.K., Pry, J., Sriramoju, S.: Wearable IoT data stream traceability in a distributed health information system. Pervasive Mob. Comput. 40, 692–707 (2017)

    CrossRef  Google Scholar 

  123. Jones, J.M., Duezguen, R., Mayer, P., Volkamer, M., Das, S.: A literature review on virtual reality authentication. In: Furnell, S., Clarke, N. (eds.) HAISA 2021. IAICT, vol. 613, pp. 189–198. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81111-2_16

    CrossRef  Google Scholar 

  124. Mahima, K.T.Y., Ginige, T.: A secured healthcare system using blockchain and graph theory (2020). https://doi.org/10.1145/3440084.3441217

  125. Majam, T., Theron, F.: The purpose and relevance of a scientific literature review: a holistic approach to research. J. Public Adm. 41(3), 603–615 (2006)

    Google Scholar 

  126. Maji, A.K., et al.: Security analysis and implementation of web-based telemedicine services with a four-tier architecture, pp. 46–54 (2008)

    Google Scholar 

  127. Majumdar, R., Das, S.: Sok: an evaluation of quantum authentication through systematic literature review. In: Proceedings of the Workshop on Usable Security and Privacy (USEC) (2021)

    Google Scholar 

  128. Mashima, D., Ahamad, M.: Enhancing accountability of electronic health record usage via patient-centric monitoring (2012). https://doi.org/10.1145/2110363.2110410

  129. Masood, I., Wang, Y., Daud, A., Aljohani, N.R., Dawood, H.: Privacy management of patient physiological parameters. Telematics Inf. 35(4), 677–701 (2018)

    CrossRef  Google Scholar 

  130. Masood, I., Wang, Y., Daud, A., Aljohani, N.R., Dawood, H.: Towards smart healthcare: patient data privacy and security in sensor-cloud infrastructure. Wirel. Commun. Mob. Comput. 2018 (2018)

    Google Scholar 

  131. Mbonihankuye, S., Nkunzimana, A., Ndagijimana, A.: Healthcare data security technology: hipaa compliance. Wirel. Commun. Mob. Comput. 2019 (2019)

    Google Scholar 

  132. McLeod, A., Dolezel, D.: Cyber-analytics: modeling factors associated with healthcare data breaches. Decis. Support Syst. 108, 57–68 (2018)

    CrossRef  Google Scholar 

  133. Melchiorre, M.G., Papa, R., Rijken, M., van Ginneken, E., Hujala, A., Barbabella, F.: eHealth in integrated care programs for people with multimorbidity in Europe: insights from the ICARE4EU project. Health Policy 122(1), 53–63 (2018)

    CrossRef  Google Scholar 

  134. Miah, S.J., Hasan, J., Gammack, J.G.: On-cloud healthcare clinic: an e-health consultancy approach for remote communities in a developing country. Telematics Inf. 34(1), 311–322 (2017)

    CrossRef  Google Scholar 

  135. Mirto, M., Cafaro, M., Aloisio, G.: Peer-to-peer data discovery in health centers, pp. 343–348 (2013)

    Google Scholar 

  136. Mounia, B., Habiba, C.: Big data privacy in healthcare Moroccan context. Procedia Comput. Sci. 63, 575–580 (2015)

    CrossRef  Google Scholar 

  137. Naseem, M.T., Qureshi, I.M., Muzaffar, M.Z., et al.: Robust watermarking for medical images resistant to geometric attacks, pp. 224–228 (2012). https://doi.org/10.1109/INMIC.2012.6511496

  138. Nausheen, F., Begum, S.H.: Healthcare IoT: benefits, vulnerabilities and solutions, pp. 517–522 (2018)

    Google Scholar 

  139. Noah, N., Das, S.: Exploring evolution of augmented and virtual reality education space in 2020 through systematic literature review. Comput. Animation Virtual Worlds e2020 (2021)

    Google Scholar 

  140. Noel, K., Yagudayev, S., Messina, C., Schoenfeld, E., Hou, W., Kelly, G.: Tele-transitions of care. a 12-month, parallel-group, superiority randomized controlled trial protocol, evaluating the use of telehealth versus standard transitions of care in the prevention of avoidable hospital readmissions. Contemp. Clin. Trials Commun. 12, 9–16 (2018)

    Google Scholar 

  141. Nofer, M., Gomber, P., Hinz, O., Schiereck, D.: Blockchain Bus. Inf. Syst. Eng. 59(3), 183–187 (2017)

    Google Scholar 

  142. Olaronke, I., Oluwaseun, O.: Big data in healthcare: Prospects, challenges and resolutions, pp. 1152–1157 (2016)

    Google Scholar 

  143. Pai, R.R., Alathur, S.: Determinants of mobile health application awareness and use in India: an empirical analysis, pp. 576–584 (2020)

    Google Scholar 

  144. Paksuniemi, M., Sorvoja, H., Alasaarela, E., Myllyla, R.: Wireless sensor and data transmission needs and technologies for patient monitoring in the operating room and intensive care unit, pp. 5182–5185 (2006)

    Google Scholar 

  145. Palta, J.R., Frouhar, V.A., Dempsey, J.F.: Web-based submission, archive, and review of radiotherapy data for clinical quality assurance: a new paradigm. Int. J. Radiat. Oncol.* Biol.* Phys. 57(5), 1427–1436 (2003)

    Google Scholar 

  146. Pandey, A.K., et al.: Key issues in healthcare data integrity: analysis and recommendations. IEEE Access 8, 40612–40628 (2020)

    CrossRef  Google Scholar 

  147. Pandey, H.M.: Secure medical data transmission using a fusion of bit mask oriented genetic algorithm, encryption and steganography. Future Gener. Comput. Syst. 111, 213–225 (2020)

    CrossRef  Google Scholar 

  148. Parameswari, R., Latha, R.: Analysis of wavelet transform approach for healthcare data security in cloud framework. Int. J. Sci. Res. Sci. Eng. Technol. 2, 241–246 (2016)

    Google Scholar 

  149. Parmar, M., Shah, S.: Reinforcing security of medical data using blockchain, pp. 1233–1239 (2019). https://doi.org/10.1109/ICCS45141.2019.9065830

  150. Perumal, A.M., Nadar, E.R.S.: Architectural framework of a group key management system for enhancing e-healthcare data security. Healthcare Technol. Lett. 7(1), 13–17 (2020)

    CrossRef  Google Scholar 

  151. Petković, M.: Remote patient monitoring: Information reliability challenges, pp. 295–301 (2009)

    Google Scholar 

  152. Pirbhulal, S., Samuel, O.W., Wu, W., Sangaiah, A.K., Li, G.: A joint resource-aware and medical data security framework for wearable healthcare systems. Future Gener. Comput. Syst. 95, 382–391 (2019)

    CrossRef  Google Scholar 

  153. Pirbhulal, S., Shang, P., Wu, W., Sangaiah, A.K., Samuel, O.W., Li, G.: Fuzzy vault-based biometric security method for tele-health monitoring systems. Comput. Electr. Eng. 71, 546–557 (2018)

    CrossRef  Google Scholar 

  154. Połap, D., Srivastava, G., Yu, K.: Agent architecture of an intelligent medical system based on federated learning and blockchain technology. J. Inf. Secur. Appl. 58, 102748 (2021)

    Google Scholar 

  155. Połap, D., Srivastava, G., Jolfaei, A., Parizi, R.M.: Blockchain technology and neural networks for the internet of medical things, pp. 508–513 (2020). https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162735

  156. PraveenKumar, R., Divya, P.: Medical data processing and prediction of future health condition using sensors data mining techniques and r programming. Int. J. Sci. Res. Eng. Dev. 3(4) (2020)

    Google Scholar 

  157. Psarra, E., Patiniotakis, I., Verginadis, Y., Apostolou, D., Mentzas, G.: Securing access to healthcare data with context-aware policies, pp. 1–6 (2020)

    Google Scholar 

  158. Qazi, U., Haq, M., Rashad, N., Rashid, K., Ullah, S., Raza, U.: Availability and use of in-patient electronic health records in low resource setting. Comput. Methods Program. Biomed. 164, 23–29 (2018)

    CrossRef  Google Scholar 

  159. Rajagopalan, S., Dhamodaran, B., Ramji, A., Francis, C., Venkatraman, S., Amirtharajan, R.: Confusion and diffusion on FPGA-Onchip solution for medical image security, pp. 1–6 (2017)

    Google Scholar 

  160. Reni, G., Molteni, M., Arlotti, S., Pinciroli, F.: Chief medical officer actions on information security in an Italian rehabilitation centre. Int. J. Med. Inf. 73(3), 271–279 (2004)

    CrossRef  Google Scholar 

  161. del Rey, A.M., Pastora, J.H., Sánchez, G.R.: 3d medical data security protection. Exp. Syst. Appl. 54, 379–386 (2016)

    CrossRef  Google Scholar 

  162. Richardson, J.E., Ancker, J.S.: Public perspectives of mobile phones’ effects on healthcare quality and medical data security and privacy: A 2-year nationwide survey, vol. 2015, p. 1076 (2015)

    Google Scholar 

  163. Rocha, A., et al.: Innovations in health care services: the caalyx system. Int. J. Med. Inf. 82(11), e307–e320 (2013)

    Google Scholar 

  164. Rodrigues, H.A.M., Antunes, L., Correia, M.E.: Proposal of a secure electronic prescription system, pp. 165–168 (2013)

    Google Scholar 

  165. Rodriguez-Colin, R., Claudia, F.D.J., Trinidad-Blas, G.: Data hiding scheme for medical images, pp. 32–32 (2007). https://doi.org/10.1109/CONIELECOMP.2007.14

  166. Safkhani, M., Rostampour, S., Bendavid, Y., Bagheri, N.: IoT in medical & pharmaceutical: designing lightweight RFID security protocols for ensuring supply chain integrity. Comput. Netw. 181, 107558 (2020)

    CrossRef  Google Scholar 

  167. Sammoud, A., Chalouf, M.A., Hamdi, O., Montavont, N., Bouallegue, A.: A new biometrics-based key establishment protocol in Wban: Energy efficiency and security robustness analysis. Comput. Secur. 96, 101838 (2020)

    CrossRef  Google Scholar 

  168. Sartipi, K., Yarmand, M.H., Down, D.G.: Mined-knowledge and decision support services in electronic health, pp. 1–6 (2007)

    Google Scholar 

  169. Schmeelk, S.: Where is the risk? analysis of government reported patient medical data breaches, pp. 269–272 (2019)

    Google Scholar 

  170. Shaarani, I., et al.: Attitudes of patients towards digital information retrieval by their physician at point of care in an ambulatory setting. Int. J. Med. Inf. 130, 103936 (2019)

    CrossRef  Google Scholar 

  171. Shahbaz, S., Mahmood, A., Anwar, Z.: Soad: securing oncology EMR by anonymizing DICOM images, pp. 125–130 (2013). https://doi.org/10.1109/FIT.2013.30

  172. Shakil, K.A., Zareen, F.J., Alam, M., Jabin, S.: Bamhealthcloud: a biometric authentication and data management system for healthcare data in cloud. J. King Saud Univ. Comput. Inf. Sci. 32(1), 57–64 (2020)

    Google Scholar 

  173. Shen, H., et al.: Miaps: a web-based system for remotely accessing and presenting medical images. Comput. Methods Program. Biomed. 113(1), 266–283 (2014)

    CrossRef  Google Scholar 

  174. Shere, A.R., Nurse, J.R., Flechais, I.: Security should be there by default: investigating how journalists perceive and respond to risks from the internet of things, pp. 240–249 (2020)

    Google Scholar 

  175. Shi, W., Dustdar, S.: The promise of edge computing. Computer 49(5), 78–81 (2016)

    CrossRef  Google Scholar 

  176. Shrivastava, S., Srikanth, T., VS, D.: e-Governance for healthcare service delivery in India: challenges and opportunities in security and privacy, pp. 180–183 (2020)

    Google Scholar 

  177. Shrivastava, U., Song, J., Han, B.T., Dietzman, D.: Do data security measures, privacy regulations, and communication standards impact the interoperability of patient health information? a cross-country investigation. Int. J. Med. Inf. 148, 104401 (2021)

    CrossRef  Google Scholar 

  178. da Silva Etges, A.P.B., et al.: Development of an enterprise risk inventory for healthcare. BMC Health Serv. Res. 18(1), 1–16 (2018)

    Google Scholar 

  179. Simões, A., et al.: Participatory implementation of an antibiotic stewardship programme supported by an innovative surveillance and clinical decision-support system. J. Hosp. Infect. 100(3), 257–264 (2018)

    CrossRef  Google Scholar 

  180. Simplicio, M.A., Iwaya, L.H., Barros, B.M., Carvalho, T.C., Näslund, M.: Secourhealth: a delay-tolerant security framework for mobile health data collection. IEEE J. Biomed. Health Inf. 19(2), 761–772 (2014)

    CrossRef  Google Scholar 

  181. Sosu, R.N.A., Quist-Aphetsi, K., Nana, L.: A decentralized cryptographic blockchain approach for health information system, pp. 120–1204 (2019). https://doi.org/10.1109/ICCMA.2019.00027

  182. Soualmi, A., Alti, A., Laouamer, L.: A blind image watermarking method for personal medical data security, pp. 1–5 (2019). https://doi.org/10.1109/ICNAS.2019.8807442

  183. Sreeji, S., Shiji, S., Vysagh, M., Amma, T.A.: Security and privacy preserving deep learning framework that protect healthcare data breaches. Int. J. Res. Eng. Sci. Manage. 3(7), 148–152 (2020)

    Google Scholar 

  184. Stobert, E., Barrera, D., Homier, V., Kollek, D.: Understanding cybersecurity practices in emergency departments, pp. 1–8 (2020)

    Google Scholar 

  185. Stowell, E., et al.: Designing and evaluating mhealth interventions for vulnerable populations: a systematic review, pp. 1–17 (2018)

    Google Scholar 

  186. Sudha, G., Ganesan, R.: Secure transmission medical data for pervasive healthcare system using android, pp. 433–436 (2013)

    Google Scholar 

  187. Sutton, L.N.: PACS and diagnostic imaging service delivery-A UK perspective. Eur. J. Radiol. 78(2), 243–249 (2011)

    CrossRef  Google Scholar 

  188. Tan, C.C., Wang, H., Zhong, S., Li, Q.: Body sensor network security: an identity-based cryptography approach, pp. 148–153 (2008)

    Google Scholar 

  189. Tan, C.C., Wang, H., Zhong, S., Li, Q.: Ibe-lite: a lightweight identity-based cryptography for body sensor networks. IEEE Trans. Inf. Technol. Biomed. 13(6), 926–932 (2009)

    CrossRef  Google Scholar 

  190. Thamilarasu, G., Lakin, C.: A security framework for mobile health applications, pp. 221–226 (2017). https://doi.org/10.1109/FiCloudW.2017.96

  191. Tian, Y., et al.: Popcorn: a web service for individual prognosis prediction based on multi-center clinical data collaboration without patient-level data sharing. J. Biomed. Inf. 86, 1–14 (2018)

    CrossRef  Google Scholar 

  192. Tolba, A., Al-Makhadmeh, Z.: Predictive data analysis approach for securing medical data in smart grid healthcare systems. Future Gener. Comput. Syst. 117, 87–96 (2021)

    CrossRef  Google Scholar 

  193. Tyler, J.L.: The healthcare information technology context: a framework for viewing legal aspects of telemedicine and teleradiology, pp. 1–10 (2001)

    Google Scholar 

  194. U.S. Department of Health & Human Services: Anthem pays OCR \$16 Million in record HIPAA settlement following largest health data breach in history, 15 Oct 2018. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/anthem/index.html

  195. Usman, M.A., Usman, M.R.: Using image steganography for providing enhanced medical data security, pp. 1–4 (2018). https://doi.org/10.1109/CCNC.2018.8319263

  196. Uy, R.C.Y., Kury, F.S., Fontelo, P.: Wireless networks, physician handhelds use, and medical devices in us hospitals, pp. 1–6 (2015)

    Google Scholar 

  197. Vallathan, G., Rajamani, V., Harinee, M.P.: Enhanced medical data security and perceptual quality for healthcare services, pp. 1–6 (2020). https://doi.org/10.1109/ICSCAN49426.2020.9262309

  198. Vassis, D., Belsis, P., Skourlas, C.: Secure management of medical data in wireless environments, pp. 427–432 (2012)

    Google Scholar 

  199. Véliz, C.: Not the doctor’s business: privacy, personal responsibility and data rights in medical settings. Bioethics 34(7), 712–718 (2020)

    CrossRef  Google Scholar 

  200. Vidya, M., Padmaja, K.: Enhancing security of electronic patient record using watermarking technique. Mater. Today Proc. 5(4), 10660–10664 (2018)

    CrossRef  Google Scholar 

  201. Vijayalakshmi, A.V., Arockiam, L.: Hybrid security techniques to protect sensitive data in e-healthcare systems, pp. 39–43 (2018)

    Google Scholar 

  202. Wagner, P.: Third party breaches-a survey of threats and recommendations, SSRN 3782822 (2021)

    Google Scholar 

  203. Walker-Roberts, S., Hammoudeh, M., Dehghantanha, A.: A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access 6, 25167–25177 (2018)

    CrossRef  Google Scholar 

  204. Wang, C.X.: Security issues to tele-medicine system design, pp. 106–109 (1999)

    Google Scholar 

  205. Wang, D., Kale, S.D., O’Neill, J.: Please call the specialism: Using wechat to support patient care in china, pp. 1–13 (2020)

    Google Scholar 

  206. Wang, D., Huang, Q., Chen, X., Ji, L.: Location of three-dimensional movement for a human using a wearable multi-node instrument implemented by wireless body area networks. Comput. Commun. 153, 34–41 (2020)

    CrossRef  Google Scholar 

  207. Weaver, A.C., et al.: Federated, secure trust networks for distributed healthcare it services, pp. 162–169 (2003). https://doi.org/10.1109/INDIN.2003.1300264

  208. Yaghmai, V., Salehi, S.A., Kuppuswami, S., Berlin, J.W.: Rapid wireless transmission of head CT images to a personal digital assistant for remote consultation1. Acad. Radiol. 11(11), 1291–1293 (2004)

    CrossRef  Google Scholar 

  209. Yang, W., et al.: Securing mobile healthcare data: a smart card based cancelable finger-vein bio-cryptosystem. IEEE Access 6, 36939–36947 (2018)

    CrossRef  Google Scholar 

  210. Yang, Y., Xiao, X., Cai, X., Zhang, W.: A secure and high visual-quality framework for medical images by contrast-enhancement reversible data hiding and homomorphic encryption. IEEE Access 7, 96900–96911 (2019)

    CrossRef  Google Scholar 

  211. Yang, Y., Xiao, X., Cai, X., Zhang, W.: A secure and high visual-quality framework for medical images by contrast-enhancement reversible data hiding and homomorphic encryption. IEEE Access 7, 96900–96911 (2019). https://doi.org/10.1109/ACCESS.2019.2929298

    CrossRef  Google Scholar 

  212. Yesmin, T., Carter, M.W.: Evaluation framework for automatic privacy auditing tools for hospital data breach detections: a case study. Int. J. Med. Inf. 138, 104123 (2020)

    CrossRef  Google Scholar 

  213. Zatout, Y., Campo, E., Llibre, J.F.: Toward hybrid WSN architectures for monitoring people at home, pp. 308–314 (2009). https://doi.org/10.1145/1643823.1643880

  214. Zhang, B., Chen, S., Nichols, E., D’Souza, W., Prado, K., Yi, B.: A practical cyberattack contingency plan for radiation oncology. J. Appl. Clin. Med. Phys. 21(7), 181–186 (2020)

    CrossRef  Google Scholar 

Download references

Acknowledgments

We would like to thank the Inclusive Security and Privacy-focused Innovative Research in Information Technology (InSPIRIT) Laboratory at the University of Denver. We would also like to thank Salman Hosain for their initial contribution in this research and Alisa Zezulak for helping with the proofreading of this paper. Any opinions, findings, and conclusions or recommendations expressed in this material are solely those of the authors and do not necessarily reflect the views of the University of Denver, the University of Washington, and the Designer Security.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sanchari Das .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Tazi, F., Dykstra, J., Rajivan, P., Das, S. (2022). SOK: Evaluating Privacy and Security Vulnerabilities of Patients’ Data in Healthcare. In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10183-0_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10182-3

  • Online ISBN: 978-3-031-10183-0

  • eBook Packages: Computer ScienceComputer Science (R0)