Skip to main content
SpringerLink
Log in

A zero trust architecture for health information systems

  • Original Paper
  • Published:
Health and Technology Aims and scope Submit manuscript

Abstract

Background

Advances in technology have birthed a new dimension to managing patient healthcare data from a brick-and-mortar principle to a digitized phase, while this new paradigm is appraised for its simplicity and efficiency, a critical subject of concern is system vulnerability, with the prevalence of insider attack and recurrent data breaches in the healthcare sector, a more nuanced approach is required to close the insider vulnerability incidences. Although several models have been proposed such as blockchain, biometrics, and firewalls, insider threats continue to gain momentum. Hence the adoption of the Zero Trust Model seeks to pacify these loopholes.

Methods

Zero Trust model is founded on an access policy based on context and continuous user and device authentication and verification. To block lateral movement in system architecture, the ZTA proposes deduction engines as a panacea to patient data security.

Results

Prior and current studies have suggested a more technical principle and philosophy in managing and securing patient data, the ZTA has been adopted in other domains and has remained an effective countermeasure in closing the data vulnerability gap. Our model is designed with a full-scale ZTA framework and as such combats the information security gaps.

Conclusion

A new architecture for data security is proposed, and insight was drawn from the ZTA principle, with a combination of several technology tools, The adoption of this framework will help to mitigate the current lapses and provide a gateway to ZTA adoption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Availability of data and materials

Not applicable.

Code availability

Not applicable.

References

  1. Ang D, Edo OC. Healthcare information system: A public healthcare facility framework. Int J Health Sci (Qassim). 2022;6(S2):15140–47.

  2. Sultana M, Hossain A, Laila F, Taher KA, Islam MN. Towards developing a secure medical image sharing system based on zero trust principles and blockchain technology. BMC Med Inform Decis Mak. 2020;20(1).

  3. Yan Y, Li Q, Li H, Zhang X, Wang L. A home-based health information acquisition system. Health Inf Sci Syst. 2013;1(1).

  4. Bernard R, Bowsher G, Sullivan R. Cyber security and the unexplored threat to global health: a call for global norms. Glob Secur Health Sci Policy. 2020;5(1).

  5. Jagadeeswari V, Subramaniyaswamy V, Logesh R, Vijayakumar V. A study on medical Internet of Things and Big Data in personalized healthcare system. Health Inf Sci Syst. 2018;6(1).

  6. Böckmann B, Heiden K. Extracting and transforming clinical guidelines into pathway models for different hospital information systems. Health Inf Sci Syst. 2013;1(1).

  7. Mullins AK, Morris H, Bailey C, Ben-Meir M, Rankin D, Mousa M, Skouteris H. Physicians' and pharmacists' use of My Health Record in the emergency department: results from a mixed-methods study. Health Inf Sci Syst. 2021;9(1).

  8. HIPPA US. Department of Health & Human Services. 2022. Health information privacy. Available from: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html.

  9. Adler S. Largest Healthcare Data Breaches of 2021. The HIPPA Journal, Available from: https://www.hipaajournal.com/largest-healthcare-data-breaches-of-2021/.

  10. Nadrag P. Stolen patient record: a hot commodity on the dark web [Internet]. 2021. Available from: https://capsuletech.com/blog/stolen-patient-records-a-hot-commodity-on-the-dark-web.

  11. Bell G, Ebert M. Healthcare and cyber security: Increasing threats require increased capabilities. KPMG; 2015. Available from: https://assets.kpmg.com/content/dam/kpmg/pdf/2015/09/cyber-health-care-survey-kpmg-2015.pdf.

  12. Chen Y, Hu H chao, Cheng G zhen. Design and implementation of a novel enterprise network defense system bymaneuveringmulti-dimensional network properties. Front Inf Technol Electron Eng. 2019;20(2).

  13. Buck C, Olenberger C, Schweizer A, Völter F, Eymann T. Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Comput Secur. 2021;110.

  14. Mcginthy JM, Michaels AJ. Secure Industrial Internet of Things Critical infrastructure node design. IEEE Internet Things J. 2019;6(5).

  15. Mehraj S, Banday MT. Establishing a zero trust strategy in cloud computing environment. In: 2020 Int Conf Comput Commun Inform (ICCCI). 2020.

  16. Moubayed A, Refaey A, Shami A. Software-defined perimeter (sdp): State of the art secure solution for modern networks. IEEE Netw. 2019;33(5).

  17. Pan J, Yang Z. Cybersecurity challenges and opportunities in the new “edge computing + iot” world. In: SDN-NFVSec 2018. Proc 2018 ACM Int Workshop on Secur Softw Defined Netw Netw Funct Virtualization, Co-located with CODASPY 2018. 2018.

  18. Campbell M. Beyond zero trust: trust is a vulnerability. Computer (Long Beach Calif). 2020;53(10).

  19. Walker-Roberts S, Hammoudeh M, Dehghantanha A. A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access. 2018;6.

  20. Fisher N. Okta 2018 [cited 2020 Jun 5]. A Brief History of Zero Trust Security. Accessed 14 Dec 2019. Available from: https://www.okta.com/blog/2018/08/a-brief-history-of-zero-trust-security/.

  21. DeCusatis CM, Liengtiraphan P, Sager A, Pinelli M. Implementing zero trust cloud networks with transport access control and first packet authentication. 2016 IEEE International Conference on Smart Cloud (SmartCloud); 2016. p. 5–10.

    Google Scholar 

  22. Samaniego M, Deters R. Zero-trust hierarchical management in IoT. 2018 IEEE International Congress on Internet of Things (ICIOT), San Francisco, CA, USA; 2018. p. 88–95. https://doi.org/10.1109/ICIOT.2018.00019.

    Book  Google Scholar 

  23. Tyler D, Viana T. Trust no one? A framework for assisting healthcare organisations in transitioning to a zero-trust network architecture. Appl Sci (Switzerland). 2021;11(16).

  24. Uttecht KD. Zero Trust (ZT) concepts for federal government architecture. Massachusetts Inst of Tech Lexington; 2020. p. 1–39.

    Google Scholar 

  25. Al-Aswad H, El-Medany WM, Balakrishna C, Ababneh N, Curran K. BZKP: Blockchain-based zero-knowledge proof model for enhancing healthcare security in Bahrain IoT smart cities and COVID-19 risk mitigation. Arab J Basic Appl Sci. 2021;28(1):154–71.

    Article  Google Scholar 

  26. Ali B, Gregory MA. Uplifting healthcare cyber resilience with a multi-access edge computing zero-trust security model. In 2021 31st Int Telecommun Netw Appl Conf (ITNAC) IEEE. 2021;192–7.

  27. Chen B, Qiao S, Zhao J, Liu D, Shi X, Lyu M, et al. A security awareness and protection system for 5g smart healthcare based on zero-trust architecture. IEEE Internet Things J. 2021;8(13):10248–63.

    Article  Google Scholar 

  28. Gupta BB, Gaurav A, Kumar PP. Analysis of security and privacy issues of information management of big data in B2B based healthcare systems. J Bus Res. 2023;162:113859.

  29. Kausar F. Iris based cancelable biometric cryptosystem for secure healthcare smart card. Egypt Inform J. 2021;22(4).

  30. Azeez NA, Van der Vyver C. Security and privacy issues in e-health cloud-based system: A comprehensive content analysis. Egypt Inform J. 2019;20.

  31. Smart J. Essay lot. How old sources for references and literature review should be. 2020. Available from: https://essaylot.com/how-old-sources-references/.

  32. Cooper C, Booth A, Varley-Campbell J, Britten N, Garside R. Defining the process to literature searching in systematic reviews: A literature review of guidance and supporting studies. BMC Med Res Methodol. 2018;18.

  33. Abu-elezz I, Hassan A, Nazeemudeen A, Househ M, Abd-alrazaq A. The benefits and threats of blockchain technology in healthcare: A scoping review. Int J Med Inform. 2020;142.

  34. Pirbhulal S, Samuel OW, Wu W, Sangaiah AK, Li G. A joint resource-aware and medical data security framework for wearable healthcare systems. Future Gener Comput Syst. 2019;95.

  35. Tolba A, Al-Makhadmeh Z. Predictive data analysis approach for securing medical data in smart grid healthcare systems. Future Gener Comput Syst. 2021;117.

  36. Xu J, Wei L, Wu W, Wang A, Zhang Y, Zhou F. Privacy-preserving data integrity verification by using lightweight streaming authenticated data structures for healthcare cyber–physical system. Future Gener Comput Syst. 2020;108.

  37. Chuan T, Lv Y, Qi Z, Xie L, Guo W. An implementation method of zero-trust architecture. J Phys Conf Ser. 2020;1651:012010. https://doi.org/10.1088/1742-6596/1651/1/012010.

    Article  Google Scholar 

  38. Edo OC, Tenebe T, Egbe-etu E, Ayuwu A, Emakhu J, Adebiyi S. Zero Trust Architecture: Trend and Impact on Information Security. Int J Emerg Technol Adv Eng. 2022;12(7):140–7.

  39. Marsh SP. Formalising trust as a computational concept. Computing. 1994;Doctor of(April).

  40. Jeannie W. Crowdstrike Inc. 2021. Zero Trust Security Explained | Principles of the Zero Trust Model. Available from: https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/.

  41. NIST. Zero Trust Architecture, SP 800–207. National Institute of Standards and Technology Special Publication. 2020;SP 800–207.

  42. Cato Networks. Zero Trust Principles: What is Zero Trust? [Internet]. 2022. Available from: https://www.catonetworks.com/zero-trust-network-access/zero-trust-security-principles.

  43. Axxys Technologies. 3 Perimeter Security Challenges, and How Organizations Can Address Them [Internet]. 2016. Available from: https://www.axxys.com/blog/3-perimeter-security-challenges-organizations-can-address/.

  44. Adahman Z, Malik AW, Anwar Z. An analysis of zero-trust architecture and its cost-effectiveness for organizational security. Comput Secur. 2022;122: 102911.

    Article  Google Scholar 

  45. Cavalancia N. Zero trust architecture explained. AT & T CyberSecurity; 2020. Available from: https://cybersecurity.att.com/blogs/security-essentials/what-is-a-zero-trust-architecture.

  46. Meinshausen N. Quantile regression forests. J Mach Learn Res. 2006;7:983–99.

    MathSciNet  Google Scholar 

  47. Hodge VJ, Austin J. A Survey of Outlier Detection Methodologies. Artif Intell Rev. 2004;22(2):85–126.

    Article  Google Scholar 

  48. Pincus R, Barnett V, Lewis T. Outliers in statistical data. 3rd edition. J. Wiley & Sons 1994, XVII. 582 pp., £49.95. Biom J. 1995;37(2):256.

  49. Evangelou M, Adams NM. An anomaly detection framework for cyber-security data. Comput Secur. 2020;97: 101941.

    Article  Google Scholar 

  50. Gianluigi F, Carla OG, Francesco SP. A scalable cybersecurity framework for anomaly detection in user behaviour. Springer Nature. 2022;1–26.

  51. Li Z, van Leeuwen M. Explainable contextual anomaly detection using quantile regression forests. Data Min Knowl Disc. 2023;37:2517–63. https://doi.org/10.1007/s10618-023-00967-z.

    Article  MathSciNet  Google Scholar 

Download references

Funding

Not applicable.

Author information

Authors and Affiliations

  1. Department of Information Systems, Auburn University at Montgomery, 7400 East Drive, Montgomery, AL, 36117, USA

    Onome Christopher Edo, David Ang & Praveen Billakota

  2. Department of Management and Marketing, Turner College of Business, Columbus State University, 31907, Columbus, Georgia

    Johnny C. Ho

Authors
  1. Onome Christopher Edo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Ang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Praveen Billakota
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Johnny C. Ho
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Author 1: conceived the idea and the models, and wrote the manuscript with help from authors 2, 3, and 4. Author 2: Revised  the project and concepts and examined the proof of concepts, supervised the project. Author 3: Evaluated the models, and integrated the framework with the study, designed the proof of concepts with help from authors 1, and 4. Author 4: Developed and supervised the Machine Learning (ML) aspect of the framework, evaluated the suitability of the framework, and designed the ML interface.

Corresponding author

Correspondence to Onome Christopher Edo.

Ethics declarations

Conflict of interest

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Edo, O.C., Ang, D., Billakota, P. et al. A zero trust architecture for health information systems. Health Technol. 14, 189–199 (2024). https://doi.org/10.1007/s12553-023-00809-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12553-023-00809-4

Keywords

Search

Navigation