Abstract
Background
Advances in technology have birthed a new dimension to managing patient healthcare data from a brick-and-mortar principle to a digitized phase, while this new paradigm is appraised for its simplicity and efficiency, a critical subject of concern is system vulnerability, with the prevalence of insider attack and recurrent data breaches in the healthcare sector, a more nuanced approach is required to close the insider vulnerability incidences. Although several models have been proposed such as blockchain, biometrics, and firewalls, insider threats continue to gain momentum. Hence the adoption of the Zero Trust Model seeks to pacify these loopholes.
Methods
Zero Trust model is founded on an access policy based on context and continuous user and device authentication and verification. To block lateral movement in system architecture, the ZTA proposes deduction engines as a panacea to patient data security.
Results
Prior and current studies have suggested a more technical principle and philosophy in managing and securing patient data, the ZTA has been adopted in other domains and has remained an effective countermeasure in closing the data vulnerability gap. Our model is designed with a full-scale ZTA framework and as such combats the information security gaps.
Conclusion
A new architecture for data security is proposed, and insight was drawn from the ZTA principle, with a combination of several technology tools, The adoption of this framework will help to mitigate the current lapses and provide a gateway to ZTA adoption.
Similar content being viewed by others
Availability of data and materials
Not applicable.
Code availability
Not applicable.
References
Ang D, Edo OC. Healthcare information system: A public healthcare facility framework. Int J Health Sci (Qassim). 2022;6(S2):15140–47.
Sultana M, Hossain A, Laila F, Taher KA, Islam MN. Towards developing a secure medical image sharing system based on zero trust principles and blockchain technology. BMC Med Inform Decis Mak. 2020;20(1).
Yan Y, Li Q, Li H, Zhang X, Wang L. A home-based health information acquisition system. Health Inf Sci Syst. 2013;1(1).
Bernard R, Bowsher G, Sullivan R. Cyber security and the unexplored threat to global health: a call for global norms. Glob Secur Health Sci Policy. 2020;5(1).
Jagadeeswari V, Subramaniyaswamy V, Logesh R, Vijayakumar V. A study on medical Internet of Things and Big Data in personalized healthcare system. Health Inf Sci Syst. 2018;6(1).
Böckmann B, Heiden K. Extracting and transforming clinical guidelines into pathway models for different hospital information systems. Health Inf Sci Syst. 2013;1(1).
Mullins AK, Morris H, Bailey C, Ben-Meir M, Rankin D, Mousa M, Skouteris H. Physicians' and pharmacists' use of My Health Record in the emergency department: results from a mixed-methods study. Health Inf Sci Syst. 2021;9(1).
HIPPA US. Department of Health & Human Services. 2022. Health information privacy. Available from: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html.
Adler S. Largest Healthcare Data Breaches of 2021. The HIPPA Journal, Available from: https://www.hipaajournal.com/largest-healthcare-data-breaches-of-2021/.
Nadrag P. Stolen patient record: a hot commodity on the dark web [Internet]. 2021. Available from: https://capsuletech.com/blog/stolen-patient-records-a-hot-commodity-on-the-dark-web.
Bell G, Ebert M. Healthcare and cyber security: Increasing threats require increased capabilities. KPMG; 2015. Available from: https://assets.kpmg.com/content/dam/kpmg/pdf/2015/09/cyber-health-care-survey-kpmg-2015.pdf.
Chen Y, Hu H chao, Cheng G zhen. Design and implementation of a novel enterprise network defense system bymaneuveringmulti-dimensional network properties. Front Inf Technol Electron Eng. 2019;20(2).
Buck C, Olenberger C, Schweizer A, Völter F, Eymann T. Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Comput Secur. 2021;110.
Mcginthy JM, Michaels AJ. Secure Industrial Internet of Things Critical infrastructure node design. IEEE Internet Things J. 2019;6(5).
Mehraj S, Banday MT. Establishing a zero trust strategy in cloud computing environment. In: 2020 Int Conf Comput Commun Inform (ICCCI). 2020.
Moubayed A, Refaey A, Shami A. Software-defined perimeter (sdp): State of the art secure solution for modern networks. IEEE Netw. 2019;33(5).
Pan J, Yang Z. Cybersecurity challenges and opportunities in the new “edge computing + iot” world. In: SDN-NFVSec 2018. Proc 2018 ACM Int Workshop on Secur Softw Defined Netw Netw Funct Virtualization, Co-located with CODASPY 2018. 2018.
Campbell M. Beyond zero trust: trust is a vulnerability. Computer (Long Beach Calif). 2020;53(10).
Walker-Roberts S, Hammoudeh M, Dehghantanha A. A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access. 2018;6.
Fisher N. Okta 2018 [cited 2020 Jun 5]. A Brief History of Zero Trust Security. Accessed 14 Dec 2019. Available from: https://www.okta.com/blog/2018/08/a-brief-history-of-zero-trust-security/.
DeCusatis CM, Liengtiraphan P, Sager A, Pinelli M. Implementing zero trust cloud networks with transport access control and first packet authentication. 2016 IEEE International Conference on Smart Cloud (SmartCloud); 2016. p. 5–10.
Samaniego M, Deters R. Zero-trust hierarchical management in IoT. 2018 IEEE International Congress on Internet of Things (ICIOT), San Francisco, CA, USA; 2018. p. 88–95. https://doi.org/10.1109/ICIOT.2018.00019.
Tyler D, Viana T. Trust no one? A framework for assisting healthcare organisations in transitioning to a zero-trust network architecture. Appl Sci (Switzerland). 2021;11(16).
Uttecht KD. Zero Trust (ZT) concepts for federal government architecture. Massachusetts Inst of Tech Lexington; 2020. p. 1–39.
Al-Aswad H, El-Medany WM, Balakrishna C, Ababneh N, Curran K. BZKP: Blockchain-based zero-knowledge proof model for enhancing healthcare security in Bahrain IoT smart cities and COVID-19 risk mitigation. Arab J Basic Appl Sci. 2021;28(1):154–71.
Ali B, Gregory MA. Uplifting healthcare cyber resilience with a multi-access edge computing zero-trust security model. In 2021 31st Int Telecommun Netw Appl Conf (ITNAC) IEEE. 2021;192–7.
Chen B, Qiao S, Zhao J, Liu D, Shi X, Lyu M, et al. A security awareness and protection system for 5g smart healthcare based on zero-trust architecture. IEEE Internet Things J. 2021;8(13):10248–63.
Gupta BB, Gaurav A, Kumar PP. Analysis of security and privacy issues of information management of big data in B2B based healthcare systems. J Bus Res. 2023;162:113859.
Kausar F. Iris based cancelable biometric cryptosystem for secure healthcare smart card. Egypt Inform J. 2021;22(4).
Azeez NA, Van der Vyver C. Security and privacy issues in e-health cloud-based system: A comprehensive content analysis. Egypt Inform J. 2019;20.
Smart J. Essay lot. How old sources for references and literature review should be. 2020. Available from: https://essaylot.com/how-old-sources-references/.
Cooper C, Booth A, Varley-Campbell J, Britten N, Garside R. Defining the process to literature searching in systematic reviews: A literature review of guidance and supporting studies. BMC Med Res Methodol. 2018;18.
Abu-elezz I, Hassan A, Nazeemudeen A, Househ M, Abd-alrazaq A. The benefits and threats of blockchain technology in healthcare: A scoping review. Int J Med Inform. 2020;142.
Pirbhulal S, Samuel OW, Wu W, Sangaiah AK, Li G. A joint resource-aware and medical data security framework for wearable healthcare systems. Future Gener Comput Syst. 2019;95.
Tolba A, Al-Makhadmeh Z. Predictive data analysis approach for securing medical data in smart grid healthcare systems. Future Gener Comput Syst. 2021;117.
Xu J, Wei L, Wu W, Wang A, Zhang Y, Zhou F. Privacy-preserving data integrity verification by using lightweight streaming authenticated data structures for healthcare cyber–physical system. Future Gener Comput Syst. 2020;108.
Chuan T, Lv Y, Qi Z, Xie L, Guo W. An implementation method of zero-trust architecture. J Phys Conf Ser. 2020;1651:012010. https://doi.org/10.1088/1742-6596/1651/1/012010.
Edo OC, Tenebe T, Egbe-etu E, Ayuwu A, Emakhu J, Adebiyi S. Zero Trust Architecture: Trend and Impact on Information Security. Int J Emerg Technol Adv Eng. 2022;12(7):140–7.
Marsh SP. Formalising trust as a computational concept. Computing. 1994;Doctor of(April).
Jeannie W. Crowdstrike Inc. 2021. Zero Trust Security Explained | Principles of the Zero Trust Model. Available from: https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/.
NIST. Zero Trust Architecture, SP 800–207. National Institute of Standards and Technology Special Publication. 2020;SP 800–207.
Cato Networks. Zero Trust Principles: What is Zero Trust? [Internet]. 2022. Available from: https://www.catonetworks.com/zero-trust-network-access/zero-trust-security-principles.
Axxys Technologies. 3 Perimeter Security Challenges, and How Organizations Can Address Them [Internet]. 2016. Available from: https://www.axxys.com/blog/3-perimeter-security-challenges-organizations-can-address/.
Adahman Z, Malik AW, Anwar Z. An analysis of zero-trust architecture and its cost-effectiveness for organizational security. Comput Secur. 2022;122: 102911.
Cavalancia N. Zero trust architecture explained. AT & T CyberSecurity; 2020. Available from: https://cybersecurity.att.com/blogs/security-essentials/what-is-a-zero-trust-architecture.
Meinshausen N. Quantile regression forests. J Mach Learn Res. 2006;7:983–99.
Hodge VJ, Austin J. A Survey of Outlier Detection Methodologies. Artif Intell Rev. 2004;22(2):85–126.
Pincus R, Barnett V, Lewis T. Outliers in statistical data. 3rd edition. J. Wiley & Sons 1994, XVII. 582 pp., £49.95. Biom J. 1995;37(2):256.
Evangelou M, Adams NM. An anomaly detection framework for cyber-security data. Comput Secur. 2020;97: 101941.
Gianluigi F, Carla OG, Francesco SP. A scalable cybersecurity framework for anomaly detection in user behaviour. Springer Nature. 2022;1–26.
Li Z, van Leeuwen M. Explainable contextual anomaly detection using quantile regression forests. Data Min Knowl Disc. 2023;37:2517–63. https://doi.org/10.1007/s10618-023-00967-z.
Funding
Not applicable.
Author information
Authors and Affiliations
Contributions
Author 1: conceived the idea and the models, and wrote the manuscript with help from authors 2, 3, and 4. Author 2: Revised the project and concepts and examined the proof of concepts, supervised the project. Author 3: Evaluated the models, and integrated the framework with the study, designed the proof of concepts with help from authors 1, and 4. Author 4: Developed and supervised the Machine Learning (ML) aspect of the framework, evaluated the suitability of the framework, and designed the ML interface.
Corresponding author
Ethics declarations
Conflict of interest
Not applicable.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Edo, O.C., Ang, D., Billakota, P. et al. A zero trust architecture for health information systems. Health Technol. 14, 189–199 (2024). https://doi.org/10.1007/s12553-023-00809-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12553-023-00809-4