An efficient and provably secure key agreement scheme for satellite communication systems.

Satellite communication has played an important part in many different industries because of its advantages of wide coverage, strong disaster tolerance and high flexibility. The security of satellite communication systems has always been the concern of many scholars. Without authentication, user should not obtain his/her required services. Beyond that, the anonymity also needs to be protected during communications. In this study, we design an efficient and provably secure key agreement scheme for satellite communication systems. In each session, we replace user's true identity by a temporary identity, which will be updated for each session, to guarantee the anonymity. Because the only use of lightweight algorithms, our proposed scheme has high performance. Furthermore, the security of the proposed scheme is proved in the real-or-random model and the performance analysis shows that the proposed scheme is more efficient than some other schemes for satellite communication systems.

Can caregivers trust information technology in the care of their patients? A systematic review.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that healthcare providers allow patients to engage in their healthcare by allowing access to their health records. Often patients need informal caregivers including family members or others to help them with their care. This paper explores whether trust is a key factor for informal caregivers' decision to use health information technologies (HIT) including electronic health records (EHR), patient portals, mobile apps, or other devices to care for their patient. Six reviewers conducted a comprehensive search of four literature databases using terms that pertained to a caregiver and trust to investigate the role trust plays when caregivers use HIT. While trust is a key factor for the use of HIT, it the researchers only identified ten articles that met the research question thresholds. Four main topics of trust surfaced including perceived confidentiality, perceived security, technological malfunction, and trustworthiness of the information. Trust is a critical factor for informal caregivers when using HIT to assist in the care of their patient (child, loved one, parent, or acquaintance). Based on the findings, it is clear that more research on the use of HIT by caregivers is needed.

Plan de acción 2021-24 de la agenda digital República Dominicana / Action plan 2021-24 of the digital agenda Dominican Republic

Los planes de acción de la Agenda Digital 2030 consisten en la lista de proyectos e iniciativas priorizadas por cada gestión de gobierno a cargo de impulsar, en el tramo que le corresponda, el cumplimiento de sus metas y objetivos. El 1er Plan de Acción 2021-2024 consta de 100 proyectos, a ser ejecutados durante ese período, tomando en cuenta el contexto de pandemia del COVID-19 que se enfrenta, distribuidos entre sus distintos componentes: Gobernanza y Marco Normativo; Conectividad y Acceso; Gobierno Digital; Educación y Capacidades Digitales; Economía Digital; Ciberseguridad e Innovación Tecnológica. Este y los demás planes de acción que se elaboren, podrán ser actualizados según se vayan presentando nuevas prioridades y disponibilidades a la administración de turno, por lo que es un documento vivo que será revisado periódicamente en el marco del Gabinete de Transformación Digital, que es el mecanismo consultivo, encabezado por el propio Sr. Presidente de la República, para formular, evaluar, monitorear y revisar la implementación de la Agenda Digital 2030

Assessment of the Electronic Health Record Skills Needed for the Health Information Management Student.

Electronic health records (EHR) have continued to advance and improve patient care, treatment, and safety, but the education required for EHR use can vary. In preparing future health care professionals for the use of EHR, allied health programs such as health information management (HIM) should understand the current use of EHR skills of HIM professionals. This quantitative descriptive study identified the current use of EHR skills of HIM professionals within a region. An email containing a link to the electronic survey was sent to 350 HIM association members. The response rate was 34.6% (n=121). The results indicated higher use of federal and state regulations regarding privacy/security, problem solving and critical thinking skills for health information technology (HIT) systems, and data mining skills. But, there were some skillsets that had a lower use such as financial decision making, database design, and HIT software development. The findings suggest some specific EHR skills that are essential for HIM graduates. It is imperative that HIM programs have an understanding of what EHR skills are needed for their profession.

Addressing Ethical Challenges in US-Based HIV Phylogenetic Research.

In recent years, phylogenetic analysis of HIV sequence data has been used in research studies to investigate transmission patterns between individuals and groups, including analysis of data from HIV prevention clinical trials, in molecular epidemiology, and in public health surveillance programs. Phylogenetic analysis can provide valuable information to inform HIV prevention efforts, but it also has risks, including stigma and marginalization of groups, or potential identification of HIV transmission between individuals. In response to these concerns, an interdisciplinary working group was assembled to address ethical challenges in US-based HIV phylogenetic research. The working group developed recommendations regarding (1) study design; (2) data security, access, and sharing; (3) legal issues; (4) community engagement; and (5) communication and dissemination. The working group also identified areas for future research and scholarship to promote ethical conduct of HIV phylogenetic research.

Security analysis and secure channel-free certificateless searchable public key authenticated encryption for a cloud-based Internet of things.

With the rapid development of informatization, an increasing number of industries and organizations outsource their data to cloud servers, to avoid the cost of local data management and to share data. For example, industrial Internet of things systems and mobile healthcare systems rely on cloud computing's powerful data storage and processing capabilities to address the storage, provision, and maintenance of massive amounts of industrial and medical data. One of the major challenges facing cloud-based storage environments is how to ensure the confidentiality and security of outsourced sensitive data. To mitigate these issues, He et al. and Ma et al. have recently independently proposed two certificateless public key searchable encryption schemes. In this paper, we analyze the security of these two schemes and show that the reduction proof of He et al.'s CLPAEKS scheme is incorrect, and that Ma et al.'s CLPEKS scheme is not secure against keyword guessing attacks. We then propose a channel-free certificateless searchable public key authenticated encryption (dCLPAEKS) scheme and prove that it is secure against inside keyword guessing attacks under the enhanced security model. Compared with other certificateless public key searchable encryption schemes, this scheme has higher security and comparable efficiency.

Data breach remediation efforts and their implications for hospital quality.

OBJECTIVE: To estimate the relationship between breach remediation efforts and hospital care quality. DATA SOURCES: Department of Health and Human Services' (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016. MATERIALS AND METHODS: Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations. STUDY DESIGN: The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram. PRINCIPAL FINDINGS: Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach. CONCLUSION: Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.

Phishing in healthcare organisations: threats, mitigation and approaches.

INTRODUCTION: Healthcare data have significant value as a potential target for hackers. Phishing is a method of exploitation for malicious reasons using targeted communications (email/messaging). This study reports on an internal evaluation targeting hospital staff and summarises peer-reviewed literature regarding phishing and healthcare. METHODS: An assessment was performed as part of cybersecurity activity during a designated test period using multiple credential harvesting approaches through staff email. We also searched the medical-related literature to identify relevant phishing-related publications. RESULTS: During the 1-month testing period, the organisation received 858 200 emails: 139 400 (16%) marketing, 18 871 (2%) identified as potential threats. Of 143 million internet transactions, around 5 million (3%) were suspected threats. 468 employee email addresses were identified from public data and targeted through phishing using a range of payloads including attachments and malicious links; however, no credentials were recovered or malicious files downloaded. Several hospital employees were, however, identified on social media profiles, including some tricked into accepting false friend requests. DISCUSSION: Healthcare organisations are increasingly moving to digital systems, but healthcare professionals have limited awareness of threats. Increasing emphasis on 'cyberhygiene' and information governance through mandatory training increases understanding of these risks. While no credentials were harvested in this study, since up to 5% of emails/internet traffic are suspicious, the need for robust firewalls, cybersecurity infrastructure, IT policies and, most importantly of all, staff training, is emphasised. CONCLUSION: Hospitals receive a significant volume of potentially malicious emails. While many staff appear to be aware of phishing and respond appropriately, ongoing education is required across the spectrum of cybersecurity, with specific emphasis around 'leakage' of information on social media.

Communication, learning and assessment: Exploring the dimensions of the digital learning environment.

Advances in technology make it possible to supplement in-person teaching activities with digital learning, use electronic records in patient care, and communicate through social media. This relatively new "digital learning environment" has changed how medical trainees learn, participate in patient care, are assessed, and provide feedback. Communication has changed with the use of digital health records, the evolution of interdisciplinary and interprofessional communication, and the emergence of social media. Learning has evolved with the proliferation of online tools such as apps, blogs, podcasts, and wikis, and the formation of virtual communities. Assessment of learners has progressed due to the increasing amounts of data being collected and analyzed. Digital technologies have also enhanced learning in resource-poor environments by making resources and expertise more accessible. While digital technology offers benefits to learners, the teachers, and health care systems, there are concerns regarding the ownership, privacy, safety, and management of patient and learner data. We highlight selected themes in the domains of digital communication, digital learning resources, and digital assessment and close by providing practical recommendations for the integration of digital technology into education, with the aim of maximizing its benefits while reducing risks.

Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis.

OBJECTIVES: To investigate whether and how user data are shared by top rated medicines related mobile applications (apps) and to characterise privacy risks to app users, both clinicians and consumers. DESIGN: Traffic, content, and network analysis. SETTING: Top rated medicines related apps for the Android mobile platform available in the Medical store category of Google Play in the United Kingdom, United States, Canada, and Australia. PARTICIPANTS: 24 of 821 apps identified by an app store crawling program. Included apps pertained to medicines information, dispensing, administration, prescribing, or use, and were interactive. INTERVENTIONS: Laboratory based traffic analysis of each app downloaded onto a smartphone, simulating real world use with four dummy scripts. The app's baseline traffic related to 28 different types of user data was observed. To identify privacy leaks, one source of user data was modified and deviations in the resulting traffic observed. MAIN OUTCOME MEASURES: Identities and characterisation of entities directly receiving user data from sampled apps. Secondary content analysis of company websites and privacy policies identified data recipients' main activities; network analysis characterised their data sharing relations. RESULTS: 19/24 (79%) of sampled apps shared user data. 55 unique entities, owned by 46 parent companies, received or processed app user data, including developers and parent companies (first parties) and service providers (third parties). 18 (33%) provided infrastructure related services such as cloud services. 37 (67%) provided services related to the collection and analysis of user data, including analytics or advertising, suggesting heightened privacy risks. Network analysis revealed that first and third parties received a median of 3 (interquartile range 1-6, range 1-24) unique transmissions of user data. Third parties advertised the ability to share user data with 216 "fourth parties"; within this network (n=237), entities had access to a median of 3 (interquartile range 1-11, range 1-140) unique transmissions of user data. Several companies occupied central positions within the network with the ability to aggregate and re-identify user data. CONCLUSIONS: Sharing of user data is routine, yet far from transparent. Clinicians should be conscious of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent. Privacy regulation should emphasise the accountabilities of those who control and process user data. Developers should disclose all data sharing practices and allow users to choose precisely what data are shared and with whom.

Characterization of User-Centered Security in Telehealth Services.

Emerging information and communication technologies are expected to foster new, efficient and accessible services for citizens, while guaranteeing the core principles of equality and privacy. Telehealth services are a clear example of a service in which technology can help enhance efficiency. The security of telehealth services is essential due to their critical nature. However, although ample efforts have been made to characterize security requirements for healthcare facilities, users are often worried because they are not aware of or do not understand the guarantees provided by the technology they are making use of. This paper describes the concept of User-Centered Security and characterizes it in the form of requirements. These requirements have been formalized in the form of a security architecture that should be utilized for each telehealth service during its design stage. Thus, such sensitive services will adequately manage patient fears regarding their correct operation. Finally, these requirements and the related security architecture have been validated by means of a test-case that is based on a real home telehealth service in order to ensure their consistency, completeness, realism and verifiability.

Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions.

Importance: Cybersecurity is an increasingly important threat to health care delivery, and email phishing is a major attack vector against hospital employees. Objective: To describe the practice of phishing simulation and the extent to which health care employees are vulnerable to phishing simulations. Design, Setting, and Participants: Retrospective, multicenter quality improvement study of a convenience sample of 6 geographically dispersed US health care institutions that ran phishing simulations from August 1, 2011, through April 10, 2018. The specific institutions are anonymized herein for security and privacy concerns. Exposures: Simulated phishing emails received by employees at US health care institutions. Main Outcomes and Measures: Date of phishing campaign, campaign number, number of emails sent, number of emails clicked, and email content. Emails were classified into 3 categories (office related, personal, or information technology related). Results: The final study sample included 6 anonymized US health care institutions, 95 simulated phishing campaigns, and 2 971 945 emails, 422 062 of which were clicked (14.2%). The median institutional click rates for campaigns ranged from 7.4% (interquartile range [IQR], 5.8%-9.6%) to 30.7% (IQR, 25.2%-34.4%), with an overall median click rate of 16.7% (IQR, 8.3%-24.2%) across all campaigns and institutions. In the regression model, repeated phishing campaigns were associated with decreased odds of clicking on a subsequent phishing email (adjusted OR, 0.511; 95% CI, 0.382-0.685 for 6-10 campaigns; adjusted OR, 0.335; 95% CI, 0.282-0.398 for >10 campaigns). Conclusions and Relevance: Among a sample of US health care institutions that sent phishing simulations, almost 1 in 7 simulated emails sent were clicked on by employees. Increasing campaigns were associated with decreased odds of clicking on a phishing email, suggesting a potential benefit of phishing simulation and awareness. With cyberattacks increasing against US health care systems, these click rates represent a major cybersecurity risk for hospitals.

Adaptive Risk Prediction and Anonymous Secured Communication in MANET for Medical Informatics.

Location-based services (LBS) and information security is a major concern in communication system.With the increasing popularity of location based services more attention is paid to preserve location information to protect the data. In order to protect and preserve the MANET and location based services, there are various existing location based anonymity protocols such as k-anonymity location based, but these protocols are more overhead due to the dynamic mobility nature of ad-hoc networks. In this paper we proposed an Adaptive Risk Prediction and Anonymous Secured Communication protocol to predict the risk before processing anonymous communication. The proposed protocol estimates the risk against adjacent nodes and estimates the vulnerability paths using hidden markov model and decision tree. The decision tree determines the evidence to identify the trusted paths. The anonymous communication message authentication scheme assigns the anonymous communication and organize the secured authentication scheme. We simulated the network by considering different attacks to determine the efficiency of Adaptive Risk Prediction and Anonymous Secured Communication using NS2 simulator.

Facebook Recruitment and the Protection of Human Subjects.

Social and behavioral scientists increasingly use Facebook to recruit research participants. Given the everchanging social media landscape, it is important to consider the ethical principles of using such a strategy. The aims of this methodological article are to (a) examine Facebook recruitment in light of the ethical principles of the Belmont Report (respect for persons, beneficence, and justice), (b) describe ethical challenges that may be faced in Facebook recruitment, and (c) provide recommendations for researchers interested in adopting this recruitment method. Ethical challenges inherent in Facebook recruitment include selecting subjects fairly, privacy, and data security. Overall, Facebook is a beneficial resource for recruiting participants into research; however, researchers need to be aware of their responsibility in protecting human subjects.