Health Care and Cybersecurity: Bibliometric Analysis of the Literature.

BACKGROUND: Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery. OBJECTIVE: The objective of this study was to provide an overview of the literature at the intersection of cybersecurity and health care delivery. METHODS: A comprehensive search was conducted using PubMed and Web of Science for English-language peer-reviewed articles. We carried out chronological analysis, domain clustering analysis, and text analysis of the included articles to generate a high-level concept map composed of specific words and the connections between them. RESULTS: Our final sample included 472 English-language journal articles. Our review results revealed that majority of the articles were focused on technology: Technology-focused articles made up more than half of all the clusters, whereas managerial articles accounted for only 32% of all clusters. This finding suggests that nontechnological variables (human-based and organizational aspects, strategy, and management) may be understudied. In addition, Software Development Security, Business Continuity, and Disaster Recovery Planning each accounted for 3% of the studied articles. Our results also showed that publications on Physical Security account for only 1% of the literature, and research in this area is lacking. Cyber vulnerabilities are not all digital; many physical threats contribute to breaches and potentially affect the physical safety of patients. CONCLUSIONS: Our results revealed an overall increase in research on cybersecurity and identified major gaps and opportunities for future work.

Construction of RSA-Based Authentication Scheme in Authorized Access to Healthcare Services : Authorized Access to Healthcare Services.

Modern network technology yields new interface for telecare medicine information systems in short TMIS used for patient's healthcare. This system is used to provide healthcare services to patients at their home. It can be observed, telecare medicine information systems generally suffer several attacks as information being transmitted over a public network. Therefore, various authentication and key agreement schemes are proposed for TMIS to ensure secure and authorized patients communication over given public network. However, most of the schemes fail to achieve essential attributes discussed in this article. Although the key attributes of security and efficiency should be achieved in a common framework. This paper proposes construction of an RSA based authentication scheme for authorized access to healthcare services and achieves desirable key attributes of authentication protocols. Proof of security against polynomial time adversary is given in the random oracle to justify the security of proposed scheme. Communication analysis and computation analysis of proposed scheme indicates that proposed scheme's performance is comparable and having better security.

Controlled searching in reversibly de-identified medical imaging archives.

Nowadays, digital medical imaging in healthcare has become a fundamental tool for medical diagnosis. This growth has been accompanied by the development of technologies and standards, such as the DICOM standard and PACS. This environment led to the creation of collaborative projects where there is a need to share medical data between different institutions for research and educational purposes. In this context, it is necessary to maintain patient data privacy and provide an easy and secure mechanism for authorized personnel access. This paper presents a solution that fully de-identifies standard medical imaging objects, including metadata and pixel data, providing at the same time a reversible de-identifier mechanism that retains search capabilities from the original data. The last feature is important in some scenarios, for instance, in collaborative platforms where data is anonymized when shared with the community but searchable for data custodians or authorized entities. The solution was integrated into an open source PACS archive and validated in a multidisciplinary collaborative scenario.

Use of redundant arrays of inexpensive disks in orthodontic practice.

In a time when orthodontists are getting away from paper charts and going digital with their patient data and imaging, practitioners need to be prepared for a potential hardware failure in their data infrastructure. Although a backup plan in accordance with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 may prevent data loss in case of a disaster or hard drive failure, it does little to ensure business and practice continuity. Through the implementation of a common technique used in information technology, the redundant array of inexpensive disks, a practice may continue normal operations without interruption if a hard drive fails.

Privacy-Preserving Integration of Medical Data : A Practical Multiparty Private Set Intersection.

Medical data are often maintained by different organizations. However, detailed analyses sometimes require these datasets to be integrated without violating patient or commercial privacy. Multiparty Private Set Intersection (MPSI), which is an important privacy-preserving protocol, computes an intersection of multiple private datasets. This approach ensures that only designated parties can identify the intersection. In this paper, we propose a practical MPSI that satisfies the following requirements: The size of the datasets maintained by the different parties is independent of the others, and the computational complexity of the dataset held by each party is independent of the number of parties. Our MPSI is based on the use of an outsourcing provider, who has no knowledge of the data inputs or outputs. This reduces the computational complexity. The performance of the proposed MPSI is evaluated by implementing a prototype on a virtual private network to enable parallel computation in multiple threads. Our protocol is confirmed to be more efficient than comparable existing approaches.

A Selective Group Authentication Scheme for IoT-Based Medical Information System.

The technology of IoT combined with medical systems is expected to support advanced medical services. However, unsolved security problems, such as misuse of medical devices, illegal access to the medical server and so on, make IoT-based medical systems not be applied widely. In addition, users have a high burden of computation to access Things for the explosive growth of IoT devices. Because medical information is critical and important, but users have a restricted computing power, IoT-based medical systems are required to provide secure and efficient authentication for users. In this paper, we propose a selective group authentication scheme using Shamir's threshold technique. The property of selectivity gives the right of choice to users to form a group which consists of things users select and access. And users can get an access authority for those Things at a time. Thus, our scheme provides an efficient user authentication for multiple Things and conditional access authority for safe IoT-based medical information system. To the best of our knowledge, our proposed scheme is the first in which selectivity is combined with group authentication in IoT environments.

ICASME: An Improved Cloud-Based Authentication Scheme for Medical Environment.

Unlike the traditional medical system, telecare medicine information system (TMIS) ensures that patients can get health-care services via the Internet at home. Authenticated key agreement protocol is very important for protecting the security in TMIS. Recently scholars have proposed a lot of authenticated key agreement protocols. In 2016, Chiou et al. demonstrated that Chen et al.'s authentication scheme fails to provide user's anonymity and message authentication and then proposed an enhanced scheme (Chiou et al., J. Med. Syst. 40(4):1-15, 2006) to overcome these drawbacks. In this paper, we demonstrate that Chiou et al.'s scheme is defenseless against key compromise impersonation (KCI) attack and also fails to provide forward security. Moreover, we propose a novel authentication scheme namely ICASME to overcome the mentioned weaknesses in this paper. Security analyses show that ICASME achieves the forward security and KCI attack resistance. In addition, it is proved that the time taken to implement the ICASME is not intolerable compared to the original protocol.

A Double Chaotic Layer Encryption Algorithm for Clinical Signals in Telemedicine.

Recently, telemedicine offers medical services remotely via telecommunications systems and physiological monitoring devices. This scheme provides healthcare delivery services between physicians and patients conveniently, since some patients can not attend the hospital due to any reason. However, transmission of information over an insecure channel such as internet or private data storing generates a security problem. Therefore, authentication, confidentiality, and privacy are important challenges in telemedicine, where only authorized users should have access to medical or clinical records. On the other hand, chaotic systems have been implemented efficiently in cryptographic systems to provide confidential and privacy. In this work, we propose a novel symmetric encryption algorithm based on logistic map with double chaotic layer encryption (DCLE) in diffusion process and just one round of confusion-diffusion for the confidentiality and privacy of clinical information such as electrocardiograms (ECG), electroencephalograms (EEG), and blood pressure (BP) for applications in telemedicine. The clinical signals are acquired from PhysioBank data base for encryption proposes and analysis. In contrast with recent schemes in literature, we present a secure cryptographic algorithm based on chaos validated with the most complete security analysis until this time. In addition, the cryptograms are validated with the most complete pseudorandomness tests based on National Institute of Standards and Technology (NIST) 800-22 suite. All results are at MATLAB simulations and all them show the effectiveness, security, robustness, and the potential use of the proposed scheme in telemedicine.

An Efficient Remote Authentication Scheme for Wireless Body Area Network.

Wireless body area network (WBAN) provide a mechanism of transmitting a persons physiological data to application providers e.g. hospital. Given the limited range of connectivity associated with WBAN, an intermediate portable device e.g. smartphone, placed within WBAN's connectivity, forwards the data to a remote server. This data, if not protected from an unauthorized access and modification may be lead to poor diagnosis. In order to ensure security and privacy between WBAN and a server at the application provider, several authentication schemes have been proposed. Recently, Wang and Zhang proposed an authentication scheme for WBAN using bilinear pairing. However, in their scheme, an application provider could easily impersonate a client. In order to overcome this weakness, we propose an efficient remote authentication scheme for WBAN. In terms of performance, our scheme can not only provide a malicious insider security, but also reduce running time of WBAN (client) by 51 % as compared to Wang and Zhang scheme.

A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System.

Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

A Mutual Authentication Framework for Wireless Medical Sensor Networks.

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.

A Study on the Secure User Profiling Structure and Procedure for Home Healthcare Systems.

Despite of various benefits such as a convenience and efficiency, home healthcare systems have some inherent security risks that may cause a serious leak on personal health information. This work presents a Secure User Profiling Structure which has the patient information including their health information. A patient and a hospital keep it at that same time, they share the updated data. While they share the data and communicate, the data can be leaked. To solve the security problems, a secure communication channel with a hash function and an One-Time Password between a client and a hospital should be established and to generate an input value to an OTP, it uses a dual hash-function. This work presents a dual hash function-based approach to generate the One-Time Password ensuring a secure communication channel with the secured key. In result, attackers are unable to decrypt the leaked information because of the secured key; in addition, the proposed method outperforms the existing methods in terms of computation cost.

Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System.

In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient's permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient's perspective.

An Improvement to a Multi-Client Searchable Encryption Scheme for Boolean Queries.

The migration of e-health systems to the cloud computing brings huge benefits, as same as some security risks. Searchable Encryption(SE) is a cryptography encryption scheme that can protect the confidentiality of data and utilize the encrypted data at the same time. The SE scheme proposed by Cash et al. in Crypto2013 and its follow-up work in CCS2013 are most practical SE Scheme that support Boolean queries at present. In their scheme, the data user has to generate the search tokens by the counter number one by one and interact with server repeatedly, until he meets the correct one, or goes through plenty of tokens to illustrate that there is no search result. In this paper, we make an improvement to their scheme. We allow server to send back some information and help the user to generate exact search token in the search phase. In our scheme, there are only two round interaction between server and user, and the search token has [Formula: see text] elements, where n is the keywords number in query expression, and [Formula: see text] is the minimum documents number that contains one of keyword in query expression, and the computation cost of server is [Formula: see text] modular exponentiation operation.

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications.

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

A Provably Secure Aggregate Signature Scheme for Healthcare Wireless Sensor Networks.

Wireless sensor networks (WSNs) are being used in a wide range of applications for healthcare monitoring, like heart rate monitors and blood pressure monitors, which can minimize the need for healthcare professionals. In medical system, sensors on or in patients produce medical data which can be easily compromised by a vast of attacks. Although signature schemes can protect data authenticity and data integrity, when the number of users involved in the medical system becomes huge, the bandwidth and storage cost will rise sharply so that existing signature schemes are inapplicability for WSNs. In this paper, we propose an efficient aggregate signature scheme for healthcare WSNs according to an improved security model, which can combine multiple signatures into a single aggregate signature. The length of such an aggregate signature may be as long as that of an individual one, which can greatly decrease the bandwidth and storage cost for networks.

m2-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting.

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search via Ciphertext-Policy Attribute-Based Encryption. Formal security analysis proves our scheme is selectively secure against chosen-keyword attack. As a further contribution, we conduct empirical experiments over real-world dataset to show its feasibility and practicality in a broad range of actual scenarios without incurring additional computational burden.

A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data.

Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of patient data are often bypassed in case of emergencies. In this article, we propose a way to securely share EPHR data under any situation including break-the-glass (BtG) without compromising its security. In this regard, we design a reference security model, which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) policies.

Analysis of Security Protocols for Mobile Healthcare.

Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient's health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth.

Wireless body area networks (WBANs) have become one of the key components of mobile health (mHealth) which provides 24/7 health monitoring service and greatly improves the quality and efficiency of healthcare. However, users' concern about the security and privacy of their health information has become one of the major obstacles that impede the wide adoption of WBANs. Anonymous and unlinkable authentication is critical to protect the security and privacy of sensitive physiological information in transit from the client to the application provider. We first show that the anonymous authentication scheme of Wang and Zhang based on bilinear pairing is prone to client impersonation attack. Then, we propose an enhanced anonymous authentication scheme to remedy the flaw in Wang and Zhang's scheme. We give the security analysis to demonstrate that the enhanced scheme achieves the desired security features and withstands various known attacks.