As machine learning (ML) usage becomes more popular in the healthcare sector, there are also increasing concerns about potential biases and risks such as privacy. One countermeasure is to use federated learning (FL) to support collaborative learning without the need for patient data sharing across different organizations. However, the inherent heterogeneity of data distributions among participating FL parties poses challenges for exploring group fairness in FL. While personalization within FL can handle performance degradation caused by data heterogeneity, its influence on group fairness is not fully investigated. Therefore, the primary focus of this study is to rigorously assess the impact of personalized FL on group fairness in the healthcare domain, offering a comprehensive understanding of how personalized FL affects group fairness in clinical outcomes. We conduct an empirical analysis using two prominent real-world Electronic Health Records (EHR) datasets, namely eICU and MIMIC-IV. Our methodology involves a thorough comparison between personalized FL and two baselines: standalone training, where models are developed independently without FL collaboration, and standard FL, which aims to learn a global model via the FedAvg algorithm. We adopt Ditto as our personalized FL approach, which enables each client in FL to develop its own personalized model through multi-task learning. Our assessment is achieved through a series of evaluations, comparing the predictive performance (i.e., AUROC and AUPRC) and fairness gaps (i.e., EOPP, EOD, and DP) of these methods. Personalized FL demonstrates superior predictive accuracy and fairness over standalone training across both datasets. Nevertheless, in comparison with standard FL, personalized FL shows improved predictive accuracy but does not consistently offer better fairness outcomes. For instance, in the 24-h in-hospital mortality prediction task, personalized FL achieves an average EOD of 27.4% across racial groups in the eICU dataset and 47.8% in MIMIC-IV. In comparison, standard FL records a better EOD of 26.2% for eICU and 42.0% for MIMIC-IV, while standalone training yields significantly worse EOD of 69.4% and 54.7% on these datasets, respectively. Our analysis reveals that personalized FL has the potential to enhance fairness in comparison to standalone training, yet it does not consistently ensure fairness improvements compared to standard FL. Our findings also show that while personalization can improve fairness for more biased hospitals (i.e., hospitals having larger fairness gaps in standalone training), it can exacerbate fairness issues for less biased ones. These insights suggest that the integration of personalized FL with additional strategic designs could be key to simultaneously boosting prediction accuracy and reducing fairness disparities. The findings and opportunities outlined in this paper can inform the research agenda for future studies, to overcome the limitations and further advance health equity research.
BACKGROUND: The proliferation of mobile health (mHealth) applications is partly driven by the advancements in sensing and communication technologies, as well as the integration of artificial intelligence techniques. Data collected from mHealth applications, for example, on sensor devices carried by patients, can be mined and analyzed using artificial intelligence-based solutions to facilitate remote and (near) real-time decision-making in health care settings. However, such data often sit in data silos, and patients are often concerned about the privacy implications of sharing their raw data. Federated learning (FL) is a potential solution, as it allows multiple data owners to collaboratively train a machine learning model without requiring access to each other's raw data. OBJECTIVE: The goal of this scoping review is to gain an understanding of FL and its potential in dealing with sensitive and heterogeneous data in mHealth applications. Through this review, various stakeholders, such as health care providers, practitioners, and policy makers, can gain insight into the limitations and challenges associated with using FL in mHealth and make informed decisions when considering implementing FL-based solutions. METHODS: We conducted a scoping review following the guidelines of PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-Analyses Extension for Scoping Reviews). We searched 7 commonly used databases. The included studies were analyzed and summarized to identify the possible real-world applications and associated challenges of using FL in mHealth settings. RESULTS: A total of 1095 articles were retrieved during the database search, and 26 articles that met the inclusion criteria were included in the review. The analysis of these articles revealed 2 main application areas for FL in mHealth, that is, remote monitoring and diagnostic and treatment support. More specifically, FL was found to be commonly used for monitoring self-care ability, health status, and disease progression, as well as in diagnosis and treatment support of diseases. The review also identified several challenges (eg, expensive communication, statistical heterogeneity, and system heterogeneity) and potential solutions (eg, compression schemes, model personalization, and active sampling). CONCLUSIONS: This scoping review has highlighted the potential of FL as a privacy-preserving approach in mHealth applications and identified the technical limitations associated with its use. The challenges and opportunities outlined in this review can inform the research agenda for future studies in this field, to overcome these limitations and further advance the use of FL in mHealth.
Mobile Applications , Telemedicine , Humans , Administrative Personnel , Artificial Intelligence , Communication , Databases, Factual , Disease Progression
Although cyber technologies benefit our society, there are also some related cybersecurity risks. For example, cybercriminals may exploit vulnerabilities in people, processes, and technologies during trying times, such as the ongoing COVID-19 pandemic, to identify opportunities that target vulnerable individuals, organizations (e.g., medical facilities), and systems. In this paper, we examine the various cyberthreats associated with the COVID-19 pandemic. We also determine the attack vectors and surfaces of cyberthreats. Finally, we will discuss and analyze the insights and suggestions generated by different cyberattacks against individuals, organizations, and systems.
Electronic medical records (EMRs) are stored in relational databases. It can be challenging to access the required information if the user is unfamiliar with the database schema or general database fundamentals. Hence, researchers have explored text-to-SQL generation methods that provide healthcare professionals direct access to EMR data without needing a database expert. However, currently available datasets have been essentially "solved" with state-of-the-art models achieving accuracy greater than or near 90%. In this paper, we show that there is still a long way to go before solving text-to-SQL generation in the medical domain. To show this, we create new splits of the existing medical text-to- SQL dataset MIMICSQL that better measure the generalizability of the resulting models. We evaluate state-of-the-art language models on our new split showing substantial drops in performance with accuracy dropping from up to 92% to 28%, thus showing substantial room for improvement. Moreover, we introduce a novel data augmentation approach to improve the generalizability of the language models. Overall, this paper is the first step towards developing more robust text-to-SQL models in the medical domain.
Electronic Health Records , Language , Humans , Databases, Factual
Existing semisupervised learning approaches generally focus on the single-agent (centralized) setting, and hence, there is the risk of privacy leakage during joint data processing. At the same time, using the mean square error criterion in such approaches does not allow one to efficiently deal with problems involving non-Gaussian distribution. Thus, in this article, we present a novel privacy-preserving semisupervised algorithm under the maximum correntropy criterion (MCC). The proposed algorithm allows us to share data among different entities while effectively mitigating the risk of privacy leaks. In addition, under MCC, our proposed approach works well for data with non-Gaussian distribution noise. Our experiments on three different learning tasks demonstrate that our method distinctively outperforms the related algorithms in common regression learning scenarios.
The need for medical image encryption is increasingly pronounced, for example, to safeguard the privacy of the patients' medical imaging data. In this article, a novel deep learning-based key generation network (DeepKeyGen) is proposed as a stream cipher generator to generate the private key, which can then be used for encrypting and decrypting of medical images. In DeepKeyGen, the generative adversarial network (GAN) is adopted as the learning network to generate the private key. Furthermore, the transformation domain (that represents the "style" of the private key to be generated) is designed to guide the learning network to realize the private key generation process. The goal of DeepKeyGen is to learn the mapping relationship of how to transfer the initial image to the private key. We evaluate DeepKeyGen using three data sets, namely, the Montgomery County chest X-ray data set, the Ultrasonic Brachial Plexus data set, and the BraTS18 data set. The evaluation findings and security analysis show that the proposed key generation network can achieve a high-level security in generating the private key.
Deep Learning , Humans , Image Processing, Computer-Assisted/methods , Neural Networks, Computer
Medical practitioners generally rely on multimodal brain images, for example based on the information from the axial, coronal, and sagittal views, to inform brain tumor diagnosis. Hence, to further utilize the 3D information embedded in such datasets, this paper proposes a multi-view dynamic fusion framework (hereafter, referred to as MVFusFra) to improve the performance of brain tumor segmentation. The proposed framework consists of three key building blocks. First, a multi-view deep neural network architecture, which represents multi learning networks for segmenting the brain tumor from different views and each deep neural network corresponds to multi-modal brain images from one single view. Second, the dynamic decision fusion method, which is mainly used to fuse segmentation results from multi-views into an integrated method. Then, two different fusion methods (i.e., voting and weighted averaging) are used to evaluate the fusing process. Third, the multi-view fusion loss (comprising segmentation loss, transition loss, and decision loss) is proposed to facilitate the training process of multi-view learning networks, so as to ensure consistency in appearance and space, for both fusing segmentation results and the training of the learning network. We evaluate the performance of MVFusFra on the BRATS 2015 and BRATS 2018 datasets. Findings from the evaluations suggest that fusion results from multi-views achieve better performance than segmentation results from the single view, and also implying effectiveness of the proposed multi-view fusion loss. A comparative summary also shows that MVFusFra achieves better segmentation performance, in terms of efficiency, in comparison to other competing approaches.
Brain Neoplasms , Image Processing, Computer-Assisted , Brain/diagnostic imaging , Brain Neoplasms/diagnostic imaging , Humans , Image Processing, Computer-Assisted/methods , Magnetic Resonance Imaging/methods , Neural Networks, Computer
Wearable body area network is a key component of the modern-day e-healthcare system (e.g., telemedicine), particularly as the number and types of wearable medical monitoring systems increase. The importance of such systems is reinforced in the current COVID-19 pandemic. In addition to the need for a secure collection of medical data, there is also a need to process data in real-time. In this article, we design an improved symmetric homomorphic cryptosystem and a fog-based communication architecture to support delay- or time-sensitive monitoring and other-related applications. Specifically, medical data can be analyzed at the fog servers in a secure manner. This will facilitate decision making, for example, allowing relevant stakeholders to detect and respond to emergency situations, based on real-time data analysis. We present two attack games to demonstrate that our approach is secure (i.e., chosen-plaintext attack resilience under the computational Diffie-Hellman assumption), and evaluate the complexity of its computations. A comparative summary of its performance and three other related approaches suggests that our approach enables privacy-assured medical data aggregation, and the simulation experiments using Microsoft Azure further demonstrate the utility of our scheme.
Supervised classification based on Contrast Patterns (CP) is a trending topic in the pattern recognition literature, partly because it contains an important family of both understandable and accurate classifiers. In this paper, we survey 105 articles and provide an in-depth review of CP-based supervised classification and its applications. Based on our review, we present a taxonomy of the existing application domains of CP-based supervised classification, and a scientometric study. We also discuss potential future research opportunities.
Due to the popularity of blockchain, there have been many proposed applications of blockchain in the healthcare sector, such as electronic health record (EHR) systems. Therefore, in this paper we perform a systematic literature review of blockchain approaches designed for EHR systems, focusing only on the security and privacy aspects. As part of the review, we introduce relevant background knowledge relating to both EHR systems and blockchain, prior to investigating the (potential) applications of blockchain in EHR systems. We also identify a number of research challenges and opportunities.
With today's world revolving around online interaction, dating applications (apps) are a prime example of how people are able to discover and converse with others that may share similar interests or lifestyles, including during the recent COVID-19 lockdowns. To connect the users, geolocation is often utilized. However, with each new app comes the possibility of criminal exploitation. For example, while apps with geolocation feature are intended for users to provide personal information that drive their search to meet someone, that same information can be used by hackers or forensic analysts to gain access to personal data, albeit for different purposes. This paper examines the Happn dating app (versions 9.6.2, 9.7, and 9.8 for iOS devices, and versions 3.0.22 and 24.18.0 for Android devices), which geographically works differently compared to most notable dating apps by providing users with profiles of other users that might have passed by them or in the general radius of their location. Encompassing both iOS and Android devices along with eight varying user profiles with diverse backgrounds, this study aims to explore the potential for a malicious actor to uncover the personal information of another user by identifying artifacts that may pertain to sensitive user data.
An electronic health (e-health) system, such as a medical cyber-physical system, offers a number of benefits (e.g. inform medical diagnosis). There are, however, a number of considerations in the implementation of the medical cyber-physical system, such as the integrity of medical / healthcare data (e.g. manipulated data can result in misdiagnosis). A number of digital signature schemes have been proposed in recent years to mitigate some of these challenges. However, the security of existing signatures is mostly based on conventional difficult mathematical problems, which are known to be insecure against quantum attacks. In this paper, we propose a certificateless signature scheme, based on NTRU lattice. The latter is based on the difficulty of small integer solutions on the NTRU lattice, and is known to be quantum attack resilience. Security analysis and performance evaluations demonstrate that our proposed scheme achieves significantly reduced communication and computation costs in comparison to two other competing quantum resilience schemes, while being quantum attack resilience.
Computer Security , Confidentiality , Electronic Health Records/standards , Algorithms , Communication , Costs and Cost Analysis , Diagnostic Errors , Humans , Physical Examination
In any interconnected healthcare system (e.g., those that are part of a smart city), interactions between patients, medical doctors, nurses and other healthcare practitioners need to be secure and efficient. For example, all members must be authenticated and securely interconnected to minimize security and privacy breaches from within a given network. However, introducing security and privacy-preserving solutions can also incur delays in processing and other related services, potentially threatening patients lives in critical situations. A considerable number of authentication and security systems presented in the literature are centralized, and frequently need to rely on some secure and trusted third-party entity to facilitate secure communications. This, in turn, increases the time required for authentication and decreases throughput due to known overhead, for patients and inter-hospital communications. In this paper, we propose a novel decentralized authentication of patients in a distributed hospital network, by leveraging blockchain. Our notion of a healthcare setting includes patients and allied health professionals (medical doctors, nurses, technicians, etc), and the health information of patients. Findings from our in-depth simulations demonstrate the potential utility of the proposed architecture. For example, it is shown that the proposed architecture's decentralized authentication among a distributed affiliated hospital network does not require re-authentication. This improvement will have a considerable impact on increasing throughput, reducing overhead, improving response time, and decreasing energy consumption in the network. We also provide a comparative analysis of our model in relation to a base model of the network without blockchain to show the overall effectiveness of our proposed solution.
Biometric Identification/methods , Blockchain , Communication , Hospitals , Electronic Health Records , Humans , Internet of Things , Professional-Patient Relations
Cybercriminals are constantly on the lookout for new attack vectors, and the recent COVID-19 pandemic is no exception. For example, social distancing measures have resulted in travel bans, lockdowns, and stay-at-home orders, consequently increasing the reliance on information and communications technologies, such as Zoom. Cybercriminals have also attempted to exploit the pandemic to facilitate a broad range of malicious activities, such as attempting to take over videoconferencing platforms used in online meetings/educational activities, information theft, and other fraudulent activities. This study briefly reviews some of the malicious cyber activities associated with COVID-19 and the potential mitigation solutions. We also propose an attack taxonomy, which (optimistically) will help guide future risk management and mitigation responses.
Electronic health systems, such as telecare medical information system (TMIS), allow patients to exchange their health information with a medical center/doctor for diagnosis in real time, and across borders. Given the sensitive nature of health information/medical data, ensuring the security of such systems is crucial. In this paper, we revisit Das et al.'s authentication protocol, which is designed to ensure patient anonymity and untraceability. Then, we demonstrate that the security claims are invalid, by showing how both security features (i.e., patient anonymity and untraceability) can be compromised. We also demonstrate that the protocol suffers from smartcard launch attacks. To mitigate such design flaws, we propose a new lightweight authentication protocol using the cryptographic hash function for TMIS. We then analyze the security of the proposed protocol using AVISPA and Scyther, two widely used formal specification tools. The performance analysis demonstrates that our protocol is more efficient than other competing protocols.
Computer Security , Electronic Health Records , Health Information Exchange/standards , Telemedicine/standards , Biometric Identification , Confidentiality , Humans
Minecraft, a Massively Multiplayer Online Game (MMOG), has reportedly millions of players from different age groups worldwide. With Minecraft being so popular, particularly with younger audiences, it is no surprise that the interactive nature of Minecraft has facilitated the commission of criminal activities such as denial of service attacks against gamers, cyberbullying, swatting, sexual communication, and online child grooming. In this research, there is a simulated scenario of a typical Minecraft setting, using a Linux Ubuntu 16.04.3 machine (acting as the MMOG server) and Windows client devices running Minecraft. Server and client devices are then examined to reveal the type and extent of evidential artefacts that can be extracted.
Advances in technologies including development of smartphone features have contributed to the growth of mobile applications, including dating apps. However, online dating services can be misused. To support law enforcement investigations, a forensic taxonomy that provides a systematic classification of forensic artifacts from Windows Phone 8 (WP8) dating apps is presented in this study. The taxonomy has three categories, namely: Apps Categories, Artifacts Categories, and Data Partition Categories. This taxonomy is built based on the findings from a case study of 28 mobile dating apps, using mobile forensic tools. The dating app taxonomy can be used to inform future studies of dating and related apps, such as those from Android and iOS platforms.
Wearable devices are used in various applications to collect information including step information, sleeping cycles, workout statistics, and health-related information. Due to the nature and richness of the data collected by such devices, it is important to ensure the security of the collected data. This paper presents a new lightweight authentication scheme suitable for wearable device deployment. The scheme allows a user to mutually authenticate his/her wearable device(s) and the mobile terminal (e.g., Android and iOS device) and establish a session key among these devices (worn and carried by the same user) for secure communication between the wearable device and the mobile terminal. The security of the proposed scheme is then demonstrated through the broadly accepted real-or-random model, as well as using the popular formal security verification tool, known as the Automated validation of Internet security protocols and applications. Finally, we present a comparative summary of the proposed scheme in terms of the overheads such as computation and communication costs, security and functionality features of the proposed scheme and related schemes, and also the evaluation findings from the NS2 simulation.
Computer Security , Confidentiality , Wearable Electronic Devices , Computer Communication Networks , Electronic Health Records , Humans , Telemedicine/methods , Telemedicine/standards
Communication apps can be an important source of evidence in a forensic investigation (e.g., in the investigation of a drug trafficking or terrorism case where the communications apps were used by the accused persons during the transactions or planning activities). This study presents the first evidence-based forensic taxonomy of Windows Phone communication apps, using an existing two-dimensional Android forensic taxonomy as a baseline. Specifically, 30 Windows Phone communication apps, including Instant Messaging (IM) and Voice over IP (VoIP) apps, are examined. Artifacts extracted using physical acquisition are analyzed, and seven digital evidence objects of forensic interest are identified, namely: Call Log, Chats, Contacts, Locations, Installed Applications, SMSs and User Accounts. Findings from this study would help to facilitate timely and effective forensic investigations involving Windows Phone communication apps.
