Legal implications for clinicians in cybersecurity incidents: A review.

Cybersecurity incidents in healthcare present significant legal implications for clinicians, necessitating careful consideration of technological advancements and regulatory frameworks. This literature examines the healthcare cybersecurity landscape, emphasizing clinicians' challenges, and legal responsibilities. It explores the impact of advanced technologies such as artificial intelligence and quantum computing, highlighting the potential benefits and risks, including biases and ethical dilemmas. The review addresses international regulatory differences, offering a comparative analysis of how various countries handle cybersecurity incidents. This analysis provides insights into best practices and identifies areas for improvement. Practical recommendations are provided, tailored to different healthcare settings, including large hospitals and small clinics, to enhance cybersecurity preparedness. Case studies illustrate real-world scenarios, offering practical guidance for clinicians in managing cybersecurity challenges. The review also identifies critical gaps in the literature, particularly concerning artificial intelligence ethics and international regulatory frameworks, suggesting specific areas for future research. These findings underscore the need for robust cybersecurity policies, comprehensive training for healthcare professionals, and a nuanced understanding of the legal landscape. This review informs policymakers, clinicians, and researchers about the evolving nature of cybersecurity challenges in healthcare, addressing key concerns raised by reviewers and contributing to a comprehensive understanding of the field.

A cross domain access control model for medical consortium based on DBSCAN and penalty function.

BACKGROUND: Graded diagnosis and treatment, referral, and expert consultations between medical institutions all require cross domain access to patient medical information to support doctors' treatment decisions, leading to an increase in cross domain access among various medical institutions within the medical consortium. However, patient medical information is sensitive and private, and it is essential to control doctors' cross domain access to reduce the risk of leakage. Access control is a continuous and long-term process, and it first requires verification of the legitimacy of user identities, while utilizing control policies for selection and management. After verifying user identity and access permissions, it is also necessary to monitor unauthorized operations. Therefore, the content of access control includes authentication, implementation of control policies, and security auditing. Unlike the existing focus on authentication and control strategy implementation in access control, this article focuses on the control based on access log security auditing for doctors who have obtained authorization to access medical resources. This paper designs a blockchain based doctor intelligent cross domain access log recording system, which is used to record, query and analyze the cross domain access behavior of doctors after authorization. Through DBSCAN clustering analysis of doctors' cross domain access logs, we find the abnormal phenomenon of cross domain access, and build a penalty function to dynamically control doctors' cross domain access process, so as to reduce the risk of Data breach. Finally, through comparative analysis and experiments, it is shown that the proposed cross domain access control model for medical consortia based on DBSCAN and penalty function has good control effect on the cross domain access behavior of doctors in various medical institutions of the medical consortia, and has certain feasibility for the cross domain access control of doctors.

[Artificial intelligence in emergency radiology: fiction or reality?] / L'intelligence artificielle en radiologie aux urgences : fiction ou réalité ?

Artificial intelligence (AI) is a rapidly advancing technology in our society. The emergency radiology is an area facing an increase of the number of imaging studies and associated to the necessity to promptly deliver an accurate interpretation. The integration of AI algorithms to assist the clinician in providing analyses of the imaging studies while maintaining adequate diagnostic quality opens up new perspectives. There are numerous potential advantages of the implementation of AI in emergency radiology. However, the use of AI faces new challenges, as the algorithms reliability, data security, responsibility issues, and financial, human and material resources.

L'intelligence artificielle (IA) est une technologie en plein développement dans notre société. Le domaine médical, en particulier la radiologie aux urgences, semble offrir un champ d'application intéressant, en raison du nombre croissant d'examens radiologiques et de la nécessité pour le clinicien d'obtenir une interprétation rapide et précise. Les bénéfices potentiels de l'IA sont nombreux, notamment sa capacité à fournir une aide diagnostique pertinente et fiable. Cependant, son utilisation soulève également des préoccupations, telles que la fiabilité des algorithmes, la sécurité des données, les enjeux de responsabilité ou encore les ressources financières, humaines et matérielles.

As Ransomware Attacks on Health Care Surge, Here's What Clinicians and Health Systems Can Do.

This Medical News story discusses the rise in ransomware cyberattacks on health care, as well as new cybersecurity initiatives.

Transforming experimental radiology: Design and implementation of an innovative ePACS image storage system for AI imaging research environments.

INTRODUCTION AND PURPOSE: We present the needs, design, development, implementation, and accessibility of a crafted experimental PACS (ePACS) system to securely store images, ensuring efficiency and ease of use for AI processing, specifically tailored for research scenarios, including phantoms, animal and human studies and quality assurance (QA) exams. The ePACS system plays a crucial role in any medical imaging departments that handle non-care profile studies, such as protocol adjustments and dummy runs. By effectively segregating non-care profile studies from the healthcare assistance, the ePACS usefully prevents errors both in clinical practice and storage security. METHODS AND RESULTS: The developed ePACS system considers the best practices for management, maintenance, access, long-term storage and backups, regulatory audits, and economic aspects. Moreover, key aspects of the ePACS system include the design of data flows with a focus on incorporating data security and privacy, access control and levels based on user profiles, internal data management policies, standardized architecture, infrastructure and application monitorization and traceability, and periodic backup policies. A new tool called DicomStudiesQA has been developed to standardize the analysis of DICOM studies. The tool automatically identifies, extracts, and renames series using a consistent nomenclature. It also detects corrupted images and merges separated dynamic series that were initially split, allowing for streamlined post-processing. DISCUSSION AND CONCLUSIONS: The developed ePACS system encompasses a successful implementation, both in hospital and research environments, showcasing its transformative nature and the challenging yet crucial transfer of knowledge to industry. This underscores the practicality and real-world applicability of our innovative approach, highlighting the significant impact it has on the field of experimental radiology.

Reliability and validity of the Chinese version of the Information Security Attitude Questionnaire for nurses.

AIM: Nurses play a crucial role within medical institutions, maintaining direct interaction with patient data. Despite this, there is a scarcity of tools for evaluating nurses' perspectives on patient information security. This study aimed to translate the Information Security Attitude Questionnaire into Chinese and validate its reliability and validity among clinical nurses. DESIGN: A cross-sectional design. METHODS: A total of 728 clinical nurses from three hospitals in China participated in this study. The Information Security Attitude Questionnaire (ISA-Q) was translated into Chinese utilizing the Brislin two-way translation method. The reliability was assessed through internal consistency coefficient and test-retest reliability. The validity was determined through the Delphi expert consultation method and factor analysis. RESULTS: The Chinese version of ISA-Q consists of 30 items. Cronbach's α coefficient of the questionnaire was 0.930, and Cronbach's α coefficient of the six dimensions ranged from 0.781 to 0.938. The split-half reliability and test-retest reliability were 0.797 and 0.848, respectively. The content validity index (S-CVI) was 0.962. Exploratory factor analysis revealed a 6-factor structure supported by eigenvalues, total variance interpretation, and scree plots, accounting for a cumulative variance contribution rate of 69.436%. Confirmatory factor analysis further validated the 6-factor structure, demonstrating an appropriate model fit. CONCLUSION: The robust reliability and validity exhibited by the Chinese version of ISA-Q establish it as a dependable tool for evaluating the information security attitudes of clinical nurses. IMPLICATIONS FOR NURSING PRACTICE: The Chinese iteration of the ISA-Q questionnaire offers a profound insight into the information security attitudes held by clinical nurses. This understanding serves as a foundation for nursing managers to develop targeted intervention strategies aimed at fortifying nurses' information security attitudes, thereby enhancing patient safety.

GEN-RWD Sandbox: bridging the gap between hospital data privacy and external research insights with distributed analytics.

BACKGROUND: Artificial intelligence (AI) has become a pivotal tool in advancing contemporary personalised medicine, with the goal of tailoring treatments to individual patient conditions. This has heightened the demand for access to diverse data from clinical practice and daily life for research, posing challenges due to the sensitive nature of medical information, including genetics and health conditions. Regulations like the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. and the General Data Protection Regulation (GDPR) in Europe aim to strike a balance between data security, privacy, and the imperative for access. RESULTS: We present the Gemelli Generator - Real World Data (GEN-RWD) Sandbox, a modular multi-agent platform designed for distributed analytics in healthcare. Its primary objective is to empower external researchers to leverage hospital data while upholding privacy and ownership, obviating the need for direct data sharing. Docker compatibility adds an extra layer of flexibility, and scalability is assured through modular design, facilitating combinations of Proxy and Processor modules with various graphical interfaces. Security and reliability are reinforced through components like Identity and Access Management (IAM) agent, and a Blockchain-based notarisation module. Certification processes verify the identities of information senders and receivers. CONCLUSIONS: The GEN-RWD Sandbox architecture achieves a good level of usability while ensuring a blend of flexibility, scalability, and security. Featuring a user-friendly graphical interface catering to diverse technical expertise, its external accessibility enables personnel outside the hospital to use the platform. Overall, the GEN-RWD Sandbox emerges as a comprehensive solution for healthcare distributed analytics, maintaining a delicate equilibrium between accessibility, scalability, and security.

End-to-end pseudonymization of fine-tuned clinical BERT models : Privacy preservation with maintained data utility.

Many state-of-the-art results in natural language processing (NLP) rely on large pre-trained language models (PLMs). These models consist of large amounts of parameters that are tuned using vast amounts of training data. These factors cause the models to memorize parts of their training data, making them vulnerable to various privacy attacks. This is cause for concern, especially when these models are applied in the clinical domain, where data are very sensitive. Training data pseudonymization is a privacy-preserving technique that aims to mitigate these problems. This technique automatically identifies and replaces sensitive entities with realistic but non-sensitive surrogates. Pseudonymization has yielded promising results in previous studies. However, no previous study has applied pseudonymization to both the pre-training data of PLMs and the fine-tuning data used to solve clinical NLP tasks. This study evaluates the effects on the predictive performance of end-to-end pseudonymization of Swedish clinical BERT models fine-tuned for five clinical NLP tasks. A large number of statistical tests are performed, revealing minimal harm to performance when using pseudonymized fine-tuning data. The results also find no deterioration from end-to-end pseudonymization of pre-training and fine-tuning data. These results demonstrate that pseudonymizing training data to reduce privacy risks can be done without harming data utility for training PLMs.

Machine learning cryptography methods for IoT in healthcare.

BACKGROUND: The increased application of Internet of Things (IoT) in healthcare, has fueled concerns regarding the security and privacy of patient data. Lightweight Cryptography (LWC) algorithms can be seen as a potential solution to address this concern. Due to the high variation of LWC, the primary objective of this study was to identify a suitable yet effective algorithm for securing sensitive patient information on IoT devices. METHODS: This study evaluates the performance of eight LWC algorithms-AES, PRESENT, MSEA, LEA, XTEA, SIMON, PRINCE, and RECTANGLE-using machine learning models. Experiments were conducted on a Raspberry Pi 3 microcontroller using 16 KB to 2048 KB files. Machine learning models were trained and tested for each LWC algorithm and their performance was evaluated based using precision, recall, F1-score, and accuracy metrics. RESULTS: The study analyzed the encryption/decryption execution time, energy consumption, memory usage, and throughput of eight LWC algorithms. The RECTANGLE algorithm was identified as the most suitable and efficient LWC algorithm for IoT in healthcare due to its speed, efficiency, simplicity, and flexibility. CONCLUSIONS: This research addresses security and privacy concerns in IoT healthcare and identifies key performance factors of LWC algorithms utilizing the SLR research methodology. Furthermore, the study provides insights into the optimal choice of LWC algorithm for enhancing privacy and security in IoT healthcare environments.

Medical Information Protection in Internet Hospital Apps in China: Scale Development and Content Analysis.

BACKGROUND: Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China. OBJECTIVE: In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement. METHODS: We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators. RESULTS: The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users' explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%). CONCLUSIONS: Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps' privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages.

Healthcare provider data breaches - framework for crisis communication and support of patients and healthcare workers in mental healthcare.

Increasing numbers of healthcare data breaches highlight the need for structured organisational responses to protect patients, trainees and psychiatrists against identity theft and blackmail. Evidence-based guidance that is informed by the COVID-19 pandemic response includes: timely and reliable information tailored to users' safety, encouragement to take protective action, and access to practical and psychological support. For healthcare organisations which have suffered a data breach, insurance essentially improves access to funded cyber security responses, risk communication and public relations. Patients, trainees and psychiatrists need specific advice on protective measures. Healthcare data security legislative reform is urgently needed.

COMMENTARY: Protecting healthcare privacy: Analysis of data protection developments in India.

Patient privacy is essential and so is ensuring confidentiality in the doctor-patient relationship. However, today's reality is that patient information is increasingly accessible to third parties outside this relationship. This article discusses India's data protection framework and assesses data protection developments in India including the Digital Personal Data Protection Act, 2023.

The need for cybersecurity self-evaluation in healthcare.

The Australian healthcare sector is a complex mix of government departments, associations, providers, professionals, and consumers. Cybersecurity attacks, which have recently increased, challenge the sector in many ways; however, the best approaches for the sector to manage the threat are unclear. This study will report on a semi-structured focus group conducted with five representatives from the Australian healthcare and computer security sectors. An analysis of this focus group transcript yielded four themes: 1) the challenge of securing the Australian healthcare landscape; 2) the financial challenges of cybersecurity in healthcare; 3) balancing privacy and transparency; 4) education and regulation. The results indicate the need for sector-specific tools to empower the healthcare sector to mitigate cybersecurity threats, most notably using a self-evaluation tool so stakeholders can proactively prepare for incidents. Despite the vast amount of research into cybersecurity, little has been conducted on proactive cybersecurity approaches where security weaknesses are identified weaknesses before they occur.

[Development of competencies in the Medical Informatics Initiative (MII)-educational offers for a competent and secure handling of medical data]. / Kompetenzentwicklung in der Medizininformatik-Initiative (MII) ­ Lehrangebote für einen souveränen und sicheren Umgang mit medizinischen Daten.

In order to achieve the goals of the Medical Informatics Initiative (MII), staff with skills in the field of medical informatics and data science are required. Each consortium has established training activities. Further, cross-consortium activities have emerged. This article describes the concepts, implemented programs, and experiences in the consortia. Fifty-one new professorships have been established and 10 new study programs have been created: 1 bachelor's degree and 6 consecutive and 3 part-time master's degree programs. Further, learning and training opportunities can be used by all MII partners. Certification and recognition opportunities have been created.The educational offers are aimed at target groups with a background in computer science, medicine, nursing, bioinformatics, biology, natural science, and data science. Additional qualifications for physicians in computer science and computer scientists in medicine seem to be particularly important. They can lead to higher quality in software development and better support for treatment processes by application systems.Digital learning methods were important in all consortia. They offer flexibility for cross-location and interprofessional training. This enables learning at an individual pace and an exchange between professional groups.The success of the MII depends largely on society's acceptance of the multiple use of medical data in both healthcare and research. The information required for this is provided by the MII's public relations work. There is also an enormous need in society for medical and digital literacy.

Enabling cyber resilient shipping through maritime security operation center adoption: A human factors perspective.

The increased adoption of digital systems in the maritime domain has led to concerns about cyber resilience, especially in the wake of increasingly disruptive cyber-attacks. This has seen vessel operators increasingly adopt Maritime Security Operation Centers (M-SOCs), an action in line with one of the cyber resilience engineering techniques known as adaptive response, whose purpose is to optimize the ability to respond promptly to attacks. This research sought to investigate the domain-specific human factors that influence the adaptive response capabilities of M-SOC analysts to vessel cyber threats. Through collecting interview data and subsequent thematic analysis informed by grounded theory, cyber awareness of both crew onboard and vessel operators emerged as a pressing domain-specific challenge impacting M-SOC analysts' adaptive response. The key takeaway from this study is that vessel operators remain pivotal in supporting the M-SOC analysts' adaptive response processes through resource allocation towards operational technology (OT) monitoring and cyber personnel staffing onboard the vessels.

INNBC DApp, a decentralized application to permanently store biomedical data on a modern, proof-of-stake (POS), blockchain such as BNB Smart Chain.

BACKGROUND: A blockchain can be described as a distributed ledger database where, under a consensus mechanism, data are permanently stored in records, called blocks, linked together with cryptography. Each block contains a cryptographic hash function of the previous block, a timestamp, and transaction data, which are permanently stored in thousands of nodes and never altered. This provides a potential real-world application for generating a permanent, decentralized record of scientific data, taking advantage of blockchain features such as timestamping and immutability. IMPLEMENTATION: Here, we propose INNBC DApp, a Web3 decentralized application providing a simple front-end user interface connected with a smart contract for recording scientific data on a modern, proof-of-stake (POS) blockchain such as BNB Smart Chain. Unlike previously proposed blockchain tools that only store a hash of the data on-chain, here the data are stored fully on-chain within the transaction itself as "transaction input data", with a true decentralized storage solution. In addition to plain text, the DApp can record various types of files, such as documents, images, audio, and video, by using Base64 encoding. In this study, we describe how to use the DApp and perform real-world transactions storing different kinds of data from previously published research articles, describing the advantages and limitations of using such a technology, analyzing the cost in terms of transaction fees, and discussing possible use cases. RESULTS: We have been able to store several different types of data on the BNB Smart Chain: raw text, documents, images, audio, and video. Notably, we stored several complete research articles at a reasonable cost. We found a limit of 95KB for each single file upload. Considering that Base64 encoding increases file size by approximately 33%, this provides us with a theoretical limit of 126KB. We successfully overcome this limitation by splitting larger files into smaller chunks and uploading them as multi-volume archives. Additionally, we propose AES encryption to protect sensitive data. Accordingly, we show that it is possible to include enough data to be useful for storing and sharing scientific documents and images on the blockchain at a reasonable cost for the users. CONCLUSION: INNBC DApp represents a real use case for blockchain technology in decentralizing biomedical data storage and sharing, providing us with features such as immutability, timestamp, and identity that can be used to ensure permanent availability of the data and to provide proof-of-existence as well as to protect authorship, a freely available decentralized science (DeSci) tool aiming to help bring mass adoption of blockchain technology among the scientific community.