Security and Privacy Challenges for Healthcare
Permanent URI for this collectionhttps://hdl.handle.net/10125/107488
Browse
Recent Submissions
Item type: Item , Preserving Location Privacy for Mobile Phones with Homomorphic Encryption: The False Position Protocol(2024-01-03) Teodorescu, Mike; Ransbotham, SamSharing sensitive information, such as location data, or health data, is a complex problem. While users may desire the benefits of application that use sensitive information, adoption may be limited by user reluctance to share sensitive data with untrusted third parties. We propose the False Position Protocol, a decentralized algorithm that allows users to reveal information such as location to trusted partners through a homomorphic encryption identification process. The algorithm offers reduced computational complexity while maintaining resilience despite potential malicious actors. Potential applications of the proposed two-party sharing protocol include connecting in social networks, exchanging health information, geotagging content, as well as proximity testing for media content delivery.Item type: Item , How to Control User Private Data Access in Mixed Reality Platforms using Blockchain?(2024-01-03) Mazumdar, Somnath; Hussain, Abid; Mukkamala, Raghava RaoMixed reality (MR) has recently emerged as a popular technology enabling people to interact with virtual and physical worlds. MR involves a combination of complex and advanced technologies, including hardware and software, where users’ private data are collected, stored, and processed. Keeping user data secure and private while letting users control their data is not popular among current MR platform owners or third parties. This research proposes a generic blockchain-based MR framework to protect users’ private data and alert them about their data access. Blockchain is a data protection layer on MR platforms and relies on fog to support latency-sensitive MR applications. This article presents a framework with core components, followed by a case study elaborating on accessing medical records to present its usefulness. We also present the results of network performance tests, design considerations, and existing technical challenges.Item type: Item , Evaluating a Cybersecurity Operations Center Implementation Program in a Regional Healthcare System: Challenges and Lessons Learned(2024-01-03) Cram, W. Alec; Mckillop, IanIn an effort to address escalating cybersecurity risks, healthcare organizations are increasingly turning to shared service operations centers to help coordinate day-to-day cybersecurity activities, such as training, incident response, and policy management. This research examines an early-stage program to establish a series of cybersecurity operations centers within a large, regional, publicly funded healthcare system. Over 13 months, the authors acted as expert advisors on the project and simultaneously undertook an ethnographic study, including a review of project documents, observation of stakeholder meetings, and an examination of 29 interview transcripts. The results of our analysis highlight the challenges facing healthcare leaders seeking to implement operational cybersecurity initiatives. In particular, we highlight tensions that emerged related to the oversight structure, guiding framework, performance management, and initiative validation. Our analysis points to a series of responses that healthcare leaders can undertake to avoid common pitfalls and achieve positive outcomes from such projects.Item type: Item , The ‘Why’ Behind the Lie: Towards a Better Understanding of Health Information Disclosure in the Patient-Provider Interaction(2024-01-03) Clark, Autumn; Keith, MarkIn recognizing the prevalence and adverse outcomes of patients withholding health information from physicians—including medical errors, misdiagnoses, and economic burdens—we draw attention to the need for an enhanced understanding of this behavior. The paper offers an overview of the existing antecedents-privacy concerns-outcomes (APCO) model of information disclosure and proposes an adapted model that incorporates construal level theory to account for unique factors within healthcare settings. The new model aims to provide a theoretical contribution by offering a more comprehensive perspective on health information disclosure during physician consultations. Furthermore, it carries practical implications for designing information collection processes, thereby contributing to strategies that reduce patient nondisclosure and its subsequent costs in healthcare.Item type: Item , Custom Solutions for Diverse Needs: Laying the Foundation for Tailored SETA Programs in the Healthcare Domain(2024-01-03) Rampold, Florian; Heinsohn, Julia; Schütz, Florian; Klein, Julia; Keller, Thomas; Masuch, Kristin; Warwas, JuliaIn recent years, the number of data breaches in the healthcare sector has steadily increased. As a result, security, education, training, and awareness programs are recognized as an integral part of educating employees about security threats. Although these programs are considered commonplace in many organizations, they often follow one-size-fits-all approaches that could hinder the success of security training. In this study, we address this issue by conducting a domain analysis for IT-secure behavior in healthcare using the evidence centered assessment design. We define the representative target group as caregivers and physicians in hospitals. Subsequently, we observe the work tasks and assets of both job profiles in three hospitals in Germany to determine the most relevant security threats in the domain. In this way, we extend the cyber security domain model of Schuetz et al. (2023) and pave the way for developing tailored SETA programs in the healthcare domain.Item type: Item , Introduction to the Minitrack on Security and Privacy Challenges for Healthcare(2024-01-03) Vo, Ace; Plachkinova, Miloslava; Greve, Maike; Masuch, Kristin