Security and Privacy Challenges for Healthcare Minitrack

Permanent URI for this collection

The growing efforts of digitizing healthcare provide many new opportunities, but they also bring a lot of challenges for researchers and medical professionals in terms of protecting the privacy and security of patients’ data and electronic health records. More and more healthcare providers and organizations have suffered security breaches, which puts at risk their patients and undermines the credibility and reliability of the health facilities.

The Security and Privacy Challenges in Healthcare minitrack encourages research on today’s problems and opportunities for security and privacy in healthcare. Further, it addresses new approaches and strategies to improve the capabilities of protection healthcare data. Research may focus on specific areas related to themes and issues, tools and techniques, mHealth security and privacy, securing electronic health records, mitigating risks, incident response, technical and legal issues related to the security and privacy of patients’ healthcare data, including data obtained through the Internet of Things (IoT).

Topics covered by the minitrack include, but are not limited to:

  • Security issues with electronic health records (EHR)
  • Privacy concerns for patients’ data
  • Privacy risks and the Internet of Things (IoT) for healthcare
  • mHealth security and privacy
  • Mitigating risks in healthcare IT
  • Incident response
  • EHR vendor selection and management with a focus on security and privacy
  • Legal issues and regulations
  • Training programs
  • Lessons learned from recent healthcare security breaches
  • Tools, techniques, and algorithms for protecting patients’ data
  • Healthcare infrastructure protection
  • Theoretical foundations of security and privacy for healthcare

Minitrack Chair:

Miloslava Plachkinova (Primary Contact)
University of Tampa

George Grispos
Lero – The Irish Software Research Centre


Recent Submissions

Now showing 1 - 4 of 4
  • Item
    Towards Privacy-Aware Research and Development in Wearable Health
    ( 2017-01-04) De Mooy, Michelle ; Yuen, Shelten
    Wearable sensor technology has the potential to transform healthcare. The investigation and testing of sensors in the commercial sector offer insight into ways to leverage biometric data, to improve individual health through the better products and to advance the public good through research. \ \ However, research with wearable sensor data must be done in a manner that is respectful of ethical considerations and privacy. Not only will the processes that govern this research define the potential public good derived from wearables, they will encourage user trust in wearables and promote participation. The research and development (R&D) teams at companies are not just engines of innovation but also have the potential to be an important part of our social infrastructure. The Center for Democracy & Technology (CDT) embarked on a yearlong partnership with Fitbit. CDT gained rare access to the company’s data policies and practices to build recommendations on privacy and ethics. \
  • Item
    Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices
    ( 2017-01-04) Luckett, Patrick ; McDonald, Jeffrey ; Glisson, William
    The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. \ \ Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components. \
  • Item
    A Framework for Evaluating the Tension between Sharing and Protecting Health Information
    ( 2017-01-04) Anderson, Chad ; Baskerville, Richard ; Kaul, Mala
    Health information exchange (HIE) is expected to improve the quality and cost of healthcare but sustained use of HIE by providers has been difficult to achieve. A number of factors play a role in that process including concern for the security and privacy of the exchanged information. This tension between the expected benefits of HIE resulting from collaboration and information sharing on the one hand, and the potential security risks inherent in the exchange process on the other hand, is not well understood. We propose an information security control theory to explain this tension. We evaluate this theory through a case study of the iterative development of the information security policy for an HIE in the western United States. We find that the theory offers a good framework through which to understand the information security policy development process.
  • Item
    Introduction to Security and Privacy Challenges for Healthcare Minitrack
    ( 2017-01-04) Plachkinova, Miloslava ; Grispos, George