Abstract
Data breaches in healthcare continue to grow exponentially, calling for a rethinking into better approaches of security measures towards mitigating the menace. Traditional approaches including technological measures, have significantly contributed to mitigating data breaches but what is still lacking is the development of the “human firewall,” which is the conscious care security practices of the insiders. As a result, the healthcare security practice analysis, modeling and incentivization project (HSPAMI) is geared towards analyzing healthcare staffs’ security practices in various scenarios including big data. The intention is to determine the gap between staffs’ security practices and required security practices for incentivization measures. To address the state-of-the art, a systematic review was conducted to pinpoint appropriate AI methods and data sources that can be used for effective studies. Out of about 130 articles, which were initially identified in the context of human-generated healthcare data for security measures in healthcare, 15 articles were found to meet the inclusion and exclusion criteria. A thorough assessment and analysis of the included article reveals that, KNN, Bayesian Network and Decision Trees (C4.5) algorithms were mostly applied on Electronic Health Records (EHR) Logs and Network logs with varying input features of healthcare staffs’ security practices. What was found challenging is the performance scores of these algorithms which were not sufficiently outlined in the existing studies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Verison: Data breaches report (2019)
HealthITSecurity: The 10 Biggest Healthcare Data Breaches of 2019, So Far. @SecurityHIT (2019)
Zhang, H., Mehotra, S., Liebovitz, D., Gunter, C., Malin, B.: Mining deviations from patient care pathways via electronic medical record system audits. ACM Trans. Manage. Inf. Syst. (TMIS) 4, 1–20 (2013)
Humer, C., Finkle, J.: Your medical record is worth more to hackers than your credit card (2014)
Humer, C., Finkle, J.: Your medical record is worth more to hackers than your credit card. Reuters, 24 September 2014
Connolly, L.Y., Lang, M., Gathegi, J., Tygar, D.J.: Organisational culture, procedural countermeasures, and employee security behaviour (2017). https://doi.org/10.1108/ICS-03-2017-0013
Tetz, E.: Network Firewalls: Perimeter Defense - dummies (2018)
Predd, J., Pfleeger, S.L., Hunker, J., Bulford, C.: Insiders behaving badly. IEEE J. Mag. 6, 66–70 (2008)
Cannoy, S.D., Salam, A.F.: A framework for health care information assurance policy and compliance. Commun ACM. 53(3), 126–131 (2010)
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65–78 (2015)
Yeng, P.K., Szekeres, A., Yang, B., Snekkenes, E.A.: Framework for healthcare staffs’ information security practice analysis: psycho-socio-cultural context. J. Med. Internet Res. (2019)
Walker-Roberts, S., Hammoudeh, M., Dehghantanha, A.: A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access. 6, 25167–25177 (2018)
Böse, B., Avasarala, B., Tirthapura, S., Chung, Y., Steiner, D.: Detecting insider threats using RADISH: a system for real-time anomaly detection in heterogeneous data streams. IEEE Syst. J. 11(2), 471–482 (2017)
Gafny, M., Shabtai, A., Rokach, L., Elovici, Y.: Detecting data misuse by applying context-based data linkage, pp. 3–12 (2010)
Chen, Y., Nyemba, S., Zhang, W., Malin, B.: Specializing network analysis to detect anomalous insider actions. Secur. Inf. 1(1), 1–24 (2012)
Islam, S., Hasan, M., Wang, X., Germack, H.D., Noor-E-Alam, M.: A systematic review on healthcare analytics: application and theoretical perspective of data mining. Healthcare (Basel) 6(2), 54 (2018)
Gheyas, I., Abdallah, A.: Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Big Data Analytics 1, 6 (2016)
Ghafir, I., Husák, M., Prenosil, V.: A survey on intrusion detection and prevention systems (2014)
Shaban-Nejad, A., Michalowski, M., Buckeridge, D.: Health intelligence: how artificial intelligence transforms population and personalized health. Nat. Med. 50 (2018)
Jiang, F., Jiang, Y., Zhi, H., Dong, Y., Li, H., Ma, S., et al.: Artificial intelligence in healthcare: past, present and future. BMJ (Clinical research ed), 2 (2017). svn-2017
Wahl, B., Cossy-Gantner, A., Germann, S., Schwalbe, N.: Artificial intelligence (AI) and global health: How can AI contribute to health in resource-poor settings? BMJ Global Health 3, e000798 (2018)
Vihinen, M., Samarghitean, C.: Medical expert systems. Curr. Bioinf. 3(1), 56–65 (2008)
Chandra, S., Ray, S., Goswami, R.T.: Big data security in healthcare: survey on frameworks and algorithms, pp. 89–94 (2017)
Code of conduct for information security and data protection in the healthcare and care services sector (2018)
Yeng, P., Yang, B., Snekkenes, E. (eds.): Observational measures for effective profiling of healthcare staffs’ security practices. In: IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), 15–19 July 2019
PRISMA: PRISMA 2018. http://www.prisma-statement.org/
Boddy, A.J., Hurst, W., Mackay, M., Rhalibi, A.: Density-based outlier detection for safeguarding electronic patient record systems. IEEE Access 7, 40285–40294 (2019)
Tchakoucht, T.A., Ezziyyani, M., Jbilou, M., Salaun, M., (eds.): Behavioral approach for intrusion detection. In: IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA), 17–20 November 2015
Costante, E., Fauri, D., Etalle, S., Hartog, J.D., Zannone, N., (eds.): A hybrid framework for data loss prevention and detection. In: IEEE Security and Privacy Workshops (SPW), 22–26 May 2016
García Adeva, J.J., Pikatza Atxa, J.M.: Intrusion detection in web applications using text mining. Eng. Appl. Artif. Intell. 20(4), 555–566 (2007)
Gupta, S., Hanson, C., Gunter, C.A., Frank, M., Liebovitz, D., Malin, B., (eds.): Modeling and detecting anomalous topic access. In: IEEE International Conference on Intelligence and Security Informatics, 4–7 June 2013
Li, X., Xue, Y., Malin, B., (eds.): Detecting anomalous user behaviors in workflow-driven web applications. In: IEEE 31st Symposium on Reliable Distributed Systems, 8–11 October 2012
Amálio, N., Spanoudakis, G., (eds.): From monitoring templates to security monitoring and threat detection. In: Second International Conference on Emerging Security Information, Systems and Technologies, 25–31 August 2008
Pierrot, D., Harbi, N., Darmont, J., (eds.): Hybrid intrusion detection in information systems. In: International Conference on Information Science and Security (ICISS), 19–22 December 2016
Boddy, A., Hurst, W., Mackay, M., Rhalibi, A.E., (eds.): A hybrid density-based outlier detection model for privacy in electronic patient record system. In: 5th International Conference on Information Management (ICIM), 24–27 March 2019
Asfaw, B., Bekele, D., Eshete, B., Villafiorita, A., Weldemariam K., (eds.): Host-based anomaly detection for pervasive medical systems. In: 2010 Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS), 10–13 October 2010
Ziemniak, T., (ed.): Use of machine learning classification techniques to detect atypical behavior in medical applications. In: Sixth International Conference on IT Security Incident Management and IT Forensics, 10–12 May 2011
Chen, Y., Nyemba, S., Malin, B.: Detecting anomalous insiders in collaborative information systems. IEEE Trans. Dependable Secure Comput. 9, 332–344 (2012)
Wesołowski, T., Porwik, P., Doroz, R.: Electronic health record security based on ensemble classification of keystroke dynamics. Appl. Artif. Intell. 30, 521–540 (2016)
Chen, Y., Malin, B.: Detection of anomalous insiders in collaborative environments via relational analysis of access logs, pp. 63–74 (2011)
Asfaw, B., Bekele, D., Eshete, B., Villafiorita, A., Weldemariam, K.: Host-based anomaly detection for pervasive medical systems pp. 1–8 (2010)
Gates, C., Li, N., Xu, Z., Chari, S., Molloy, I., Park Y. Detecting insider information theft using features from file access logs, pp. 383–400 (2014)
Røstad, L., Edsberg, O.: A study of access control requirements for healthcare systems based on audit trails from access logs, pp. 175–186 (2006)
Smyth, P., Fayyad, U., Burl, M., Perona, P., Baldi, P.: Inferring ground truth from subjective labelling of venus images. In: Advances in Neural Information Processing Systems, p. 7 (1996)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Yeng, P.K., Nweke, L.O., Woldaregay, A.Z., Yang, B., Snekkenes, E.A. (2021). Data-Driven and Artificial Intelligence (AI) Approach for Modelling and Analyzing Healthcare Security Practice: A Systematic Review. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Intelligent Systems and Applications. IntelliSys 2020. Advances in Intelligent Systems and Computing, vol 1250. Springer, Cham. https://doi.org/10.1007/978-3-030-55180-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-55180-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-55179-7
Online ISBN: 978-3-030-55180-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)