A Comprehensive Overview of Security Monitoring Solutions for E-Health Systems

Abstract

Recently, Electronic Health Record (EHR) systems have gained a great attention in industry, research and public sectors in order to enhance the quality of healthcare. Security and privacy, however, are still major issues that require further investigations. The recognition of the significance of various security aspects in the adaptation of EHR solutions has been accompanied with an increasing research work that aims at tackling these issues. Security monitoring is one of the security issues that has attracted an increased attention in the last few years. Security monitoring is a security mechanism that aims at detecting security violations or anomalous behaviour during operation. Such violations can be identified at low technical layers or at the business layer (compliance, violation of legal requirements). In this tutorial, we tackle the issue security monitoring and discuss various analysis methods used to monitor and detect anomalies and security violations. We focus on the methods that have been used to detect anomalies in the heath care domain. Furthermore, we only consider security monitoring from a technical perspective, abstract regulations and legal aspects of malicious attacks and insider threats are out of scope of this tutorial. Thus, targeted audience are computer scientists with an interest on security monitoring and anomaly detection techniques applied in the healthcare domain. The tutorial provides, besides a brief theoretical background on anomaly and mis-use detection techniques, case studies in the healthcare domain. The case studies are based on a systematic literature review conducted by the author aiming at identifying the main characteristics of up-to-date security monitoring solutions targeting anomalous user behaviours in the healthcare domain. The survey showed that anomaly detection, both supervised as well as unsupervised methods, was the main technique used. For example, (1) applying supervised learning techniques to detect anomalous behaviour of users based on various features, e.g., Access time, role, and location, or (2) unsupervised learning method to detect anomalous insiders in the context of collaborative environments. Discussions about these case studies, the problems considered, the solutions proposed, and the results found will be presented.