Abstract
Hospital critical infrastructures have a distinct threat vector, due to (i) a dependence on legacy software; (ii) the vast levels of interconnected medical devices; (iii) the use of multiple bespoke software and that (iv) electronic devices (e.g., laptops and PCs) are often shared by multiple users. In the UK, hospitals are currently upgrading towards the use of electronic patient record (EPR) systems. EPR systems and their data are replacing traditional paper records, providing access to patients’ test results and details of their overall care more efficiently. Paper records are no-longer stored at patients’ bedsides, but instead are accessible via electronic devices for the direct insertion of data. With over 83% of hospitals in the UK moving towards EPRs, access to this healthcare data needs to be monitored proactively for malicious activity. It is paramount that hospitals maintain patient trust and ensure that the information security principles of integrity, availability and confidentiality are upheld when deploying EPR systems. In this paper, an investigation methodology is presented towards the identification of anomalous behaviours within EPR datasets. Many security solutions focus on a perimeter-based approach; however, this approach alone is not enough to guarantee security, as can be seen from the many examples of breaches. Our proposed system can be complementary to existing security perimeter solutions. The system outlined in this research employs an internal-focused methodology for anomaly detection by using the Local Outlier Factor (LOF) and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) algorithms for benchmarking behaviour, for assisting healthcare data analysts. Out of 90,385 unique IDs, DBSCAN finds 102 anomalies, whereas 358 are detected using LOF.
Highlights
Healthcare critical infrastructures must be supervised actively for the detection of malicious or unusual behaviour
Due to the lack of a weighted score, Density-Based Spatial Clustering of Applications with Noise (DBSCAN) does not allow a patient privacy officer to prioritise their investigation into potentially inappropriate behaviour
The research presented in this paper offers a significant contribution in patient privacy monitoring
Summary
Healthcare critical infrastructures must be supervised actively for the detection of malicious or unusual behaviour. This is because, given the value and quantity of personal information stored, the health sector is consistently in the top three for the highest number of reported data-security incidents yearly [1]. (2) The system framework flags up potential patient privacy violations for review to an analyst, and takes feedback from users to continually refine alerts. The research was comprehensive and had a clear patient benefit; it was different to that which is poised in this paper, where the emphasis is on security applications with and internally focused anomaly detection
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.