Nothing Special   »   [go: up one dir, main page]
Skip to main content

Advertisement

Springer Nature Link
Log in

Security Attacks and Solutions in Electronic Health (E-health) Systems

  • Mobile & Wireless Health
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

For centuries, healthcare has been a basic service provided by many governments to their citizens. Over the past few decades, we have witnessed a significant transformation in the quality of healthcare services provided by healthcare organizations and professionals. Recent advances have led to the emergence of Electronic Health (E-health), largely made possible by the massive deployment and adoption of information and communication technologies (ICTs). However, cybercriminals and attackers are exploiting vulnerabilities associated primarily with ICTs, causing data breaches of patients’ confidential digital health information records. Here, we review recent security attacks reported for E-healthcare and discuss the solutions proposed to mitigate them. We also identify security challenges that must be addressed by E-health system designers and implementers in the future, to respond to threats that could arise as E-health systems become integrated with technologies such as cloud computing, the Internet of Things, and smart cities.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Notes

  1. A data breach makes personal information (such as a name, driver’s license number, or social security number), financial records, or medical records available to unauthorized parties.

References

  1. Abelson, R., and Creswell, J., Data breach at anthem may forecast a trend. http://www.nytimes.com/2015/02/07/business/data-breach-at-anthem-may-lead-to-others.html, 2015.

  2. Alrabady, AI., and Mahmud, S M., Analysis of attacks against the security of keyless-entry systems for vehicles and suggestions for improved designs. IEEE Trans. Veh. Technol. 54(1):41–50, 2005.

  3. Assaad, A., and Fayek, D.: General hospitals network models for the support of e-health applications. In: IEEE/IFIP Network Operations and Management Symposium (NOMS 2006), pp. 1–4 (2006)

  4. Office of the Australian Information Commissioner Australian government. Regulation of drone technology. https://www.oaic.gov.au/media-and-speeches/statements/regulation-of-drone-technology. 2013 Last accessed September 3, 2016

  5. Baldus, H., Corroy, S., Fazzi, A., Klabunde, K., Schenk, T., Human-centric connectivity enabled by body-coupled communications. IEEE Commun. Mag. 47(6):172–178, 2009.

    Article  Google Scholar 

  6. Bello, O., and Zeadally, S., Intelligent device-to-device communication in the internet of things. IEEE Syst. J. PP(99):1–11, 2014.

    Article  CAS  Google Scholar 

  7. Brodsky, Y., Are drones set for health in africa? https://ehna.acfee.org/read/art-5613eaa2c52dc, 2015. Last accessed September 3, 2016.

  8. Bruce, N., Sain, M., Lee, H J.: A support middleware solution for e-healthcare system security. In: 16th International Conference on Advanced Communication Technology (2014)

  9. Buttyan, L., and Holczer, T.: Traffic analysis attacks and countermeasures in wireless body area sensor networks. In: IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2012), pp. 1–6 (2012)

  10. Identity Theft Resource Center. Data breach reports. http://www.idtheftcenter.org/images/breach/DataBreachReports2014.pdf. 2014 Last accessed July 14, 2016

  11. Chowles, T., Drones to improve hiv testing in malawi. http://ehealthnews.co.za/drones-hiv-testing-malawi/, 2016. Last accessed September 3, 2016.

  12. Cramer, V., Healthcare suffers largest number of data breaches in 2014, 2015. Last accessed July 14, 2016.

  13. Desai, N., and Shahnasser, H.: A light review of data security and privacy approaches applicable to e-health systems. In: Proceedings of the International conference on Computing Technology and Information Management (ICCTIM 2014). Last accessed July 14, 2016, pp. 362–367 (2014)

  14. Institute for Health Freedom. Protecting americans’ medical privacy: Why congress must act or be acted upon. http://www.forhealthfreedom.org/Publications/Privacy/CongressOrHHS.html. 1998 Last accessed July 14, 2016

  15. Canadian Institute for Health Information. National health expenditure trends, 1975 to 2013, executive summary. https://www.cihi.ca/en/nhex_exec_sum_2013_en.pdf, 2013. Last accessed July 14, 2016.

  16. Garkoti, G., Peddoju, S K., Balasubramanian, R.: Detection of insider attacks in cloud based e-healthcare environment. In: International Conference on Information Technology (ICIT 2014), pp. 195–200 (2014)

  17. Greenberg, A., Hacking into aerial drones.https://www.wired.com/2016/03/hacker-says-can-hijack-35k-police-drone-mile-away/, 2016. Last accessed September 3, 2016.

  18. Guo, L., Zhang, C., Sun, J., Fang Y.: Paas: A privacy-preserving attribute-based authentication system for ehealth networks. In: IEEE 32nd International Conference on Distributed Computing Systems (ICDCS 2012), pp. 223–233 (2012)

  19. He, D., and Zeadally, S., Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1):71–77, 2015.

    Article  Google Scholar 

  20. He, D., Zeadally, S., Kumar, N., Wu, W., Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. in press(99):1 – 12, 2016.

    Google Scholar 

  21. He, D., Zeadally, S., Wu, L., Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. in press(99):1–10, 2016.

    Google Scholar 

  22. PwC Health Research Institute. Medical cost trend: Behind the numbers 2016. https://www.pwc.com/mx/es/industrias/archivo/20150612-gx-hri-medical-cost-trend-2016.pdf. 2015 Last accessed July 14, 2016

  23. iSHERIFF Inc.: The new healthcare crisis: cybercrime, data breaches and the risks to patient records. 2015 Last accessed July 14, 2016

  24. Riazul Islam, S M., Kwak, D., Humaun Kabir, MD., Hossain, M., Kwak, K. -S., The internet of things for health care: A comprehensive survey. IEEE Access 3:678–708, 2015.

    Article  Google Scholar 

  25. Islam, T., Manivannan, D., Zeadally, S., A classification and characterization of security threats in cloud computing. Int. J. Next-Gener. Comput. 7(1), 2016.

  26. Javadi, S S., and Razzaque, M A., Security and privacy in wireless body area networks for health care applications, pp. 165–187. Berlin, Heidelberg: Springer, 2013.

    Google Scholar 

  27. Khatoun, R., and Zeadally, S., Smart cities Basic concepts, architectural issues, and research opportunities. 2016 59(8), 2016.

  28. Li, C., Raghunathan, A., Jha, N K.: Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In: 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom 2011), pp. 150–156 (2011)

  29. Liang, X., Barua, M., Chen, L., Lu, R., Shen, X., Li, X., Luo, H Y., Enabling pervasive healthcare through continuous remote health monitoring. IEEE Wireless Communications,10–18, 2012.

  30. Liang, X., Xu Li, Shen, Q., Lu, R., Lin, X., Shen, X S., Zhuang, W.: Exploiting prediction to enable secure and reliable routing in wireless body area networks. In: Proceedings IEEE INFOCOM, pp. 388–396 (2012)

  31. Liang, X., Xu, Li., Zhang, H Y., L. K., Lu, R., Lin, X., Shen, X S., Fully anonymous profile matching in mobile social networks. IEEE J. Sel. Areas Commun. 31(9):641–655, 2013.

    Article  Google Scholar 

  32. Liu, W., and Park, E.: E-healthcare security solution framework. In: 21st International Conference on Computer Communications and Networks (ICCCN 2012), pp. 1–6 (2012)

  33. Ponemon Institute LLC: 2016 ponemon cost of data breach study: Global analysis. 2016 Last accessed July 14

  34. Ponemon Institute LLC. Sixth annual benchmark study on privacy and security of healthcare data. http://www.ponemon.org/library/sixth-annual-benchmark-study-on-privacy-security-of-healthcare-data-1. 2016 Last accessed July 14

  35. Loukas, G., Gan, D., Vuong, T., A review of cyber threats and defence approaches in emergency management. Fut. Internet 5(2):205–236, 2013.

    Article  Google Scholar 

  36. Lu, R., Lin, X., Liang, X., Shen, X., A secure handshake scheme with symptoms-matching for mhealthcare social network. J. Mob. Netw. Appl. 16(6):683–694, 2011.

    Article  Google Scholar 

  37. Lu, R., Lin, X., Shen, X., Spoc: A secure and privacy-preserving opportunistic computing framework for mobile-healthcare emergency. IEEE Trans. Parallel Distrib. Syst. 24(3):614–624, 2013.

    Article  Google Scholar 

  38. Ma, Y., Liu, J., Liu, W., Security and privacy issues in electronic health network. Wuhan J. Natur. Sci. 18(6):523–529, 2013.

    Article  Google Scholar 

  39. Millman, J.: The end of health cares historic spending slowdown is near. https://www.washingtonpost.com/news/wonk/wp/2014/09/03/the-end-of-health-cares-historic-spending-slowdown-is-near/ https://www.washingtonpost.com/news/wonk/wp/2014/09/03/the-end-of-health-cares-historic-spending-slowdown-is-near/. 2014 Last accessed July 14, 2016

  40. United Nations. Transforming our world: the 2030 agenda for sustainable development. https://sustainabledevelopment.un.org/post2015/transformingourworld. 2015 Last accessed July 14, 2016

  41. US Department of Health and Human Services Office for Civil Rights. Breach portal: Notice to the secretary of hhs breach of unsecured protected health information. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. 2016 Last accessed July 14, 2016

  42. Okoh, E., and Awad, A I., Biometrics Applications in e-Health Security: A Preliminary Survey, pp. 92–103. Cham: Springer International Publishing, 2015.

    Google Scholar 

  43. World Health Organization and World Bank. Tracking universal health coverage, first global monitoring report, 2015. Last accessed July 14, 2016.

  44. Peacock, M., and Johnstone, M.: Towards detection and control of civilian unmanned aerial vehicles. In: Proceedings of the Australian Information Warfare and Security Conference, SRI Security Research Institute. Edith Cowan University (2013)

  45. Postolache, G., Girão, P. S., Postolache, O.: Requirements and barriers to pervasive health adoption. In: Subhas Chandra Mukhopadhyay, and Octavian A. Postolache (Eds.) Pervasive and Mobile Sensing and Computing for Healthcare, pp. 315–359. Springer Berlin Heidelberg (2013)

  46. Ren, Y., Chen, Y., Chuahy, M C.: Social closeness based clone attack detection for mobile healthcare system. In: IEEE 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS 2012), pp. 191–199 (2012)

  47. Rodday, N.: Exploring security vulnerabilities of unmanned aerial vehicles, masters thesis, dacs research group, university of twente, amsterdam, https://www.jbisa.nl/download/?id=17706129. 2015 Last accessed September 3, 2016

  48. Shen, Q., Liang, X., Shen, X S., Lin, X., Exploiting geo-distributed clouds for a e-health monitoring system with minimum service delay and privacy preservation. IEEE J. Biomed. Health Inf. 18(2):430–439, 2014.

    Article  Google Scholar 

  49. Shen, X., Emerging technologies for e-healthcare [editor’s note]. IEEE Netw. 26(5), 2012.

  50. Solanas, A., Patsakis, C., Conti, M., Vlachos, I S., Ramos, V., Falcone, F., Postolache, O., Pérez-Martínez, P A., Di Pietro, R., Perrea, D N., Martínez-Ballesté, A., Smart health: a context-aware health paradigm within smart cities. IEEE Commun. Mag. 52(8):74–81, 2014.

    Article  Google Scholar 

  51. Thiels, C., Drones in medicine: What are the possibilities? http://www.kevinmd.com/blog/2015/05/drones-in-medicine-what-are-the-possibilities.html, 2015. Last accessed August 14, 2016.

  52. WHO. World health statistics 2016, monitoring health for the sdgs, the 2030 a new impetus for health monitoring, 2015. 2016 Last accessed July 14, 2016

  53. Yu, S., Ren, K., Lou, W., Li, J., Defending against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems, pp. 311–329. Berlin, Heidelberg: Springer, 2009.

    Google Scholar 

  54. Zeadally, S., and Badra, M., editors. Privacy in a Digital, Networked World - Technologies, Implications and solutions. London, United Kingdom: Springer, 2015.

    Book  Google Scholar 

  55. Zhou, J., Cao, Z., Dong, X., Lin, X., Vasilakos, A V., Securing m-healthcare social networks: challenges, countermeasures and future directions. IEEE Wirel. Commun. 20(4):12–21, 2013.

    Article  CAS  Google Scholar 

Download references

Acknowledgments

We thank the anonymous reviewers for their valuable comments and feedback which helped us to improve the quality of this paper. Sherali Zeadally was partially supported by a University of Kentucky Research Professorship Award as well as an Edith Cowan University Silver Jubilee Visiting Professorship Award during this work.

Author information

Authors and Affiliations

  1. College of Communication and Information, University of Kentucky, Lexington, KY, 40506-2299, USA

    Sherali Zeadally

  2. Computer Science Department (Facyt), Universidad de Carabobo, Sector Bárbula, Valencia, Venezuela

    Jesús Téllez Isaac

  3. School of Science and Security Research Institute, Edith Cowan University, Perth, 6027, Australia

    Zubair Baig

Authors
  1. Sherali Zeadally
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jesús Téllez Isaac
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zubair Baig
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sherali Zeadally.

Additional information

This article is part of the Topical Collection on Security and Privacy in e-healthcare

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zeadally, S., Isaac, J.T. & Baig, Z. Security Attacks and Solutions in Electronic Health (E-health) Systems. J Med Syst 40, 263 (2016). https://doi.org/10.1007/s10916-016-0597-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0597-z

Keywords

Search

Navigation