Table 3

Attacks and security system provided by the proposed model

AttackCountermeasures
Insider threatsInsider threats involve healthcare workers accidently or intentionally leaking patient data. For example, in 2019, a healthcare worker in the US accessed the electronic medical records of over 1,000 patients without authorization. Such breaches highlight the need for robust access controls. The proposed system employs access controls, multi-factor authentication, and role-based access, which prevent unauthorized access. Furthermore, HIPAA mandates user activity monitoring, and Contract Management Software verifies user authority, ensuring compliance with regulations. Any violations trigger immediate notifications to the patient and organization, while logging all user actions for auditing
Social engineeringSocial engineering attacks manipulate individuals into disclosing sensitive information. An example is phishing emails targeting healthcare workers to obtain login credentials. The proposed system counters such threats with HIPAA security policies, incident response plans, and robust two-factor authentication mechanisms. Training healthcare staff on identifying phishing attempts is also a crucial preventive measure
Man-in-the-middleMan-In-The-Middle (MITM) attacks involve intercepting data during transmission. For instance, attackers might intercept patient data between a wearable device and the healthcare system. The proposed system addresses these vulnerabilities using encryption protocols such as TLS for data in transit and end-to-end authentication to prevent unauthorized access. Additionally, real-time network monitoring tools detect and mitigate such attacks promptly
Adversarial attacksAdversarial attacks manipulate input data to mislead AI systems, whereas data poisoning injects malicious data into training datasets. For example, an adversary might alter vital signs transmitted from a wearable device to influence diagnoses. The proposed system mitigates these risks with anomaly detection algorithms, firewall monitoring, and strict data validation protocols. These measures ensure that manipulated or malicious data is identified and flagged before integration into AI processes
Data poisoning attacksThis attack injects malicious data into AI algorithm training, causing incorrect predictions. EHR’s user-level access controls, Firewall data analysis (monitoring and detection), and auditing processes help prevent this. HIE system ensures credibility with other organizations handling the data, preventing malicious injections
Malicious softwareMalicious software (malware) installations on healthcare devices risk exposing patient data. To combat this, the system employs firewall-based packet filtering, anti-malware solutions, and secure software update mechanisms. Incident response plans further ensure that any detected malware is neutralized quickly, minimizing potential harm
Source(s): Author’s own work

or Create an Account

Close Modal
Close Modal