In May 2017, a global ransomware campaign adversely affected approximately 48 UK hospitals. Response to the WannaCry cyber-attack resulted in many hospital networks being taken offline, and non-emergency patients being refused care. This is a clear example that data behaviour within healthcare infrastructures needs to be monitored for malicious, erratic or unusual activity. There is a perceived lack of threat within healthcare organisations with regards to cyber-security. Hospital infrastructures present a unique threat vector, with a dependence on legacy software, medical devices and bespoke software. Additionally, many PCs are shared by a number of users, all of whom use a variety of disparate IT systems. Every healthcare infrastructure configuration is unique and a one size fits all security solution cannot be applied to healthcare. Existing cybersecurity technology within hospital infrastructures is typically perimeter-focused. Once a malicious user has compromised the boundary through a backdoor, there is a lack of security architecture monitoring active potential threats inside the network. Therefore, this paper presents research towards a system, which can detect unusual data behaviour through the use of advanced data analytics and visualisation techniques. Machine learning algorithms have the capability to learn patterns of data and profile users' behaviour, which can be represented visually. The proposed system is tailored to healthcare infrastructures by learning typical data behaviours and profiling users. The system adds to the defence-in-depth of the healthcare infrastructure by understanding the unique configuration of the network and autonomously analysing.
This paper concerns the detection of abnormal data usage and unauthorized access in large-scale critical networks, specifically healthcare infrastructures. Hospitals in the U.K. are now connecting their traditionally isolated equipment on a large scale to Internet-enabled networks to enable remote data access. This step-change makes sensitive data accessible to a broader spectrum of users. The focus of this paper is on the safeguarding of electronic patient record (EPR) systems in particular. With over 83% of hospitals adopting EPRs, access to this healthcare data needs to be proactively monitored for malicious activity. Hospitals must maintain patient trust and ensure that the information security principles of integrity, availability, and confidentiality are applied to EPR data. Access to EPR is often heavily audited within healthcare infrastructures. However, this data is regularly left untouched in a data silo and only ever accessed on an ad hoc basis. Without proactive monitoring of audit records, data breaches may go undetected. In addition, external threats, such as phishing or social engineering techniques to acquire a clinician's logon credentials, need to be identified. Data behavior within healthcare infrastructures, therefore, needs to be proactively monitored for malicious, erratic, or unusual activity. This paper presents a system that employs a density-based local outlier detection model. The system is intended to add to the defense-in-depth of healthcare infrastructures. Patterns in EPR data are extracted to profile user behavior and device interactions in order to detect and visualize anomalous activities. The system is able to detect 144 anomalous behaviors in an unlabeled dataset of 1,007,727 audit logs. This includes 0.66% of the users on the system, 0.17% of patient record accesses, 0.74% of routine accesses, and 0.53% of the devices used in a specialist Liverpool (U.K.) hospital. INDEX TERMS Data analysis, electronic patient records, healthcare infrastructures, information security, patient privacy, visualisation.
Hospital critical infrastructures have a distinct threat vector, due to (i) a dependence on legacy software; (ii) the vast levels of interconnected medical devices; (iii) the use of multiple bespoke software and that (iv) electronic devices (e.g., laptops and PCs) are often shared by multiple users. In the UK, hospitals are currently upgrading towards the use of electronic patient record (EPR) systems. EPR systems and their data are replacing traditional paper records, providing access to patients’ test results and details of their overall care more efficiently. Paper records are no-longer stored at patients’ bedsides, but instead are accessible via electronic devices for the direct insertion of data. With over 83% of hospitals in the UK moving towards EPRs, access to this healthcare data needs to be monitored proactively for malicious activity. It is paramount that hospitals maintain patient trust and ensure that the information security principles of integrity, availability and confidentiality are upheld when deploying EPR systems. In this paper, an investigation methodology is presented towards the identification of anomalous behaviours within EPR datasets. Many security solutions focus on a perimeter-based approach; however, this approach alone is not enough to guarantee security, as can be seen from the many examples of breaches. Our proposed system can be complementary to existing security perimeter solutions. The system outlined in this research employs an internal-focused methodology for anomaly detection by using the Local Outlier Factor (LOF) and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) algorithms for benchmarking behaviour, for assisting healthcare data analysts. Out of 90,385 unique IDs, DBSCAN finds 102 anomalies, whereas 358 are detected using LOF.
Abstract-The theft of medical data, which is intrinsically valuable, can lead to loss of patient privacy and trust. With increasing requirements for valuable and accurate information, patients need to be confident that their data is being stored safely and securely. However, medical devices are vulnerable to attacks from the digital domain, with many devices transmitting data unencrypted wirelessly to electronic patient record systems. As such, it is now becoming more necessary to visualise data patterns and trends in order identify erratic and anomalous data behaviours. In this paper, a system design for modelling data flow within healthcare infrastructures is presented. The system assists information security officers within healthcare organisations to improve the situational awareness of cyber security risks. In addition, a visualisation of TCP Socket Connections using real-world network data is put forward, in order to demonstrate the framework and present an analysis of potential risks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.