Healthcare Data Security

From MIT Technology Roadmapping
Jump to navigation Jump to search

Healthcare Data Security Technology Roadmap

  • 2HDS Healthcare Data Security

Roadmap Overview

The context, working principles, and architecture for healthcare data security is shown in the following diagram. Note the presence of a threat actor potentially compromising security and whose interference the healthcare data security technology is intended to deter, prevent, detect, and/or mitigate.

Healthcare Data Security Architecture


Health is an essential aspect of life, connected to each individual and to families and our societies, as well as forming an integrated element of the economy. Distributing healthcare to the point of care may improve outcomes, reduce risks, and reduce costs. Patients, healthcare workers, and healthcare organizations require trust in the security of these systems in order to adopt the systems and to avoid losses. Regulation is primarily made at the national level and requires that health privacy and security are effectively achieved. Compliance to HIPAA requirements apply in the United States<ref name="HIPAA">CDC.gov HIPAA description,“Health Insurance Portability and Accountability Act of 1996 (HIPAA) | CDC.”</ref> , and the EU General Data Protection Regulation (GDPR) applies to operations within EU countries, to data about EU residents, and to any organization that interacts with data of citizens of EU countries.<ref name="GDPR">THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION, General Data Protection Regulations (GDPR), 2016.</ref> Healthcare coordination and efficiency may be improved through the use of electronic medical records / electronic health records (EMR / EHR) which may be maintained using on-premises or by using cloud computing services. Over the past decade, increased adoption has focused an attention on the need for systems and technologies to provide for security and privacy while maintaining efficiency and scalability.<ref name="Colicchio_2019">T. K. Colicchio, J. J. Cimino, and G. Del Fiol, “Unintended consequences of nationwide electronic health record adoption: Challenges and opportunities in the post-meaningful use era,” Journal of Medical Internet Research, vol. 21, no. 6. Journal of Medical Internet Research, p. e13313, Jun. 01, 2019, doi: 10.2196/13313.</ref><ref name=Al-Issa_2019>Y. Al-Issa, M. A. Ottom, and A. Tamrawi, “Review Article eHealth Cloud Security Challenges: A Survey”, 2019, doi: 10.1155/2019/7516035.</ref>

This roadmap study focuses on the topic of securing healthcare data, with an emphasis on the virtual world over the physical world, which is largely descoped aside from the stakeholders within the ecosystem for the purposes of this project. The overall objective is to main maintain privacy and safety for patients participating in the healthcare system. Specifically, the technology includes the various tools and methods that allow for the secure transmission, storage and retrieval of healthcare data, with an emphasis on “communication” within a virtual healthcare environment. This includes security controls such as encryption or ransomware prevention capabilities. The roadmap includes security measures aimed to mitigate risk associated with 1) malicious threat actors, purposefully attempting to collect data that these individuals should not have access to, as well as 2) accidental data disclosure, with no malicious intent behind the occurrence. The surface area of assets includes telehealth appoints, wearable devices and medical records.

Design Structure Matrix Allocation

Healthcare Data Security Design Structure Matrix DSM


2HDS Tree


The Healthcare Data Security (2HDS) tree that is extracted from the Design Structure Matrix (DSM) above shows that the Healthcare Data Security (2HDS) is in the context of a larger Healthcare Living System (1HLS) and requires the subsystems of Security Software Systems (3SECSW), Security Physical Systems (3SECPHYS), Physical Data Systems (3PDS). The Security Software Systems (3SECSW) and Security Physical System (3SECPHYS) in turn requires several enabling Layer 4 technologies: Encryption Mechanism (4ENCRM), Role-Based Access Control Software (4RBACSW), Anti-Malware Software (4AMSW), Unified Threat Management System (4UTMS), Least Privileged Access Systems (4LPAS), Authentication Mechanism (4AM). The Physical Data System (3PDS) requires in turn the enabling Layer 4 technologies of: Data Storage System (4DSS) and Communication Channel (4COM).

Roadmap Model Using OPM

An OPM model is provided here for the 2HDS roadmap in the figure below. This diagram captures the main object of the roadmap (Healthcare Data Security), its decomposition into subsystems (Human Actors, Data Storage Systems, Communication Processes that interact with the Communication Channel, Securing Processes that interact with the Health Information Technology Environment, Health Organizations including Insurer, Service Provider or Lab, Public Health Agency, and Family/Caregivers), its characterization by Figures of Merit (FOMs) as well as the main processes (Communicating, Storing, Retrieving, Securing, and Managing). The potential Threat Actor is identified with the potential for the damaging process of Exploiting vulnerabilities in the elements of the system.

OPM 2HDS

An Object-Process-Language (OPL) description of the roadmap scope is auto-generated by the OPCLOUD software and is given below. It reflects the same content as the previous figure, in a formal natural language.

2HDS OPL

Figures of Merit

Health Data Security Figures of Merit (FOM) are described in the following table. References<ref name="whatis">kaspersky.com, "What is Ransomware?", June 11, 2020.</ref> <ref name=HIPAAJournal>"Healthcare Data Breach Statistics," HIPAA Journal.
</ref>

Table Describing Healthcare Data Security Figures of Merit

Publicly available data collected by the Office of Civil Rights (OCR) helped the team to create a meaningful PHI Data Safety Ratio as a FOM. The data available includes the total number of discrete healthcare data breaches that involve more than 500 healthcare records from 2009-2019. As a subset of this data, the OCR recorded the number of loss or theft incidents that included PHI or unencrypted ePHI.<ref name="whatis" /> We took the delta between these two data sets to look at the number of incidents that did not include PHI (or unencrypted ePHI), using this as a proxy for safety. This allows the team to plot a lack of sensitive data loss and therefore a success of healthcare data security implementations between 0 and 1 inclusive, with 1 (i.e., no incidents with PHI or unencrypted ePHI) as the default utopia point.

Health Data Security Figure of Merit PHI Data Safety Ratio R

Healthcare Data Security Figure of Merit Data Table

Healthcare Data Security Figure of Merit Chart of PHI Data Safety Ratio vs year, from 2009 to 2019

Patent & Publication Analysis

1. Packet analysis based IoT management [tk]

  • Type: Patent (Patent # 10212178; US10771491B2)
  • Owner: Palo Alto Networks (Inc.) for their medical device security product offering under ZingBox, Inc.
  • Key dates: Filed on February 2019 and application granted September 2020
  • Description: This technology is allowing for network packets to be analyzed when going to or from an Internet of Things (IoT) device in the context of preventing attacks against these devices. Through this technology, uncharacteristic behavior deriving from an IoT device can be detected using historical data from the device itself that is collected over time. Packet data can both be inspected and triangulated with what is considered standard behavior based on previously collected event logs and IoT device characteristics, ultimately generating in anomaly detection notification.
  • Applicability to roadmap: Zingbox is a major player in the expanding Internet of Medical Things (IoMT) security industry [4]. Our focus on medical device security via threat detection and prevention is highly related to this patent; this technology describes a specific example of how anomalies can be detected on IoT devices that are ultimately indicative of cyber-attacks. It builds upon well-established technologies from the security space (packet capture, event logging, vulnerability identification) and combines this technical capabilities to form a new methodology that may be better suited for identifying anomalous behavior in IoT by crafting device profiles rather than the ‘one size fits all’ approach IT security tools (although the team has not seen implementation data that would demonstrate higher rates of accurate detection or better infrastructure compatibility – this is the assumed benefit/FOM area).


2. Systems and methods for detecting a cyberattack on a device on a computer network [tk]

  • Key dates: Provisional application filed on December 2017 and July 2018; publication occurred on June 2019, with the patent still pending
  • Owner: Mercy Health
  • Description: The technology focuses on detection in the context of a cybersecurity attack, as applicable to medical devices. Data is collected through a honeypot scheme, where attackers are geared towards dummy medical devices set up within the same IP subnet as actual medical devices. This allows for the collection of attack techniques from actual threat actors, which in turn generate Indicators of Compromise (e.g., types of obfuscation techniques, multiple failed attempts to access a device within a set timeframe) that serve as the basis for malicious event detection alerts.
  • Applicability to roadmap: This technology relies on medical devices as the dummy infrastructure, and is specific to detection in the context of cybersecurity attacks – this is squarely aligns with medical device cyber threat prevention and detection. This newer incorporation of OT into the targeted assets makes it difficult for existing security products (firewalls, anti-virus, etc.) to effectively detect attacks meant specifically for medical devices rather than IT. The technology scheme relies on the collection of data from real attacks actually occurring on the network to enhance medical device security detection. The team interpreted a baked-in assumption that the risk of setting up a honeypot is outweighed by the benefits of collecting highly applicable and accurate data on threat actor threat techniques (As an aside, this was a very fun technology to discovery – it’s a great idea if the benefits outweigh the risks).


3. Fernandez Maimó et al., “Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments.” [tk]

  • Publication Date: 5 March 2019
  • Authors: Lorenzo Fernández Maimó, Alberto Huertas Celdrán, Ángel L. Perales Gómez, Félix J. García Clemente, James Weimer, and Insup Lee
  • Publication Name and Details: “Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments.” Sensors 19, no. 5 (2019): 1114.
  • doi:10.3390/s19051114
  • Applicability to roadmap: This paper describes cybersecurity requirements and vulnerabilities for Medical Cyber-Physical Systems (MCPS). Consideration of ransomware attacks as the leading type of attack is reported as 85% of cases, with 70% of attacks involving confirmed data loss. The paper reviews potential technology to address these concerns. The focus is on automating detection of attacks through machine learning (ML) and real-time operations.


4. Markus Willing et al., “Analyzing Medical Device Connectivity and Its Effect on Cyber Security in German Hospitals.” [tk]

  • Publication Date: 29 September 2020
  • Authors: Willing, Markus, Christian Dresen, Uwe Haverkamp, and Sebastian Schinzel.
  • Publication Name and Details: “Analyzing Medical Device Connectivity and Its Effect on Cyber Security in German Hospitals.” BMC Medical Informatics and Decision Making 20, no. 1 (September 29, 2020): 246.
  • doi: 10.1186/s12911-020-01259-y
  • Applicability to roadmap: This paper explores the use of networked devices in hospitals and the risks for cyber attacks. The authors analyze networked medical devices in German hospitals by considering the departments with largest use of devices and their vulnerabilities. In this recent study published this September, the authors report 5000-40000 active medical devices per hospital with an increasing percentage that are networked devices. The largest increases are reported in the departments of Radiology, Intensive Care, Radio-Oncology, and Nuclear Medicine.

Strategic Drivers


PU Strategic Drivers.png

Company vs. Competition

Competitive Analysis.png

Technical Model: Morphological Matrix and Tradespace

  • p = # of algorithm parameters in millions
  • d = # of algorithm depth (layers)
  • s = percent of estate visible to detection algorithm
  • c complexity = p*d^2
  • O = constant to interpret solution as a percentage
  • Classification Rate (e.g., Accuracy) A = (true positives + true negatives)/ all events


Morphological Matrix

Morph 2.png


Key FOM

Accuracy 2.png


References