HoneyDetails: A prototype for ensuring patient's information privacy and thwarting electronic health record threats based on decoys
Open Access
- 1 September 2020
- journal article
- research article
- Published by SAGE Publications in Health Informatics Journal
- Vol. 26 (3), 2083-2104
- https://doi.org/10.1177/1460458219894479
Abstract
Advancements in electronic health record system allow patients to store and selectively share their medical records as needed with doctors. However, privacy concerns represent one of the major threats facing the electronic health record system. For instance, a cybercriminal may use a brute-force attack to authenticate into a patient's account to steal the patient's personal, medical or genetic details. This threat is amplified given that an individual's genetic content is connected to their family, thus leading to security risks for their family members as well. Several cases of patient's data theft have been reported where cybercriminals authenticated into the patient's account, stole the patient's medical data and assumed the identity of the patients. In some cases, the stolen data were used to access the patient's accounts on other platforms and in other cases, to make fraudulent health insurance claims. Several measures have been suggested to address the security issues in electronic health record systems. Nevertheless, we emphasize that current measures proffer security in the short-term. This work studies the feasibility of using a decoy-based system named HoneyDetails in the security of the electronic health record system. HoneyDetails will serve fictitious medical data to the adversary during his hacking attempt to steal the patient's data. However, the adversary will remain oblivious to the deceit due to the realistic structure of the data. Our findings indicate that the proposed system may serve as a potential measure for safeguarding against patient's information theft.Funding Information
- Universiti Sains Malaysia (1001/ PKOMP/ 8014017, 203/PKOMP/6711426)
- Center for Cyber Safety and Education, United States Internal Revenue segregated fund (Inc. Code. EIN: 45-2405127 through the (ISC)2 graduate cybersecurity scholarship award)
This publication has 38 references indexed in Scilit:
- Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?Journal of Medical Internet Research, 2013
- Patient confidentiality: when can a breach be justified?Continuing Education in Anaesthesia Critical Care & Pain, 2013
- Electronic Health Records: Privacy, Confidentiality, and SecurityThe AMA Journal of Ethic, 2012
- An Improved Authentication Scheme for Telecare Medicine Information SystemsJournal of Medical Systems, 2012
- A More Secure Authentication Scheme for Telecare Medicine Information SystemsJournal of Medical Systems, 2011
- A Secure Authentication Scheme for Telecare Medicine Information SystemsJournal of Medical Systems, 2010
- Anti-honeypot technologyIEEE Security & Privacy, 2004
- Experimental realization of Shor's quantum factoring algorithm using nuclear magnetic resonanceNature, 2001
- Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum ComputerSIAM Review, 1999
- I.—COMPUTING MACHINERY AND INTELLIGENCEMind, 1950