ABSTRACT
Electronic health records (EHRs) and medical data are classified as personal data in every privacy law, meaning that any related service that includes processing such data must come with full security, confidentiality, privacy, and accountability. Solutions for health data management, as in storing it, sharing and processing it, are emerging quickly and were significantly boosted by the COVID-19 pandemic that created a need to move things online. EHRs make a crucial part of digital identity data, and the same digital identity trends - as in self-sovereign identity powered by decentralized ledger technologies like blockchain, are being researched or implemented in contexts managing digital interactions between health facilities, patients, and health professionals. In this paper, we propose a blockchain-based solution enabling secure exchange of EHRs between different parties powered by a self-sovereign identity (SSI) wallet and decentralized identifiers. We also make use of a consortium IPFS network for off-chain storage and attribute-based encryption (ABE) to ensure data confidentiality and integrity. Through our solution, we grant users full control over their medical data and enable them to securely share it in total confidentiality over secure communication channels between user wallets using encryption. We also use DIDs for better user privacy and limit any possible correlations or identification by using pairwise DIDs. Overall, combining this set of technologies guarantees secure exchange of EHRs, secure storage, and management along with by-design features inherited from the technological stack. © 2023 Marie Tcholakian et al.
ABSTRACT
Security issues have always been central to workplaces. Increased work performed at home environments caused by COVID-19 pandemic has changed the security landscape of work radically. Security arrangements are no more at the domain of the employer, yet the risks remain, and responsibilities. In this chapter we discuss this new boom of distance work from the viewpoints of data privacy and security, physical safety and mental well-being. The issues are intertwined, and changes, risks and solutions in one of these cause implications for the other areas too. In data privacy and security, the home office environment causes several risks, and the mixed use of devices and facilities both in work and leisure use causes difficulties. Physical safety is compromised in several ways at home environment, which is partly confounding, as the very core of work at home and social distancing is the search for physical security from COVID viruses. Mental well-being problems are a key product of this social distancing, and they do not typically emerge immediately, but first after a long period. With the COVID-19 pandemic over two years, we first start to see the magnitude of the mental well-being problems it has caused. The COVID-19 pandemic is a very short period in history. For individuals living now, it can deeply affect life, especially in critical periods of life. On the positive side, the very special pressure COVID-19 has caused on working life has surely improved and speeded up academic and practical work in distance work development. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.
ABSTRACT
To combat the ongoing Covid-19 pandemic, many new ways have been proposed on how to automate the process of finding infected people, also called contact tracing. A special focus was put on preserving the privacy of users. Bluetooth Low Energy as base technology has the most promising properties, so this survey focuses on automated contact tracing techniques using Bluetooth Low Energy. We define multiple classes of methods and identify two major groups: systems that rely on a server for finding new infections and systems that distribute this process. Existing approaches are systematically classified regarding security and privacy criteria.Copyright © 2021 ACM.
ABSTRACT
The emergence of pandemic diseases like Covid-19 in recent years has made it more important for Internet of Medical Things (IoMT) environments to build contact between patients and doctors in order to control their health state. Patients will be able to send their healthcare data to the cloud server of the medical service provider in remote medical environments through sensors connected to their smart devices, such as watches or smartphones. However, patients' worries surrounding their data privacy protection are still present. In order to ensure the security and privacy of patients' healthcare data in remote medical environments, a number of different schemes have been proposed by researchers. However, these schemes have not been able to take all security requirements into account. Consequently, in this study, we have proposed a secure and effective protocol to safeguard the privacy of patients' medical data when it is sent to the server. This protocol entails two components: mutual authentication of the patient and the server of the medical service provider, as well as the integrity of the exchanged data. Also, our scheme satisfies security requirements and is resistant to well-known attacks. Following this, we used the Scyther tool to formally analyze our proposed scheme. The results showed that the scheme is secure, and in the section on performance analysis, we demonstrated that the proposed scheme performs better than comparable schemes. © 2023 IEEE.
ABSTRACT
This paper describes the adaptation of an open-source ecological momentary assessment smartwatch platform with three sets of micro-survey wellness-related questions focused on i) infectious disease (COVID-19) risk perception, ii) privacy and distraction in an office context, and iii) triggers of various movement-related behaviors in buildings. This platform was previously used to collect data for thermal comfort, and this work extends its use to other domains. Several research participants took part in a proof-of-concept experiment by wearing a smartwatch to collect their micro-survey question preferences and perception responses for two of the question sets. Participants were also asked to install an indoor localization app on their phone to detect where precisely in the building they completed the survey. The experiment identified occupant information such as the tendencies for the research participants to prefer privacy in certain spaces and the difference between infectious disease risk perception in naturally versus mechanically ventilated spaces. © 2022 17th International Conference on Indoor Air Quality and Climate, INDOOR AIR 2022. All rights reserved.
ABSTRACT
Medical image analysis using deep neural networks (DNN) has demonstrated state-of-the-art performance in image classification and segmentation tasks, aiding disease diagnosis. The accuracy of the DNN is largely governed by the quality and quantity of the data used to train the model. However, for the medical images, the critical security and privacy concerns regarding sharing of local medical data across medical establishments precludes exploiting the full DNN potential for clinical diagnosis. The federated learning (FL) approach enables the use of local model's parameters to train a global model, while ensuring data privacy and security. In this paper, we review the federated learning applications in medical image analysis with DNNs, highlight the security concerns, cover some efforts to improve FL model performance, and describe the challenges and future research directions.
ABSTRACT
The Covid-19 pandemic ushered in multiple paradigms of personal health data sharing with particular emphasis on Person-to-Institution sharing and Institution-toInstitution sharing. While the data aggregated by technology companies and health authorities was instrumental in the development of vaccines and ultimately flattening the curve of infection rates, egregious abuses of privacy occurred. In many instances acceptable guarantees of appropriate utility for the data were not made available. Personal health data sharing for the containment of infections with privacy limitations present a classic case of collaboration among mutually distrustful entities. In this regard the blockchain network and attendant protocols for data integrity, transaction transmission and provenance can prove useful. Thus, in this paper we present a blockchain-based method for disease surveillance in a smart environment where smart contracts are deployed to monitor public locations instead of individuals. The data aggregated is analysed and tagged with a lifetime commensurate with the time for infection. Once the data utility period has elapsed the monitored data are removed from the active surveillance pool and the entities involved can be notified. Such a method of continual surveillance protects privacy by shifting the emphasis from individuals to locations. Experimental data suggests this method is efficient and can be implemented on top of existing disease surveillance strategies for later pandemics. © 2023 IEEE.
ABSTRACT
In order to control the first wave of COVID-19 pandemic in 2020, many models have shown effectiveness in predicting the spread of new coronary pneumonia and the different interventions. However, few models can collect large amounts of high-quality real-time data faster under the premise of protecting privacy, considering the impact of severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) variant and the mass vaccination program as a new intervention. Therefore, we developed a mobile intelligent application that can collect a large amount of real-time data while protecting privacy and conducted a feasibility study by defining a new COVID-19 mathematical model SEMCVRD. By simulating different intervention measures, the prediction model of the mobile intelligent application used in this article simulates the epidemic situation in the U.K. as an example. The findings are as below: the optimal intervention strategy is to suppress the intervention at [Formula Omitted] (intervention intensity: the average number of contacts per person per day) before the end of March 2021, then gradually release the intervention intensity at a rate of [Formula Omitted], and finally release the intensity to [Formula Omitted] in June 2021. The COVID-19 pandemic will end at the end of June 2021, when the total number of deaths will reach 128772. This strategy will be able to balance the tradeoff between loss of life and economic loss. Compared with the official statistics released by the U.K. government on May 31, 2021, our model can accurately predict the relative error rate of the total number of cases is less than 6.9%, and the relative error rate of the total number of deaths is less than 1%. Furthermore, the model is also suitable for collecting data from countries/regions around the world.
ABSTRACT
There has been a huge spike in the usage of social media platforms during the COVID-19 lockdowns. These lockdown periods have resulted in a set of new cybercrimes, thereby allowing attackers to victimise social media users with a range of threats. This paper performs a large-scale study to investigate the impact of a pandemic and the lockdown periods on the security and privacy of social media users. We analyse 10.6 Million COVID-related tweets from 533 days of data crawling and investigate users' security and privacy behaviour in three different periods (i.e., before, during, and after the lockdown). Our study shows that users unintentionally share more personal identifiable information when writing about the pandemic situation (e.g., sharing nearby coronavirus testing locations) in their tweets. The privacy risk reaches 100% if a user posts three or more sensitive tweets about the pandemic. We investigate the number of suspicious domains shared on social media during different phases of the pandemic. Our analysis reveals an increase in the number of suspicious domains during the lockdown compared to other lockdown phases. We observe that IT, Search Engines, and Businesses are the top three categories that contain suspicious domains. Our analysis reveals that adversaries' strategies to instigate malicious activities change with the country's pandemic situation. © 2013 IEEE.
ABSTRACT
Recently, innovations in the Internet-of-Medical- Things (IoMT), information and communication technologies, and Machine Learning (ML) have enabled smart healthcare. Pooling medical data into a centralised storage system to train a robust ML model, on the other hand, poses privacy, ownership, and regulatory challenges. Federated Learning (FL) overcomes the prior problems with a centralised aggregator server and a shared global model. However, there are two technical challenges: FL members need to be motivated to contribute their time and effort, and the centralised FL server may not accurately aggregate the global model. Therefore, combining the blockchain and FL can overcome these issues and provide high-level security and privacy for smart healthcare in a decentralised fashion. This study integrates two emerging technologies, blockchain and FL, for healthcare. We describe how blockchain-based FL plays a fundamental role in improving competent healthcare, where edge nodes manage the blockchain to avoid a single point of failure, while IoMT devices employ FL to use dispersed clinical data fully. We discuss the benefits and limitations of combining both technologies based on a content analysis approach. We emphasise three main research streams based on a systematic analysis of blockchain-empowered (i) IoMT, (ii) Electronic Health Records (EHR) and Electronic Medical Records (EMR) management, and (iii) digital healthcare systems (internal consortium/secure alerting). In addition, we present a novel conceptual framework of blockchain-enabled FL for the digital healthcare environment. Finally, we highlight the challenges and future directions of combining blockchain and FL for healthcare applications. IEEE
ABSTRACT
This study investigates the use of mobile data to understand patterns of population movements and disease transmission during the Covid-19 outbreak. It also focuses on understanding the implications of using this data for individual privacy. Using a mixed methods approach, we present 10 rich qualitative interviews and 412 survey responses from participants across the Nordics. Our novel results show that the use of mobile data can be characterized by two main categories: validation data and complementary data. We also identify five implications for practice: sharing resources and expertise between health agencies and telecom companies;extended collaboration with multiple network operators;cross-disciplinary collaboration among multiple parties;developing data and privacy guidelines;and developing novel methods and tools to address the trade-off between maintaining individual privacy and obtaining detailed information from mobile data. These implications may inform immediate and future actions to prepare for, mitigate, and control the spread of infectious diseases using mobile data. They also show privacy-driven limitations of mobile data in terms of data accuracy, richness, and scope. © 2022 IEEE Computer Society. All rights reserved.
ABSTRACT
The new norms during the COVID-19 pandemic contributed to the increased usage of the online medium. The International Labour Organization (ILO) reports that millions of people were forced to stay at home during difficult situations (2020). Both the government and corporate sectors are changing the landscape of their services to online services. Apart from its benefits, the rapid adoption of technology also increases the risk of data breaches among individuals' personal information. This article focuses on the intention factor as a motivation to protect the security of personal data among the youth. A total of 535 respondents in the range of 19 to 30 years old from Putrajaya and Cyberjaya. They are randomly selected using a multistage cluster sampling method. A set of questionnaires were distributed online during the Movement Control Order (MCO) that hit all over the world including Malaysia. To analyse factors affecting the Malaysian youth in protecting the security of personal data the multiple linear regression analysis was applied. This article reports the intention factor has a dominant influence in motivating Malaysian youth to protect the security of their data. Additionally, findings showed that family connection and online banking transactions as the main factors in using online compared to other motives measured in this study. Therefore, Malaysian youths should be given the knowledge and awareness to keep on vigilant and protect their data security. Their motivations need to be nurtured to ensure that Malaysian youth's personal data remain protected even if they are actively interacting online. © 2023, Penerbit Universiti Kebangsaan Malaysia. All rights reserved.
ABSTRACT
Early in 2020, the coronavirus Covid-19, which is produced by the SARS-CoV -2 strain, first gained international attention as a severe health threat. Covid-19 spread quickly around the world, forcing everyone to fight with preventative measures like masks, hand washing, and preserving social distance. But to prevent the virus, vaccination has been playing a key role. Vaccination records that contain patient data make this system very complicated because there is a risk of a privacy breach. Hackers may steal the personal health information of individuals or may carry out cyberattacks against any national health data server. Additionally, there is a chance that dishonest people can purchase and sell fake vaccine certificates on the black market. Blockchain can provide a solution to this regard by its features like data immutability, privacy, transparency and decentralization. For people, governments, and organizations interested in blockchain-based systems, we analyze the blockchain based vaccination management system in this study and provide a current summary. We envision our study to motivate more blockchain based systems. © 2022 IEEE.
ABSTRACT
The pandemics such as COVID-19 are worldwide health risks and result in catastrophic impacts on the global economy. To prevent the spread of pandemics, it is critical to trace the contacts between people to identify the infection chain. Nevertheless, the privacy concern is a great challenge to contact tracing. Moreover, existing contact tracing apps cannot obtain the macro-level infection risk information, e.g., the hotspots where the infection occurs, which, however, is critical to optimize healthcare planning to better control and prevent the outbreak of pandemics. In this paper, we develop a novel privacy-preserved pandemic tracing system, PRISC, to compute the infection risk through cellular-enabled IoT devices. In the PRISC system, there are three parties: a mobile network operator, a social network provider, and the health department. The physical contact records between users are obtained by the mobile network operator from the users’cellular-enabled IoT devices. The social contacts are obtained by the social network provider, while the health department has the records of pandemic patients. The three parties work together to compute a heatmap of pandemic infection risk in a region, while fully protecting the data privacy of each other. The heatmap provides both macro and micro level infection risk information to help control pandemics. The experiment results indicate that PRISC can compute an infection risk score within a couple of seconds and a few mega-bytes (MBs) communication cost, for datasets with 100,000 users. IEEE
ABSTRACT
The COVID19 pandemic has led to the proliferation of the use of online shopping applications among millions of customers worldwide. The enormous potential in technological advancements, particularly mobile technology, has directly impacted mobile commerce, where the shopping process has become so convenient. While the benefits of mobile commerce are multi-fold, the current privacy practices and the extent of user data residue in shopping apps have been less explored. In this paper, we conducted an in-depth, systematic analysis of two of the most popular mobile shopping apps - Amazon and Etsy. Our analysis led to the recovery of user data and shopping activity artifacts from Amazon and Etsy buyer and seller apps on Android/iOS devices. Based on the user data and artifacts found, we have also discussed the implications of default privacy settings, the importance of online safety policies prior to product listings, and implications for research and practice. © 2023 IEEE Computer Society. All rights reserved.
ABSTRACT
This letter is in response to the article "Enhancing India's Health Care during COVID Era: Role of Artificial Intelligence and Algorithms". While the integration of AI has the potential to improve patient outcomes and reduce the workload of healthcare professionals, there is a need for significant training and upskilling of healthcare providers. There are ethical and privacy concerns related to the use of AI in healthcare, which must be accompanied by rigorous guidelines. One solution to the overburdened healthcare systems in India is the use of new language generation models like ChatGPT to assist healthcare workers in writing discharge summaries. By using these technologies responsibly, we can improve healthcare outcomes and alleviate the burden on overworked healthcare professionals.
ABSTRACT
Information related to Covid-19 either it is vaccination status of the country or the active Covid-19 cases both are the confidential matters. The privacy is utmost important concern in pandemic situation to secure access of patient vaccine data. Blockchain technique is one of the good techniques that affirm the privacy and data security. The consensus mechanisms in blockchain confirm that data stored in it, is authentic and secured. Proof of Work is one of the consensus algorithms, where miners in the blockchain network solves the puzzle and receive the reward accordingly. The difficulty level of the puzzle decides the security of the data in the network. Hence, this paper proposes blockchain based framework to store the vaccination data of patient by enhancing security using proof of work consensus algorithm. The performance of the proposed framework is measured on different level of difficulties, corresponding to time. The result shows that higher the difficulty level, take more time to solve the puzzle, results in more secure data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
Nowadays, the entire world is struggling to adapt and survive the SARS-CoV-2/COVID-19 pandemic, the new mutations in the Coronavirus disease is causing damage and disruption across the world. Taking preventive measures to control the spreading of the virus, including lockdowns, curfews, social distancing, masks, vaccination are not enough to stop the virus. Many countries have sought to support their contact tracers with the use of digital contact tracing apps to manage and control the spread of the virus. Using the new technologies to adapt the prevention measures furthermore enhancing the existing ones, will definitely be more efficient. There are many contact tracing apps that have already been launched and used since 2020. There has been a lot of speculations about the confidentiality and security aspects of these apps and their possible violation of data protection principles. In this paper we propose a system of contact tracing, we explain how this system treats sensible information to preserve the user's identity and protect their personal information. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
COVID-19 has affected human life since its advent. And to counteract its spread, humankind adopts social distancing, which encourages remote working for employees, and online learning for students. Many universities and schools quickly adopted e-learning solutions without much consideration of security, while it is important to consider users' privacy. Unfortunately, digital learning spaces face security vulnerabilities, risks and threats and are not spared from cyber-attacks. To ensure the security and privacy of e-learning solutions used by universities and schools, we analyzed how MOOCs and Organizations offering online courses long before COVID-19 deal with their users' privacy and personal data. In this study, we considered some popular platforms from The United States (Coursera, EdX, Udemy), Europe and the United Kingdom (FutureLearn, FUN MOOC, EduOpen), and Asia (XuetangX, SWAYAM, and K-MOOC). We discussed the personal data collected by these platforms, the purposes for which these data are collected, the different legislation for processing and storing data, and how the platforms ensure user privacy. © 2022 IEEE.
ABSTRACT
When pandemic rose in 2020, people were fighting against COVID-19 virus and organizations had accelerated their digitization and cloud adoption rapidly (De et al. in Int J Inf Manag 55:102171, 2020 [1]) to meet the online based business during the lockdown. This chaos helped fraudsters and attackers taking advantage of the momentary lack of security controls and oversight. Federal Investigation Bureau (FBI) Internet Crime Compliant Center (IC3) 2020 reported highest number of complaints in 2020 (791 k + ) compared to prior five years (298 k + in 2016), with peak losses reported ($4.2 Billion in 2020 compared to $1.5 Billion in 2016) (Internet Crime Complaint Center in Internet crime report. Federal Bureau of Investigation, Washington, D.C., 2020 [2]). Majority of these incidents were connected to financial fraud, identity fraud, and phishing for personally identifiable information (PII). Considering the severity and impact of personal data exposure over cloud and hybrid environment, this paper provides a brief overview of prior research and discuss technical solutions to protect data across heterogeneous environments and ensure privacy regulations. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.