Machine learning cryptography methods for IoT in healthcare.

BACKGROUND: The increased application of Internet of Things (IoT) in healthcare, has fueled concerns regarding the security and privacy of patient data. Lightweight Cryptography (LWC) algorithms can be seen as a potential solution to address this concern. Due to the high variation of LWC, the primary objective of this study was to identify a suitable yet effective algorithm for securing sensitive patient information on IoT devices. METHODS: This study evaluates the performance of eight LWC algorithms-AES, PRESENT, MSEA, LEA, XTEA, SIMON, PRINCE, and RECTANGLE-using machine learning models. Experiments were conducted on a Raspberry Pi 3 microcontroller using 16 KB to 2048 KB files. Machine learning models were trained and tested for each LWC algorithm and their performance was evaluated based using precision, recall, F1-score, and accuracy metrics. RESULTS: The study analyzed the encryption/decryption execution time, energy consumption, memory usage, and throughput of eight LWC algorithms. The RECTANGLE algorithm was identified as the most suitable and efficient LWC algorithm for IoT in healthcare due to its speed, efficiency, simplicity, and flexibility. CONCLUSIONS: This research addresses security and privacy concerns in IoT healthcare and identifies key performance factors of LWC algorithms utilizing the SLR research methodology. Furthermore, the study provides insights into the optimal choice of LWC algorithm for enhancing privacy and security in IoT healthcare environments.

Insights from telesurgery expert conference on recent clinical experience and current status of remote surgery.

Remote surgery provides opportunity for enhanced surgical capabilities, wider healthcare reach, and potentially improved patient outcomes. The network reliability is the foundation of successful implementation of telesurgery. It relies on a robust, high-speed communication network, with ultra-low latency. Significant lag has been shown to endanger precision and safety. Furthermore, the full-fledged adoption of telerobotics demands careful consideration of ethical challenges too. A deep insight into these issues has been investigated during the first Telesurgery Consensus Conference that took place in Orlando, Florida, USA, on the 3rd and 4th of February, 2024. During the Conference, the state of the art of remote surgery has been reported from robotic systems displaying telesurgery potential. The Hinotori, a robotic-assisted surgery platform developed by Medicaroid, experienced remote surgery as pre-clinical testing only; the Edge Medical Company, Shenzen, China, reported more than one hundred animal and 30 live human surgeries; the KanGuo reported human telesurgical cases performed with distances more than 3000 km; the Microport, China, collected more than 100 human operations at a distance up to 5000 km. Though, several issues-cybersecurity, data privacy, technical malfunctions - are yet to be addressed before a successful telesurgery implementation. Expanding the discussion to encompass ethical, financial, regulatory, and legal considerations is essential too. The Telesurgery collaborative community is working together to address and establish the best practices in the field.

Reliability and validity of the Chinese version of the Information Security Attitude Questionnaire for nurses.

AIM: Nurses play a crucial role within medical institutions, maintaining direct interaction with patient data. Despite this, there is a scarcity of tools for evaluating nurses' perspectives on patient information security. This study aimed to translate the Information Security Attitude Questionnaire into Chinese and validate its reliability and validity among clinical nurses. DESIGN: A cross-sectional design. METHODS: A total of 728 clinical nurses from three hospitals in China participated in this study. The Information Security Attitude Questionnaire (ISA-Q) was translated into Chinese utilizing the Brislin two-way translation method. The reliability was assessed through internal consistency coefficient and test-retest reliability. The validity was determined through the Delphi expert consultation method and factor analysis. RESULTS: The Chinese version of ISA-Q consists of 30 items. Cronbach's α coefficient of the questionnaire was 0.930, and Cronbach's α coefficient of the six dimensions ranged from 0.781 to 0.938. The split-half reliability and test-retest reliability were 0.797 and 0.848, respectively. The content validity index (S-CVI) was 0.962. Exploratory factor analysis revealed a 6-factor structure supported by eigenvalues, total variance interpretation, and scree plots, accounting for a cumulative variance contribution rate of 69.436%. Confirmatory factor analysis further validated the 6-factor structure, demonstrating an appropriate model fit. CONCLUSION: The robust reliability and validity exhibited by the Chinese version of ISA-Q establish it as a dependable tool for evaluating the information security attitudes of clinical nurses. IMPLICATIONS FOR NURSING PRACTICE: The Chinese iteration of the ISA-Q questionnaire offers a profound insight into the information security attitudes held by clinical nurses. This understanding serves as a foundation for nursing managers to develop targeted intervention strategies aimed at fortifying nurses' information security attitudes, thereby enhancing patient safety.

Future-proofing genomic data and consent management: a comprehensive review of technology innovations.

Genomic information is increasingly used to inform medical treatments and manage future disease risks. However, any personal and societal gains must be carefully balanced against the risk to individuals contributing their genomic data. Expanding our understanding of actionable genomic insights requires researchers to access large global datasets to capture the complexity of genomic contribution to diseases. Similarly, clinicians need efficient access to a patient's genome as well as population-representative historical records for evidence-based decisions. Both researchers and clinicians hence rely on participants to consent to the use of their genomic data, which in turn requires trust in the professional and ethical handling of this information. Here, we review existing and emerging solutions for secure and effective genomic information management, including storage, encryption, consent, and authorization that are needed to build participant trust. We discuss recent innovations in cloud computing, quantum-computing-proof encryption, and self-sovereign identity. These innovations can augment key developments from within the genomics community, notably GA4GH Passports and the Crypt4GH file container standard. We also explore how decentralized storage as well as the digital consenting process can offer culturally acceptable processes to encourage data contributions from ethnic minorities. We conclude that the individual and their right for self-determination needs to be put at the center of any genomics framework, because only on an individual level can the received benefits be accurately balanced against the risk of exposing private information.

A study of blockchain-based liquidity cross-chain model.

Blockchain cross-chaining is about interconnectivity and interoperability between chains and involves both physical to virtual digital aspects and cross-chaining between digital networks. During the process, the liquidity transfer of information or assets can increase the use of items with other chains, so it is worth noting that the enhancement of cross-chain liquidity is of great practical importance to cross-chain technology. In this model, Layerzero is used as the primary secure cross-chain facility to build a full-chain identity by unifying NFT-distributed autonomous cross-chain identity IDs; applying super-contract pairs to enhance cross-chain liquidity; and initiating a dynamic transaction node creditworthiness model to increase the security of the cross-chain model and its risk management. Finally, by verifying three important property metrics timeliness is improved by at least 18%, robustness is increased by at least 50.9%, and radius of convergence is reduced by at least 25%. It is verified that the liquidity cross-chain model can eliminate the authentication transition between hierarchies while saving the cross-chain time cost, as a way to truly realize the liquid interoperability between multiple chains of blockchain.

Semantic aware-based instruction embedding for binary code similarity detection.

Binary code similarity detection plays a crucial role in various applications within binary security, including vulnerability detection, malicious software analysis, etc. However, existing methods suffer from limited differentiation in binary embedding representations across different compilation environments, lacking dynamic high-level semantics. Moreover, current approaches often neglect multi-level semantic feature extraction, thereby failing to acquire precise semantic information about the binary code. To address these limitations, this paper introduces a novel detection solution called BinBcla. This method employs an enhanced pre-training model to generate instruction embeddings with dynamic semantics for binary functions. Subsequently, multi-feature fusion technique is utilized to extract local semantic information and long-distance global features from the code, respectively, employing self-attention to comprehend the structure information of the code. Finally, an improved cosine similarity method is employed to learn relationships among all elements of the distance vectors, thereby enhancing the model's robustness to new sample functions. Experiments are conducted across different architectures, compilers, and optimization levels. The results indicate that BinBcla achieves higher accuracy, precision and F1 score compared to existing methods.

Efficient attribute-based strong designated verifier signature scheme based on elliptic curve cryptography.

In an attribute-based strong designated verifier signature, a signer who satisfies the access structure signs the message and assigns it to a verifier who satisfies the access structure to verify it, which enables fine-grained access control for signers and verifiers. Such signatures are used in scenarios where the identity of the signer needs to be protected, or where the public verifiability of the signature is avoided and only the designated recipient can verify the validity of the signature. To address the problem that the overall overhead of the traditional attribute-based strong designated verifier signature scheme is relatively large, an efficient attribute-based strong designated verifier signature scheme based on elliptic curve cryptography is proposed, as well as a security analysis of the new scheme given in the standard model under the difficulty of the elliptic curve discrete logarithm problem (ECDLP). On the one hand, the proposed scheme is based on elliptic curve cryptography and uses scalar multiplication on elliptic curves, which is computationally lighter, instead of bilinear pairing, which has a higher computational overhead in traditional attribute-based signature schemes. This reduces the computational overhead of signing and verification in the system, improves the efficiency of the system, and makes the scheme more suitable for resource-constrained cloud end-user scenarios. On the other hand, the proposed scheme uses LSSS (Linear Secret Sharing Schemes) access structure with stronger access policy expression, which is more efficient than the "And" gate or access tree access structure, making the computational efficiency of the proposed scheme meet the needs of resource-constrained cloud end-users.

Securing Internet-of-Medical-Things networks using cancellable ECG recognition.

Reinforcement of the Internet of Medical Things (IoMT) network security has become extremely significant as these networks enable both patients and healthcare providers to communicate with each other by exchanging medical signals, data, and vital reports in a safe way. To ensure the safe transmission of sensitive information, robust and secure access mechanisms are paramount. Vulnerabilities in these networks, particularly at the access points, could expose patients to significant risks. Among the possible security measures, biometric authentication is becoming a more feasible choice, with a focus on leveraging regularly-monitored biomedical signals like Electrocardiogram (ECG) signals due to their unique characteristics. A notable challenge within all biometric authentication systems is the risk of losing original biometric traits, if hackers successfully compromise the biometric template storage space. Current research endorses replacement of the original biometrics used in access control with cancellable templates. These are produced using encryption or non-invertible transformation, which improves security by enabling the biometric templates to be changed in case an unwanted access is detected. This study presents a comprehensive framework for ECG-based recognition with cancellable templates. This framework may be used for accessing IoMT networks. An innovative methodology is introduced through non-invertible modification of ECG signals using blind signal separation and lightweight encryption. The basic idea here depends on the assumption that if the ECG signal and an auxiliary audio signal for the same person are subjected to a separation algorithm, the algorithm will yield two uncorrelated components through the minimization of a correlation cost function. Hence, the obtained outputs from the separation algorithm will be distorted versions of the ECG as well as the audio signals. The distorted versions of the ECG signals can be treated with a lightweight encryption stage and used as cancellable templates. Security enhancement is achieved through the utilization of the lightweight encryption stage based on a user-specific pattern and XOR operation, thereby reducing the processing burden associated with conventional encryption methods. The proposed framework efficacy is demonstrated through its application on the ECG-ID and MIT-BIH datasets, yielding promising results. The experimental evaluation reveals an Equal Error Rate (EER) of 0.134 on the ECG-ID dataset and 0.4 on the MIT-BIH dataset, alongside an exceptionally large Area under the Receiver Operating Characteristic curve (AROC) of 99.96% for both datasets. These results underscore the framework potential in securing IoMT networks through cancellable biometrics, offering a hybrid security model that combines the strengths of non-invertible transformations and lightweight encryption.

Analysis of healthcare data security with DWT-HD-SVD based-algorithm invisible watermarking against multi-size watermarks.

In the modern day, multimedia and digital resources play a crucial role in demystifying complex topics and improving communication. Additionally, images, videos, and documents speed data administration, fostering both individual and organizational efficiency. Healthcare providers use tools like X-rays, MRIs, and CT scans to improve diagnostic and therapeutic capacities, highlighting the importance of these tools in contemporary communication, data processing, and healthcare. Protecting medical data becomes essential for maintaining patient confidentiality and service dependability in a time when digital assets are crucial to the healthcare industry. In order to overcome this issue, this study analyses the DWT-HD-SVD algorithm-based invisible watermarking in medical data. The main goal is to verify medical data by looking at a DWT-based hybrid technique used on X-ray images with various watermark sizes (256*256, 128*128, 64*64). The algorithm's imperceptibility and robustness are examined using metrics like Peak Signal-to-Noise Ratio (PSNR) and Structural Similarity Index (SSIM) and are analyzed using Normalized Connection (NC), Bit Error Rate (BER), and Bit Error Rate (BCR) in order to evaluate its resistance to various attacks. The results show that the method works better with smaller watermark sizes than it does with larger ones.

COMMENTARY: Protecting healthcare privacy: Analysis of data protection developments in India.

Patient privacy is essential and so is ensuring confidentiality in the doctor-patient relationship. However, today's reality is that patient information is increasingly accessible to third parties outside this relationship. This article discusses India's data protection framework and assesses data protection developments in India including the Digital Personal Data Protection Act, 2023.

Ethical considerations and concerns in the implementation of AI in pharmacy practice: a cross-sectional study.

BACKGROUND: Integrating artificial intelligence (AI) into healthcare has raised significant ethical concerns. In pharmacy practice, AI offers promising advances but also poses ethical challenges. METHODS: A cross-sectional study was conducted in countries from the Middle East and North Africa (MENA) region on 501 pharmacy professionals. A 12-item online questionnaire assessed ethical concerns related to the adoption of AI in pharmacy practice. Demographic factors associated with ethical concerns were analyzed via SPSS v.27 software using appropriate statistical tests. RESULTS: Participants expressed concerns about patient data privacy (58.9%), cybersecurity threats (58.9%), potential job displacement (62.9%), and lack of legal regulation (67.0%). Tech-savviness and basic AI understanding were correlated with higher concern scores (p < 0.001). Ethical implications include the need for informed consent, beneficence, justice, and transparency in the use of AI. CONCLUSION: The findings emphasize the importance of ethical guidelines, education, and patient autonomy in adopting AI. Collaboration, data privacy, and equitable access are crucial to the responsible use of AI in pharmacy practice.

[IT Failures in Hospitals - Structures and Processes in Hospitals for Coping Cyber Attacks]. / IT-Angriffe an Kliniken.

Clinics are, by definition, part of a country's critical infrastructure. In recent years, hospitals have increasingly become the target of cyber attacks, resulting in disruptions to their functionality lasting weeks to even months. According to the "National Strategy for the Protection of Critical Infrastructures (CRITIS Strategy)", clinics are legally obligated to take preventive measures against such incidents. This involves evaluating, defining, and developing failure concepts for IT-dependent processes within a clinic to be prepared for a cyber attack. Specifically tailored emergency plans for computer system failures should be created and maintained in all IT-dependent areas of a clinic.Additionally, paper-based alternative solutions, such as request forms for diagnostic or consultation services, department-specific emergency documents, and patient documentation charts, should be kept in a readily accessible location known to staff in the respective areas. The complete restoration of a clinic's network after a cyber attack often requires extensive recovery of numerous IT systems, which may take weeks to months in some cases.If the hospital has robust plans for cyber emergency preparedness, including regular scans and real-time backups, stabilization and a quicker resumption of operations may be possible.

Evaluating modern intrusion detection methods in the face of Gen V multi-vector attacks with fuzzy AHP-TOPSIS.

The persistent evolution of cyber threats has given rise to Gen V Multi-Vector Attacks, complex and sophisticated strategies that challenge traditional security measures. This research provides a complete investigation of recent intrusion detection systems designed to mitigate the consequences of Gen V Multi-Vector Attacks. Using the Fuzzy Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS), we evaluate the efficacy of several different intrusion detection techniques in adjusting to the dynamic nature of sophisticated cyber threats. The study offers an integrated analysis, taking into account criteria such as detection accuracy, adaptability, scalability, resource effect, response time, and automation. Fuzzy AHP is employed to establish priority weights for each factor, reflecting the nuanced nature of security assessments. Subsequently, TOPSIS is employed to rank the intrusion detection methods based on their overall performance. Our findings highlight the importance of behavioral analysis, threat intelligence integration, and dynamic threat modeling in enhancing detection accuracy and adaptability. Furthermore, considerations of resource impact, scalability, and efficient response mechanisms are crucial for sustaining effective defense against Gen V Multi-Vector Attacks. The integrated approach of Fuzzy AHP and TOPSIS presents a strong and adaptable strategy for decision-makers to manage the difficulties of evaluating intrusion detection techniques. This study adds to the ongoing discussion about cybersecurity by providing insights on the positive and negative aspects of existing intrusion detection systems in the context of developing cyber threats. The findings help organizations choose and execute intrusion detection technologies that are not only effective against existing attacks, but also adaptive to future concerns provided by Gen V Multi-Vector Attacks.

IT-Related Barriers and Facilitators to the Implementation of a New European eHealth Solution, the Digital Survivorship Passport (SurPass Version 2.0): Semistructured Digital Survey.

BACKGROUND: To overcome knowledge gaps and optimize long-term follow-up (LTFU) care for childhood cancer survivors, the concept of the Survivorship Passport (SurPass) has been invented. Within the European PanCareSurPass project, the semiautomated and interoperable SurPass (version 2.0) will be optimized, implemented, and evaluated at 6 LTFU care centers representing 6 European countries and 3 distinct health system scenarios: (1) national electronic health information systems (EHISs) in Austria and Lithuania, (2) regional or local EHISs in Italy and Spain, and (3) cancer registries or hospital-based EHISs in Belgium and Germany. OBJECTIVE: We aimed to identify and describe barriers and facilitators for SurPass (version 2.0) implementation concerning semiautomation of data input, interoperability, data protection, privacy, and cybersecurity. METHODS: IT specialists from the 6 LTFU care centers participated in a semistructured digital survey focusing on IT-related barriers and facilitators to SurPass (version 2.0) implementation. We used the fit-viability model to assess the compatibility and feasibility of integrating SurPass into existing EHISs. RESULTS: In total, 13/20 (65%) invited IT specialists participated. The main barriers and facilitators in all 3 health system scenarios related to semiautomated data input and interoperability included unaligned EHIS infrastructure and the use of interoperability frameworks and international coding systems. The main barriers and facilitators related to data protection or privacy and cybersecurity included pseudonymization of personal health data and data retention. According to the fit-viability model, the first health system scenario provides the best fit for SurPass implementation, followed by the second and third scenarios. CONCLUSIONS: This study provides essential insights into the information and IT-related influencing factors that need to be considered when implementing the SurPass (version 2.0) in clinical practice. We recommend the adoption of Health Level Seven Fast Healthcare Interoperability Resources and data security measures such as encryption, pseudonymization, and multifactor authentication to protect personal health data where applicable. In sum, this study offers practical insights into integrating digital health solutions into existing EHISs.

Research collaboration data platform ensuring general data protection.

Translational data is of paramount importance for medical research and clinical innovation. It has the potential to benefit individuals and organizations, however, the protection of personal data must be guaranteed. Collecting diverse omics data and electronic health records (EHR), re-using the minimized data, as well as providing a reliable data transfer between different institutions are mandatory steps for the development of the promising field of big data and artificial intelligence in medical research. This is made possible within the proposed data platform in this research project. The established data platform enables the collaboration between public and commercial organizations by data transfer from various clinical systems into a cloud for supporting multi-site research while ensuring compliant data governance.

Navigating privacy and security in telemedicine for primary care.

OBJECTIVE: To examine patient and provider perspectives on privacy and security considerations in telemedicine during the COVID-19 pandemic. STUDY DESIGN: Qualitative study with patients and providers from primary care practices in 3 National Patient-Centered Clinical Research Network sites in New York, New York; North Carolina; and Florida. METHODS: Semistructured interviews were conducted, audio recorded, transcribed verbatim, and coded using an inductive process. Data related to privacy and information security were analyzed. RESULTS: Sixty-five patients and 21 providers participated. Patients and providers faced technology-related security concerns as well as difficulties ensuring privacy in the transformed shared space of telemedicine. Patients expressed increased comfort doing telemedicine from home but often did not like their providers to offer virtual visits from outside an office setting. Providers initially struggled to find secure and Health Insurance Portability and Accountability Act-compliant platforms and devices to host the software. Whereas some patients preferred familiar platforms such as FaceTime, others recognized potential security concerns. Audio-only encounters sometimes raised patient concerns that they would not be able to confirm the identity of the provider. CONCLUSIONS: Telemedicine led to novel concerns about privacy because patients and providers were often at home or in public spaces, and they shared concerns about software and hardware security. In addition to technological safeguards, our study emphasizes the critical role of physical infrastructure in ensuring privacy and security. As telemedicine continues to evolve, it is important to address and mitigate concerns around privacy and security to ensure high-quality and safe delivery of care to patients in remote settings.

DS-PACK: Tool assembly for the end-to-end support of controlled access human data sharing.

The EU General Data Protection Regulation (GDPR) requirements have prompted a shift from centralised controlled access genome-phenome archives to federated models for sharing sensitive human data. In a data-sharing federation, a central node facilitates data discovery; meanwhile, distributed nodes are responsible for handling data access requests, concluding agreements with data users and providing secure access to the data. Research institutions that want to become part of such federations often lack the resources to set up the required controlled access processes. The DS-PACK tool assembly is a reusable, open-source middleware solution that semi-automates controlled access processes end-to-end, from data submission to access. Data protection principles are engraved into all components of the DS-PACK assembly. DS-PACK centralises access control management and distributes access control enforcement with support for data access via cloud-based applications. DS-PACK is in production use at the ELIXIR Luxembourg data hosting platform, combined with an operational model including legal facilitation and data stewardship.

ResNet1D-Based Personal Identification with Multi-Session Surface Electromyography for Electronic Health Record Integration.

Personal identification is an important aspect of managing electronic health records (EHRs), ensuring secure access to patient information, and maintaining patient privacy. Traditionally, biometric, signature, username/password, photo identity, etc., are employed for user authentication. However, these methods can be prone to security breaches, identity theft, and user inconvenience. The security of personal information is of paramount importance, particularly in the context of EHR. To address this, our study leverages ResNet1D, a deep learning architecture, to analyze surface electromyography (sEMG) signals for robust identification purposes. The proposed ResNet1D-based personal identification approach using the sEMG signal can offer an alternative and potentially more secure method for personal identification in EHR systems. We collected a multi-session sEMG signal database from individuals, focusing on hand gestures. The ResNet1D model was trained using this database to learn discriminative features for both gesture and personal identification tasks. For personal identification, the model validated an individual's identity by comparing captured features with their own stored templates in the healthcare EHR system, allowing secure access to sensitive medical information. Data were obtained in two channels when each of the 200 subjects performed 12 motions. There were three sessions, and each motion was repeated 10 times with time intervals of a day or longer between each session. Experiments were conducted on a dataset of 20 randomly sampled subjects out of 200 subjects in the database, achieving exceptional identification accuracy. The experiment was conducted separately for 5, 10, 15, and 20 subjects using the ResNet1D model of a deep neural network, achieving accuracy rates of 97%, 96%, 87%, and 82%, respectively. The proposed model can be integrated with healthcare EHR systems to enable secure and reliable personal identification and the safeguarding of patient information.