Machine learning cryptography methods for IoT in healthcare.

BACKGROUND: The increased application of Internet of Things (IoT) in healthcare, has fueled concerns regarding the security and privacy of patient data. Lightweight Cryptography (LWC) algorithms can be seen as a potential solution to address this concern. Due to the high variation of LWC, the primary objective of this study was to identify a suitable yet effective algorithm for securing sensitive patient information on IoT devices. METHODS: This study evaluates the performance of eight LWC algorithms-AES, PRESENT, MSEA, LEA, XTEA, SIMON, PRINCE, and RECTANGLE-using machine learning models. Experiments were conducted on a Raspberry Pi 3 microcontroller using 16 KB to 2048 KB files. Machine learning models were trained and tested for each LWC algorithm and their performance was evaluated based using precision, recall, F1-score, and accuracy metrics. RESULTS: The study analyzed the encryption/decryption execution time, energy consumption, memory usage, and throughput of eight LWC algorithms. The RECTANGLE algorithm was identified as the most suitable and efficient LWC algorithm for IoT in healthcare due to its speed, efficiency, simplicity, and flexibility. CONCLUSIONS: This research addresses security and privacy concerns in IoT healthcare and identifies key performance factors of LWC algorithms utilizing the SLR research methodology. Furthermore, the study provides insights into the optimal choice of LWC algorithm for enhancing privacy and security in IoT healthcare environments.

Reliability and validity of the Chinese version of the Information Security Attitude Questionnaire for nurses.

AIM: Nurses play a crucial role within medical institutions, maintaining direct interaction with patient data. Despite this, there is a scarcity of tools for evaluating nurses' perspectives on patient information security. This study aimed to translate the Information Security Attitude Questionnaire into Chinese and validate its reliability and validity among clinical nurses. DESIGN: A cross-sectional design. METHODS: A total of 728 clinical nurses from three hospitals in China participated in this study. The Information Security Attitude Questionnaire (ISA-Q) was translated into Chinese utilizing the Brislin two-way translation method. The reliability was assessed through internal consistency coefficient and test-retest reliability. The validity was determined through the Delphi expert consultation method and factor analysis. RESULTS: The Chinese version of ISA-Q consists of 30 items. Cronbach's α coefficient of the questionnaire was 0.930, and Cronbach's α coefficient of the six dimensions ranged from 0.781 to 0.938. The split-half reliability and test-retest reliability were 0.797 and 0.848, respectively. The content validity index (S-CVI) was 0.962. Exploratory factor analysis revealed a 6-factor structure supported by eigenvalues, total variance interpretation, and scree plots, accounting for a cumulative variance contribution rate of 69.436%. Confirmatory factor analysis further validated the 6-factor structure, demonstrating an appropriate model fit. CONCLUSION: The robust reliability and validity exhibited by the Chinese version of ISA-Q establish it as a dependable tool for evaluating the information security attitudes of clinical nurses. IMPLICATIONS FOR NURSING PRACTICE: The Chinese iteration of the ISA-Q questionnaire offers a profound insight into the information security attitudes held by clinical nurses. This understanding serves as a foundation for nursing managers to develop targeted intervention strategies aimed at fortifying nurses' information security attitudes, thereby enhancing patient safety.

GEN-RWD Sandbox: bridging the gap between hospital data privacy and external research insights with distributed analytics.

BACKGROUND: Artificial intelligence (AI) has become a pivotal tool in advancing contemporary personalised medicine, with the goal of tailoring treatments to individual patient conditions. This has heightened the demand for access to diverse data from clinical practice and daily life for research, posing challenges due to the sensitive nature of medical information, including genetics and health conditions. Regulations like the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. and the General Data Protection Regulation (GDPR) in Europe aim to strike a balance between data security, privacy, and the imperative for access. RESULTS: We present the Gemelli Generator - Real World Data (GEN-RWD) Sandbox, a modular multi-agent platform designed for distributed analytics in healthcare. Its primary objective is to empower external researchers to leverage hospital data while upholding privacy and ownership, obviating the need for direct data sharing. Docker compatibility adds an extra layer of flexibility, and scalability is assured through modular design, facilitating combinations of Proxy and Processor modules with various graphical interfaces. Security and reliability are reinforced through components like Identity and Access Management (IAM) agent, and a Blockchain-based notarisation module. Certification processes verify the identities of information senders and receivers. CONCLUSIONS: The GEN-RWD Sandbox architecture achieves a good level of usability while ensuring a blend of flexibility, scalability, and security. Featuring a user-friendly graphical interface catering to diverse technical expertise, its external accessibility enables personnel outside the hospital to use the platform. Overall, the GEN-RWD Sandbox emerges as a comprehensive solution for healthcare distributed analytics, maintaining a delicate equilibrium between accessibility, scalability, and security.

Medical Information Protection in Internet Hospital Apps in China: Scale Development and Content Analysis.

BACKGROUND: Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China. OBJECTIVE: In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement. METHODS: We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators. RESULTS: The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users' explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%). CONCLUSIONS: Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps' privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages.

[Development of competencies in the Medical Informatics Initiative (MII)-educational offers for a competent and secure handling of medical data]. / Kompetenzentwicklung in der Medizininformatik-Initiative (MII) ­ Lehrangebote für einen souveränen und sicheren Umgang mit medizinischen Daten.

In order to achieve the goals of the Medical Informatics Initiative (MII), staff with skills in the field of medical informatics and data science are required. Each consortium has established training activities. Further, cross-consortium activities have emerged. This article describes the concepts, implemented programs, and experiences in the consortia. Fifty-one new professorships have been established and 10 new study programs have been created: 1 bachelor's degree and 6 consecutive and 3 part-time master's degree programs. Further, learning and training opportunities can be used by all MII partners. Certification and recognition opportunities have been created.The educational offers are aimed at target groups with a background in computer science, medicine, nursing, bioinformatics, biology, natural science, and data science. Additional qualifications for physicians in computer science and computer scientists in medicine seem to be particularly important. They can lead to higher quality in software development and better support for treatment processes by application systems.Digital learning methods were important in all consortia. They offer flexibility for cross-location and interprofessional training. This enables learning at an individual pace and an exchange between professional groups.The success of the MII depends largely on society's acceptance of the multiple use of medical data in both healthcare and research. The information required for this is provided by the MII's public relations work. There is also an enormous need in society for medical and digital literacy.

Enabling cyber resilient shipping through maritime security operation center adoption: A human factors perspective.

The increased adoption of digital systems in the maritime domain has led to concerns about cyber resilience, especially in the wake of increasingly disruptive cyber-attacks. This has seen vessel operators increasingly adopt Maritime Security Operation Centers (M-SOCs), an action in line with one of the cyber resilience engineering techniques known as adaptive response, whose purpose is to optimize the ability to respond promptly to attacks. This research sought to investigate the domain-specific human factors that influence the adaptive response capabilities of M-SOC analysts to vessel cyber threats. Through collecting interview data and subsequent thematic analysis informed by grounded theory, cyber awareness of both crew onboard and vessel operators emerged as a pressing domain-specific challenge impacting M-SOC analysts' adaptive response. The key takeaway from this study is that vessel operators remain pivotal in supporting the M-SOC analysts' adaptive response processes through resource allocation towards operational technology (OT) monitoring and cyber personnel staffing onboard the vessels.

The need for cybersecurity self-evaluation in healthcare.

The Australian healthcare sector is a complex mix of government departments, associations, providers, professionals, and consumers. Cybersecurity attacks, which have recently increased, challenge the sector in many ways; however, the best approaches for the sector to manage the threat are unclear. This study will report on a semi-structured focus group conducted with five representatives from the Australian healthcare and computer security sectors. An analysis of this focus group transcript yielded four themes: 1) the challenge of securing the Australian healthcare landscape; 2) the financial challenges of cybersecurity in healthcare; 3) balancing privacy and transparency; 4) education and regulation. The results indicate the need for sector-specific tools to empower the healthcare sector to mitigate cybersecurity threats, most notably using a self-evaluation tool so stakeholders can proactively prepare for incidents. Despite the vast amount of research into cybersecurity, little has been conducted on proactive cybersecurity approaches where security weaknesses are identified weaknesses before they occur.

COMMENTARY: Protecting healthcare privacy: Analysis of data protection developments in India.

Patient privacy is essential and so is ensuring confidentiality in the doctor-patient relationship. However, today's reality is that patient information is increasingly accessible to third parties outside this relationship. This article discusses India's data protection framework and assesses data protection developments in India including the Digital Personal Data Protection Act, 2023.

INNBC DApp, a decentralized application to permanently store biomedical data on a modern, proof-of-stake (POS), blockchain such as BNB Smart Chain.

BACKGROUND: A blockchain can be described as a distributed ledger database where, under a consensus mechanism, data are permanently stored in records, called blocks, linked together with cryptography. Each block contains a cryptographic hash function of the previous block, a timestamp, and transaction data, which are permanently stored in thousands of nodes and never altered. This provides a potential real-world application for generating a permanent, decentralized record of scientific data, taking advantage of blockchain features such as timestamping and immutability. IMPLEMENTATION: Here, we propose INNBC DApp, a Web3 decentralized application providing a simple front-end user interface connected with a smart contract for recording scientific data on a modern, proof-of-stake (POS) blockchain such as BNB Smart Chain. Unlike previously proposed blockchain tools that only store a hash of the data on-chain, here the data are stored fully on-chain within the transaction itself as "transaction input data", with a true decentralized storage solution. In addition to plain text, the DApp can record various types of files, such as documents, images, audio, and video, by using Base64 encoding. In this study, we describe how to use the DApp and perform real-world transactions storing different kinds of data from previously published research articles, describing the advantages and limitations of using such a technology, analyzing the cost in terms of transaction fees, and discussing possible use cases. RESULTS: We have been able to store several different types of data on the BNB Smart Chain: raw text, documents, images, audio, and video. Notably, we stored several complete research articles at a reasonable cost. We found a limit of 95KB for each single file upload. Considering that Base64 encoding increases file size by approximately 33%, this provides us with a theoretical limit of 126KB. We successfully overcome this limitation by splitting larger files into smaller chunks and uploading them as multi-volume archives. Additionally, we propose AES encryption to protect sensitive data. Accordingly, we show that it is possible to include enough data to be useful for storing and sharing scientific documents and images on the blockchain at a reasonable cost for the users. CONCLUSION: INNBC DApp represents a real use case for blockchain technology in decentralizing biomedical data storage and sharing, providing us with features such as immutability, timestamp, and identity that can be used to ensure permanent availability of the data and to provide proof-of-existence as well as to protect authorship, a freely available decentralized science (DeSci) tool aiming to help bring mass adoption of blockchain technology among the scientific community.

Ethical and social reflections on the proposed European Health Data Space.

The COVID-19 pandemic demonstrated the benefits of international data sharing. Data sharing enabled the health care policy makers to make decisions based on real-time data, it enabled the tracking of the virus, and importantly it enabled the development of vaccines that were crucial to mitigating the impact of the virus. This data sharing is not the norm as data sharing needs to navigate complex ethical and legal rules, and in particular, the fragmented application of the General Data Protection Regulation (GDPR). The introduction of the draft regulation for a European Health Data Space (EHDS) in May 2022 seeks to address some of these legal issues. If passed, it will create an obligation to share electronic health data for certain secondary purposes. While there is a clear need to address the legal complexities involved with data sharing, it is critical that any proposed reforms are in line with ethical principles and the expectations of the data subjects. In this paper we offer a critique of the EHDS and offer some recommendations for this evolving regulatory space.

[Blockchain in health: Transforming security and clinical data management]. / Blockchain en salud: transformando la seguridad y la gestión de datos clínicos.

INTRODUCTION: Technological advances continue to transform society, including the health sector. The decentralized and verifiable nature of blockchain technology presents great potential for addressing current challenges in healthcare data management. DISCUSSION: This article reports on how the generalized adoption of blockchain faces important challenges and barriers that must be addressed, such as the lack of regulation, technical complexity, safeguarding privacy, and economic and technological costs. Collaboration between medical professionals, technologists and legislators is essential to establish a solid regulatory framework and adequate training. CONCLUSION: Blockchain technology has the potential to revolutionize data management in the healthcare sector, improving the quality of medical care, empowering users, and promoting the secure sharing of data, but an important cultural change is needed, along with more evidence, to reveal its advantages in front of the existing technological alternative.

An enhanced pairing-free certificateless directed signature scheme.

Directed signature is a special cryptographic technique in which only the verifier designated by the signer can verify the validity of the signature. Directed signature can effectively protect the privacy of the signer's identity, so it is very suitable for medical records, taxation, and other fields. To improve the security and performance of the directed signature scheme, Gayathri et al. proposed the first certificateless directed signature (CLDS) scheme without bilinear pairing and claimed that their CLDS scheme could withstand Type I and Type II attacks. In this article, we provide two attack methods to assess the security of their CLDS scheme. Unfortunately, our results indicate that their CLDS scheme is insecure against Type I and Type II attacks. That is, their CLDS scheme does not meet the unforgeability and cannot achieve the expected security goals. To resist these attacks, we present an improved CLDS scheme and give the security proof. Compared with similar schemes, our scheme has better performance and higher security.

Perceived Security Risk Based on Moderating Factors for Blockchain Technology Applications in Cloud Storage to Achieve Secure Healthcare Systems.

Due to the high amount of electronic health records, hospitals have prioritized data protection. Because it uses parallel computing and is distributed, the security of the cloud cannot be guaranteed. Because of the large number of e-health records, hospitals have made data security a major concern. The cloud's security cannot be guaranteed because it uses parallel processing and is distributed. The blockchain (BC) has been deployed in the cloud to preserve and secure medical data because it is particularly prone to security breaches and attacks such as forgery, manipulation, and privacy leaks. An overview of blockchain (BC) technology in cloud storage to improve healthcare system security can be obtained by reading this paper. First, we will look at the benefits and drawbacks of using a basic cloud storage system. After that, a brief overview of blockchain cloud storage technology will be offered. Many researches have focused on using blockchain technology in healthcare systems as a possible solution to the security concerns in healthcare, resulting in tighter and more advanced security requirements being provided. This survey could lead to a blockchain-based solution for the protection of cloud-outsourced healthcare data. Evaluation and comparison of the simulation tests of the offered blockchain technology-focused studies can demonstrate integrity verification with cloud storage and medical data, data interchange with reduced computational complexity, security, and privacy protection. Because of blockchain and IT, business warfare has emerged, and governments in the Middle East have embraced it. Thus, this research focused on the qualities that influence customers' interest in and approval of blockchain technology in cloud storage for healthcare system security and the aspects that increase people's knowledge of blockchain. One way to better understand how people feel about learning how to use blockchain technology in healthcare is through the United Theory of Acceptance and Use of Technology (UTAUT). A snowball sampling method was used to select respondents in an online poll to gather data about blockchain technology in Middle Eastern poor countries. A total of 443 randomly selected responses were tested using SPSS. Blockchain adoption has been shown to be influenced by anticipation, effort expectancy, social influence (SI), facilitation factors, personal innovativeness (PInn), and a perception of security risk (PSR). Blockchain adoption and acceptance were found to be influenced by anticipation, effort expectancy, social influence (SI), facilitating conditions, personal innovativeness (PInn), and perceived security risk (PSR) during the COVID-19 pandemic, as well as providing an overview of current trends in the field and issues pertaining to significance and compatibility.

Webinar ética, seguridad y privacidad en tiempos de COVID-19

Conversatorio virtual organizado por la Red Centroamericana de Informática en Salud en colaboración con Central American Healthcare Initiative, el 7 de mayo de 2020.

Flimma: a federated and privacy-aware tool for differential gene expression analysis.

Aggregating transcriptomics data across hospitals can increase sensitivity and robustness of differential expression analyses, yielding deeper clinical insights. As data exchange is often restricted by privacy legislation, meta-analyses are frequently employed to pool local results. However, the accuracy might drop if class labels are inhomogeneously distributed among cohorts. Flimma ( https://exbio.wzw.tum.de/flimma/ ) addresses this issue by implementing the state-of-the-art workflow limma voom in a federated manner, i.e., patient data never leaves its source site. Flimma results are identical to those generated by limma voom on aggregated datasets even in imbalanced scenarios where meta-analysis approaches fail.

Collaborative calculation and application of interreal and real interval relations to protect privacy.

The determination of the relation between a number and a numerical interval is one of the core problems in the scientific calculation of privacy protection. The calculation of the relationship between two numbers and a numerical interval to protect privacy is also the basic problem of collaborative computing. It is widely used in data queries, location search and other fields. At present, most of the solutions are still fundamentally limited to the integer level, and there are few solutions at the real number level. To solve these problems, this paper first uses Bernoulli inequality generalization and a monotonic function property to extend the solution to the real number level and designs two new protocols based on the homomorphic encryption scheme, which can not only protect the data privacy of both parties involved in the calculation, but also extend the number domain to real numbers. In addition, this paper designs a solution to the confidential cooperative determination problem between real numbers by using the sign function and homomorphism multiplication. Theoretical analysis shows that the proposed solution is safe and efficient. Finally, some extension applications based on this protocol are given.

Workshop RNDS: segurança da informação - 11/12/2020

A secure remote user authentication scheme for 6LoWPAN-based Internet of Things.

One of the significant challenges in the Internet of Things (IoT) is the provisioning of guaranteed security and privacy, considering the fact that IoT devices are resource-limited. Oftentimes, in IoT applications, remote users need to obtain real-time data, with guaranteed security and privacy, from resource-limited network nodes through the public Internet. For this purpose, the users need to establish a secure link with the network nodes. Though the IPv6 over low-power wireless personal area networks (6LoWPAN) adaptation layer standard offers IPv6 compatibility for resource-limited wireless networks, the fundamental 6LoWPAN structure ignores security and privacy characteristics. Thus, there is a pressing need to design a resource-efficient authenticated key exchange (AKE) scheme for ensuring secure communication in 6LoWPAN-based resource-limited networks. This paper proposes a resource-efficient secure remote user authentication scheme for 6LoWPAN-based IoT networks, called SRUA-IoT. SRUA-IoT achieves the authentication of remote users and enables the users and network entities to establish private session keys between themselves for indecipherable communication. To this end, SRUA-IoT uses a secure hash algorithm, exclusive-OR operation, and symmetric encryption primitive. We prove through informal security analysis that SRUA-IoT is secured against a variety of malicious attacks. We also prove the security strength of SRUA-IoT through formal security analysis conducted by employing the random oracle model. Additionally, we prove through Scyther-based validation that SRUA-IoT is resilient against various attacks. Likewise, we demonstrate that SRUA-IoT reduces the computational cost of the nodes and communication overheads of the network.