Internet of Healthcare Things E-Book

Table of Contents

Cover

Title Page

Copyright

Preface

Objective of the Book

Organization of the Book

Section 1: Security and Privacy Concerns in the IoHT (Chapters 1–3)

Section 2: Application of Machine Learning, Blockchain and Fog Computing in the IoHT (Chapters 4–8)

Section 3: Case Studies on Healthcare (Chapters 9–12)

Section 1 SECURITY AND PRIVACY CONCERN IN IoHT

1 Data Security and Privacy Concern in the Healthcare System

1.1 Introduction

1.2 Privacy and Security Concerns on E-Health Data

1.3 Levels of Threat to Information in Healthcare Organizations

1.4 Security and Privacy Requirement

1.5 Security of Healthcare Data

1.6 Privacy-Preserving Methods in Data

1.7 Conclusion

References

2 Authentication and Authorization Mechanisms for Internet of Healthcare Things

2.1 Introduction

2.2 Stakeholders in IoHT

2.3 IoHT Process Flow

2.4 Sources of Vulnerability

2.5 Security Features

2.6 Challenges to the Security Fabric

2.7 Security Techniques—User Authentication

2.8 Conclusions

References

3 Security and Privacy Issues Related to Big Data-Based Ubiquitous Healthcare Systems

3.1 Introduction

3.2 Big Data Privacy & Security Issues

3.3 Big Data Security Problem

3.4 Privacy of Big Data in Healthcare

3.5 Privacy Conserving Methods in Big Data

3.6 Conclusion

References

Section 2 APPLICATION OF MACHINE LEARNING, BLOCKCHAIN AND FOG COMPUTING ON IoHT

4 Machine Learning Aspects for Trustworthy Internet of Healthcare Things

4.1 Introduction

4.2 Overview of Internet of Things

4.3 Security Issues of IoT

4.4 Internet of Healthcare Things (IoHT): Architecture and Challenges

4.5 Security Protocols in IoHT

4.6 Application of Machine Learning for Intrusion Detection in IoHT

4.7 Proposed Framework

4.8 Conclusion

References

5 Analyzing Recent Trends and Public Sentiment for Internet of Healthcare Things and Its Impact on Future Health Crisis

5.1 Introduction

5.2 Literature Review

5.3 Overview of the Internet of Healthcare Things

5.4 Performing Topic Modeling on IoHTs Dataset

5.5 Performing Sentiment Analysis on IoHTs Dataset

5.6 Conclusion and Future Scope

References

6 Rise of Telemedicine in Healthcare Systems Using Machine Learning: A Key Discussion

6.1 Introduction

6.2 Types of Machine Learning

6.3 Telemedicine Advantages

6.4 Telemedicine Disadvantages

6.5 Review of Literature

6.6 Fundamental Key Components Needed to Begin Telemedicine

6.7 Types of Telemedicine

6.8 Benefits of Telemedicine

6.9 Application of Telemedicine Using Machine Learning

6.10 Innovation Infrastructure of Telemedicine

6.11 Utilization of Mobile Wireless Devices in Telemedicine

6.12 Conclusion

References

7 Trusted Communication in the Healthcare Sector Using Blockchain

7.1 Introduction

7.2 Overview of Blockchain

7.3 Medical IoT Concerns

7.4 Needs for Security in Medical IoT

7.5 Uses of Blockchain in Healthcare

7.6 Solutions for IoT Healthcare Cyber-Security

7.7 Executions of Trusted Environment

7.8 Patient Registration Using Medical IoT Devices

7.9 Trusted Communications Using Blockchain

7.10 Combined Workflows

7.11 Conclusions

References

8 Blockchain in Smart Healthcare Management

8.1 Introduction

8.2 Healthcare Industry

8.3 Blockchain Technology

8.4 Applications of Blockchain in Healthcare

8.5 Challenges of Blockchain in Healthcare

8.6 Future Research Directions

8.7 Conclusion

References

Section 3 CASE STUDIES OF HEALTHCARE

9 Organ Trafficking on the Dark Web—The Data Security and Privacy Concern in Healthcare Systems

9.1 Introduction

9.2 Inclination for Cybersecurity Web Peril

9.3 Literature Review

9.4 Market Paucity or Organ Donors

9.5 Organ Harvesting and Transplant Tourism Revenue

9.6 Social Web Net Crimes

9.7 DW—Frontier of Illicit Human Harvesting

9.8 Organ Harvesting Apprehension

9.9 Result and Discussions

9.10 Conclusions

References

10 Deep Learning Techniques for Data Analysis Prediction in the Prevention of Heart Attacks

Abbreviations

10.1 Introduction

10.2 Literature Survey

10.3 Materials and Method

10.4 Training Models

10.5 Data Preparation

10.6 Results Obtained

10.7 Conclusion

References

11 Supervising Healthcare Schemes Using Machine Learning in Breast Cancer and Internet of Things (SHSMLIoT)

11.1 Introduction

11.2 Related Work

11.3 IoT and Disease

11.4 Research Materials and Methods

11.5 Experimental Outcomes

11.6 Conclusion

References

12 Perspective-Based Studies of Trust in IoHT and Machine Learning-Brain Cancer

12.1 Introduction

12.2 Literature Survey

12.3 Illustration of Brain Cancer

12.4 Sleuthing and Classification of Brain Tumors

12.5 Survival Rate of Brain Tumors

12.6 Conclusion

References

Index

End User License Agreement

List of Illustrations

Chapter 2

Figure 2.1 Process flow in IoHT. Depicting the flow of data and interfaces (orig...

Chapter 3

Figure 3.1 Big data security life cycle [6].

Figure 3.2 General HIPAA Diagram [47].

Figure 3.3 Process of HIPAA.

Figure 3.4 The four Operating Execution categories for HybrEx MapReduce [40]. a)...

Chapter 4

Figure 4.1 Architectures of IoT based on applications [12].

Figure 4.2 IoT applications.

Figure 4.3 IoT issues and challenges.

Figure 4.4 Architecture of IoHT.

Figure 4.5 Stages of IoHT data analysis.

Figure 4.6 Security protocols in IoHT.

Figure 4.7 Attacks in IoHT.

Figure 4.8 Security Protocols in IoHT.

Figure 4.9 Proposed Multi-Fog architecture.

Figure 4.10 Proposed distributed classification.

Chapter 5

Figure 5.1 Sample of IoHTs news dataset.

Figure 5.2 Sample list of articles included in IoHTs news dataset.

Figure 5.3 Referred no of articles from top news resources.

Figure 5.4 IoHTs news dataset WorldCloud.

Figure 5.5 Performing topic modeling on IoHT dataset.

Figure 5.6 Performing topic modeling on IoHT dataset during COIVD 19 period.

Figure 5.7 IoHTs News Articles and Media Group Sentiment Analysis.

Figure 5.8 IoHTs News Sentiment Data Analysis for the year 2020.

Figure 5.9 IoHTs News Sentiment Data Analysis during COVID 19 for the year 2020.

Chapter 6

Figure 6.1 Types of machine learning.

Figure 6.2 Store and forward method in telemedicine.

Figure 6.3 Telecardiology.

Figure 6.4 Teleradiology.

Figure 6.5 Telepharmacy.

Figure 6.6 Remote monitoring.

Figure 6.7 Telemedicine using machine learning.

Figure 6.8 Workflow of MHealth.

Chapter 7

Figure 7.1 Blockchain infrastructure [18].

Figure 7.2 Smart medical network.

Figure 7.3 Blockchain usage in the healthcare sector.

Figure 7.4 Layers of healthcare security.

Figure 7.5 Root of Trust.

Figure 7.6 Chain of Trust.

Figure 7.7 Architecture Diagram of Smart Healthcare.

Figure 7.8 Blockchain based IoT smart healthcare.

Chapter 8

Figure 8.1 Classification of healthcare services.

Figure 8.2 Stakeholders in healthcare.

Figure 8.3 P2P network.

Figure 8.4 Block in blockchain.

Figure 8.5 Working of a blockchain system.

Figure 8.6 Drawbacks of blockchain.

Figure 8.7 Applications of blockchain in healthcare.

Figure 8.8 EMR (electronic medical records).

Figure 8.9 Healthcare management system using blockchain.

Figure 8.10 Remote monitoring using IoMT devices.

Figure 8.11 Blockchain integrated SCM system for countering drug counterfeiting.

Figure 8.12 Blockchain technology in public health management.

Chapter 9

Figure 9.1 Three Layers of web.

Figure 9.2 Globally organ transplantation activities.

Figure 9.3 Human body organ parts.

Figure 9.4 Overview of the organ market.

Figure 9.5 Bitcoins scam on the DW.

Figure 9.6 Human harvesting is sold on the DW.

Figure 9.7 The organ tracking process and its relationships.

Figure 9.8 Overview of Organ Tracking Process.

Chapter 10

Figure 10.1 Architecture of the proposed method.

Figure 10.2 Predictive models.

Figure 10.3 Obtained confusion matrix for K Nearest Neighbors Classifier.

Figure 10.4 Obtained confusion matrix for Naïve Bayes Classifier was 81.57%.

Figure 10.5 Obtained confusion matrix for Decision Tree Classifier was 72.36%.

Figure 10.6 Obtained confusion matrix for Random Forest Classifier was 76.31%.

Figure 10.7 Validation accuracy v/s training accuracy.

Figure 10.8 Analysis by age.

Figure 10.9 Analysis by cholesterol type.

Figure 10.10 Analysis by chest pain.

Figure 10.11 Analysis by slope peak.

Figure 10.12 Analysis by Induced angina.

Figure 10.13 Analysis by Fasting Blood Sugar.

Figure 10.14 Analysis by Gender.

Figure 10.15 Analysis by Resting ECG.

Figure 10.16 Analysis by Max Heart Rate.

Figure 10.17 Analysis by Resting.

Figure 10.18 Analysis by slope peak.

Figure 10.19 Analysis by Depression.

Figure 10.20 Analysis by Thalassemia.

Figure 10.21 Analysis by Fluoroscopy.

Chapter 11

Figure 11.1 Performance of precision with fifteen classifiers without feature se...

Figure 11.2 Performance of Recall and MCC with fifteen classifiers without featu...

Figure 11.3 Performance of precision with fifteen classifiers with feature selec...

Figure 11.4 Performance of Recall and MCC with fifteen classifiers with feature ...

Chapter 12

Figure 12.1 Process flow for internet in healthcare system.

Figure 12.2 Grades of brain tumor.

Figure 12.3 Common signs of cancer.

Figure 12.4 Survival rate for different grades of astrocytoma.

List of Tables

Chapter 3

Table 3.1 Difference between security & privacy.

Table 3.2 Threat models.

Table 3.3 Data protection laws in some countries.

Table 3.4 An anonymous database containing patient records.

Table 3.5 Two anonymities with properties “birth”, “sex” and “zip”.

Chapter 4

Table 4.1 Basic architectural layers of IoT.

Chapter 5

Table 5.1 News resources list considered for IoHTs news dataset.

Table 5.2 Possible abstract topic label derived from LDA topic model output.

Table 5.3 Possible abstract topic label derived from LDA topic model output for ...

Chapter 8

Table 8.1 Future directions.

Chapter 10

Table 10.1 Important factors extracted for training.

Table 10.2 Layer details.

Chapter 11

Table 11.1 Classification results of various machine learning algorithm on Wilco...

Table 11.2 Classification results of various machine learning algorithm on Wilco...

Guide

Cover

Table of Contents

Title Page

Copyright

Preface

Begin Reading

Index

End User License Agreement

Pages

v

ii

iii

iv

xiii

xiv

xv

xvi

xvii

xviii

1

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

27

28

29

30

31

32

33

34

35

36

37

38

39

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

189

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

Scrivener Publishing

100 Cummings Center, Suite 541J

Beverly, MA 01915-6106

Publishers at Scrivener

Martin Scrivener ([email protected])

Phillip Carmical ([email protected])

Internet of Healthcare Things

Machine Learning for Security and Privacy

Edited by

and

This edition first published 2022 by John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA and Scrivener Publishing LLC, 100 Cummings Center, Suite 541J, Beverly, MA 01915, USA

© 2022 Scrivener Publishing LLC

For more information about Scrivener publications please visit www.scrivenerpublishing.com.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

Wiley Global Headquarters

111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Limit of Liability/Disclaimer of Warranty

While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchant-ability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials, or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read.

Library of Congress Cataloging-in-Publication Data

ISBN 978-1-119-79176-8

Cover image: Pixabay.Com

Cover design by Russell Richardson

Set in size of 11pt and Minion Pro by Manila Typesetting Company, Makati, Philippines

Printed in the USA

10 9 8 7 6 5 4 3 2 1

Preface

In recent years, the use of the Internet of Things (IoT) has been on the rise worldwide, bringing with it new challenges and possibilities along with new cybersecurity risks in the area of IoT-enabled healthcare. These new challenges involve smart connectivity, high security, and confidentiality, generating big data, reducing total data latency between machine-to-machine interfaces, and reducing bandwidth, complexity, and power consumption. In the healthcare sector, the IoT has made it possible for devices to monitor patient’s health remotely, unleashing the capability to ensure their health and allowing physicians to deliver unmatched care. These IoT devices are more efficient for identifying disease in less time with more precision and have an absence of network segmentation, inadequate access control of legacy systems, and an increased susceptible surface area that cyber attackers exploit. Therefore, even though the IoT has significantly impacted healthcare costs and improving treatment results, IoT-enabled healthcare devices’ greatest common threats are data safety and confidentiality. Since these devices communicate and obtain data in real-time, cybercriminals can break into the system and steal the Personal Health Information (PHI) of both patients and their doctors. Even so, the IoT is certainly improving the healthcare sector by redefining the scope of the devices.

Another significant threat is the combination of numerous network devices, which creates difficulties in implementing the IoT in the healthcare sector. The enormous amount of data produced by these devices can also impede the ability of doctors to identify diseases. So, this book addresses these issues and provides solutions through authentication and authorization mechanisms, blockchain, fog computing, machine learning algorithm, etc. Machine learning-enabled IoT devices deliver the information concealed in data for fast, computerized responses and enhanced decision-making. This information might be used to plan for upcoming patterns, distinguish anomalies, and expand intelligence by audio, image and video analyses. The IoT permits devices to send information to isolate blockchain networks to generate tamper-resistant accounts of collective transactions. Blockchain empowers business associates to access and share IoT data but without the necessity of central management and control.

As the world is entering the fourth industrial revolution-otherwise known as Industry 4.0-the combination of the IoT with other technologies, such as cybersecurity, big data, cloud computing and blockchain, is fundamentally changing the healthcare industry. The development of these fields is critical in healthcare because it improves the quality and efficiency of treatments and improves the patients’ health.

Objective of the Book

This book’s main objective is to motivate the reader to use telemedicine facilities to monitor patients in remote areas and gather clinical data for further research. To this end, it provides an overview of the Internet of Healthcare Things (IoHT) and discusses the significant threats: the data security and data privacy of health records. Another major threat is the combination of numerous devices and protocols, precision time, data overloading, etc. In the IoHT, multiple devices are connected and communicate through specific protocols. Therefore, the application of emerging technologies to mitigate these threats and provide secure data communication over the network is discussed. This book also discusses the integration of machine learning with the IoHT for analyzing vast amounts of data for predicting diseases more accurately. Case studies are also given to verify the concepts presented in the book.

Organization of the Book

The 12 chapters of the book are organized into three sections. The first section consists of three chapters on data security and privacy concerns in the IoHT. The second section contains five chapters describing the application of machine learning, blockchain, and fog computing in the IoHT. The third section discusses the latest case studies in the healthcare sector.

Section 1: Security and Privacy Concerns in the IoHT (Chapters 1–3)

Chapter 1

discusses the changes and standards required for the healthcare sector, covering privacy and security concerns, requirements, existing solutions, future challenges, and privacy-preserving methods. This chapter focus to enhance the knowledge of monitoring for adverse medical events and leading to a rise in the quality of treatment for diseases.

Chapter 2

states that the purpose of the IoHT is to enrich the users’ experience by providing a responsive, discernible, seamless information service and denial of service to unauthorized proponents. In terms of security, the protection for IoT systems in the healthcare sector emanates from both physical and virtual access. Devices and equipment engaged in the IoHT will only be made accessible to authorized personnel, and this denial of physical access to strangers would in itself ensure the avoidance of cyber intrusion in a significant number of cases. The next layer of protection is at the virtual level, wherein the identity of the access seeker is authenticated by secured protocols and standard measures deployed in the system’s design.

Chapter 3

discusses security and privacy issues at every stage of healthcare data’s big data life cycle. This chapter also provides an overview of different laws applicable to the protection of healthcare data in different countries, such as the Health Insurance Portability and Accountability Act (HIPAA), Data Protection Act (DPA), Personal Information Protection and Electronic Documents Act (PIPEDA), etc. The chapter focuses on finding a reasonable explanation for data protection and security behind crucial health information in the future.

Section 2: Application of Machine Learning, Blockchain and Fog Computing in the IoHT (Chapters 4–8)

Chapter 4

gives an overview of the Internet of Things (IoT) and its applications in several fields, and the security challenges faced while deploying it. Then the chapter focuses on its application in the healthcare field. The architectural design of IoT-enabled healthcare is illustrated along with the benefits, necessities and several challenges faced when using it. The security protocols that researchers have designed for intrusion detection in the IoHT are discussed, along with the further application of machine learning and its contribution to intrusion detection in the IoHT. Moreover, a direction is given for future research towards designing a secure IoHT framework with low latency and fast processing ability for accurate end-to-end data delivery.

Chapter 5

presents a sentiment analysis and topic modelling-based approach for early warning of a health crisis, which can be integrated with the IoHT’s framework and can be fruitful in assisting medical specialists. In this research, information related to the IoHT is collected, followed by dataset generation. Modelling is performed on the proposed IoHT dataset for predicting trends in IoHT domains. Sentiment analysis towards the IoHT’s applicability is evaluated to find the overall sentiment orientation of people. In the current pandemic situation, variations in the sentiment orientation of users towards IoHT systems are evaluated, and analysis is carried out to determine the effectiveness of these systems.

Chapter 6

focuses on telemedicine, providing medical services and clinical data and administering medicine to patients in the current pandemic. It is a cooperative for communication between specialists, drug specialists, patients, and individuals in remote regions. Telemedicine systems are progressively being used by patients, clinicians, and organizations. This chapter illustrates the few steps, which can consider in the case of emergence.

Chapter 7

discusses blockchain networks in the healthcare sector, focusing on the multilayer IoT/blockchain grounded on architecture customized and planned to be utilized in the medical field. The role of several parties and health service providers, doctors, insurance companies, and pharmacies are integrated with this work. The decisive goal is to crack the problem of performance and scalability. This chapter addresses the convergence across different elements, such as modern architecture, device designs, process, scheme, paradigm, platform, approach, protocol, and algorithm, upon the mechanism designs of decentralized healthcare implementation. It also discusses suitable security solutions, like lightweight cryptographic procedures and protocols, which are challenged with lowering the overhead in the rankings of computations and resources. This leads to the inference that designing an effective intrusion discovery/prevention system that collaborates with dynamic data processing is required. The chapter concludes with a blockchain-based security solution is proposed that is divided into three distinct layers to distinguish and avoid attacks and authorize patient details when registered in cloud-based applications.

Chapter 8

reviews healthcare systems and their challenges, followed by blockchain and its integration with healthcare. Blockchain can be securely implemented in healthcare systems for sharing, storing, and creating electronic medical records and prescriptions, personalized medicine, remote monitoring, mobile health applications, and the Internet of Medical Things (IoMT), which are vital to improving the quality of patient care. Fraud detection, insurance claims, medical transactions, checking for counterfeit drugs, and tracking, along with other uses for patients, doctors, and healthcare institutes, can also be achieved by using blockchain in healthcare. This chapter ends with a discussion of the challenges faced when implementing blockchain in healthcare.

Section 3: Case Studies on Healthcare (Chapters 9–12)

Chapter 9

addresses the dark web. The internet is an open platform for communicating across boundaries. Without the usual security checks, the anonymous part of the internet, called the dark web, is used by cybercriminals to perform illicit activities. Security research agencies are continuously designing and executing covert operations to track criminals. For instance, organ trafficking is sometimes used by patients who urgently need a quick organ transplant, but due to the scarcity and long-term storage deficiency, healthy living donors are required who are trafficked from multiple nations to avoid being tracked by security agencies. Here, the rich pay the cost of the organ to the donor. But the secure communication and exchange occur using intermediate agents who manage safe locations, operating doctors, and the patient’s travel and recuperation after the operation. So, this chapter discusses the illicit trafficking market, including other criminal activities done over dark web platforms.

Chapter 10

provides an overview of deep learning algorithms, neural networks, random forest, and decision tree classifiers for analyzing patients’ data to predict heart disease. This chapter shows how the medical practitioner can detect heart disease by attaining precise troponin levels and prescribe effective medicine according to the foreseen disease. The study results presented in this chapter demonstrate that heart disease can be predicted with 90% accuracy.

Chapter 11

describes how the Internet of Things (IoT) has transformed the routine and lifestyle of individuals and its involvement in the arena of healthcare. It is grounded on different machine learning applications, and information is mined for real-time scrutiny of data and secluded health supervision constructed on IoT infrastructure. It helps in forecasting schemes for using machine learning methods, like MLP, Bayes net, SVM, J48, decision trees, etc., in experimental results for breast cancer. In this chapter, features selection, growing efficiency, and deep neural network classification approaches will be exploited to further boost the investigative procedure’s performance for breast cancer diagnosis.

Chapter 12

aims to enhance the reader’s understanding of how the Internet of Things (IoT) is used in various medical treatment areas, such as brain cancer. To be trusted Internet of Healthcare Things (IoHT), machine learning algorithms have settled on a colossal commitment to decision-making, which has been clarified through a portion of the contextual investigations in this chapter. This chapter explains the exact therapy of brain tumors, beginning with the types to the best reasonable investigative techniques and survival rates.

We would like to thank all the authors who kindly contributed their chapters to this book. We are also grateful to the publishing and production teams at Scrivener Publishing Group for their assistance in the preparation and publication of this book.

Dr. Kavita SharmaDepartment of CSE, Galgotias College of Engineering & Technology,Greater Noida, IndiaDr. Yogita GigrasDepartment of CSE and IT, The NorthCap University, Gurugram, IndiaDr. Vishnu SharmaDepartment of CSE, Galgotias College of Engineering & Technology,Greater Noida, IndiaDr. D. Jude HemanthDepartment of ECE, Karunya University, Coimbatore, IndiaDr. Ramesh Chandra PooniaCHRIST (Deemed to be University),Bangalore, Karnataka, India

Section 1SECURITY AND PRIVACY CONCERN IN IoHT

1Data Security and Privacy Concern in the Healthcare System

Ahuja Sourav

The NorthCap University, Gurugram, India

Abstract

Change is the new convention and standard for the world’s health sector. Change in the collection, storage, and transfer of healthcare data through digitization is experiencing a fundamental as well as dramatic move in the executing, business and clinical archetype in the world’s economy for the predictable future. This change is propelled by lifestyle changes and mellowing populations, the development of software applications, smart devices and gadgets, progressive treatments, and increased emphasis on care value and quality. All these will offer remarkable opportunities for improving and helping clinical objective decision, hence improving healthcare facilities and delivery, monitoring adverse events, and leading to a rise in the standards of treatment for diseases. In this chapter, we will read about developments in medical systems, requirements in medical data systems, and security and privacy concerns.

Keywords: Healthcare system, security, privacy, eHealth data

1.1 Introduction

Medical data is being considered to improve health conditions, gain precious perceptions, and lower medical charges. However, increased privacy and security concerns are so irresistible that we are not able to take complete benefits of it with its available resources and facilities. The diverse technologies which generate data in medical fields are ever-increasing. The information generated is available at the central location and can be utilized for any organization including healthcare medical organizations, pharmaceutical manufacturers, hospitals, health insurance companies and all its sub-sectors [1, 15]. The flood of such large data has never been seen before in the healthcare sector. The success of all healthcare organizations needs to manage the analytical power of big healthcare data. This chapter covers privacy and security concerns, level of threat to information in healthcare organizations, security and privacy requirements in the medical field, existing solutions for security of healthcare data, future challenges and work in security and privacy of healthcare data, and privacy-preserving methods [5, 20].

Medical care is evolving as an existing infrastructure and is getting integrated with new technologies. New technologies including digital medical records and sensor-based monitoring of in-home patient remotely are at the current front row. Conventional paper-based medical reports are being digitized allowing patients to easily obtain their records and empowering healthcare workers to regularly monitor the health of the patients and save and protect their lives at the earliest. Specialized sensors and devices can be used at homes for remote patient monitoring [7, 9].

Patients remote monitoring offers powerful and flexible health monitoring through devices anywhere and at any time. The increasing demand, practicality, and convenience of digital medical care have brought various notable challenges for medical organizations, policymakers, patients, and medical centers [28]. A major challenge is dealing with privacy concerns which include patients’ personal medical information which is kept online on third party clouds. It is the most significant and testing issue that medical care organizations must face in the future and preserve the patient’s medical data and reduce the concerns of their privacy [6, 10].

Generally, the healthcare IoT devices layout is made up of the below-mentioned layers:

Perception layer

Network layer

Application layer.

The perception layer collects healthcare data with the help of various devices. The network layer is composed of both wired as well as wireless systems and middleware. The network layer’s major task is to transfer and transform the input data collected by the perception layer. The transport layer is well-designed. It improves transmission efficiency and reduces energy consumption. The transport layer also ensures privacy and security. The application layer provides healthcare services individually to users and satisfies their needs by integrating medical information resources in accordance with the real situation of the service demand and target users [3, 19].

Data analytics in medical services has many benefits, and it displays extremely high potential for improving the medical care systems, yet it has many hurdles and challenges. Therefore, medical care data privacy and security concerns increase day by day. Also, a reactive, technology-centric method to determine privacy and security needs is not efficient by healthcare organizations to protect the medical centers.

The combination of these technologies will reduce costs and medical errors while enhancing the medical care standards by making them more sophisticated. To make new technologies and advancements in the field of medical sciences socially acceptable, related concerns of security need to be looked upon [24].

Security and privacy concerns of healthcare information are two required and essential concepts. Security of information means that data is collected, stored, and transmitted through secure channels. Data security guarantees validity, authenticity, and integrity. By privacy of data, we mean that the data can be retrieved by the users who have the authorization to access it [3, 18]. Based on different purposes and requirements, more reasonable protection strategies could be developed. The advancements and widespread use of healthcare sensors and devices provide a better guarantee to protect people’s health. The advancements in the healthcare and medical field also put data privacy and security preservation under pressure. Security, as well as privacy, is the core consideration in the successful development of medical healthcare devices. New data storage and information systems along with new methods are required to avert breaches and other security happenings of delicate data to make efficient utilization of the large medical care information [11].

Both securities, as well as privacy, have impacted the way companies store, manage, and analyze sensitive data all over the world. Medical sciences along with information collected have enough capability to improve health results, predict the spread of diseases, get knowledgeable viewpoints related to the health of the society, prevent diseases in time, cut down the cost while also improving the standards of medical systems and raise the standards of living. Also, while securing user’s privacy right, determining allowable uses of information is a difficult job [26].

To guarantee trustworthy and appropriate healthcare data, it is important to know the shortcomings of available systems and solutions in place. Privacy is typically known as the ability to preserve critical data about individuals related to medical reports. It aims to utilize and govern the private data of the users which includes forming new standards and ensuring consent to ensure that users’ data is being stored, transmitted, and used incorrect and secure course of action. Security is often known as preventing an unauthorized entry into the user’s data. It also includes the availability and integrity of the data. It aims to protect sensitive information from deleterious attacks and information breach. Security is essential for protecting sensitive information, but it does not address privacy [1, 16].

1.2 Privacy and Security Concerns on E-Health Data

Security and privacy issues emerge from various vulnerabilities of information from the entire medical sector. It can happen between users, providers, and payers. The concerns of security and privacy in the healthcare sector are divided into two categories:

Security and privacy worries about the improper release of data from individual organizations: Improper release of data from individual organizations can happen from following:

– authorized users who access or spread data by infringement of organizational rules intentionally or unintentionally

– The intruder who breaks into an organization’s system.

Privacy and security concerns regarding the systemic flows of data in the medical sector field and related sectors: It includes the open revelation of the patient personal medical data to parties that might be in opposition to the patient, and he might have thought of as breaching and violating the privacy of the patient [2].

1.3 Levels of Threat to Information in Healthcare Organizations

There are different types and levels of distinct types of organizational threats. The following threats are categorized as levels numbered from 1 to 5:

Threat 1:

Insiders who do silly mistakes unknowingly which causes accidental revelations:

It is likely the most common source of privacy breaching which includes accidental disclosure of personal information. It can happen in many following ways:

– Conversations between healthcare providers might be overheard anywhere

– Test results being noticed by the laboratory in-charge for familiarity in laboratory tests getting processed

– Computer screen left turn on which can lead to the passer seeing the information

– E-mail or fax sent to the wrong address

– Data left misclassified or misfiled.

Threat 2:

Trustworthy insiders who misuse the privileges and access of data given to them:

These are the people who are given authorized access to medical records and infringe the trust corresponding to the privileges given to them. Medical workers, neither have the need nor the right to know the data but still, they are subject to curiosity in accessing information. There is no overall official statistics to indicate how many healthcare workers have accessed the medical records of others. Some reports indicate that medical care providers have seen medical records of others to estimate the chances of the sexually transmitted disease of others, details about their personal lives, with whom they were in close relation, with whom their former spouses were in relation. Medical staff tend to see the information about celebrities, politicians, actors, sports personalities, and other famous people which is potentially embarrassing health information, and the news regularly spreads out in the news.

Threat 3:

Trustworthy people of an organization who intentionally investigate the data for some selfish motive:

The threat arises when that insider is authenticated to the partial data but not to the information he desires and through digital forensics and cyber tools gain unapproved access to that information.

Threat 4:

Physical intruder who access the unauthorized data:

The invader has access to information but does not have authority and permissions for data access and to see the medical records. Many attackers pretend to be an authorized person by putting on a dress code and start using the system and get the desired health information of others.

Threat 5:

Outsiders and employees who are vengeful who plans attacks to access the information they are unauthorized to, damage hospital assets, and obstruct medical operations:

The attacker does not have authority and physical access but still gain access to the data by purely technical means. Therefore, it is also called a pure technical threat. For example, the attacker breaking into a system from an external network applies cyber attacking tools and retrieves patient sensitive health records. Threat 5 is extremely dangerous. It is prominent that many healthcare organizations are heading towards using computer networks and distributed computing technologies in storing medical records, and so increasing the risk as patient records can be accessed through an external network. This is a dormant problem on the planet. It also has the risk of DOS attacks conducted by outsiders. DOS makes the attacked device useless for normal operations. An example of this can be, an outside attacker may access a sensitive medical information system and place a computer virus or Trojan horse into the computer that crashes the computer or erases important data healthcare records. Also, an intruder can burst your system with thousands of emails and could launch an e-mail attack. He/She can send a large number of emails in a span of less time, which is beyond the capacity of the mailing servers to process all emails. It leaves the computer and leaving the system futile for e-mail purpose [2, 29].

The invasion of privacy of the patient is a burgeoning concern in the field of information analytics. An incident reported quoted that Target Corporation sent baby care coupons to a teenage girl unbeknown to her parents. The incident raises an alarm over patient privacy and impels information analytics to consider privacy. Furthermore, it is essential for driving healthcare analytics to use privacy-protecting cryptographic encryption methods that permit managing algorithms of prediction on ciphertext while also preserving user specifications. However, the resource-constrained environment has the challenge to do the operation of exhausting resources while preserving privacy [1, 17].

For long, medical devices have been facing a lot of difficulties like, writing diagnoses on paper, making it difficult for doctors to access their patients’ information. There is also a lack of space, time, and personnel to monitor patients. Development in the systems provide opportunities to better the healthcare systems and minimize the problems. It would also provide personalized service. With the advancement, the privacy and confidentiality of patient’s health records are at stake. Internet and network expose their personal information to hostile attacks. Attackers take advantage of the flaws and inadequacies of the system to collect the records of medical data and uncover it in front of the world. The traditional system does not face this problem as patients have to go into a medical laboratory or hospitals to receive their health reports which limit the count of people viewing the medical reports. Medical reports or records, once available online, open illegitimate doors for spammers and hostile attackers to capture and attack the records. Therefore, it is a big challenge to preserve information security as well as authenticity as opposed to the conventional medical care systems. While implementing EPRs as well as networking sensors, storage, authenticity, and access of information are the main challenges.

In the aspect of dealing with the challenges of electronic information, one should be aware of the following questions:

Who is the owner of the information?

What and what amount of information to be stored?

At what place should the information be stored?

Who all can be viewers of patients’ medical records?

Who can access this information without the patient’s consent?

Rapid growth in the medical sector is enabling e-health records like EPRs in making the health reports available via the Internet to users/patients. and empowering the healthcare system being used for proper monitoring and analysis. In addition, the idea of monitoring patients remotely is turning into a practice by advancements in sensor networks [9, 14].

1.4 Security and Privacy Requirement

Although concepts of privacy and security are vital in medical healthcare systems, the maximum organization in medical sector does not spend many resources to preserve these constraints. Healthcare devices produce a highly sensitively large amount of real-time diverse data. In such a scenario, comprising data privacy and security and knockdown the security of the healthcare system or server could cause dangerous outcomes. At each step of information collection, storage, transmission, and analysis, the user’s medical data exists. This can cause privacy breaches from multiple points of failure. While developing medical healthcare devices, equipment, and network privacy and security systems, the below-mentioned needs should be taken care of.

Data Integrity: Data integrity means that information satisfies linguistic standards without tampering through unauthorized and unacceptable methods. It comprises two levels of reliability as well as accuracy. It can be sub-divided into the following four categories:

– Entity integrity

– Domain integrity

– Referential integrity

– User defined integrity.

These categories are managed by constraints, foreign keys, and triggers.

Data Usability: Usability of data ensures the usage of data and data systems by authorized users. A large amount of data brings advantages and censorious challenges like deviant information and dirty data. Moreover, the usability of data is also ruined by data usage and exploitation due to unauthorized access.

Data Auditing: Healthcare information audit access is a productive method to analyze resources utilization. Any abnormal events in the human body can be tracked by this measure. Also, cagey roles played by cloud service providers require rational auditing ways. Audit information usually includes those service providers, users, operation records, access, etc.

Patient Information Privacy: Patient Information Privacy is the most crucial requirements in medical data privacy and security. Users’ data is divided into below mentioned categories:

– General patients’ records

– Critical information.

Critical information consists of information like identity information, sexual orientation, mental condition, sexual functioning, fertility status, infectious diseases, genetic information, and drug addiction. With such information about patient medical privacy, healthcare organizations need to ensure that such information is not breached by unauthorized users. These organizations should also use cryptographic encryption to make sure if in case data is breached and intercepted, unauthorized users cannot understand the information and the patient’s sensitive data is preserved [3, 30].

1.5 Security of Healthcare Data

Medical organizations collect, save, and manage a large amount of data for smooth functioning of the digital healthcare systems and providing efficient and proper healthcare to patients, but it has its downsides i.e., the shortage of technical support and minimum security. In recent times, healthcare systems are most vulnerable to data loss and exploitation which are extremely complicating. Attackers make use of data mining methods to get access to critical data and takes advantage of the vulnerability and causes critical information breach. The stakes for data privacy and security are continually raised but the ways for establishing and implementing security measures and defeating security controls remain a complex process and become more sophisticated gradually [27].

Therefore, keeping all the above-mentioned points in mind, organizations must establish and implement information security systems and solutions that will help preserve important healthcare assets which satisfy mandates of medical compliance.

1.5.1 Existing Solutions

Since healthcare devices and equipment are not so reliable concerning enough memory storage, processing power, and communication potential, they require an expanding, high-speed, and powerful big infrastructure for storage of information, data analysis and computing [3]. These concerns involving information access, storage, transmission, and processing are not new to the healthcare field [9]. At present, most healthcare organizations utilize cloud services from a third party and store the obtained healthcare records and deploy their applications on the servers. These devices are synchronized with their medical care tasks to the servers accordingly and store data on the cloud. Cloud services facilitate a propitious solution for managing ever-increasing and pervasive medical data by their flexibility and facility to utilize common resources and infrastructure in an omnipresent way [3].

The most widely used technologies to secure the privacy and security of medical data are as follows: 1) Authentication: Authentication confirms or establishes that the claims made about authentication and truthfulness are true. It serves essential functions in any organization like protection of the user identification, ensuring that the user claims of authentication are real and is the same person who is pretending to be an authentic user, and securing access to corporate networks. Data Authentication methods are used to confirm that the information sent is coming from the user it is being claimed to be from. Data authentication can have attacks like man-in-the-middle attacks. Many cryptographic protocols take measures to prevent man-in-the-middle attacks by including some form of endpoint authentication. A man-in-the-middle attack may be affected by persuading a user to agree with a certificate of digitalX 509. Therefore, while designing and building an end-to-end authentication solution, such scenarios must be considered. For instance, for providing communications network security such as over Internet protocols like transport layer security, secure sockets layer are cryptographic protocols that transport layer security and secure sockets layer are in use which encrypt end-to-end the network links segments at the transport layer. Browsing web pages, e-mails, faxing, real-time messaging, and voice-over-internet protocol (VoIP) is also controlled and managed by several versions of the protocols. To achieve authentication, hashing SHA-256 and the Kerberos mechanism can also be used. For authentication of servers, one can use SSL or TLS using a mutually trusted certification authority. To monitor all sensitive information, the algorithm of Bull Eye is useful. The algorithm of Bull Eye manages relationships between actual data and duplicated data and ensure information security. Both medical data obtained from the providers as well as the consumers’ identities must be verified before giving access at each entrylevel in healthcare systems. Various authentication protocols like passwords, digital signatures have been designed for better energy-efficient sensor networks, like the TinySec hash function [1, 5].

2) Encryption: Data encryption refers to preventing unauthorized access to critical data efficiently. It maintains as well as protects owner possession of information from the data center to the endpoint and into the cloud. It also includes electronic gadgets used by clinicians, administrators, and physicians. Encryption can be used to prevent theft of storage electronic devices and packet sniffing [1]. Cryptographic encryption is a technology for secure communication and data exchange in which the actual message is encrypted by the encryption algorithm into ciphertext by the agreed rules. The message is transferred from the sender of the message to the receiver through the public channel and the message is finally decrypted into plain text for the receiver to read. Encryption can be used to help prevent eavesdropping and skimming and to make sure information security. Encryption can be done in both software and hardware. Using both software and hardware encryption guarantees the highest-level security.

Medical care organizations must ensure that the encryption algorithms are efficient. Healthcare providers should make sure that the cryptographic encryption method is efficient and easily usable by patients as well as medical professionals. It must also be simply and effectively able to include a large amount of new electronic medical records. Also, it is essential to take care that the number of keys holds by each party involved in the healthcare system should be minimized for easy maintenance and ease of usage. Encryption algorithms like RSA, AES, DES, triple DES, RC4, Rijndael, Blowfish, IDEA, and many more can be used for efficient encryption. It is a tough job to choose properly the appropriate encryption schemes to ensure storage security [1, 14]. Protocols of management play a very key role in the process of securing e-healthcare devices and their communication. But it is also evident that complex transmission protocols or encryption schemes can diversely impact the rate of transmission. It can even sometimes fail to do information transmission. Also, they are required to use valuable healthcare assets that are not readily available. Maintaining a balance between protection of security and the energy utilization of the system is tough and we need to be cautious while solving this as well as remain scientific with our approach.

3) Data masking: Masking replaces critical information with anonymous data. Actual data cannot be obtained from the masked anonymous data as this is not truly an encryption algorithm. It utilizes a de-identifying strategy of information sets which means masking personal identifiers like name, security number, and generalizing or suppressing quasi-identifiers like zip codes and date of birth. Therefore, masking data is a famous approach to live unidentifiable information. Data masking reduces the cost of securing a data deployment which adds up to its significant benefit. As secure data, masking decreases the need for using extra measures for security on that data after it is sent from a secure source into the platform and while it is in the platform [1].

4) Access control: Access control method is used to define the identity of a user by the data system. The predetermined strategy and policy prevent unauthorized users to access resources. Once the user is authenticated, he should be allowed to access an information system. But even after authentication, access control policy should still monitor their work depending on the access rights and privileges of every authorized user, if applicable. Role based access control is the supreme structure for advanced authorization control. Complexity and cost reduction of administration in huge networked applications are the best possible results for the access control mechanism. This mechanism is immensely powerful and pliable to grant accesses to the medical sector. It offers advanced controls and authorization permissions to make sure that users can perform operations like information access, cluster administration, and job submission.

There are a lot of solutions proposed to address the issues of access control and concerns of security. Attribute based access control and role-based access control are the most famous access control models for solutions that are promising to control access control and security operations. In the medical system, attribute-based access control and role based access control have few drawbacks when used alone. We suggest adopting technologies in conjunction to satisfy the needs of access control with other fine-grained security techniques like encryption, and access control methods [1]. The encryption algorithms which can be utilized in access control strategies include:

– Symmetric key encryption

– Asymmetric key encryption

– Attribute-based encryption.

Cryptographic functions rely on keys. The cryptosystem’s security is affected by the secret keys’ length and its generation strategy. Hence, the life cycle of the security system is determined by the key management mechanism for the cryptosystem. Attribute-based encryption has slowly become a mainstream mechanism due to the ascendable key management and pliable access control policies. Medical data exchange provides electronic medical data with explicit data exchange authorization in an ascertainable manner. Currently available non-cryptographic methods for authentication exhibit several drawbacks. It lacks a reliable and secure strategy for enforcement of access policy in medical information systems. Cryptographic encryption approaches, on the other hand, are too costly, complex, and restricted in identifying policies [3].

5) Monitoring and auditing: Auditing and monitoring security are collecting information to investigate events to find the invaders and intrusions. Monitoring and keeping a record of activities that user does and keeping a log of every access in the medical system in chronological order is called an audit. Cloud servers are not reliable and cannot be trusted completely. The consistency, integrity and availability of healthcare information saved on the cloud might be compromised if information corruption or deletion occurs without the consent of an authorized person. The information guidelines are typically specified by the authorized person for security purposes. This ensures no direct contact of the service provider with the