A network security architecture to reduce the risk of data leakage for health care organizations

Rauscher, Richard; Acharya, Raj

doi:10.1109/healthcom.2014.7001846

Cited by 9 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rauscher et al [43] present a VLAN-based architecture for reducing the risk of data leakage in a healthcare organization. The proposed approach is based on separating data based on sensitivity level and moving nodes from lower sensitivity zone to higher sensitivity zone.…”

Section: Classification Of Countermeasuresmentioning

confidence: 99%

“…Rauscher et al [43] In use Separates data into different zones based on sensitivity level Unauthorized copying, phishing attack, botnets, malware attack, dumpster diving Schmidt et al [44] In use…”

Section: Malware Attacksmentioning

confidence: 99%

“…Our review reveals that a number of countermeasures ( [39], [43], [45], [68], [86], [91], [99], [128], [163], [174], [177], [173] ) require manual efforts during deployment and operations such as (a) having a dedicated network administrator to promote a node from one security zone to another based on the sensitivity of the node [43]; (b) involvement of user for approval of each single data transfer out of user's computer [68]; (c) manual addition of dummy records to the database for cyber deception [86]; (d) manually dividing a single table into several tables [91]; (e) involvement of expert investigators for manually gathering evidence of data leakage to identify the data leaker [174]; (f) manual writing of rules regarding sensitive data [173]; and (g) semi-automatic deployments [39]. A lack of automation impacts performance of the overall system in terms of deployment and response time.…”

Section: Automationmentioning

confidence: 99%

See 2 more Smart Citations

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

104

View full text Add to dashboard Cite

Context: One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective: This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method: We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results: We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion: This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in 'in use' state, therefore, future research needs to be directed towards securing data in 'in rest' and 'in transit' states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.

show abstract

Section: Classification Of Countermeasuresmentioning

confidence: 99%

Section: Malware Attacksmentioning

confidence: 99%

Section: Automationmentioning

confidence: 99%

See 1 more Smart Citation

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

104

View full text Add to dashboard Cite

show abstract

“…RELATED WORK There have been previous efforts to design network security architectures for the health care system that reduce the risk of data leakage. Prime examples of these are in [10], [11]. Similar to those efforts, endpoint protection and endpoint key management are important aspects of our proposed architecture because the endpoints are the only locations where unencrypted data is accessible.…”

Section: Initial Experimentationmentioning

confidence: 96%

“…This feature substantially simplifies interactions between intermediate data hosts and significantly reduces the risks of data leakage due to insider attacks and compromised devices. Our architecture thus provides a more secure framework than [10], [11] because data is protected by encryption at all locations and points in time.…”

Section: Initial Experimentationmentioning

confidence: 99%

Secure access delegation of encrypted medical information

Gupta

Polyakov

Rohloff

2016

2016 10th International Symposium on Medical Information and Communication Technology (ISMICT)

View full text Add to dashboard Cite

The design of modern medical data information systems is driven by the need to collect and present data to authorized users. For collected medical data to be effective and improve patient treatment it must be transported from a device, aggregated, and analyzed to produce results that can be shared with care providers. Medical data may be analyzed and used years after collection at different locations because data sources and care providers often operate on different time scales and are geographically distributed. The need for distributed and longterm medical data storage thus requires an effective security model to delegate data access. Current data access delegation models do not provide end-to-end protection. An effective delegation model must keep data encrypted at all times and avoid the need to share decryption keys to avoid security vulnerabilities. We present a secure information architecture and prototype to implement such a model with end-to-end data encryption while restricting data access to designated recipients. Our architecture integrates recent Proxy Re-Encryption (PRE) advances into a client-server based security model that can be applied to open Internet communications. We discuss design tradeoffs and show experimental results. Our architecture lowers health care data management costs by enabling the secure outsourcing of data hosting to low-cost cloud computing environments. The architecture will also reduce the vulnerability of health care data systems to security challenges such as attacks compromising confidentiality and malicious insiders.

show abstract

RETRACTED ARTICLE: Architectural framework and simulation of quantum key optimization techniques in healthcare networks for data security

Perumal

Nadar²

2020

J Ambient Intell Human Comput

View full text Add to dashboard Cite

Healthcare systems are heterogeneous by nature, where each device is running on different architectures, platform and operating system. This heterogeneity affects the communication performance in-terms of delay and security threats. An optimized quantum key management technique has been proposed for the purpose of managing the keys with little overhead, which enhances the health care information security by reducing the threats. And also the communication with the key authority is simulated with the quantum channel. The generated key is distributed via a dedicated quantum channel in terms of quantum bits which decreases the eavesdropping rate, transmission error, and leakage to maximum extent which improves the security further. Healthcare User group and content server communicate with the key server via a quantum channel sending them photons. Then they discuss results using a public channel. After getting an encryption key from the key server via the quantum channel, the content server can encrypt their healthcare content and send them by any public channel to the healthcare user groups. This proposed research work investigates group secret key generation problems for different types of Healthcare networks and also addresses the quantum key distribution which enhances the key security in healthcare networks. The analysis shows that the two algorithms yield optimal group key rates in healthcare networks. Numerical results are also provided to validate the performance of the proposed key generation, optimization and quantum distribution. The key generation, optimization and healthcare content encryption and decryption using those keys enhances the security of patient data and quantum simulation shows that about 90% of eavesdropping rate is reduced in healthcare network.

show abstract

A network security architecture to reduce the risk of data leakage for health care organizations

Cited by 9 publications

References 12 publications

Data exfiltration: A review of external attack vectors and countermeasures

Data exfiltration: A review of external attack vectors and countermeasures

Secure access delegation of encrypted medical information

RETRACTED ARTICLE: Architectural framework and simulation of quantum key optimization techniques in healthcare networks for data security

Contact Info

Product

Resources

About