Cloud-Assisted Secure eHealth Systems for Tamper-Proofing EHR via Blockchain

The wide deployment of cloud-assisted electronic health (eHealth) systems has already shown great benefits in managing electronic health records (EHRs) for both medical institutions and patients. However, it also causes critical security concerns. Since once a medical institution generates and outsources the patients' EHRs to cloud servers, patients would not physically own their EHRs but the medical institution can access the EHRs as needed for diagnosing, it makes the EHRs integrity protection a formidable task, especially in the case that a medical malpractice occurs, where the medical institution may collude with the cloud server to tamper with the outsourced EHRs to hide the medical malpractice. Traditional cryptographic primitives for the purpose of data integrity protection cannot be directly adopted because they cannot ensure the security in the case of collusion between the cloud server and medical institution. In this paper, a secure cloud-assisted eHealth system is proposed to protect outsourced EHRs from illegal modification by using the blockchain technology (blockchain-based currencies, e.g., Ethereum). The key idea is that the EHRs only can be outsourced by authenticated participants and each operation on outsourcing EHRs is integrated into the public blockchain as a transaction. Since the blockchain-based currencies provide a tamper-proofing way to conduct transactions without a central authority, the EHRs cannot be modified after the corresponding transaction is recorded into the blockchain. Therefore, given outsourced EHRs, any participant can check their integrity by checking the corresponding transaction. Security analysis and performance evaluation demonstrate that the proposed system can provide a strong security guarantee with a high efficiency

A Framework for Securing Health Information Using Blockchain in Cloud Hosted Cyber Physical Systems

Electronic Health Records (EHRs) have undergone numerous technical improvements in recent years, including the incorporation of mobile devices with the cloud computing technologies to facilitate medical data exchanges between patients and the healthcare professionals. This cutting-edge architecture enables cyber physical systems housed in the cloud to provide healthcare services with minimal operational costs, high flexibility, security, and EHR accessibility. If patient health information is stored in the hospital database, there will always be a risk of intrusion, i.e., unauthorized file access and information modification by attackers. To address this concern, we propose a decentralized EHR system based on Blockchain technology. To facilitate secure EHR exchange across various patients and medical providers, we develop a reliable access control method based on smart contracts. We incorporate Cryptocurrency, specifically Ethereum, in the suggested system to protect sensitive health information from potential attackers. In our suggested approach, both physicians and patients are required to be authenticated. Patients can register, and a block with a unique hash value will be generated. Once the patient discusses the disease with the physician, the physician can check the patient's condition and offer drugs. For experimental findings, we employ the public Block chain Ganache and solidity remix-based smart contracts to protect privacy. Ethers are used as the crypto currencies

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph

Decision model to design a blockchain-based system for storing sensitive health data

The storage and sharing of sensitive health data in Blockchain-based systems implicates data protection issues that must be addressed when designing such systems. Those issues can be traced back to the properties of decentralized systems. A blessing but also a curse in the context of health data is the transparency of the Blockchain, because it allows the stored data to be viewed by all participants of the network. In addition, the property of immutability is in contrast to the possibility to delete the personal data upon request according to the European General Data Protection Regulation (GDPR). Accordingly, approaches to tackle these issues have recently been discussed in research and industry, e.g. by storing sensitive data encrypted On-Chain or Off-Chain on own servers connected to a Blockchain. These approaches deal with how the confidentiality and integrity of stored data can be guaranteed and how data can be deleted. By reviewing the proposed approaches, we develop a taxonomy to summarize their specific technical characteristics and create a decision model that will allow the selection of a suitable approach for the design of future Blockchain-based systems for the storage of sensitive health data. Afterwards, we demonstrate the utility of the decision model based on a use case for storing test results from a digital dementia screening application. The paper concludes with a discussion of the results and suggestions for future research

Cybersecurity and the Digital Health: An Investigation on the State of the Art and the Position of the Actors

Cybercrime is increasingly exposing the health domain to growing risk. The push towards a strong connection of citizens to health services, through digitalization, has undisputed advantages. Digital health allows remote care, the use of medical devices with a high mechatronic and IT content with strong automation, and a large interconnection of hospital networks with an increasingly effective exchange of data. However, all this requires a great cybersecurity commitment—a commitment that must start with scholars in research and then reach the stakeholders. New devices and technological solutions are increasingly breaking into healthcare, and are able to change the processes of interaction in the health domain. This requires cybersecurity to become a vital part of patient safety through changes in human behaviour, technology, and processes, as part of a complete solution. All professionals involved in cybersecurity in the health domain were invited to contribute with their experiences. This book contains contributions from various experts and different fields. Aspects of cybersecurity in healthcare relating to technological advance and emerging risks were addressed. The new boundaries of this field and the impact of COVID-19 on some sectors, such as mhealth, have also been addressed. We dedicate the book to all those with different roles involved in cybersecurity in the health domain

A systematic review of blockchain in healthcare : frameworks, prototypes, and implementations

Blockchain, a form of distributed ledger technology has attracted the interests of stakeholders across several sectors including healthcare. Its' potential in the multi-stakeholder operated sector like health has been responsible for several investments, studies, and implementations. Electronic Health Records (EHR) systems traditionally used for the exchange of health information amongst healthcare stakeholders have been criticised for centralising power, failures and attack-points with exchange data custodians. EHRs have struggled in the face of multi-stakeholder and system requirements while adhering to security, privacy, ethical and other regulatory constraints. Blockchain is promising amongst others to address the many EHR challenges, primarily trustless and secure exchange of health information amongst stakeholders. Many blockchain-in-healthcare frameworks have been proposed; some prototyped and/or implemented. This study leveraged the PRISMA framework to systematically search and evaluate the different models proposed; prototyped and/or implemented. The bibliometric and functional distribution of all 143 articles from this study were presented. This study evaluated 61 articles that discussed either prototypes or pilot or implementations. The technical and architectural analysis of these 61 articles for privacy, security, cost, and performance were detailed. Blockchain was found to solve the trust, security and privacy constraints of traditional EHRs often at significant performance, storage and cost trade-offs.peer-reviewe

radiomic features for medical images tamper detection by equivalence checking

Abstract Digital medical images are very easy to be modified for illegal purposes. An attacker may perform this act in order to stop a political candidate, sabotage research, commit insurance fraud, perform an act of terrorism, or even commit murder. Between the machine that performs medical scans and the radiologist monitor, medical images pass through different devices: in this chain an attacker can perform its malicious action. In this paper we propose a method aimed to avoid medical images modifications by means of equivalence checking. Magnetic images are represented as finite state automata and equivalence checking is exploited to check whether the medical resource have been subject to illegal modifications

A critical literature review of security and privacy in smart home healthcare schemes adopting IoT & blockchain: problems, challenges and solutions

Protecting private data in smart homes, a popular Internet-of-Things (IoT) application, remains a significant data security and privacy challenge due to the large-scale development and distributed nature of IoT networks. Recently, smart healthcare has leveraged smart home systems, thereby compounding security concerns in terms of the confidentiality of sensitive and private data and by extension the privacy of the data owner. However, PoA-based Blockchain DLT has emerged as a promising solution for protecting private data from indiscriminate use and thereby preserving the privacy of individuals residing in IoT-enabled smart homes. This review elicits some concerns, issues, and problems that have hindered the adoption of blockchain and IoT (BCoT) in some domains and suggests requisite solutions using the aging-in-place scenario. Implementation issues with BCoT were examined as well as the combined challenges BCoT can pose when utilised for security gains. The study discusses recent findings, opportunities, and barriers, and provide recommendations that could facilitate the continuous growth of blockchain application in healthcare. Lastly, the study then explored the potential of using a PoA-based permission blockchain with an applicable consent-based privacy model for decision-making in the information disclosure process, including the use of publisher-subscriber contracts for fine-grained access control to ensure secure data processing and sharing, as well as ethical trust in personal information disclosure, as a solution direction. The proposed authorisation framework could guarantee data ownership, conditional access management, scalable and tamper-proof data storage, and a more resilient system against threat models such as interception and insider attacks