SecHealth: enhancing EHR security in digital health transformation.

In the contemporary wave of digital transformation, the implementation of electronic health records (EHRs) has become a pivotal undertaking for numerous nations. However, amidst this technological advancement, a critical facet deserving heightened attention is the security and privacy of these electronic health systems. Regrettably, this crucial concern often finds itself eclipsed by other aspects of digitalization. Consequently, these oversight lapses create vulnerabilities within the EHR framework, leaving them open and exposed to an array of malicious cyber intrusions. In response to this pressing issue, our study delves into a comprehensive evaluation of security measures within the ambit of African digital health strategies. Remarkably, among the number of approximately 42 nations that have embarked on digital health strategy formulation, a mere 2 countries have taken cognizance of the imperative to integrate robust security and privacy policies into their healthcare-oriented digital transformation initiatives. In light of this disconcerting revelation, we present an actionable roadmap that endeavours to fortify EHR security, aligning with the progressive "shift-left" paradigm. By advocating for the proactive integration of security measures from the inception of EHR development, we strive to curtail vulnerabilities and enhance the overall resilience of these systems. Our proposed roadmap stands as a clarion call for governments, healthcare authorities, and technology stakeholders to collectively prioritize security in tandem with digital health advancement, thereby fostering a safeguarded and privacy-respecting electronic healthcare landscape

Investigation into Phishing Risk Behaviour among Healthcare Staff

A phishing attack is one of the less complicated ways to circumvent sophisticated technical security measures. It is often used to exploit psychological (as as well as other) factors of human users to succeed in social engineering attacks including ransomware. Guided by the state-of-the-arts in a phishing simulation study in healthcare and after deeply assessing the ethical dilemmas, an SMS-based phishing simulation was conducted among healthcare workers in Ghana. The study adopted an in-the-wild study approach alongside quantitative and qualitative surveys. From the state-of-the-art studies, the in-the-wild study approach was the most commonly used method as compared to laboratory-based experiments and statistical surveys because its findings are generally reliable and effective. The attack results also showed that 61% of the targeted healthcare staff were susceptible, and some of the healthcare staff were not victims of the attack because they prioritized patient care and were not susceptible to the simulated phishing attack. Through structural equation modelling, the workload was estimated to have a significant effect on self-efficacy risk (r = 0.5, p-value = 0.05) and work emergency predicted a perceived barrier in the reverse direction at a substantial level of r = −0.46, p-value = 0.00. Additionally, Pearson’s correlation showed that the perceived barrier was a predictor of self-reported security behaviour in phishing attacks among healthcare staff. As a result, various suggestions including an extra workload balancing layer of security controls in emergency departments and better security training were suggested to enhance staff’s conscious care behaviour

Web Vulnerability Measures for SMEs

An investigation was conducted into web vulnerabilities in commonly used web application templates and frameworks (WAFs) systems such as Joomla, WordPress, Moodle and C #.Net framework. A web vulnerability scoring scheme was developed and used to record metrics of the vulnerabilities associated with the web application templates and frameworks. A custom web application was also developed purported to demonstrate how the vulnerabilities could be shielded in web application frameworks (WAFs). The investigations and implementations were guided by Open Web Application Security Project. The study found some of the most common vulnerabilities in the frameworks and templates at different levels. The choice of Content Management Systems (CMS) templates and WAFs for web application systems development can then be guided by this study