Big-Data Driven Cybersecurity for Healthcare Data

By Nathan B. Smith

This article reviews the usage of big data analytics to enable cybersecurity in the healthcare sector to satisfy the Health Insurance Portability and Accountability Act's data privacy regulations using the library and the Internet (HIPAA). This article then proposes a policy for a healthcare organization that outlines the repercussions of data breaches, including both personal and organizational repercussions), the significance of using analytics with security in mind, and the significance of data privacy (to the patient, staff, and organization), and the steps the staff will take to adhere to data privacy laws and HIPAA.

According to Juniper Research, between 2020 and 2024, online fraud will cost organizations more than $200 billion. The astounding quantity results from the intelligence and diversity of attack avenues in fraud efforts. Moreover, although fraudsters have modified their methods to avoid detection, banks are fighting back harder than ever.

Between 2020 and 2024, companies will lose more than $200 billion to online fraud. Graph analytics, however, has given healthcare providers a new tool in the fight against fraud. These methods may combat financial crime by analyzing the connections between individuals, phones, and bank accounts to discover symptoms of fraudulent behavior and aid banks in identifying suspicious activity in a sea of data (Henderson, 2020).

Information technology (IT) management includes data protection and governance in any sector, notably in healthcare. This discussion aims to cover crucial privacy violations, prevention strategies, and best practices that the healthcare sector may use to prevent privacy violations and data breaches.

Detecting fraud, waste, and abuse (FWA) is a significant yet complicated issue. In a combined commercial and academic research project, Liu et al. (2016) outline a technique for monitoring massive healthcare datasets for suspicious activity. Every healthcare dataset may be considered a heterogeneous network of millions of patients, tens of thousands of pharmacies, physicians, and other entities. Graph analysis tools are created to identify suspicious people, suspicious interactions between people, unexpected changes over time, unusual geographic dispersion, and abnormal network structure. The so-called "Network Explorer" visualization tool gives customers a clear overview of the data. It allows them to filter, choose, and zoom into specific network features. The method, developed by researchers at the Palo Alto Research Center (PARC), Yahoo, and Massachusetts Institute of Technology (MIT), has been implemented on several sites and databases, both public and private, and has found numerous overpayments with a monthly potential worth of several million dollars.

With the help of this article, healthcare cybersecurity professionals will be better equipped to comprehend cybersecurity in the big data era as well as current research trends and open problems in this dynamic field of study.

Discussion

Data brokers: Mitigating fraud in healthcare data

An organization that gathers and sells data is known as a data broker. For consumers, the most critical issue is that they collect information on individuals and sell it to marketers so that they may more effectively promote their goods. For marketers to have divisions that gather data for their purposes would not be cost-effective. It would also take much effort to customize a demographic study to the precise requirements of a marketing campaign or similar project. The data broker already has all the Information; they only need to arrange it in the manner desired by the client. Therefore, the data broker sector enables marketers to design sharply targeted campaigns. For instance, a company could wish to attract non-smokers if you offer cigarettes, which are a kind of non-electronic vape. If a company runs a marketing campaign in the United States, it should target individuals between 18 and 30 who like drinking, socializing, and partying. At the same time, it rejects those who have shown an interest in activities such as meditation, a healthy diet, and exercise. The advertisements will promote products on social networks like Google, Facebook, YouTube, email, text messages, Instagram (stories and feed), and even in person (Klimas, 2022).

Afterlives of Data is a book that explores the intriguing and varied lives that our data lead once they manage to get away from us. The ethnographic research of Mary F. E. Ebeling (2022) demonstrates how healthcare providers, insurers, commercial data brokers, credit reporting agencies, and platforms come to control our health and debt information as biopolitical assets. Ebeling explains how data about our lives dominate our health and prospects for a fulfilling existence and completely identifies us by digging into the seas of data created from common medical and debt crises.

Concerns about what is being done with citizens’ data have been raised by investigations into covert data collecting and privacy violations by companies like Cambridge Analytica. This enormous business, which includes consumer data brokers, credit bureaus like Equifax and Experian, and the covert military contractor Palantir, intentionally hides how it makes money from our data and has minimal governmental supervision for health data. In this book, Ebeling explores the path taken by health data—medical Information taken from patients' bodies—as it is digitized, repackaged, and stored in databases, algorithms, and statistical models used to rate patients' creditworthiness and risk. Afterlives of Data is a critical and unsettling look at how American health and debt data are exploited for marketing and corporate monitoring.

Healthcare data privacy and governance

Big data has profoundly altered how businesses in every sector handle, examine and use data. Healthcare is one of the most promising industries where big data may be used to effect change. Big healthcare data has great promise for enhancing patient outcomes, forecasting epidemic breakouts, gaining insightful knowledge, avoiding avoidable diseases, lowering healthcare delivery costs, and generally enhancing the quality of life. It is challenging to choose the acceptable applications of data while still prioritizing patient privacy rights and security. No matter how important big data is to the development of medical knowledge and how crucial it is to the success of all healthcare organizations, its utilization is contingent upon security and privacy concerns being resolved. It is crucial to recognize the shortcomings of current solutions and foresee research possibilities to maintain a safe and reliable big data environment (Abouelmehddi, Beni-Hessane, & Khaloufi, 2018). 

Health data are being produced on a vast scale, at multiple phenotyping levels, and from diverse resources. There have been many assertions that the recent technological advancements in data-generation infrastructure and data-analysis methodologies would transform healthcare, but these claims are still up for discussion. Understanding the nature of the data is necessary to address the promise and difficulties of big data in healthcare. Shilo et al. (2020) outline several aspects of medical data, or "axes," and discuss the factors and trade-offs that must be made while creating such data, as well as the many types of analysis that may be used to complete the given objectives. In o collection of an individual's observable traits that are the product of their genetics and environment interacting. In order to contribute to the continuing conversation about the potential of big data resources to deepen our understanding of health and illness, the authors then provide a general overview of the promise and difficulties of utilizing big data in healthcare resources.

Biomedical research dramatically benefits from linking several data sources to get data on a given person from many data sources. For instance, UKBiobank data are connected to some current health records, including those from hospitals, central repositories, and general practice (electronic health records). The association of genetic data with the myriad of phenotypes (collection of an individual's observable traits that are the product of their genetics and environment interacting) recorded by the EHR is made possible by linking HER with genetic data obtained in large groups of research volunteers (cohorts). Each person should be given a unique patient identifier that can be used with all pertinent databases to enable this linking. However, special patient IDs are not yet accessible owing to privacy and security worries. Two solutions are given to overcome this issue. To safeguard the privacy of the study participants, legislation and regulation are one potential answer. As an alternative, patients might be granted complete control of their data, giving them the option to decide whether to enable linking to some or all their medical records (Shilo, Rossman, & Segal, 202).

Cloud computing is beneficial for data security. Electronic communication is required due to data storage architectures, and several techniques for data security technologies have been created. One tool that might aid in healthcare research is the Health Insurance Portability and Accountability Act (HIPAA). Based on patient databases kept in hospitals or clinics, researchers can create an analytical and conservational approach to maintain the patients' medical Information in a suitable setting. The technique enhances working opportunities by providing patients with all the required information. Clear identification must be made of every piece of data. When considering the adoption of usable health data in the electronic field of healthcare companies, the preservation of patients' privacy and the security of their Information are the most critical barriers to obtaining their intake and analysis. (Mbonihankuye, Nkuzimana, & Ndagijimana, 2019).

IT's role in healthcare is growing. Data security is more important than ever in healthcare and globally. Healthcare data breaches are rising. Biomedical research benefits from integrating several data sources to acquire information about a person from various sources. Cloud computing protects data. Data storage issues involve electronic connection, and numerous data security approaches have been developed. HIPAA may help in healthcare research (HIPAA).

Cybersecurity in healthcare 

In today's information era, the proverb "Knowledge is power" is accurate. Access to Information is the source of knowledge. It has become a matter of relative significance to extract information from vast amounts of data. Researchers coined the phrase "Big Data Analytics" (BDA) to refer to acquiring, storing, and analyzing enormous volumes of data for later analysis. An alarming amount of data is being created. The major causes of this steady rise include the Internet's explosive expansion, the Internet of Things (IoT), and other technical advancements. Healthcare providers can utilize the data from systems to understand how they operate since the data created reflects the environment from which it was derived. This has grown in importance when it comes to cybersecurity, where the main objective is to safeguard assets. Big data has become a highly prized target due to its rising data value. In this essay, the researchers examine current cybersecurity research concerning big data. The researchers also emphasize the security measures for big data and its potential application in cybersecurity. 

HIPAA-compliant standardization for mobile health data

Data security and integrity have become more of a problem as the usage of mobile devices, including smartphones, tablet computers, and wireless medical equipment, as well as the wireless networks that support their use, has increased. To enable the widespread deployment of mobile health technology, standardized electronic data security that complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is required. A fundamental obstacle to care is the absence of standardized data security to ensure privacy, permit interoperability, and harness the full potential of mobile devices. This article aims to introduce the subject, promote conversation about it, and offer an overview. The discussion covers the current security requirements, benchmarks, restrictions, and suggestions on ways to remove this healthcare barrier.

Several essential needs must be fulfilled for the best usage of mobile telehealth platforms. For starters, interoperability across various systems must be supported by security standards. Having interoperability is the capacity for communication and interaction between two or more systems. Information is exchanged to produce predictable outcomes. An increase in security standards implementation is required because private businesses provide safe data storage and transmission methods. Many of these solutions are proprietary, and even if they could assist in meeting particular urgent security demands, The interoperability of devices is hindered by proprietary data security techniques. Additionally, considering the quick turnover of technological platforms, safe Systems for mobile telehealth must enable interoperability in future systems.

Additionally, these systems must function with updated standards for communications, such as improved transmission protocols; both speed Systems for safe mobile telehealth must also permit effective transferring and storing of multimedia material. All data must be encrypted to enable voice, video, and file sharing. This Real-time encryption may be challenging given this condition because For it to operate well, it often needs higher bandwidth and complicated real-time encryption/decryption. According to HIPAA, 128-bit. These systems must thus have this minimal degree of encryption. Preferable without the need for external encryption or firewall technology. The ability to encrypt sessions using software safely carried out over any Internet connection enables people at home or other locations with access to the Internet. Additionally, these systems must be open and transparent. smooth to the user, and healthcare providers and consumers must feel assured that their data is protected (Luxton, Kayl, & Mishkind, 2012)

Security using big data

Leading security firms teamed together to exchange information to derive insight from the shared data (SecIntel Exchange). Its objective was to provide reliable security products to its customers. In order to do that, they had to get as much knowledge as possible about the new dangers being created every day. They recognized the value of working together for the common good. This was necessary since they required much information on these threats to properly grasp what they were dealing with and how to combat it due to the advent of polymorphic malware and other developing threats. Malware classification using conventional methods was shown to be ineffective. They had the chance to mine vast amounts of data for valuable insights, thanks to the SecIntel Exchange data. However, the data being created could not be kept up with the rate at which human analysis or more conventional techniques like database storage [17]. It was necessary to use contemporary methods. It would take their conventional Security Information and Event Management (SIEM) systems between 20 minutes and an hour to query a month's security data, as shown in a case study by Zions Bancorporation [18]. However, if tools based on Hadoop technology were used, getting the same findings would take just a few seconds. BDA has thus grown in importance as a weapon for cyber-security. Numerous studies have shown that big data cannot be analyzed using standard methods or by human analysts. One of the most acceptable ways to deal with these problems is via BDA (Sinclair, Pierce, & Matner, 1999).

Big data as a cybersecurity enabler

In addition to the data produced by the Internet of Things devices, the emergence of Bring Your Own Device (BYOD) has rendered organizations vulnerable to various attack vectors. Each of these devices produces data. As a result, businesses are beginning to see the value of BDA as a tool in their overall cybersecurity strategy. It is crucial to the organization's security to do data analysis on the Information that travels across the network. However, since big data analytics is often costly, some businesses are still hesitant to use the practice. BDA also tends to be a problematic area that needs experience. In addition, workers may not feel at ease when it comes to collecting personal Information since this may imply monitoring users' activities. There remain unanswered questions on how to identify between the data of IoT systems, personal data, and sensitive data, as well as how to secure each kind of data utilizing big data analytics (Rawat, Doku, & Garuba, 2021).

Practical cybersecurity solutions using big data

Big data enabled anomaly user detection in mobile wireless networks

The volume of mobile data traffic has skyrocketed due to the lightning-fast expansion of both the mobile Internet and the Internet of Things (IoT). The age of big data has arrived in wireless communication network infrastructures. By examining users' behaviors in wireless networks, it is possible to study anomalous users and their unpleasant experiences. In this research, we provide a unique architecture for big mobile data (MBD) comprised of four layers: the storage layer, the fusion layer, the analysis layer, and the application layer. We offer a data-driven user experience prediction as a case study of deploying the suggested MBD architecture in a wireless network. This prediction is based on the MDB architecture, which forms the basis of our work. The user experience prediction that has been presented can pre-evaluate user experience via network performance and user behavior elements in a data-driven manner. This is made possible by employing machine learning techniques. A major mobile network operator (MNO) in China provided access to their network monitoring system to begin the investigation with a preliminary investigation of the customer complaints records retrieved from that system. Second, a combination of up-sampling and down-sampling is used to address the significant imbalance between the positive and negative samples. The findings indicate that the suggested automated machine learning method achieves a higher prediction accuracy when compared with the empirical criteria and the rule-based expert system, which are both regularly used baselines accepted by the MNO (Ma & Li, 2019).

Deep learning analytics for IoT security over a configurable big data platform (data-driven IoT systems)

This article presents an architectural framework for data-driven security monitoring and automation to solve the current security difficulties faced by systems connected to the Internet of Things (IoT). Based on a robust mechanism consisting of reusable security templates, the architecture provides support for sophisticated data analytics that may identify abnormalities across all levels of an Internet of Things (IoT) system. In addition, the article presents a specific illustration of data-driven Internet of Things (IoT) security for intelligent things. This illustration is based on deep learning techniques and their implementation over the architectural framework. The algorithms have been effectively implemented at the network and application levels of the various Internet of Things (IoT) systems. They are being used for the effective and predictive detection of anomalies and irregularities. They demonstrate how deep learning and other artificial intelligence approaches may be used with the newly proposed framework to provide efficient security measures (Astaras, Efremidis, Despotopoulou, Soldatos, & Kefalakis, 2019).

Development of a HIPAA-compliant wireless medical data application: Wireless blood glucose monitor 

In the area of remote biometric monitoring, wireless devices are widely used. Both patients and caregivers have a lot of communication freedom because of the use of cellular communication technologies. However, it is impossible to guarantee data privacy while sharing private medical Information electronically. A significant influence on the creation of any such technology is the Health Insurance Portability and Accounting Act of 1996 (HIPAA), which established rules for ensuring the security of sensitive medical information.

In an ongoing research project that uses wireless biometric data management, especially a Wireless Blood-Glucose Monitoring System, this study reports on security design criteria that are HIPAA compliant (WBgM). This study focuses on classifying security strategies and introducing a systematic way of assessing the use of security techniques in wireless biometric systems. We point out that both wired and wireless systems have security vulnerabilities. These in software include authorization and authentication. Since maintaining the primary client device in a safe physical environment would negate the goal of a mobile platform, physical security challenges are fundamentally different in hardware. A third security flaw: a non-data-focused statistical study of wireless application usage might provide details about a patient or healthcare management strategy. Human and machine-oriented security solutions are considered concerning these challenges (Russell, Kawaguchi, & Qian, 2012).

Practical data driven-cybersecurity solution for healthcare data

Healthcare providers worldwide are becoming more concerned about medical device security as attackers concentrate on targeting these particularly exposed targets. Over the last several years, many instances where attackers actively penetrated a piece of medical equipment as part of more extensive assaults against hospitals have been discovered. (Note at End) Hospitals are now more in danger of hacking and ransomware, according to recent warnings from Interpol, the US Department of Homeland Security, and the UK's National Cybersecurity Centre. [Endnote 2] Unfortunately, as more linked medical devices are introduced into the clinical setting, the danger only increases (Sherman et al., 2020).

However, standard endpoint and network security solutions often ignore connected medical devices, which may account for up to 74% of the devices on a hospital network. There are two factors: First, connected medical devices that have received regulatory clearance are often sensitive to unanticipated voltage and performance variations and cannot thus support installing a security agent. In contrast to the rest of the data network, where conventional IT management and security sits, they are often managed and protected by a special team inside the hospital, such as clinical engineering, biomedical engineering, or medical technology management. Aside from VLANs and firewalls at ingress/egress points, the network security tools used by individuals in charge of the data network and assets (laptops, desktops, mobile devices, servers) often cannot distinguish medical device traffic. Specialized medical device security devices bridge this gap by offering visibility and control through passive links to networking infrastructure (Sherman et al., 2020).

According to Forrester (a research and advisory company that offers a variety of services, including research, consulting, and events), the criteria for evaluating commercial data-driven cybersecurity solutions for the healthcare sector the following criteria should be considered: architectures, analytics, reporting, attack response, threat research, device visibility, vulnerability management, integrations, vision, roadmap, and market approach. Armis, CyberMDX, Cynerio, Forescout, Gurucul, Medigate, Order, and Palo Alto Networks were the eight most prominent vendors in the burgeoning market for medical device security solutions assessed (Sherman et al., 2020).

Conclusion

Software for medical equipment should provide strong data security and effectively counteract cyberattacks. Such a contemporary solution will also meet the FDA and EU criteria for data protection. As a result, it may be used by medical institutions anywhere. In addition to the solution, manufacturers must stay current on the latest cybersecurity risks and defenses. To combat the growing number of cyberattacks, they must constantly work to reinvent themselves. This will contribute to the development of gadgets that can better safeguard and preserve the private Information of millions of people. Additionally, it aids in promoting cybersecurity in the global medical community. A team of healthcare professionals and an educated populace will also aid in the defense against cyberattacks (Kh, 2022).

References

Abouelmehddi, K., Beni-Hessane, A., & Khaloufi, H. (2018). Big healthcare data: Preserving security and privacy. Journal of Big Data, 5(1), 1-18. https://doi.org/10.1186/s40537-017-0110-7

Al-Azzam, M. K., & Alazzam, M. B. (2019). Smart city and smart-health framework, challenges, and opportunities. International Journal of Advanced Computer Science and Applications, 10(2), 171-176. https://doi.org/10.14569/IJACSA.2019.0100223

Astaras, S., Efremidis, S., Despotopoulou, A.-M., Soldatos, J., & Kefalakis, N. (2019). Deep learning analytics for IoT security over a configurable big data platform: Data-driven IoT systems. Proceedings of the 2019 22nd International Symposium on Wireless Personal Multimedia Communications (WPMC) (pp. 1-6). Lisbon, PT: IEEE. https://doi.org/10.1109/WPMC48795.2019.9096076

Ebeling, M. E. (2022). Afterlives of data: Life and debt under surveillance. Berkeley, CA: University of California Press. https://doi.org/10.1525/9780520973824

Hendersoon, R. (2020). Using graph databases to detect financial fraud. Computer Fraud & Security, 2020(7), 6-10. https://doi.org/10.1016/S1361-3723(20)30073-7

Kh, R. (2022). Importance of data-driven cybersecurity for medical device companies. Smart Data Collective: https://www.smartdatacollective.com/importance-of-data-driven-cybersecurity-for-medical-device-companies/

Klimas, M. (2022). Identity protection: What is a data broker (and what do they sell?).Surfshark: https://surfshark.com/blog/what-is-a-data-broker

Liu, J., Bier, E., Wilson, A., Guerra-Gomez, J. A., Honda, T., Sricharan, K., . . . Davies, D. (2016). Graph analysis for detecting fraud, waste, and abuse in healthcare data. AI Magazin, 37(2), 33-46. https://doi.org/10.1609/aimag.v37i2.2630

Luxton, D. P., Kayl, R. A., & Mishkind, M. C. (2012). mHealth data security: The need for HIPAA-compliant standardization. Telemedicine and e-Health, 18(4), 284-288. https://doi.org/10.1089/tmj.2011.0180

Ma, J., & Li, S. (2019). Big data enabled anomaly user detection in mobile wireless networks. Proceedings of the 2019 IEEE 5th International Conference on Computer and Communications (ICCC), 2019 (pp. 479-484). Lisbon, PT: IEEE. https://doi.org/10.1109/ICCC47050.2019.9064292

Mbonihankuye, S., Nkuzimana, A., & Ndagijimana, A. (2019). Healthcare data security technology: HIPPA compliance. Wireless Communications and Mobile Computing, 1-7. https://doi.org/10.1155/2019/1927495

Mohamed, N., Al-Jaroodi, J., & Jawhar, I. (2020). Opportunities and challenges of data-driven cybersecurity for smart cities. Proceedings of the 2020 IEEE Systems Security Symposium (SSS) (pp. 1-7). Virtual: IEEE.

Rawat, D. B., Doku, R., & Garuba, M. (2021). Cybersecurity in big data era: From securing big data to data-driven security. IEEE Transactions on Services Computing, 14(6), 2055-2072. https://doi.org/10.1109/TSC.2019.2907247

Russell, S., Kawaguchi, A., & Qian, G. (2012). Development of a HIPPA compliant wireless medical data application: Wireless blood glucose monitor. Telemedicine and e-Health, 18(4), 284-288. https://www.researchgate.net/profile/Stewart-Russell-5/publication/221586699_Development_of_a_HIPAA_Compliant_Wireless_Medical_Data_Application_Wireless_Blood_Glucose_Monitor/links/0912f513f4560718e9000000/Development-of-a-HIPAA-Compliant-Wireless-Medical

Sherman, C., Maxim, M., Pikulik, E., Flug, M., & Dostie, P. (2020). Forrester. Retrieved from The Forrester New Wave: Connected Medical Device Security, Q2 2020: https://reprints.forrester.com/#/assets/2/1730/RES157303/reports

Shilo, S., Rossman, H., & Segal, E. (202). Axes of a revolution: Challenges and promises of big data in healthcare. Nature Medicine, 26, 29-37. https://doi.org/10.1038/Rs4ticle1591-019-0727-5

Sinclair, C., Pierce, L., & Matner, S. (1999). An application of machine learning to network intrusion detection. Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99), 371-377. https://doi.org/10.1109/CSAC.1999.816048