Behavior analysis in the medical sector: theory and practice

Behavior analysis has received considerable attention over recent years. In this paper, we apply behavior analysis to study the use of the Break-The-Glass (BTG) procedure at the Academic Medical Center (AMC), a large Dutch hospital. Similar to most hospitals, AMC employs the BTG procedure to deal with emergencies, which allows users to access patient data that they would not be normally allowed to access. This flexibility can be misused by users, leading to legal and financial consequences for the hospital. To assist AMC in the detection of possible misuses of the BTG procedure, in this work, we present an approach to analyze user behavior and apply it to a log collected from AMC. We partition users into different subgroups and build self-explanatory histogram-based profiles for users and subgroups. By comparing profiles, we measure to what extent users behave differently from their peers. The discussion of our findings with experts at AMC has shown that our approach can provide meaningful insights on user behavior and histograms are easy to understand and facilitate the investigation of suspicious behaviors.

[1]  Srdjan Marinovic,et al.  Rumpole: An Introspective Break-Glass Access Control Language , 2014, TSEC.

[2]  Jerry den Hartog,et al.  A white-box anomaly-based framework for database leakage detection , 2017, J. Inf. Secur. Appl..

[3]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[4]  Mark Strembeck,et al.  Model-driven specification and enforcement of RBAC break-glass policies for process-aware information systems , 2014, Inf. Softw. Technol..

[5]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[6]  Agustí Verde Parera,et al.  General data protection regulation , 2018 .

[7]  Andrew W. Moore,et al.  X-means: Extending K-means with Efficient Estimation of the Number of Clusters , 2000, ICML.

[8]  Boudewijn F. van Dongen,et al.  Controlling Break-the-Glass through Alignment , 2013, 2013 International Conference on Social Computing.

[9]  Achim D. Brucker,et al.  Extending access control models with break-glass , 2009, SACMAT '09.

[10]  Shian-Shyong Tseng,et al.  Two-phase clustering process for outliers detection , 2001, Pattern Recognit. Lett..

[11]  David W. Chadwick,et al.  How to Break Access Control in a Controlled Manner , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[12]  Carla M. Santos-Pereira,et al.  Using Clustering and Robust Estimators to Detect Outliers in Multivariate Data. , 2005 .

[13]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[14]  Nora Cuppens-Boulahia,et al.  Deployment of a posteriori access control using IHE ATNA , 2014, International Journal of Information Security.

[15]  Zengyou He,et al.  Discovering cluster-based local outliers , 2003, Pattern Recognit. Lett..

[16]  Babak Sadighi Firozabadi,et al.  Overriding of Access Control in XACML , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[17]  Joydeep Ghosh,et al.  Data Clustering Algorithms And Applications , 2013 .

[18]  Mohammed J. Zaki,et al.  ADMIT: anomaly-based data mining for intrusions , 2002, KDD.

[19]  M. Eric Johnson,et al.  Information security and privacy in healthcare: current state of research , 2010, Int. J. Internet Enterp. Manag..