Artificial Intelligence–Based Framework for Analyzing Health Care Staff Security Practice: Mapping Review and Simulation Study

BACKGROUND Blocklisting malicious activities in health care is challenging in relation to access control in health care security practices due to the fear of preventing legitimate access for therapeutic reasons. Inadvertent prevention of legitimate access can contravene the availability trait of the confidentiality, integrity, and availability triad, and may result in worsening health conditions, leading to serious consequences, including deaths. Therefore, health care staff are often provided with a wide range of access such as a "breaking-the-glass" or "self-authorization" mechanism for emergency access. However, this broad access can undermine the confidentiality and integrity of sensitive health care data because breaking-the-glass can lead to vast unauthorized access, which could be problematic when determining illegitimate access in security practices. OBJECTIVE A review was performed to pinpoint appropriate artificial intelligence (AI) methods and data sources that can be used for effective modeling and analysis of health care staff security practices. Based on knowledge obtained from the review, a framework was developed and implemented with simulated data to provide a comprehensive approach toward effective modeling and analyzing security practices of health care staff in real access logs. METHODS The flow of our approach was a mapping review to provide AI methods, data sources and their attributes, along with other categories as input for framework development. To assess implementation of the framework, electronic health record (EHR) log data were simulated and analyzed, and the performance of various approaches in the framework was compared. RESULTS Among the total 130 articles initially identified, 18 met the inclusion and exclusion criteria. A thorough assessment and analysis of the included articles revealed that K-nearest neighbor, Bayesian network, and decision tree (C4.5) algorithms were predominantly applied to EHR and network logs with varying input features of health care staff security practices. Based on the review results, a framework was developed and implemented with simulated logs. The decision tree obtained the best precision of 0.655, whereas the best recall was achieved by the support vector machine (SVM) algorithm at 0.977. However, the best F1-score was obtained by random forest at 0.775. In brief, three classifiers (random forest, decision tree, and SVM) in the two-class approach achieved the best precision of 0.998. CONCLUSIONS The security practices of health care staff can be effectively analyzed using a two-class approach to detect malicious and nonmalicious security practices. Based on our comparative study, the algorithms that can effectively be used in related studies include random forest, decision tree, and SVM. Deviations of security practices from required health care staff's security behavior in the big data context can be analyzed with real access logs to define appropriate incentives for improving conscious care security practice.

[1]  Wen Zhang,et al.  Specializing network analysis to detect anomalous insider actions , 2012, Security Informatics.

[2]  Lillian Røstad,et al.  A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[3]  George Spanoudakis,et al.  From Monitoring Templates to Security Monitoring and Threat Detection , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[4]  Kaushal Chari,et al.  Firewalls , 2002, Encyclopedia of Information Systems.

[5]  Zenglin Xu,et al.  Detecting Insider Information Theft Using Features from File Access Logs , 2014, ESORICS.

[6]  Terrence Ziemniak Use of Machine Learning Classification Techniques to Detect Atypical Behavior in Medical Applications , 2011, 2011 Sixth International Conference on IT Security Incident Management and IT Forensics.

[7]  Ali E. Abdallah,et al.  Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis , 2016 .

[8]  Xiaowei Li,et al.  Detecting Anomalous User Behaviors in Workflow-Driven Web Applications , 2012, 2012 IEEE 31st Symposium on Reliable Distributed Systems.

[9]  Steven Furnell,et al.  Information security conscious care behaviour formation in organizations , 2015, Comput. Secur..

[10]  Rafal Doroz,et al.  Electronic Health Record Security Based on Ensemble Classification of Keystroke Dynamics , 2016, Appl. Artif. Intell..

[11]  P. Yeng,et al.  Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study (Preprint) , 2019 .

[12]  Jerry den Hartog,et al.  A Hybrid Framework for Data Loss Prevention and Detection , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[13]  Stephen D. Wolthusen,et al.  Understanding Attribute-based Access Control for Modelling and Analysing Healthcare Professionals’ Security Practices , 2020 .

[14]  Mikaël Salaün,et al.  Behavioral appraoch for intrusion detection , 2015, 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA).

[15]  Michael Mackay,et al.  Density-Based Outlier Detection for Safeguarding Electronic Patient Record Systems , 2019, IEEE Access.

[16]  A. Tekkeşin Artificial Intelligence in Healthcare: Past, Present and Future. , 2019, Anatolian journal of cardiology.

[17]  Diane Dolezel,et al.  Cyber-analytics: Modeling factors associated with healthcare data breaches , 2018, Decis. Support Syst..

[18]  Stefan Germann,et al.  Artificial intelligence (AI) and global health: how can AI contribute to health in resource-poor settings? , 2018, BMJ Global Health.

[19]  Michael Mackay,et al.  A Hybrid Density-Based Outlier Detection Model for Privacy in Electronic Patient Record system , 2019, 2019 5th International Conference on Information Management (ICIM).

[20]  Régis Beuscart,et al.  Toward a Literature-Driven Definition of Big Data in Healthcare , 2015, BioMed research international.

[21]  Juan Jose García Adeva,et al.  Intrusion detection in web applications using text mining , 2007, Eng. Appl. Artif. Intell..

[22]  Lior Rokach,et al.  Detecting data misuse by applying context-based data linkage , 2010, Insider Threats '10.

[23]  Komminist Weldemariam,et al.  Host-based anomaly detection for pervasive medical systems , 2010, 2010 Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS).

[24]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly , 2008, IEEE Security & Privacy.

[25]  Bradley Malin,et al.  Detection of anomalous insiders in collaborative environments via relational analysis of access logs , 2011, CODASPY '11.

[26]  He Zhang,et al.  Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits , 2013, TMIS.

[27]  Arash Shaban-Nejad,et al.  Health intelligence: how artificial intelligence transforms population and personalized health , 2018, npj Digital Medicine.

[28]  Bian Yang,et al.  Observational Measures for Effective Profiling of Healthcare Staffs' Security Practices , 2019, 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC).

[29]  Soumya Ray,et al.  Big Data Security in Healthcare: Survey on Frameworks and Algorithms , 2017, 2017 IEEE 7th International Advance Computing Conference (IACC).

[30]  Sushil Jajodia,et al.  Access control for smarter healthcare using policy spaces , 2010, Comput. Secur..

[31]  Sherrie Drye Cannoy,et al.  A framework for health care information assurance policy and compliance , 2010, CACM.

[32]  David Pierrot,et al.  Hybrid Intrusion Detection in Information Systems , 2016, 2016 International Conference on Information Science and Security (ICISS).

[33]  Srikanta Tirthapura,et al.  Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams , 2017, IEEE Systems Journal.

[34]  Md Saiful Islam,et al.  A Systematic Review on Healthcare Analytics: Application and Theoretical Perspective of Data Mining , 2018, Healthcare.

[35]  Ali Dehghantanha,et al.  A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure , 2018, IEEE Access.

[36]  Carl A. Gunter,et al.  Modeling and detecting anomalous topic access , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[37]  Bradley Malin,et al.  Detecting Anomalous Insiders in Collaborative Information Systems , 2012, IEEE Transactions on Dependable and Secure Computing.