Next Article in Journal
Enhancing Air Quality Prediction with an Adaptive PSO-Optimized CNN-Bi-LSTM Model
Previous Article in Journal
Enhanced Epileptic Seizure Detection through Wavelet-Based Analysis of EEG Signal Processing
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 14
Issue 13
10.3390/app14135785
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

The Risk Assessment of the Security of Electronic Health Records Using Risk Matrix

by
Khalid A. Alarfaj
* and
M. M. Hafizur Rahman
Department of Computer Networks & Communications, CCSIT, King Faisal University, Al Hassa 31982, Saudi Arabia
*
Author to whom correspondence should be addressed.
Appl. Sci. 2024, 14(13), 5785; https://doi.org/10.3390/app14135785
Submission received: 11 May 2024 / Revised: 8 June 2024 / Accepted: 13 June 2024 / Published: 2 July 2024
Browse Figures
Versions Notes

Abstract

:
The healthcare industry has been shifting toward electronic health records to improve operations, reduce overhead expenditure, and provide better healthcare. Electronic health records (EHRs) are supposed to offer the same levels of confidentiality and privacy as paper records, which have been used for decades. However, this is not the case, as the technology used to access, transmit, and store records poses a high risk to patients and healthcare organizations. Employees are a big risk to EHRs, as they use their devices to access information about a patient and discuss such records with other employees. Healthcare professionals also access patients’ records illegally. Such security loopholes have a high impact on EHRs, as people with malicious intent can use the records to access their financial records or blackmail them. External access to EHRs by cyber attackers poses the highest risk to the records and patients, as attackers are primarily driven by financial gain. On the contrary, internal access to data, though unethical, does not pose a grave danger to patients, as the employees mainly discuss the cases within themselves without any financial incentive to access the data. The current research provides a risk analysis of EHRs, the source of security problems, the impact of the risks involved, and risk management best practices that healthcare organizations can use to protect patients’ data.

1. Introduction

Electronic health records (EHRs) contain information relevant to the health, healthcare, and wellness of a person and are accessible in digital format through a computer per a given standard [1]. EHRs are recorded by healthcare professionals in healthcare centers. EHRs offer many benefits to healthcare institutions and patients alike. EHRs reduce operating costs and improve the quality of medical care. Safety is also enhanced, as medical errors are reduced, which also directly contributes to a reduction in financial costs associated with seeking treatment. Patients feel satisfied with the healthcare services offered [2]. Patients’ medical records are stored for a prolonged period to provide quality care and patient follow up.
Despite EHRs’ advantages to patients and healthcare institutions, they face many security issues. The recent data breaches in different hospitals worldwide show how vulnerable digital healthcare databases are to cyber-attacks. Also, the massive amounts of information stolen and, at times, leaked to the public prove that EHRs are more susceptible to external attacks than manual records, and a single attack can have devastating consequences for millions of patients. A case example is Community Health Systems (CHS), one of the largest healthcare providers in the U.S., which was attacked by cybercriminals, exposing data belonging to more than a million patients [3]. Recent news [4] discusses one of the most significant data breaches in history, involving HCA Inc. healthcare, where cyber attackers gained hold of records for more than 11 million patients after infiltrating external storage used by the organization.
The security concerns of EHRs make many patients and healthcare professionals overly cautious about them. A study [2] in the U.S. shows that more than two million Americans with mental illnesses never sought medical care due to privacy concerns. A study by Keshta and Odeh [5] shows that patients with infections and those who face infertility or who procured an abortion tend to avoid divulging their medical history due to privacy, and EHRs make this worse. Such patients avoid medical support altogether if they have any feelings that their data will be stored digitally.
A risk analysis of EHRs involves identifying the risks involved in digitizing hospital records. The sources of security problems are identified. The probability of occurrence is evaluated, with the possible impact on the organization being investigated to provide an overview of the extent of the damage the problem poses to the organization [6]. A risk probability and assessment scale shown in Table 1 below is used to analyze the risk of implementing EHRs. Solutions are offered to manage the risk, and monitoring is carried out to eliminate or minimize the risk.
The current research paper aims to explore security risks because of the implementation of EHRs. The study examines the significance of the risks, their impact on the healthcare institution and patients, and whether they warrant risk management. The research proposes implementing risk control to eliminate or reduce the risks to acceptable levels where patients feel safe in a healthcare institution.
The current study proposes using firewalls to control data flow and access control to restrict people from accessing the records. The use of artificial intelligence/machine learning (AI/ML) to restrict the flow of information in EHRs is suggested for further research.

2. Problem Statement

Healthcare organizations have relied on EHRs for some time, leading to security risks due to the nature of data storage and access. Most healthcare professionals prefer manual methods, as they cite security concerns with using EHRs. On the other hand, patients are cautious when divulging personal information such as infections and infertility whenever they know the information will be stored digitally. Such apprehension by healthcare professionals and patients shows a problem with EHRs. The technology used in storing, transmitting, and accessing EHRs is outdated and poses a high risk to the data. In the case of a successful cyber-attack, the risk is high, as an attacker who compromises the software used in the computer systems can obtain and leak all the data stored in such systems. Besides technology, employees working in a healthcare center pose the greatest danger to EHRs, as carelessness and ignorance can expose patients’ records to the wrong person. Employees pose the highest risk of exposing patient records due to a lack of knowledge of national and regional laws and security best practices when handling patients’ data.

3. Selection of Papers for Literature Review

3.1. Search String

Research for the literature review articles followed the PRISMA model shown in Figure 1. The present study searched for all relevant articles on EHR security using Google Scholar. A total of 75 scholarly articles were sourced based on the following criteria:
  • The year of publication;
  • EHR security problems outlined;
  • Proposed solutions offered to the security problems.
The exclusion criteria used included:
  • Research papers with duplicate information;
  • Articles based on the medical side of EHRs, as they deviated from the purpose;
  • Articles written more than five years ago;
  • Any article that did not provide accurate information about the technological aspects of EHRs.
The final set of 20 research articles was classified into two categories. The first category included studies about risk analysis of EHRs. The second category aimed to understand the risk management of EHRs.
From the Identification phase identifying records from all * sources, Google Scholar and Saudi Digital Library.

3.2. Research Paper Selection

The research papers selected had to meet several vital terms germane to the study, including the security of electronic health records, security of electronic medical records, security risks of electronic health records, information security of electronic health records, and security and privacy of electronic health records.

4. Background and Context

There is a need to protect patients’ records, as they hold private information such as their date of birth, addresses, phone numbers, financial details, and sensitive medical history. Security of such information is paramount, as such data can lead to catastrophic consequences for patients once leaked. People have been blackmailed using their medical records, while others have lost their money after their credentials were used to access their bank accounts. EHRs need to be secure. Technological advances provide various solutions that can be utilized to protect such data.
A total of 20 research articles were chosen for the study. A risk matrix was chosen to assess the risks posed in each article, and the level of each risk, and its severity. This matrix helps determine the best security strategy, mainly focusing on high-risk causes.

5. Challenges and Techniques

A previous study [2] explains the confidentiality, privacy, and security of EHRs. Digital healthcare records are to be protected from unauthorized access, as they have sensitive patient medical history and personal details. However, most healthcare institutions tend to disregard the privacy concerns of their patients and share the data with researchers, pharmaceutical companies, and the government. However, the most significant security and privacy breaches result from cyber-attacks, where the attackers target the data to sell it to the “dark web” for financial gain. Risk analysis shows that most data breach sources are administrative and technical, as healthcare professionals tend to share the data accidentally or knowingly. On the other hand, cyber attackers use vulnerabilities in the software used to store and transmit the records. The probability of a cyber-attack is high, as attackers constantly try to steal more data from healthcare institutions. Also, the likelihood of the healthcare institution sharing patients’ data without consent is high. The impact of a cyber-attack can be devastating, as the attackers use the data in varying ways, from extortion and blackmail to selling the data on the dark web. The impact of risks involved when a healthcare provider gives third-party access to the data is minimal, as the information is used for research or experimental purposes and not for malicious intent.
A risk analysis of EHRs shows that their weakest security link is the centralized nature of the system used to build them. The research [7] shows that decentralizing EHRs eliminates a central attack point, reducing the damage caused by a successful cyber-attack. The use of blockchain in EHRs provides security and privacy for patients. Security is provided through encryption algorithms, where the data is encrypted in transit and storage. Blockchain provides privacy through access control. The patients have full access to their data, and everyone else has restricted access through access control mechanisms. Blockchain provides privacy through zero-knowledge proof, where researchers, the government, and pharmaceutical companies have patients’ data on their treatment methods. There is a low probability of a successful cyber-attack on blockchain EHR systems, and in case of an attack, the impact is minimal, as the information is distributed in several locations, and accessing a single account does not provide all information about a healthcare provider.
One study [8] exposes the most significant security issue with EHRs. Hospitals in Australia and the UK have faced cyber-attacks leading to data breaches of millions of patients. Such attacks lead to trust problems between the healthcare providers and the patients, with many opting out of such systems. Most healthcare centers use generic security policies, which make them vulnerable to attackers. Many countries have local and international security policies for the healthcare industry. Still, attackers can bypass the security measures due to such policies. The risks are due to technical issues, as healthcare institutions use software meant for the public instead of customized healthcare software that is more secure. The probability of a cyber breach is high, as generic software is easily compromised. Furthermore, the impact of the risks associated with generic software is high, probably at 100%, since an attacker who compromises software such as the operating system or database can access all the data stored in the system. To manage the risks associated with cyber-attacks in healthcare institutions, machine learning (ML) can help healthcare centers determine legitimate and illegitimate security policies. ML can also help healthcare centers identify personal identifiable information (PII) in the policies they implement and thus be able to rule out the best policies to use to protect their patients’ data.
A published study [9] explores security loopholes in healthcare centers. Three-quarters of healthcare providers tend to share patients’ data using their personal smartphones. Personal smartphones do not have the same security features as institutional computers; in some circumstances, they get lost or stolen, exposing such data to third parties. Additionally, healthcare centers use off-the-shelf software such as Windows operating systems in medical devices such as MRI scanners, patient monitors, and X-ray machines. Other software includes commonly used databases and browsers. Like any other computer system, such software is vulnerable to attacks and viruses, exposing EHRs to the same attacks. The risks associated with the software are technical and have a low probability of occurrence due to the type of data stored in machines such as X-ray and MRI machines. Very few cybercriminals are interested in such data. In the case of a successful attack, the risk impact is minimal, since the data lost is about the patients’ images of part of their internal organs. To manage such a risk, the research paper proposes using technical and administrative measures to protect EHRs. Educating health professionals on security best practices helps. Also, firewalls and data encryption prevent intrusion in the network.
Another study [10] considers using packet-filtering firewalls to protect EHR data from cyber-attacks. Status inspection firewalls can also be utilized to protect the records using previously filtered data as the basis to filter malicious activities. Application-level filters can also be applied to prevent intrusion into the network. The study offers some basic concepts of the application of firewalls. Using such technology poses serious risks, as such firewalls cannot prevent attacks using modern hacking methods and tools. The risk impact of using such firewalls is great, as they offer little security.
One study [11] focuses on nurses working in various healthcare facilities in the UAE. Most nurses claimed improper access to patients’ data, which is a big issue affecting the security of EHRs. Most nurses also lacked knowledge of the use and benefits of simple software such as antivirus programs and their use in protecting their computers. The UAE has nurses from different countries who may unknowingly lack knowledge about its EHR laws and thus can expose EHR data to third parties. The sources of the risks include ignorance about privacy concerns on the part of the healthcare center employees. The risks involved are organizational, and healthcare centers need to train all their professionals about the privacy of patients’ information. The probability of the risk occurring is high, as healthcare professionals and other employees are bound to discuss a patient. Despite the high probability, the impact of the data breach is very low, as the employees are the ones with the information and not third parties such as cyber attackers or third parties intending to extort or blackmail the patient.
A recent study [12] focuses on the use of blockchain as a security measure for EHRs. Blockchain ensures that patients’ data is immutable and cannot be changed by third parties, and once written down, the patient or healthcare professional cannot modify it. Additionally, blockchain offers security for the data against external attacks, as only authorized persons can access the data. The access control only authorizes the patient and their healthcare professional to access the data. Once written, the information is encrypted, and a user must decrypt it to read it. Risks involved in blockchain security are minimal, as the technology is secure by nature. The solution offered is technical. The only source of security breaches is healthcare professionals who read and share the data with others. Otherwise, it is watertight. The probability of a security breach occurring for blockchain applications is very low, in the single digits. Risk impact can be catastrophic, as patients and healthcare professionals trust the technology.
Further research [13] focuses on insider attacks on EHR systems. Electronic records are vulnerable to external attacks through cyber breaches. The biggest attacks on EHR systems are insider threats, where employees access the information for malicious activities. Some employees can share their access credentials with external actors who intend to collect patients’ data for personal purposes. Sometimes, the employee’s credentials are stolen and used to access the system. In other circumstances, employees pretend to be real users of the computer system and access information they have no right to access. Other employees tend to be careless while accessing EHRs, disregarding the organization’s security policies and, in the process, risking data stored in institutions’ computer systems. The risks are organizational, as the employees are the source of the data breach. The probability of the risk occurring is high, as staffs may be careless due to a lack of knowledge of security best practices or the institution’s lack of training on security best practices. The risk impact is high, as a compromised employee is a high risk for a healthcare institution. Also, careless employees are at high risk, as attackers can target their behavior and use it to access the EHRs.
One study [14] examines the common vulnerabilities in the implementation of EHR. Most of the databases used in healthcare institutions do not have the same security levels as those used in financial institutions. The lack of advanced technologies in healthcare to protect patient information leads to SQL injections, brute force, cross-site scripting, and cross-site request forgery. Web frameworks used in developing web interfaces to access patients’ records tend to have security vulnerabilities that attackers use to access the database. Attacks on web frameworks and databases pose technical risks with a high probability of occurrence. For large hospitals and other healthcare centers, the chances of an attack are 100%, as cyber attackers try to steal personally identifiable information for financial reasons. The risk impact of an attack is catastrophic, as a leak of patients’ information exposes the hospital’s weakness, with patients losing trust in such a health institution, leading to a loss of revenue. Patients are the biggest losers, as their personally identifiable information is leaked to people with malicious intent. Patients’ sensitive health records are also leaked to people who can blackmail them with such information.
Another study [15] focuses on the security of EHRs as used by healthcare professionals within the boundaries of healthcare institutions. Whenever healthcare professionals access patients’ information remotely, the data is transmitted through a secure channel and encrypted to ensure attackers cannot read the data in the case of a successful attack on the transmission. However, EHRs are not encrypted within the healthcare institution, and healthcare professionals use their devices to access unencrypted data. The lack of encryption poses a significant risk to healthcare institutions. To manage EHRs, a healthcare institution needs an IT team with skills in telecommunications, computer sciences, and sensors. The risk category for a lack of encryption is technical, while that for IT skills is administrative. The probability of an attack risk for data transmitted within a healthcare institution is high. However, the impact of the risk is low, as other factors, such as firewalls and the levels of access of an employee, determine how much information an attacker gets in the case of a successful cyber-attack.
A study [16] conducted in Saudi Arabia shows that 38% of physicians are worried about EHR data being leaked through the internet. Also, only 58% of physicians agree that EHRs offer more privacy than paper-based records. Moreover, 82% of physicians reported sharing patients’ data with other physicians using electronic devices. Computers and, by extension, EHRs are important in healthcare, as they can be utilized to analyze how to treat a condition through the provided feedback. According to the physicians, there is no difference between paper-based records and EHRs. The probability of physicians sharing health records is high, at least 80%, though the risk impact from such actions is low, probably 0%. Sharing medical records between physicians does not pose any danger to the patients. However, the leakage of information through the internet poses a high risk to the patients. The probability of EHR data leakage is high, and the impact of the leak is high.
A recent study [17] explains the integration of big data into healthcare and the security threat that the digitization of healthcare information poses to patients. The largest internet leak of personal information is through medical websites and technology. The leak happens through both external cyber-attacks and internal sabotage. However, restricting access through blockchain solves the problem through access control, as internal players in the health sector have a small amount of data to leak, and external attacks do not leak the entire database. The probability of internal and external leakage is high. However, the impact of internal sabotage is low, as the people involved may be targeting specific people. At the same time, the effects of external attacks are high since attackers target the entire database. Blockchain applications reduce the impact of both internal and external data leaks.
Further research [18] shows that cryptographic and mathematical algorithms are applicable to EHR security. Asymmetric cryptography with both private and public keys can protect data against cyber-attacks. Additionally, role-based access control can ensure that only patients and healthcare professionals can access the medical records, with everyone else, including hospital administration, accessing redacted information. Access control and asymmetric cryptography are essential in case EHRs are stored in the cloud. Mathematical algorithms are used to protect health records while in transit, ensuring the data is not readable except to the receiver and sender. Such security reduces the risks of cyber-attacks. For a successful attack on EHRs, the impact is minimal, as access control ensures data is redacted and the entire database is not accessible.
One study [19] exposes the weakness in EHRs. Some of the technologies used in EHRs are outdated and pose a serious security threat to the records. EHRs are integrated into IoT devices and other electronic gadgets such as health insurance IC cards and doctors’ smart cards. The smart card is used to retrieve medical records from the database using a unique doctor’s signature key. The IC card holds patients’ details. The two cards are a security risk, as they have small computational power and memory to enable them to encrypt the data they transmit. The probability of an attack emanating from the cards is medium-low. However, a successful attack can lead to a high-risk impact, as patient details can be leaked to the wrong hands.
Recent research [20] explains the vulnerabilities in EHRs as a result of using the cloud. Cloud networks tend to centralize the data. To overcome the vulnerabilities and challenges of data centralization, distributed architecture ensures the data is spread to different servers. On top of decentralization, encryption and proxy re-encryption can ensure data privacy. EHR sharing protocols can be used to secure the data, ensuring only specific devices access the data. Finally, authorization can be added to security protocols to ensure that only authorized people access the data. The probability of a cyber-attack with such security is very low. Even if a successful attack is successful, the impact is still low, as attackers’ access only part of the data, and it is hard to store all information in a decentralized system.
Further research [21] delves into the evolution of EHRs and how security has been incorporated into their use. Traditional EHRs lacked privacy features and thus were prone to cyber-attacks. However, modern EHR systems have anonymization algorithms that provide privacy, control access to records, and deliver a safe platform to share data between patients and health professionals. Other security measures include recognition and classification algorithms that provide selective encryption to sensitive details about patients’ records. Access to such records shows redacted information. The probability of an attack occurrence is medium-low for such a secure EHR system, and the impact is still low, as the information has already been redacted.
One study [22] notes that the biggest concerns regarding the application of EHRs revolve around security, privacy, and confidentiality. Patients fear their data may be leaked and thus have trust issues when divulging information to healthcare professionals. However, the biggest data leaks do not occur through cyber attackers but through healthcare professionals who share the information among themselves and with other entities. The probability of healthcare professionals sharing patients’ data is very high. Despite such data sharing, the impact on patients is minimal, as healthcare professionals tend to share the data to seek solutions and not to expose the patients.
Recent research [23] looks into the privacy control mechanisms used by some countries. The first mechanism includes implementing laws and ensuring that all healthcare providers abide by such rules. The second involves management methods such as access control, where various employees in a healthcare organization have different access to the records. The third mechanism involves the use of technology such as data encryption and the use of digital signatures, where the healthcare professional must sign into their account with full credentials to access EHRs. The probability of a cyber-attack in such a system is medium-high. However, in the case of a successful attack, the impact is catastrophic, as attackers can use the full credentials of a healthcare professional to access the system. More security features are required.
EHRs face security threats such as malware, phishing attacks, cloud threats from cloud providers, insider attacks, and encryption blind sports. A recent study [24] explains that the origin of the security problems includes a lack of training on EHR security for healthcare professionals. Remote storage, mostly in the cloud, adds another security loophole. Accessing EHRs using mobile devices such as smartphones and laptops increases the attack surface, as such devices are not secure. The probability of a cyber-attack for healthcare organizations allowing employees to access EHRs using personal electronic devices is high, almost certain. The impact of a successful attack is catastrophic, as the attacker has many devices they can compromise and later use to access the EHR database, causing havoc. The cloud systems are not secure by default, and this exposes the healthcare organization to more cyber-attacks.
Further research [25] aims to understand security and privacy during the development of the healthcare system. The security of the system is achieved by restricting access to the data in its lifecycle. Privacy is achieved through laws and policies regarding people and entities that can view medical and financial information stored in the system. The authentication of individuals, authorization, and providing access are necessary for a secure system. However, such a system is prone to attack, as attackers use sophisticated methods to penetrate the system. The impact of a successful attack is catastrophic. Such a system is a huge threat to the organization, as the data still needs to be encrypted and communication channels secured.

6. Proposed Work

The biggest challenge to EHRs is illegal access by external or internal agents. Cyber attackers target EHRs for the financial benefit they derive from the information they steal. On the other hand, internal actors access information unethically and share it with their colleagues without regard to patients’ privacy.
One of the characteristics of EHRs is that they feature a one-way writing of information. Healthcare professionals are writers of the medical records, and everyone else reads the information without altering it. The finance and insurance departments write about expenses incurred and payments for healthcare services. Once information is written, it is immutable. Such characteristics of EHRs can provide solutions to illegal access to the records.

6.1. Firewalls

Firewalls can provide security for stored data. Firewalls filter information according to policies configured in the firewall device. For instance, a firewall can have rules configured to accept traffic only from port 443 (HTTPS) and restrict traffic from all other ports. A healthcare institution needs a firewall to protect the EHRs from external and internal agents. A firewall must be configured to accept traffic from certain ports used by the hospital user interface and block all other traffic. Additionally, since healthcare professionals read only one patient’s record in a given time, the firewall can be configured to block any request for large amounts of data by anyone, including employees with the right to access the data. Figure 2 below shows the concept of blocking outbound traffic.
The firewall needs to block outgoing traffic based on several parameters. First, the firewall can limit the traffic based on the normal usage of the healthcare institution. Most healthcare institutions have a normal rate of accessibility of the EHRs, and a huge burst in traffic shows unintended and illegal activities in the EHRs. An external attacker accessing EHRs usually accesses large amounts of traffic in a short time, representing a burst in traffic at that time, which can be detected by the intrusion and detection capabilities of modern firewalls. The firewall can block such access and the IP address from which the attacker is accessing the EHRs.

6.2. Access Control

Firewalls limit access control to the EHRs as a whole. There is a need to limit access to large files from the database. Various methods can be implemented to limit access. The first method is limiting it from a database point of view. The database has multiple accounts that write and read the data. The database administrator can configure it to be written by specific people, and once written, the data is to be read only. Second, the administrator can limit reading large amounts of data in a short period, which limits each account to a limited number of patient records in a day. The operating system that hosts the EHRs can also be used to limit access, as each account used by different departments can have file limiting, only accessing a limited amount of information in a given period. Access control should also limit downloading or transferring data and reading data not related to one’s domain. For instance, healthcare professionals should be limited to reading patients’ medical histories without access to their insurance or financial payment, making it hard for any person with access to the accounts to access the complete profiles of the patients.

6.3. BYOD

Healthcare institutions can have basic policies on the devices that access EHRs. Healthcare professionals love to bring their (your) own devices (BYOD) to their place of work and use them to access patients’ databases. The institution can ban any personal device from being used for official duties. All healthcare professionals can be offered organizational devices to be used solely for work-related duties and block any other use, such as accessing social media or the internet. The organization’s devices can be encrypted to ensure they have the required security to access patients’ information.
Besides restricting access to BYOD, the organization can also have a VPN for all work-related mobile devices used by healthcare professionals to ensure they use a secure channel when accessing EHRs. Any attacker on the network cannot access the healthcare database, as only authenticated and authorized devices and personnel can access it remotely.
All devices accessing EHRs should have a time limit to ensure they access patients’ records in a short duration of time. For instance, a doctor accessing a patient record should be limited to accessing one record in a given period and must authenticate again to continue accessing the records. The authentication ensures the person accessing the records is the one supposed to access them. An attacker who accesses the records using stolen credentials would have to authenticate the device accessing the records and also authenticate himself through his account after a short period, which makes it harder for the attacker to continue being in the network for a prolonged period.

6.4. Training Employees on Security Best Practices

Using technology alone to secure an organization is never enough. Employees provide the best security; as such, they need to be trained on the best practices to secure the system. Employees can be taught how to handle patients’ data and detect anomalies on the internet or in emails. Employees should learn to detect suspicious activities, such as logins to the healthcare institution’s computer systems using their credentials, and the best approach to use in case they detect suspicious activities.

7. Discussion

There are sophisticated methods for protecting EHRs, and most of them work. However, some basic techniques provide the best security by detecting anomalies in accessing the records. EHRs usually feature a one-way writing of information. The records are not as interactive as social media platforms or messaging applications, and the written information is immutable. Writing information is inbound, and there is a huge amount of information being written by healthcare professionals, finance departments, and health insurance at any given moment. However, the amount of information being read or accessed is small, as the healthcare professionals or insurance agents read one patient’s data at a time. Firewalls can detect such behavior and block access to huge records in a short duration, which often means the person accessing the records is not a healthcare professional, accountant, or insurance agent. Blocking the access and the device’s address accessing the records protects the information. Research has shown that EHR access poses serious security threats, as attackers can access the private and sensitive data and use it for malicious purposes. Research has also shown that internal employees and cyber attackers are the two main threats to health records. The employees tend to share patients’ data, which violates patients’ privacy. However, the risk from such access is low, as the employee rarely uses the information for malicious purposes. Cyber attackers pose the highest risk, as their primary intention is to gain financially by blackmailing patients with their health records or using their personal details to access their financial accounts.
The research has also shown that the lowest risks are a result of enhanced security using access control and redacting patient data when accessing the information. Using personal devices poses a high risk due to their weak security. The use of generic off-the-shelf hardware and software poses the highest risk to EHRs, as cyber attackers know how to penetrate such software and hardware. Some solutions that are offered provide the best security against access to patients’ records. For instance, the use of blockchain ensures that everyone has limited data on patients, and cyber attackers cannot gain complete information. Medical and insurance records of any patient are accessed using separate accounts, ensuring patients’ security and privacy.
Possible impacts of accessing EHR data include exposure to personal and sensitive data on millions of patients. The access can also lead to blackmail, extortion, or using the details to conduct another malicious attack on a patient’s financial accounts. Cyber attackers target healthcare institutions for the financial gain they receive and thus will do anything for money. Internal access to the data poses no significant danger, as the employees are only interested in the details for personal conversations with other employees. Besides the ban, all healthcare professionals should be taught basic security best practices, such as noting suspicious emails or logins using their credentials.

8. Real-Life Use Case

Healthcare professionals can protect the organization they work for by receiving training on security best practices and following them. Most security breaches are the result of employees misusing their access to healthcare records. Using personal devices is one way that healthcare professionals violate the privacy of their patients, as their devices are not secure. A ban on personal electronic devices can eliminate the issue of insecure personal devices being used to access EHRs.
Most security breaches in organizations start with phishing attacks, where a cyber attacker uses an employee’s stolen credentials to access the organization’s data. A knowledgeable workforce is critical to protecting an organization, as employees will protect their credentials and observe security best practices, such as not opening suspicious emails that contain the malware used in phishing attacks. Training employees on the best security methods is the best strategy an organization can use to protect itself.
Besides the human factor, cyber attackers have developed sophisticated technology and skills to compromise an organization’s security. To counteract such advances, organizations have to use the latest security technology to protect their sensitive data. Next-generation firewalls have become essential for computer systems. These firewalls have the capacity to filter traffic according to set policies and have the capabilities of intrusion detection and prevention systems (IDSs/IPSs), which detect traffic anomalies and prevent them. Also, modern firewalls have machine learning capabilities to understand traffic and detect anomalies in outbound and inbound traffic. Next-generation firewalls are essential for healthcare organizations, as they protect their data from being accessed through suspicious ports and alert network administrators of suspicious activities, helping them understand the types of attacks and thus improve their security.
Access control is mandatory for any organization to prevent any employee, group, or team from having a large amount of information that can compromise the organization. For EHRs, access control ensures that each person has limited access to information, making it hard for any one individual to access complete patient profiles and reducing the chances of cyber attackers or insiders using one account to access patients’ data. Access control is mainly ensured through role-based access, where each employee has access according to their role. The billing department only has information about patients’ expenses, while physicians have the patient’s medical history. The front desk only has patients’ appointments. Such access makes it hard to build a profile of an individual and thus adds an extra layer of security to EHRs. Here is the Risk matrix of real-life use cases (Figure 3).

9. Future Work

Firewalls protect outbound traffic. Artificial intelligence/machine learning (AI/ML) is being applied in the security domain to detect and block cyber-attacks. The integration of AI/ML and firewalls can provide better security. Future research should concentrate on how machine learning can enhance the capabilities of firewalls and their intrusion and detection capabilities to offer better protection.
Also, there is a need to investigate the applications of firewalls in the cloud to provide cloud security and determine the best type of firewalls to use in such a scenario. Healthcare institutions use the cloud to store data but use web interfaces to write and access it. There are different applications and interfaces used that require different types of firewalls. Such applications should be investigated.
Studies should be conducted on the provision of limited access to a database and the specific point where such access should be provided. There is database access, operating system access control, and device access control. Research should be conducted on the best access control method for EHR applications.

10. Conclusions

The biggest security threat to EHRs is employees’ and cyber attackers’ illegal access to the database. The security of patients’ information is compromised once the information leaks to third parties who have malicious intent. Privacy is also breached by the attack and by employees who access such records and share them among themselves. However, the risk impact of employees accessing patients’ data is low, as only a few employees have malicious intentions when accessing the data. There is a need to restrict access by employees and anyone who tries to access the data. In a healthcare institution, no single individual needs to access the entire database or a large portion of the database at any given moment. Only government agencies and researchers need such data, and the IT administrators can provide access with full authorization from the hospital administration. EHR security has to eliminate any loophole or entity requesting access to large amounts of data. Firewalls are the first security defense mechanism to prevent such access. Firewall rules can be configured to limit access to outbound EHR data. Such rules will limit attackers’ capabilities to access large amounts of information from EHRs. Healthcare organizations can also ban using personal electronic devices to access health records and provide devices with strong encryption to secure data. Also, healthcare organizations should have VPNs to provide secure remote access to EHRs, ensuring that healthcare professionals can work remotely while protecting their patients’ records.

Funding

This work was supported by the Deanship of Scientific Research, Vice Presidency for Graduate Studies and Scientific Research, King Faisal University, Saudi Arabia [Grant No. KFU241161].

Data Availability Statement

Not applicable.

Acknowledgments

The authors extend their appreciation to the Deanship of Scientific Research, Vice Presidency for Graduate Studies and Scientific Research, King Faisal University, Saudi Arabia. The authors would like to thank the anonymous reviewers for their insightful scholastic comments and suggestions, which improved the quality and clarity of the paper.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Tsai, C.H.; Eghdam, A.; Davoody, N.; Wright, G.; Flowerday, S.; Koch, S. Effects of electronic health record implementation and barriers to adoption and use: A scoping review and qualitative analysis of the content. Life 2020, 10, 327. [Google Scholar] [CrossRef] [PubMed]
  2. Tertulino, R.; Antunes, N.; Morais, H. Privacy in electronic health records: A systematic mapping study. J. Public Health 2023, 32, 435–454. [Google Scholar] [CrossRef]
  3. Fox, A. Community Health Systems reports Go Anywhere hacked. Healthcare IT News, Feburary 2023. Available online: https://www.healthcareitnews.com/news/community-health-systems-reports-goanywhere-hacked (accessed on 10 May 2024).
  4. Alder, S. 11.27 Million HCA Healthcare Patients Affected by Recent Cyberattack. HIPAA J. July 2023. Available online: https://www.hipaajournal.com/hca-healthcare-cyberattack-data-breach-2023/ (accessed on 10 May 2024).
  5. Keshta, I.; Odeh, A. Security and privacy of electronic health records: Concerns and challenges. Egypt. Inform. J. 2021, 22, 177–183. [Google Scholar] [CrossRef]
  6. Cooper, T.; Fuchs, K. Technology Risk Assessment in Healthcare Facilities. 2013. Available online: https://array.aami.org/doi/full/10.2345/0899-8205-47.3.202 (accessed on 10 May 2024).
  7. Kiania, K.; Jameeii, S.M.; Rahmani, A.M. Blockchain-based privacy and security preserving in electronic health: A systematic review. Multimed. Tools Appl. 2023, 82, 28493–28519. [Google Scholar] [CrossRef]
  8. Nowrozy, R.; Ahmed, K.; Wang, H.; Mcintosh, T. Towards a universal privacy model for electronic health record system: An ontology and machine learning approach. Informatics 2023, 10, 60. [Google Scholar] [CrossRef]
  9. Basil, N.N.; Ambe, S.; Ekhator, C.; Fonkem, E. Health records database and inherent security concerns: A review of the literature. Cureus 2022, 14, e30168. [Google Scholar] [CrossRef]
  10. Kruse, C.S.; Smith, B.; Vanderlinden, H.; Nealand, A. Security techniques for electronic health records. J. Med. Syst. 2017, 41, 127. [Google Scholar] [CrossRef] [PubMed]
  11. Bani Issa, W.; Al Akour, I.; Ibrahim, A.; Almarzouqi, A.; Abbas, S.; Hisham, F.; Griffiths, J. Privacy, confidentiality, security and patient safety concerns about electronic health records. Int. Nurs. Rev. 2020, 67, 218–230. [Google Scholar] [CrossRef] [PubMed]
  12. Abunadi, I.; Kumar, R.L. BSF-EHR: Blockchain security framework for electric health records of patients. Sensors 2021, 21, 2865. [Google Scholar] [CrossRef] [PubMed]
  13. Hurst, W.; Tekinerdogan, B.; Alskaif, T.; Boddy, A.; Shone, N. Securing electronic health records against insider- threats: A supervised machine learning approach. Smart Health 2022, 26, 100354. [Google Scholar] [CrossRef]
  14. Adamu, J.; Hamzah, R.; Rosli, M.M. Security issues and framework of electronic medical record: A review. Bull. Electr. Eng. Inform. 2020, 9, 565–572. [Google Scholar] [CrossRef]
  15. Aladwani, S.O.; Almotairi, M.A. Security & privacy of electronic health records. J. Med. Sci. Clin. Res. 2023, 11, 88–93. [Google Scholar]
  16. Alshahrani, A.; Jamal, A.; Tharkar, S. How private are the electronic health records? Family physicians’ perspectives towards electronic health records privacy. J. Health Inform. Dev. Ctries. 2021, 15. Available online: https://www.jhidc.org/index.php/jhidc/article/view/298 (accessed on 10 May 2024).
  17. Zhao, Y.; Cui, M.; Zheng, L.; Zhang, R.; Meng, L.; Gao, D.; Zhang, Y. Research on electronic medical record access control based on blockchain. Int. J. Distrib. Netw. 2019, 15. [Google Scholar] [CrossRef]
  18. Gariépy-Saper, K.; Decarie, N. Privacy of electronic health records: A review of the literature. J. Can. Health Libr. Assoc. 2021, 42, 74–84. [Google Scholar] [CrossRef] [PubMed]
  19. Chen, H.; Wu, Z.; Chen, T.; Huang, Y.; Liu, C. Security privacy and policy for cryptographic based electronic medical information system. Sensors 2021, 21, 713. [Google Scholar] [CrossRef] [PubMed]
  20. Wang, Y.; Zhang, A.; Zhang, P.; Wang, H. Cloud-assisted EHR sharing with security and privacy preservation via consortium blockchain. IEEE Access 2019, 7, 136704–136719. [Google Scholar] [CrossRef]
  21. Li, Q.; Yu, H.; Li, W. Information sharing and privacy protection of electronic nursing record management system. Sci. Program. 2022, 2022, 4169340. [Google Scholar] [CrossRef]
  22. Nair, J.; Alshaikh, M.; Culnane, C. A comparative study of security and privacy in electronic health records. J. e-Health Manag. 2020, 2020, 557564. [Google Scholar]
  23. Wang, Q.; Zhou, G.; Wang, C.; Cheng, H. Research on privacy-preserving methods of electronic medical records. IOP Conf. Ser. J. Phys. Conf. Ser. 2019, 1176, 022029. [Google Scholar] [CrossRef]
  24. Sharma, D.; Prabha, C. Security and privacy aspect of electronic health records: A review. In Proceedings of the 2023 International Conference on Advancement in Computation & Computer Technologies (InCACCT), Gharuan, India, 5–6 May 2023. [Google Scholar]
  25. Abdulhameed, I.S.; Al-Mejibli, I.; Neif, J.R. The security and privacy of electronic health records in healthcare systems: A systematic review. Turk. J. Comput. Math. Educ. 2021, 12, 1979–1992. [Google Scholar]
Applsci 14 05785 g001
Figure 1. Criteria used to select research papers using PRISMA.
Figure 1. Criteria used to select research papers using PRISMA.
Applsci 14 05785 g001
Applsci 14 05785 g002
Figure 2. Restricting Outgoing Traffic using Firewall.
Figure 2. Restricting Outgoing Traffic using Firewall.
Applsci 14 05785 g002
Applsci 14 05785 g003
Figure 3. Risk matrix of real-life use cases.
Figure 3. Risk matrix of real-life use cases.
Applsci 14 05785 g003
Table 1. Levels of probability and severity of risk [6].
Table 1. Levels of probability and severity of risk [6].
ScaleSafetyEffectivenessSecurity
CatastrophicSevere injury, deathPlanned operation is no longer possibleMay cause system extended outage or permanent closure, causing operations to resume in a Hot Site environment. May result in complete compromise of information or services.
HighPermanent impairment of body function or permanent damage to a body structurePlanned operation is disrupted or delayedMay cause considerable system outage and loss of control, customers, and business confidence. May result in the compromise of large amounts of information or services.
MediumTemporary and minor injury, medical intervention requiredInconveniencing effect to planned operationWill result in some tangible consequence, albeit negligible and perhaps only noted by a few individuals or agencies. May cause embarrassment. Will require some expenditure of resources to repair.
LowTemporary discomfort, reversible without medical interventionVery limited or no impact on operationWill have some minor effect on the system. It may require minimal effort to repair or reconfigure the system.
NegligibleMinor and short-term discomfortWill have no impact if threat is realized and exploits vulnerability
LikelihoodDescription
ImprobableVery unlikely that use will result in any unintended consequence
RemoteNot likely to result in any unintended consequence
OccasionalSomewhat likely to result in any unintended consequence
ProbableVery likely to result in any unintended consequence
FrequentUnintended consequences occur frequently or occur every time
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Alarfaj, K.A.; Rahman, M.M.H. The Risk Assessment of the Security of Electronic Health Records Using Risk Matrix. Appl. Sci. 2024, 14, 5785. https://doi.org/10.3390/app14135785

AMA Style

Alarfaj KA, Rahman MMH. The Risk Assessment of the Security of Electronic Health Records Using Risk Matrix. Applied Sciences. 2024; 14(13):5785. https://doi.org/10.3390/app14135785

Chicago/Turabian Style

Alarfaj, Khalid A., and M. M. Hafizur Rahman. 2024. "The Risk Assessment of the Security of Electronic Health Records Using Risk Matrix" Applied Sciences 14, no. 13: 5785. https://doi.org/10.3390/app14135785

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop