Data privacy in health care through cybersecurity
Issues around health care data privacy can essentially be reduced to one word – trust. When seeking treatment, patients share their entire health history, Social Security numbers, financial records and other private information.
Digital advancements have contributed to an exponential growth of health care data. While maintaining patient data privacy will remain a priority, that data also drives critical advancements in patient treatment and outcomes. Cybersecurity is the key to maintaining patient trust through data privacy protection and improving health care outcomes through research advancements.
The importance of data privacy in health care
The digital transformation in health care is improving patient care and outcomes. Mobile health devices collect and transmit patient data that can help monitor patients and even identify early health risks. Artificial intelligence is applied in heath care to improve clinician’s ability to screen patients and diagnose diseases. In precision medicine, doctors use genomic data to determine the most effective treatments for individual patients.
These are powerful improvements, but they rely on and produce massive amounts of health data. They also require reliable, efficient networks. Both that data and those networks must be protected through cybersecurity.
“Digital technologies make it easier and more efficient to deliver patient care and provide better outcomes,” says Dr. Uttam Ghosh, associate professor, cybersecurity. “However, the advancement of digital technologies and the growing interconnectedness between different healthcare systems come with increasing healthcare cybersecurity threats.”
What is cybersecurity and health care?
Cybersecurity in health care involves the protecting of electronic health records, health tracking devices, medical equipment, and software used for health care delivery and management from unauthorized access, use and disclosure. There are three goals of cybersecurity: protecting the confidentiality, integrity and availability of critical patient data. If this information is comprised, patient lives could be at risk.
The information held by health care organizations makes them popular targets for cyberattacks. Targets include protected health information, credits cards and bank account numbers, Social Security numbers, and intellectual property related to medical research and innovation.
“Phishing, malware, ransomware, theft of patient data, hacked Internet of Things devices are daily threats to protecting health care data and networks,” says Dr. Ghosh.
How does protecting data privacy impact health care overall?
Cybersecurity’s greatest benefit to health care is that it makes ongoing, ethical research possible.
“Protecting patients involved in research from harm and preserving their rights is essential to ethical research,” says Dr. Ghosh.
The primary goal of cybersecurity in health care is to protect patient data. However, the main reason to ethically and securely collect that health data is to support health research that will benefit society overall.
“Data privacy permits complex research and public health activities to be carried out while protecting individuals’ dignity,” says Dr. Ghosh. “At the same time, that research benefits individuals when it leads to new therapies, improved diagnostics and better ways to prevent illness and deliver care.”
The cost of cyberattacks in health care
The Ponemon Institute surveyed 641 health care IT and security practitioners in 2022. They found that 89% of the surveyed organizations experienced an average of 43 cyberattacks in the past year. Cyberattacks resulted in poor patient outcomes for 57 percent of those surveyed. They also increased complications from medical procedures for nearly half of them.
These cyberattacks can impact not only patient care, but can also prove costly for healthcare organizations. The Ponemon study also found that that the average total cost for the most expensive cyberattack experienced was $4.4 million, including $1.1 million in lost productivity.
Health care organizations must take steps for protecting themselves from attacks with cybersecurity training and awareness programs and employee monitoring.
Meharry SACS cybersecurity lab and classroom
Thanks to a grant from the CAE-Cybersecurity Education Diversity Initiative, Meharry SACS faculty and staff will tackle data privacy issues in its cybersecurity lab. The lab, Data-Driven Intelligence and Security for Cyber-Physical Systems (DISCS), will have the hardware and software necessary for cybersecurity in health care research.
The DISCS lab will also serve as the home for the new course, Privacy and Security in Health Care. The class will be added to the Biomedical Data Science Ph.D. program in 2024. That approach facilitates a hands-on, project-based learning environment.
The goal for the DISCS lab and course is to prepare students with a profound, comprehensive understanding of security risks and threats in health care. They will also master probable solutions for protecting and preserving privacy.
“Our students will learn essential skills in cybersecurity such as firewall configuration, privacy preservation using federated learning, secure coding, network security, drone-based integrations and other skills essential to cybersecurity,” says Dr. Ghosh.
Potential projects could include exploring ways for rural health care providers to securely transfer medical image files to and from the cloud.
“Those providers lack area network telecommunications bandwidth,” says Dr. Ghosh. “Our students will learn to use a centralized cloud server and multiple edge servers between the cloud server and health care providers so that they can safely transfer that data.”
Engaging students in protecting data privacy in health care
The DISCS lab focuses on using artificial intelligence to design and develop a secure and smart cyber-infrastructure for health care systems.
“We will integrate software-defined networking, 5G, edge, fog, and cloud technologies, along with AI tools, to provide efficient and secure data communication and processing for intelligent health care and cyber-physical systems,” says Dr. Ghosh.
Students will engage in health care date privacy issues through the following lab activities related to cybersecurity and networking.
- Firewall configuration
- Wireless LAN configuration
- Privacy preservation using federated learning in health care
- Network security
- Database security
- Operating system security
- Secure coding
- Android app development and testing
- Drone based integration
- Sensor integration
- Raspberry Pi camera based integration
- Edge-cloud interplay implementation
- Bio-metric sensor data Integration and processing
The DISCS lab design will support a variety of experiments for research on cyberattacks and network security.
Figure 1: Research Thrusts of DISCS -Lab
This is an example of lab setup for studies related to cyberattacks and network security. Experiments include IP spoofing, DNS cache poisoning, TCP session hijacking, denial of service (DoS), firewall configurations, MD5 hash function, message authentication code (MAC), digital signature and RSA based public key cryptography.
Figure 2: Example of Lab Setup for Network Security Experiments
Job demand for health care and cybersecurity
“In general, master’s and doctoral graduates with a background in cybersecurity are in high demand across a wide variety of industries including financial services, government, health care, manufacturing, and retail,” says Dr. Ghosh.
According to a CyberSeek study, employers listed 769,736 openings for cybersecurity positions or jobs requiring cybersecurity skills for the 12-month period ended in September 2022. The top 10 percent of cybersecurity professionals earn $156,583 per year whereas the security analysts earn average $98,350 per year.
Sources
Proofpoint, Inc., “New Ponemon Institute Study Finds that Cyberattacks Cause More Than Twenty Percent of Impacted Healthcare Organizations to Experience Increased Mortality Rates.” GlobalNewswire. Sept. 8, 2022. Accessed March 23, 2023.
CyberSeek., “Despite slowing economy, demand for cybersecurity workers remains strong.” Cision. PrNewswire. Jan. 25, 2023. Accessed March 23, 2023.
Next steps
The School of Applied Computational Sciences offers two master’s degrees—M.S. Data Science and M.S. Biomedical Data Science. The Ph.D. in Biomedical Data Science program is also available. Download our program brochures and get ready to learn the skills and methods you need to enjoy a rewarding career in data science.
Explore
You can also read about the skills and methodologies you will learn through our M.S. Data Science, M.S. Biomedical Data Science and Ph.D. Biomedical Data Science courses.
Contact us
Do you have questions about our programs? Contact an enrollment advisor at sacsenrollment@mmc.edu.
