Safeguarding Virtual Healthcare: A Novel Attacker-Centric Model for Data Security and Privacy

Outlet Title

2024 IEEE International Conference on Computer and Applications (ICCA'24)

Authors

Suvineetha Herath, Dakota State UniversityFollow
Haywood Gelman, Dakota State UniversityFollow
John Hastings, Dakota State UniversityFollow
Yong Wang, Dakota State UniversityFollow

Document Type

Conference Proceeding

Publication Date

12-2024

Abstract

The rapid growth of remote healthcare delivery has introduced significant security and privacy risks to protected health information (PHI). Analysis of a comprehensive healthcare security breach dataset covering 2009-2023 reveals their significant prevalence and impact. This study investigates the root causes of such security incidents and introduces the Attacker-Centric Approach (ACA), a novel threat model tailored to protect PHI. ACA addresses limitations in existing threat models and regulatory frameworks by adopting a holistic attacker-focused perspective, examining threats from the viewpoint of cyber adversaries, their motivations, tactics, and potential attack vectors. Leveraging established risk management frameworks, ACA provides a multi-layered approach to threat identification, risk assessment, and proactive mitigation strategies. A comprehensive threat library classifies physical, third-party, external, and internal threats. ACA's iterative nature and feedback mechanisms enable continuous adaptation to emerging threats, ensuring sustained effectiveness. ACA allows healthcare providers to proactively identify and mitigate vulnerabilities, fostering trust and supporting the secure adoption of virtual care technologies.

Recommended Citation

Herath, Suvineetha; Gelman, Haywood; Hastings, John; and Wang, Yong, "Safeguarding Virtual Healthcare: A Novel Attacker-Centric Model for Data Security and Privacy" (2024). Research & Publications. 93.
https://scholar.dsu.edu/ccspapers/93