The changes brought by informatization to society have a qualitative effect on the process of modernization of medical care. At the same time, the digitization of big data in healthcare creates numerous risks from the point of view of ensuring the confidentiality, integrity, and availability of information. Inadequate security is due to both objective and subjective reasons. Among them: are the lack of a sufficient number of qualified specialists in the field of information protection; budget restrictions; software conflict; lack of training in information security rules and skills of medical personnel; non-compliance with traditional cyber security practices; legal and ethical issues related to patient data. Determining the minimum and maximum possible degrees of risk of security breaches in information and telecommunication medical systems is the key to ensuring the protection of medical information. This confirms the significance and timeliness of this research, which is based on a risk-oriented approach. The analysis of the scientific literature, having allowed the designation of the components, is how the information-telecommunication system and the links between them are put together. For each asset, the source of the threat, the threat itself, and the variants of reaction to it are identified. The following violations are most common: theft of the patient's medical information (confidentiality threats); modification of the patient's medical information (threats to integrity); failure of individual components of the medical system (availability threat). A graphic and quantitative approach to the assessment of information security risks and methods and means of processing these risks are proposed. This study can serve cyber security specialists for modeling information protection in medical systems and be used in the educational process of students of 125 Cyber Security specialties.
Thanks to automation and programming,
artificial intelligence, and machine learning, the
modern medical world has received great
opportunities to effectively interact with patients
in making clinical decisions in both diagnosis and
treatment. However, at the same time, there is an
increase in cases of information security
violations in such systems [
Inadequate security is caused by several
reasons [
It is obvious that an organization’s security policy is a complex, routine process, but the ways to overcome security controls are becoming increasingly filigree, which urges scientists and practitioners to improve and create the most sustainable countermeasures.
With the birth of the Internet in the 1990s, the
possibilities of using personal computers and
mobile phones determined the rapid digitalization
in the medical field. A large database of
healthrelated data needs to be analyzed, stored, and
processed in real-time to make effective urgent
decisions, which is not possible without powerful
information technology. Modern medical
information systems are considered in the
integration of two directions:
• Information systems are used to store and
provide accessible data about services
made available by healthcare organizations
and other health-related organizations.
• Information systems store and provide
access to population data that are important
for surveillance, program evaluation,
policy development, and public health
priority setting [
Examples of Health Information Systems: Electronic Medical Records (EMR); Electronic Health Records (EHR); Practice Management Software; Master Patient Index (MPI); Patient Portals; Remote Patient Monitoring (RPM); Clinical Decision Support (CDS); Telemedicine.
There is no stable defined concept of
“telemedicine”. We will take as a basis the
definition presented by the World Health
Organization, Telemedicine—the provision of
medical services at a distance using information
and telecommunication technologies by all
medical workers to exchange reliable information
for the diagnosis, treatment, and prevention of
diseases and injuries, research and assessment, as
well as for the learning process of health care
workers, which takes place to improve the health
of individuals and communities [
The history of telemedicine began in 1964 at
the University of Nebraska School of Medicine
using a closed television system and continued to
be used in psychology [
The analysis of literary sources shows that
telemedicine has evolved through different
research stages, starting from telemedicine as a
simple communication environment that
complements traditional services, to automation
technologies and decision-making tools that
expand the scope and range of medical
services [
In Ukraine, the direction of telemedicine
started in 1935 with the organization of
teleelectrocardiography by the doctor and
scientist Maryan Franke in the city of Lviv.
However, stagnation had been observed for a long
time, though point research and clinical centers
were formed. In 2007, the State Clinical Scientific
and Practical Center of Telemedicine of the
Ministry of Health of Ukraine was established—
the only specialized healthcare institution created
for the implementation and development of
telemedicine in Ukraine. The sectoral normative
document on the use of telemedicine in Ukraine is
the Order of the Ministry of Health of March 26,
2010 No. 261 “On the implementation of
telemedicine in health care institutions” alongside
the methodological recommendations [
At the legislative level, telemedicine was
approved in 2015 by the Order of the Ministry of
Health of October 19, 2015 No. 681 [
Analysis of the literature [
Informatin-telecommunication
medical system Patient portal
Laboratorydiagnostic ІS
Pharmaceutical ІS
Providers of medical services
Database Service personnel
One of the goals of the telemedicine system is to preserve medical secrecy and confidentiality, the integrity of medical information about the patient’s health and statistical data, and the possibility of access to information at any time by authorized personnel. In other words, the priority task at the state level is to ensure the protection of information in telecommunication medical systems.
To build a protection system in information and telecommunication medical systems, it is necessary to identify threats and vulnerabilities of system elements, analyze and process information risks with the aim of managing them.
Information security risk is a numerical (verbal) function that describes the probability of the implementation of IS threats and the amount of damage from their implementation due to the use of asset vulnerabilities by these threats in order to harm the organization [35]. In this case, material damage to the patient or reputational damage is possible. IS risk management is understood as a continuous cyclic process that includes the following stages: risk identification (collection of information on assets, sources of threats, classification of threats and vulnerabilities; ranking of risks); risk analysis (qualitative and quantitative approach to risk assessment); risk assessment (the process of comparing the quantified risk with given risk criteria to determine the significance of IS risk); risk processing and acceptance. Fig. 2 presents the IS risk management process algorithm [36].
The effectiveness of IS risk management depends significantly on the assessment of these risks. A qualitative and quantitative approach to establishing IS risk values is distinguished. A qualitative approach can be carried out using a SWOT analysis [37], a quantitative result—a statistical method (if a sufficiently large amount of homogeneous data is given), the Monte Carlo method [38], the fuzzy set method [39], an expert method, and others. After a specific IS risk is identified and assessed, a decision must be made regarding its treatment—the selection and implementation of risk minimization measures. Information security risk management includes reducing, accepting (retaining), preventing, or transferring IS risk. This approach to creating an organization’s information security system is called risk-oriented.
Information systems are used in virtually all activities inherent in the field of medical services. This is the storage, access, processing, sharing, and transfer of health information; support in case of providing medical assistance to the patient; consultation and training of medical personnel; management of the healthcare system and business processes in it. This information is not static, it changes, and its quantity grows, this information environment needs protection from the point of view of ensuring confidentiality, integrity, and availability in real-time.
Confidentiality is defined as the property of
information such that it cannot be accessed by
unauthorized users and/or processes. Medical
Privacy: All medical records are subject to strict
laws governing user access privileges. According
to the law, security, and authentication systems
are required for those who process and store
medical records [40]. Violation of privacy is
called theft or disclosure of information. The most
typical ways of implementing this threat in
distributed systems are listening to
communication channels ("sniffing") and
changing the authorized entity. Violators can also
attack the end nodes of the system - file servers,
database servers, as well as user workstations
[
Information integrity is the property that
cannot be modified by users and/or processes that
do not have the appropriate authority to do so. The
integrity of the medical documentation implies the
accuracy of the complete medical record. This
category covers information management, patient
identification, verification of authorship, making
changes and corrections to records, and checking
records for documentation validity during
reimbursement claims [41]. A violation of this
category is called message falsification. It can be
implemented as a result of equipment failures and
failures, as well as due to careless or intentional
actions of users, including due to the action of
computer viruses and other malicious software.
Purposeful falsification in medical systems is not
so likely, but it can have very significant
consequences (for example, possible falsification
of information about a person's health, changing
the prescription or dosage of drugs) [
Availability of information is a property that
consists of the possibility of its use according to
the requirements of a user who has the appropriate
authority. Availability of medical documentation
is the property that electronic medical information
is available and suitable for use at the request of
an authorized person [42]. Denial of service (DoS)
is very common in distributed information
systems and can be implemented through DoS
attacks aimed both at end nodes in the
telecommunications system and at intermediate
nodes (routers). Also, a violation of the
availability of information can occur due to
equipment failures and malfunctions, which is
especially relevant for remote access systems, as
well as due to damage to communication channels
[
A breach of information security in medical
systems can cause not only material and
reputational damage to the patient. But also to the
deterioration of his health or even death in the case
of the use of medical products of the Internet of
Things. It should also be noted that the number of
attacks on groups of doctors increased from 2% of
the total number of violations in the first half of
2021 to 12% in the first half of 2022 [
and Telecommunication Medical
The functioning of the information and telecommunication medical system is carried out through the following processes: • Information.
• Telecommunication. • Processes of implementing operations using algorithms.
Fig. 3 presents a typical diagram of the
network of the information and
telecommunication medical system and shows the
flow of information through the various
components of the system. The source of
information security threats in this medical system
can be changed in the external environment
(natural disasters and accidents, earthquakes,
floods, fires, and other random events that are
unlikely), failures and failures of software and
hardware equipment, the consequences of errors
during the design and development of the system,
as well as the actions of medical workers, service
personnel, medical service as well as the actions
of medical professionals, service personnel,
medical service providers, patients, and external
offenders [
The main threats to information security in this medical system include: • Failure of software and hardware (threat of availability). • Theft, interception, leakage of information (threat to privacy). • Abuse of privileged access (threat to integrity and confidentiality). • Introduction of malicious software (threat to confidentiality, integrity, availability). • Insider activity (threat to privacy).
Identification of threats and assets affected by these threats is presented in Fig. 4.
It is especially necessary to outline the problem
of big data security in information and
telecommunication medical systems. The storage
of the patient’s personalized medical information
is complicated by its large volume, especially the
graphic type, and its heterogeneous structure. In
the study [
HD IP camera Videocamera
Database ПК PC of a patient
TherapeuticDiagnostic IC
Pharmaceutical IC ІС of providers of medical services ІС of service personnel
source Leakage of information
through communication channels (hacker attacks, introduction of malicious software, noncompliance with privileged access requirements)В Provision of
patient information to third parties (insider activity) Theft of media Modification of medical information, software and
hardware (introduction of virus software); non-compliance with privileged access requirements Blocking access to medical information (introduction of malicious software); software and hardware errors Destruction of media
Network devices and communication channels та канали зв’язку 1) Complete or partial disability of information
systems
To assess the risks of information security in the information and telecommunication medical system, we will apply a model in the form of a graph of attacks. Attack graphs are a method that can be used to explore the interactions between vulnerabilities in an entire system. On the other hand, the attack graph is a directed graph G = G(V, E), on which a set of scenarios (paths of attacks) simulating the infliction of damage by a malicious agent on the information system to be protected is studied [43].
The following types of attack graphs are distinguished [44]: • State enumeration graph (state enumeration graph)—in such graphs vertices correspond to triples (s, d, а), where s is the source of the attack, d is the target of the attack, and а is an elementary attack (or the use of a vulnerability); arcs indicate transitions from one state to another (Fig. 5). • Condition-oriented dependency graph— vertices correspond to the results of attacks, and arcs correspond to elementary attacks that lead to such results (Fig. 6). • Exploit dependency graph (graph of the conditions for the implementation of exploit opportunities)— vertices correspond to the results of attacks or elementary attacks, arcs reflect dependencies between vertices—the conditions necessary for the execution of the attack and the consequence of the attack (Fig. 7).
Next, we present a risk-oriented model based on the theory of graph attacks. Information and telecommunication medical systems will be presented in the form of an oriented graph ⃗ ( , ⃗⃗ ), where = { }, = ̅1̅̅,̅̅, are threats to the assets, ⃗⃗ is the connection between them. Arc ( , ) corresponds to the connection of the threat with the threat , the probability of which is the result of the realization of the threat .
For each threat , = ̅1̅̅,̅̅, let us determine the following parameters: • is the frequency of the threat . • is the probability of the threat being realized . • is the coefficient of damage from the realization of the threat . • ( ) is the value of the asset , ⊂ , where is the set of assets targeted by the threat .
is the probability of choosing the Then the quantitative indicator of risk is implementation path of the threat , connected to the threat . calculated according to the formulas: = ∑ ( ), = + ∑
,
For example, Fig. 8 presents a part of the information system, (1) (2) number of patients. for the PC of a patient 1 is personal data of a patientпер; 2 is a threat to the databaseз, therefore 2 = 2( 2 , 2 , 2, ( )), where is personal data іUsing the formula (1), we get the degree of risk 1 = 1 1 1 ( 1); The degree of risk for the database 2 = 2 2 2 ∑ ( ).
Thus, according to formula (2), the degree of risk to the database through the patient's PC is equal to
12 = 1 + 12 2.
Statistical methods or expert evaluations are used to probability determine the value
of assets, the of threat realization, and their frequency. It is also possible to prioritize threats using the CVSS system. It is an open industry standard for assessing computer system security vulnerabilities. This toolkit assesses vulnerability on a ten-point scale (low: 0.1–2.0; medium: 2.1– 5.0; high: 5.1–8.0; critical: 8.1–10). As a result, a ranked list is formed, starting with the highest risk indicator; software methods and tools for assessing and managing information risks.
The direction of further research will be aimed at the step-by-step implementation of this model with the presentation of calculations and methods at each stage.
Ensuring the protection of information in medical systems is offered by various methods (cryptographic, hardware, software). Neglecting information security means denying all the advantages of information and telecommunication medical technologies since citizens' trust in new technologies depends on the degree of information security, their willingness to hand over an extremely important area of their lives to computers, information communication systems and the “hands”
of networks, algorithms.
and
In the future, they compare the risk indicators with the standard adopted in the organization. For those indicators that have exceeded the standard, the methods of risk processing (reduction, prevention, transmission, such as insurance) are used. The current stage is characterized by a sufficient number of international standards on which the information security management process in the world is based, in particular, NIST 800-30, BSI-Standard 100-3, ISO/IEC 27005, and DSTU ISO/IEC 27005: 2019. Different software techniques and tools are also used in practice to evaluate and
manage information risks. The direction of further research will be aimed at the gradual implementation of this model with the presentation of calculations and methods at each stage. The provision of information protection in medical systems is offered by different methods (cryptographic, hardware, software). Neglecting information safety-means to refute all the benefits of information and telecommunication medical technologies, since the degree of information security depends on citizens’ trust in new technologies, their
willingness to transfer an extremely important sphere of their life in the “hands” of computers, communication networks, information systems, and algorithms.