HoneyDetails: A prototype for ensuring patient’s information privacy and thwarting electronic health record threats based on decoys

• Published in: Health informatics journal Vol. 26; no. 3; pp. 2083 - 2104
• Main Authors: Esther Omolara, Abiodun, Jantan, Aman, Abiodun, Oludare Isaac, Arshad, Humaira, Dada, Kemi Victoria, Emmanuel, Etuh
• Format: Journal Article
• Language: English
• Published: London, England SAGE Publications 01.09.2020; SAGE PUBLICATIONS, INC
• Subjects: Cybercrime; Electronic health records; Patients; Personal information; Privacy; deception; encryption; decoys; patient; attacker; privacy and security; adversary; electronic health record
• ISSN: 1460-4582; 1741-2811
• DOI: 10.1177/1460458219894479

Advancements in electronic health record system allow patients to store and selectively share their medical records as needed with doctors. However, privacy concerns represent one of the major threats facing the electronic health record system. For instance, a cybercriminal may use a brute-force attack to authenticate into a patient’s account to steal the patient’s personal, medical or genetic details. This threat is amplified given that an individual’s genetic content is connected to their family, thus leading to security risks for their family members as well. Several cases of patient’s data theft have been reported where cybercriminals authenticated into the patient’s account, stole the patient’s medical data and assumed the identity of the patients. In some cases, the stolen data were used to access the patient’s accounts on other platforms and in other cases, to make fraudulent health insurance claims. Several measures have been suggested to address the security issues in electronic health record systems. Nevertheless, we emphasize that current measures proffer security in the short-term. This work studies the feasibility of using a decoy-based system named HoneyDetails in the security of the electronic health record system. HoneyDetails will serve fictitious medical data to the adversary during his hacking attempt to steal the patient’s data. However, the adversary will remain oblivious to the deceit due to the realistic structure of the data. Our findings indicate that the proposed system may serve as a potential measure for safeguarding against patient’s information theft.