Your browser doesn't support javascript.
loading
Mostrar: 20 | 50 | 100
Resultados 1 - 20 de 93
Filtrar
1.
Stud Health Technol Inform ; 317: 85-93, 2024 Aug 30.
Artículo en Inglés | MEDLINE | ID: mdl-39234710

RESUMEN

INTRODUCTION: With the establishment of the Data Sharing Framework (DSF) as a distributed business process engine in German research networks, it is becoming increasingly important to coordinate authentication, authorization, and role information between peer-to-peer network components. This information is provided in the form of an allowlist. This paper presents a concept and implementation of an Allowlist Management Application. STATE OF THE ART: In research networks using the DSF, allowlists were initially generated manually. CONCEPT: The Allowlist Management Application provides comprehensive tool support for the participating organizations and the administrators of the Allowlist Management Application. It automates the process of creating and distributing allowlists and additionally reduces errors associated with manual entries. In addition, security is improved through extensive validation of entries and enforcing review of requested changes by implementing a four-eyes principle. IMPLEMENTATION: Our implementation serves as a preliminary development for the complete automation of onboarding and allowlist management processes using established frontend and backend frameworks. The application has been deployed in the Medical Informatics Initiative and the Network University Medicine with over 40 participating organizations. LESSONS LEARNED: We learned the need for user guidance, unstructured communication in a structured tool, generalizability, and checks to ensure that the tool's outputs have actually been applied.


Asunto(s)
Difusión de la Información , Alemania , Seguridad Computacional , Humanos
2.
PeerJ Comput Sci ; 10: e2183, 2024.
Artículo en Inglés | MEDLINE | ID: mdl-39145216

RESUMEN

In the rapidly evolving landscape of modern technology, the convergence of blockchain innovation and machine learning advancements presents unparalleled opportunities to enhance computer forensics. This study introduces SentinelFusion, an ensemble-based machine learning framework designed to bolster secrecy, privacy, and data integrity within blockchain systems. By integrating cutting-edge blockchain security properties with the predictive capabilities of machine learning, SentinelFusion aims to improve the detection and prevention of security breaches and data tampering. Utilizing a comprehensive blockchain-based dataset of various criminal activities, the framework leverages multiple machine learning models, including support vector machines, K-nearest neighbors, naive Bayes, logistic regression, and decision trees, alongside the novel SentinelFusion ensemble model. Extensive evaluation metrics such as accuracy, precision, recall, and F1 score are used to assess model performance. The results demonstrate that SentinelFusion outperforms individual models, achieving an accuracy, precision, recall, and F1 score of 0.99. This study's findings underscore the potential of combining blockchain technology and machine learning to advance computer forensics, providing valuable insights for practitioners and researchers in the field.

3.
J Med Case Rep ; 18(1): 360, 2024 Aug 03.
Artículo en Inglés | MEDLINE | ID: mdl-39095817

RESUMEN

BACKGROUND: Our case report provides the first clinical evaluation of autopsy practices for a patient death that occurs on the cloud. We question how autopsy practices may require adaptation for a death that presents via the 'Internet of Things', examining how existing guidelines capture data related to death which is no longer confined to the patient's body. CASE PRESENTATION: The patient was a British man in his 50s, who came to the attention of the medical team via an alert on the cloud-based platform that monitored his implanted cardioverter defibrillator (ICD). The patient had a background of congenital heart disease, with previous ventricular fibrillation cardiac arrest, for which the ICD had been implanted two years earlier. Retrospective analysis of the cloud data demonstrated a gradually decreasing nocturnal heart rate over the previous three months, falling to a final transmission of 24 beats per minute (bpm). In the patient post-mortem the ICD was treated as medical waste, structural tissue changes precluded the effective evaluation of device hardware, potential issues related to device software were not investigated and the cause of death was assigned to underlying heart failure. The documentation from the attending law enforcement officials did not consider possible digital causes of harm and relevant technology was not collected from the scene of death. CONCLUSION: Through this patient case we explore novel challenges associated with digital deaths including; (1) device hardware issues (difficult extraction processes, impact of pathological tissue changes), (2) software and data limitations (impact of negative body temperatures and mortuary radio-imaging on devices, lack of retrospective cloud data analysis), (3) guideline limitations (missing digital components in autopsy instruction and death certification), and (4) changes to clinical management (emotional impact of communicating deaths occurring over the internet to members of family). We consider the implications of our findings for public health services, the security and intelligence community, and patients and their families. In sharing this report we seek to raise awareness of digital medical cases, to draw attention to how the nature of dying is changing through technology, and to motivate the development of digitally appropriate clinical practice.


Asunto(s)
Autopsia , Desfibriladores Implantables , Humanos , Masculino , Persona de Mediana Edad , Nube Computacional
4.
JMIR Cancer ; 10: e52985, 2024 Jul 29.
Artículo en Inglés | MEDLINE | ID: mdl-39073852

RESUMEN

A digital diary in the form of a mobile messenger service offers a novel method for data collection in cancer research. Little is known about the things to consider when using this data collection method in clinical research for patients with cancer. In this Viewpoint paper, we discuss the lessons we learned from using a qualitative digital diary method via a mobile messenger service for data collection in oncology care. The lessons learned focus on three main topics: (1) data quality, (2) practical aspects, and (3) data protection. We hope to provide useful information to other researchers who consider this method for their research with patients. First, in this paper, we argue that the interactive nature of a digital diary via a messenger service is very well suited for the phenomenological approach and produces high-quality data. Second, we discuss practical issues of data collection with a mobile messenger service, including participant and researcher interaction. Third, we highlight corresponding aspects around technicalities, particularly those regarding data security. Our views on data privacy and information security are summarized in a comprehensive checklist to inform fellow researchers on the selection of a suitable messenger service for different scenarios. In our opinion, a digital diary via a mobile messenger service can provide high-quality data almost in real time and from participants' daily lives. However, some considerations must be made to ensure that patient data are sufficiently protected. The lessons we learned can guide future qualitative research using this relatively novel method for data collection in cancer research.

5.
iScience ; 27(6): 109836, 2024 Jun 21.
Artículo en Inglés | MEDLINE | ID: mdl-38770141

RESUMEN

Quantum secret sharing (QSS) represents the fusion of quantum mechanics principles with secret information sharing, allowing a sender to distribute a secret among receivers for collective recovery. This paper introduces the concept of quantum anonymous secret sharing (QASS) to enhance the practicality of such protocols. We propose a QASS protocol leveraging W states, ensuring both recover-security and anonymity of shared secrets. Our protocol undergoes rigorous evaluation verifying their accuracy and fortifying their security against scenarios involving the active adversary. Additionally, acknowledging the imperfections inherent in real-world communication channels, we conduct a comprehensive analysis of protocol security and efficacy in noisy quantum networks. Our investigations reveal that W states exhibit good performance in mitigating noise interference, making them apt for practical applications.

6.
Front Digit Health ; 6: 1321485, 2024.
Artículo en Inglés | MEDLINE | ID: mdl-38433989

RESUMEN

Importance: Healthcare organizations operate in a data-rich environment and depend on digital computerized systems; thus, they may be exposed to cyber threats. Indeed, one of the most vulnerable sectors to hacks and malware is healthcare. However, the impact of cyberattacks on healthcare organizations remains under-investigated. Objective: This study aims to describe a major attack on an entire medical center that resulted in a complete shutdown of all computer systems and to identify the critical actions required to resume regular operations. Setting: This study was conducted on a public, general, and acute care referral university teaching hospital. Methods: We report the different recovery measures on various hospital clinical activities and their impact on clinical work. Results: The system malfunction of hospital computers did not reduce the number of heart catheterizations, births, or outpatient clinic visits. However, a sharp drop in surgical activities, emergency room visits, and total hospital occupancy was observed immediately and during the first postattack week. A gradual increase in all clinical activities was detected starting in the second week after the attack, with a significant increase of 30% associated with the restoration of the electronic medical records (EMR) and laboratory module and a 50% increase associated with the return of the imaging module archiving. One limitation of the present study is that, due to its retrospective design, there were no data regarding the number of elective internal care hospitalizations that were considered crucial. Conclusions and relevance: The risk of ransomware cyberattacks is growing. Healthcare systems at all levels of the hospital should be aware of this threat and implement protocols should this catastrophic event occur. Careful evaluation of steady computer system recovery weekly enables vital hospital function, even under a major cyberattack. The restoration of EMR, laboratory systems, and imaging archiving modules was found to be the most significant factor that allowed the return to normal clinical hospital work.

7.
Sensors (Basel) ; 24(3)2024 Jan 27.
Artículo en Inglés | MEDLINE | ID: mdl-38339557

RESUMEN

Despite recent remarkable advances in binary code analysis, malware developers still use complex anti-reversing techniques that make analysis difficult. Packers are used to protect malware, which are (commercial) tools that contain diverse anti-reversing techniques, including code encryption, anti-debugging, and code virtualization. In this study, we present UnSafengine64: a Safengine unpacker for 64-bit Windows. UnSafengine64 can correctly unpack packed executables using Safengine, which is considered one of the most complex commercial packers in Windows environments; to the best of our knowledge, there have been no published analysis results. UnSafengine64 was developed as a plug-in for Pin, which is one of the most widely used dynamic analysis tools for Microsoft Windows. In addition, we utilized Detect It Easy (DIE), IDA Pro, x64Dbg, and x64Unpack as auxiliary tools for deep analysis. Using UnSafengine64, we can analyze obfuscated calls for major application programming interface (API) functions or conduct fine-grained analyses at the instruction level. Furthermore, UnSafengine64 detects anti-debugging code chunks, captures a memory dump of the target process, and unpacks packed files. To verify the effectiveness of our scheme, experiments were conducted using Safengine 2.4.0. The experimental results show that UnSafengine64 correctly executes packed executable files and successfully produces an unpacked version. Based on this, we provided detailed analysis results for the obfuscated executable file generated using Safengine 2.4.0.

8.
Arch Acad Emerg Med ; 12(1): e6, 2024.
Artículo en Inglés | MEDLINE | ID: mdl-38162386

RESUMEN

Introduction: Within the field of data sharing, discussions surrounding privacy concerns and big data management are extensive. This study aimed to provide a comprehensive framework for health data sharing with the objective of creating value. Methods: This study is a qualitative content analysis, which was conducted using a combination of written sources through a systematic review method, in conjunction with content derived from interviews with experts in information technology and healthcare within hospital and emergency settings. Grounded theory serves as the qualitative methodology, involving three coding phases: open, axial, and selective, facilitated by MAXQDA software. Results: Qualitative content analysis of the interviews revealed seven main (core) categories and 44 subcategories as driving factors in promoting healthcare data sharing. Simultaneously, inhibiting factors resulted in six main categories and 36 subcategories. The driving factors encompassed technology, education, patient management improvement, data utilization for various purposes, data-related considerations, legal and regulatory aspects, and health-related factors. Conversely, inhibiting factors encompassed security and privacy concerns, legal issues, external organizational influences, monitoring and control activities, financial considerations, and inter-organizational challenges. Conclusion: This study has identified key driving and inhibiting factors that influence the sharing of healthcare data. These factors contribute to a more comprehensive understanding of the dynamics surrounding data sharing within the healthcare information system.

9.
Rev. méd. hered ; 35(1): 38-43, Jan.-Mar. 2024. graf
Artículo en Español | LILACS-Express | LILACS | ID: biblio-1560278

RESUMEN

RESUMEN Recientes investigaciones destacan la importancia de la ciberseguridad en la creciente era digital. El 83% de las organizaciones han experimentado brechas de seguridad en el 2022, costándoles en promedio 4,35 millones de dólares americanos por incidente. En Perú, la ciberseguridad está regulada por diversas normas, estableciendo medidas de protección de datos y la seguridad informática. Objetivo Describir la situación de la ciberseguridad en los servicios de apoyo al médico ocupacional (SAMO). Material y métodos Se incluyeron 11 SAMO. Se elaboró un cuestionario no validado para recolectar la información consentida sobre la gestión de la ciberseguridad de los SAMO que brindaban servicio a un importante proyecto de construcción en Lima Metropolitana. Resultados La mayoría de los establecimientos de salud (más del 80%) tuvo planes de respuesta a incidentes de seguridad cibernética para garantizar una respuesta rápida ante un ataque cibernético; realizaban copias de seguridad de los datos críticos con regularidad y los almacenaban en un lugar diferente a establecimiento; y actualizaban regularmente los sistemas operativos y programas de softwares buscando asegurar que se utilizan versiones seguras. Conclusión Existe una gestión de la seguridad informática predominantemente reactiva. El reporte discute la importancia de la ciberseguridad, resaltando la exposición de la información médica y los servicios a riesgos cibernéticos y planteamos retos futuros para la ciberseguridad, subrayando la importancia de la preparación ante amenazas futuras en un entorno en constante transformación digital.


SUMMARY Recent investigations emphasize the importance of cybersecurity in the growing digital era; 83% of organizations experienced breaks in cyber security in 2022, spending a mean of 4,35 million dollars per incident. Cybersecurity in Peru is regulated by legal norms aimed at protecting data and providing informatic security. Objective To describe cybersecurity in the support services to occupational physicians (SSOP) in the city of Lima. Methods A non-validated survey was created and distributed to 11 SSOPs in Lima that provide a service to an important building project in Lima. Results More than 80% of health care establishments had a response plan against cybernetic attacks; security copies of the data were done regularly storing them in a different place than the establishment and regularly updated security software's. Conclusion The cybersecurity program is reactive. We discuss the importance of cybersecurity and analyze future challenges as well as emphasize the importance of preemptive preparedness in an environment of constant digital transformation.

10.
Data Brief ; 52: 109959, 2024 Feb.
Artículo en Inglés | MEDLINE | ID: mdl-38152492

RESUMEN

Phishing constitutes a form of social engineering that aims to deceive individuals through email communication. Extensive prior research has underscored phishing as one of the most commonly employed attack vectors for infiltrating organizational networks. A prevalent method involves misleading the target by employing phishing URLs concealed through hyperlink strategies. PhishTank, a website employing the concept of crowd-sourcing, aggregates phishing URLs and subsequently verifies their authenticity. In the course of this study, we leveraged a Python script to extract data from the PhishTank website, amassing a comprehensive dataset comprising over 190,0000 phishing URLs. This dataset is a valuable resource that can be harnessed by both researchers and practitioners for enhancing phish- ing filters, fortifying firewalls, security education, and refining training and testing models, among other applications.

11.
JMIR Hum Factors ; 10: e48220, 2023 10 04.
Artículo en Inglés | MEDLINE | ID: mdl-37792450

RESUMEN

BACKGROUND: Previous studies have identified that the effective management of cyber security in large health care environments is likely to be significantly impacted by human and social factors, as well as by technical controls. However, there have been limited attempts to confirm this by using measured and integrated studies to identify specific user motivations and behaviors that can be managed to achieve improved outcomes. OBJECTIVE: This study aims to document and analyze survey and interview data from a diverse range of health care staff members, to determine the primary motivations and behaviors that influence their acceptance and application of cyber security messaging and controls. By identifying these issues, recommendations can be made to positively influence future cyber security governance in health care. METHODS: An explanatory sequential mixed methods approach was undertaken to analyze quantitative data from a web-based staff survey (N=103), with a concurrent qualitative investigation applied to data gathered via in-depth staff interviews (N=9). Data from both stages of this methodology were mapped to descriptive variables based on a modified version of the Technology Acceptance Model (TAM; TAM2). After normalization, the quantitative data were verified and analyzed using descriptive statistics, distribution and linearity measures, and a bivariate correlation of the TAM variables to identify the Pearson coefficient (r) and significance (P) values. Finally, after confirming Cronbach α, the determinant score for multicollinearity, and the Kaiser-Meyer-Olkin measure, and applying the Bartlett test of sphericity (χ2), an exploratory factor analysis (EFA) was conducted to identify the primary factors with an eigenvalue (λ) >1.0. Comments captured during the qualitative interviews were coded using NVivo software (QSR International) to create an emic-to-etic understanding, which was subsequently integrated with the quantitative results to produce verified conclusions. RESULTS: Using the explanatory sequential methodology, this study showed that the perceived usefulness of security controls emerged as the most significant factor influencing staff beliefs and behaviors. This variable represented 24% of all the variances measured in the EFA and was also the most common category identified across all coded interviews (281/692, 40.6%). The word frequency analysis showed that systems, patients, and people represented the top 3 recurring themes reported by the interviewees. CONCLUSIONS: To improve cyber security governance in large health care environments, efforts should be focused on demonstrating how confidentiality, integrity, availability, policies, and cloud or vendor-based controls (the main contributors of usefulness measured by the EFA) can directly improve outcomes for systems, staff, and patients. Further consideration also needs to be given to how clinicians should share data and collaborate on patient care, with tools and processes provided to support and manage data sharing securely and to achieve a consistent baseline of secure and normalized behaviors.


Asunto(s)
Seguridad Computacional , Intención , Humanos , Australia , Actitud del Personal de Salud , Confidencialidad
13.
Rev. crim ; 65(3): 81-95, 20230910. ilus, tab
Artículo en Español | LILACS | ID: biblio-1538050

RESUMEN

El presente artículo aporta un acercamiento al ciberdelincuente identificando las características comunes en la personalidad de quienes delinquen en este escenario. Para llevar a cabo la investigación, se tomó una muestra de diecinueve expertos que forman parte de la Dirección de Investigación Criminal e INTERPOL, abordados por entrevista en profundidad. Los datos obtenidos fueron tratados desde un diseño hermenéutico con énfasis en la teoría fundamentada, por medio de tres fases elaboradas en análisis matricial de codificación abierta, selectiva y teórica; a partir de las cuales se establecen algunas de las tácticas del ciberdelincuente desplegadas en el ciberespacio a través de tecnologías de la información y las comunicaciones; su descripción desde el modelo big five y se identifican algunas de sus características como la falta de empatía, escrúpulos, incapacidad para el control de emociones, confianza y capacidad de innovar sus modus operandi(Sánchez y Robles, 2013). Finalmente, desde las teorías del control social se han estudiado el ciberdelito y los actos del ciberdelincuente de una manera formal que vela por encontrar estrategias de control del Estado, según González (2010), o informal, que busca los motivos que conducen a cometer delitos, como lo afirma López (2015), a partir de lo cual, al final, se presentan algunas recomendaciones.


This article provides an approach to cybercriminals by identifying the common characteristics in the personality of those who commit crimes in this scenario. In order to carry out the research, a sample of nineteen experts from the Criminal Investigation Directorate and INTERPOL were interviewed in depth. The data obtained were treated based on a hermeneutic design with emphasis on grounded theory, by means of three phases elaborated in matrix analysis of open, selective and theoretical coding; from which some of the tactics of cybercriminals deployed in cyberspace through information and communication technologies are established; their description based on the big five model and the identification of several of their characteristics such as lack of empathy, scruples, the inability to control emotions, confidence and the ability to innovate their modus operandi (Sánchez y Robles, 2013). Finally, theories of social control have studied cybercrime and the acts of cybercriminals in a formal way that seeks to find strategies to control the State, according to González (2010), or informally, seeking the motives that lead to committing crimes, as stated by López (2015), on the basis of which, at the end, some recommendations are presented.


Este artigo traz uma abordagem sobre os cibercriminosos, identificando as características comuns na personalidade de quem comete crimes nesse cenário. Para a realização da investigação foi recolhida uma amostra de dezanove peritos que integram a Direcção de Investigação Criminal e a INTERPOL, abordados através de entrevista em profundidade. Os dados obtidos foram tratados a partir de um desenho hermenêutico com ênfase na teoria fundamentada, por meio de três fases desenvolvidas em análise matricial de codificação aberta, seletiva e teórica; a partir da qual se estabelecem algumas das táticas cibercriminosas implantadas no ciberespaço através das tecnologias de informação e comunicação; A sua descrição baseia-se no modelo dos big five e são identificadas algumas das suas características, como a falta de empatia, escrúpulos, incapacidade de controlar emoções, confiança e capacidade de inovar o seu modus operandi (Sánchez y Robles, 2013). Por fim, a partir das teorias de controle social, o cibercrime e os atos dos cibercriminosos têm sido estudados de forma formal, que busca encontrar estratégias de controle do Estado, segundo González (2010), ou informalmente, que busca os motivos que levam ao cometimento dos crimes. , conforme afirma López (2015), a partir do qual, ao final, são apresentadas algumas recomendações.


Asunto(s)
Humanos , Internet , Estado , Conducta Criminal
14.
Sensors (Basel) ; 23(14)2023 Jul 11.
Artículo en Inglés | MEDLINE | ID: mdl-37514582

RESUMEN

Deep learning models have been used in creating various effective image classification applications. However, they are vulnerable to adversarial attacks that seek to misguide the models into predicting incorrect classes. Our study of major adversarial attack models shows that they all specifically target and exploit the neural networking structures in their designs. This understanding led us to develop a hypothesis that most classical machine learning models, such as random forest (RF), are immune to adversarial attack models because they do not rely on neural network design at all. Our experimental study of classical machine learning models against popular adversarial attacks supports this hypothesis. Based on this hypothesis, we propose a new adversarial-aware deep learning system by using a classical machine learning model as the secondary verification system to complement the primary deep learning model in image classification. Although the secondary classical machine learning model has less accurate output, it is only used for verification purposes, which does not impact the output accuracy of the primary deep learning model, and, at the same time, can effectively detect an adversarial attack when a clear mismatch occurs. Our experiments based on the CIFAR-100 dataset show that our proposed approach outperforms current state-of-the-art adversarial defense systems.

15.
Disaster Med Public Health Prep ; 17: e419, 2023 06 26.
Artículo en Inglés | MEDLINE | ID: mdl-37357951

RESUMEN

OBJECTIVE: The primary objective was to analyze the impact of the national cyberattack in May 2021 on patient flow and data quality in the Paediatric Emergency Department (ED), amid the SARS-CoV-2 (COVID-19) pandemic. METHODS: A single site retrospective time series analysis was conducted of three 6-week periods: before, during, and after the cyberattack outage. Initial emergent workflows are described. Analysis includes diagnoses, demographic context, key performance indicators, and the gradual return of information technology capability on ED performance. Data quality was compared using 10 data quality dimensions. RESULTS: Patient visits totaled 13 390. During the system outage, patient experience times decreased significantly, from a median of 188 minutes (pre-cyberattack) down to 166 minutes, most notable for the period from registration to triage, and from clinician review to discharge (excluding admitted patients). Following system restoration, most timings increased. Data quality was significantly impacted, with data imperfections noted in 19.7% of data recorded during the system outage compared to 4.7% before and 5.1% after. CONCLUSIONS: There was a reduction in patient experience time, but data quality suffered greatly. A hospital's major emergency plan should include provisions for digital disasters that address essential data requirements and quality as well as maintaining patient flow.


Asunto(s)
COVID-19 , Seguridad Computacional , Desastres , Medicina de Urgencia Pediátrica , Niño , Humanos , COVID-19/epidemiología , Servicio de Urgencia en Hospital , Pandemias , Estudios Retrospectivos , SARS-CoV-2 , Irlanda
16.
Sensors (Basel) ; 23(8)2023 Apr 18.
Artículo en Inglés | MEDLINE | ID: mdl-37112415

RESUMEN

An exponential number of devices connect to Internet of Things (IoT) networks every year, increasing the available targets for attackers. Protecting such networks and devices against cyberattacks is still a major concern. A proposed solution to increase trust in IoT devices and networks is remote attestation. Remote attestation establishes two categories of devices, verifiers and provers. Provers must send an attestation to verifiers when requested or at regular intervals to maintain trust by proving their integrity. Remote attestation solutions exist within three categories: software, hardware and hybrid attestation. However, these solutions usually have limited use-cases. For instance, hardware mechanisms should be used but cannot be used alone, and software protocols are usually efficient in particular contexts, such as small networks or mobile networks. More recently, frameworks such as CRAFT have been proposed. Such frameworks enable the use of any attestation protocol within any network. However, as these frameworks are still recent, there is still considerable room for improvement. In this paper, we improve CRAFT's flexibility and security by proposing ASMP (adaptative simultaneous multi-protocol) features. These features fully enable the use of multiple remote attestation protocols for any devices. They also enable devices to seamlessly switch protocols at any time depending on factors such as the environment, context, and neighboring devices. A comprehensive evaluation of these features in a real-world scenario and use-cases demonstrates that they improve CRAFT's flexibility and security with minimal impact on performance.

17.
JMIR Mhealth Uhealth ; 11: e39055, 2023 03 02.
Artículo en Inglés | MEDLINE | ID: mdl-36862494

RESUMEN

BACKGROUND: Despite the importance of the privacy and confidentiality of patients' information, mobile health (mHealth) apps can raise the risk of violating users' privacy and confidentiality. Research has shown that many apps provide an insecure infrastructure and that security is not a priority for developers. OBJECTIVE: This study aims to develop and validate a comprehensive tool to be considered by developers for assessing the security and privacy of mHealth apps. METHODS: A literature search was performed to identify papers on app development, and those papers reporting criteria for the security and privacy of mHealth were assessed. The criteria were extracted using content analysis and presented to experts. An expert panel was held for determining the categories and subcategories of the criteria according to meaning, repetition, and overlap; impact scores were also measured. Quantitative and qualitative methods were used for validating the criteria. The validity and reliability of the instrument were calculated to present an assessment instrument. RESULTS: The search strategy identified 8190 papers, of which 33 (0.4%) were deemed eligible. A total of 218 criteria were extracted based on the literature search; of these, 119 (54.6%) criteria were removed as duplicates and 10 (4.6%) were deemed irrelevant to the security or privacy of mHealth apps. The remaining 89 (40.8%) criteria were presented to the expert panel. After calculating impact scores, the content validity ratio (CVR), and the content validity index (CVI), 63 (70.8%) criteria were confirmed. The mean CVR and CVI of the instrument were 0.72 and 0.86, respectively. The criteria were grouped into 8 categories: authentication and authorization, access management, security, data storage, integrity, encryption and decryption, privacy, and privacy policy content. CONCLUSIONS: The proposed comprehensive criteria can be used as a guide for app designers, developers, and even researchers. The criteria and the countermeasures presented in this study can be considered to improve the privacy and security of mHealth apps before releasing the apps into the market. Regulators are recommended to consider an established standard using such criteria for the accreditation process, since the available self-certification of developers is not reliable enough.


Asunto(s)
Aplicaciones Móviles , Telemedicina , Humanos , Privacidad , Reproducibilidad de los Resultados , Investigadores
18.
Health Inf Manag ; : 18333583231158886, 2023 Feb 24.
Artículo en Inglés | MEDLINE | ID: mdl-36840419

RESUMEN

BACKGROUND: The implementation of emerging technologies has resulted in an increase of data breaches in healthcare organisations, especially during the COVID-19 pandemic. Health information and cybersecurity managers need to understand if, and to what extent, breach types and locations are associated with their organisation's business type. OBJECTIVE: To investigate if breach type and breach location are associated with business type, and if so, investigate how these factors affect information systems and protected health information in for-profit versus non-profit organisations. METHOD: The quantitative study was performed using chi-square tests for association and post-hoc comparison of column proportions analysis on an archival data set of reported healthcare data breaches from 2020 to 2022. Data from the Department of Health and Human Services website was retrieved and each organisation classified as for-profit or non-profit. RESULTS: For-profit organisations experienced a significantly higher number of breaches due to theft, and non-profit organisations experienced a significantly higher number of breaches due to unauthorised access. Furthermore, the number of breaches that occurred on laptops and paper/films was significantly higher in for-profit organisations. CONCLUSION: While the threat level of hacking techniques is the same in for-profit and non-profit organisations, certain breach types are more likely to occur within specific breach locations based on the organisation's business type. To protect the privacy and security of medical information, health information and cybersecurity managers need to align with industry-leading frameworks and controls to prevent specific breach types that occur in specific locations within their environments.

19.
Rev. bras. enferm ; 76(supl.3): e20230126, 2023. graf
Artículo en Inglés | LILACS-Express | LILACS, BDENF - Enfermería | ID: biblio-1529812

RESUMEN

ABSTRACT Objectives: to reflect on the impacts of the General Personal Data Protection Law on Nursing practice. Methods: reflection article, through the intentional collection of materials relating to the topic. Results: legislation regulates confidentiality, processing and data sharing, requiring institutional protection measures. The nursing team is responsible for acting preventively, both in care and in the management role, in order to avoid the misuse of the patient's personal data. The law allows academic research to be carried out as long as the purpose is clear, data collection occurs with an explicit purpose and data is anonymized. Final Considerations: although the General Personal Data Protection Law requires greater care in relation to data processing, it is established on precepts of good faith and respect for the rights of the individual, concepts aligned with the nursing code of ethics.


RESUMEN Objetivos: reflexionar sobre los impactos de la Ley General de Protección de Datos Personales en la práctica de enfermería. Métodos: se trata de un artículo reflexivo llevado a cabo mediante una recolección intencional de materiales referentes al tema. Resultados: la legislación regula la confidencialidad, el tratamiento y la puesta en común de los datos, exigiendo medidas institucionales de protección. Corresponde al equipo de enfermería actuar de forma preventiva, tanto en la atención como en la gestión, para evitar el uso indebido de los datos personales de los pacientes. La ley permite la investigación académica siempre que el propósito sea claro, los datos se recojan con un fin explícito y se anonimicen. Consideraciones Finales: aunque la Ley General de Protección de Datos de Carácter Personal exige un cuidado mayor con relación al tratamiento de los datos, se basa en preceptos de buena fe y respeto de los derechos del individuo, conceptos que están en consonancia con el código deontológico de la enfermería.


RESUMO Objetivos: refletir sobre os impactos da Lei Geral de Proteção de Dados Pessoais na prática da enfermagem. Métodos: artigo de reflexão, por meio da coleta intencional de materiais referentes ao tema. Resultados: a legislação regulamenta o sigilo, o tratamento e o compartilhamento dos dados, exigindo medidas de proteção institucionais. À equipe de enfermagem cabe agir preventivamente, tanto na assistência quanto no papel gerencial, a fim de evitar o mau uso dos dados pessoais do paciente. A lei permite a realização de pesquisas acadêmicas desde que a finalidade esteja clara, que a coleta de dados ocorra com um propósito explícito e que seja realizada a anonimização dos dados. Considerações Finais: apesar da Lei Geral de Proteção de Dados Pessoais exigir maiores cuidados em relação ao tratamento dos dados, ela é estabelecida em preceitos de boa-fé e em respeito aos direitos do indivíduo, conceitos alinhados ao código de ética da enfermagem.

20.
J Spec Oper Med ; 22(4): 78-82, 2022 Dec 16.
Artículo en Inglés | MEDLINE | ID: mdl-36525017

RESUMEN

The role of US Special Operations Forces (SOF) globally has expanded greatly in the past 20 years, leaving SOF serving multiple deployments with little time or ability to recover in between. Currently, assessments of the health and human performance capabilities of these individuals are episodic, precluding an accurate assessment of physical and mental load over time, and leading to high rates of acute and chronic injury to the mind and body. The collection of personal health-related continuous datasets has recently been made feasible with the advancement of digital technologies. These comprehensive data allow for improved assessment, and consequently better results, partly due to the warfighters' real-time access to their data. Such information allows Soldiers to engage in their own health optimization. This article describes a research platform that allows for collection of data via a custom-made secure mobile application that extends the type, scope, and frequency of data collection beyond what is feasible during an in-person encounter. By digitizing existing assessments and by incorporating additional physical, neurocognitive, psychological, and lifestyle assessments, the platform provides individuals with the ability to better understand their mental and physical load, as well as reserve. The results of this interactive exchange may help to preserve the health of users as well as the stability and readiness of units.


Asunto(s)
Personal Militar , Proyectos de Investigación , Humanos , Personal Militar/psicología
SELECCIÓN DE REFERENCIAS
DETALLE DE LA BÚSQUEDA