Safeguarding Virtual Healthcare: A Novel Attacker-Centric Model for Data Security and Privacy

TL;DR

This paper introduces the Attacker-Centric Approach (ACA), a new threat model for safeguarding virtual healthcare data by focusing on attacker motivations and tactics, enhancing security and privacy in remote healthcare systems.

Contribution

The study presents ACA, a holistic attacker-focused threat model that improves upon existing frameworks by incorporating continuous adaptation and comprehensive threat classification.

Findings

ACA effectively identifies vulnerabilities in virtual healthcare systems.

The approach enhances proactive threat mitigation and risk assessment.

ACA supports secure adoption of virtual healthcare technologies.

Abstract

The rapid growth of remote healthcare delivery has introduced significant security and privacy risks to protected health information (PHI). Analysis of a comprehensive healthcare security breach dataset covering 2009-2023 reveals their significant prevalence and impact. This study investigates the root causes of such security incidents and introduces the Attacker-Centric Approach (ACA), a novel threat model tailored to protect PHI. ACA addresses limitations in existing threat models and regulatory frameworks by adopting a holistic attacker-focused perspective, examining threats from the viewpoint of cyber adversaries, their motivations, tactics, and potential attack vectors. Leveraging established risk management frameworks, ACA provides a multi-layered approach to threat identification, risk assessment, and proactive mitigation strategies. A comprehensive threat library classifies physical, third-party, external, and internal threats. ACA's iterative nature and feedback mechanisms enable continuous adaptation to emerging threats, ensuring sustained effectiveness. ACA allows healthcare providers to proactively identify and mitigate vulnerabilities, fostering trust and supporting the secure adoption of virtual care technologies.