AI4HealthSec: ensuring privacy in healthcare ICT infrastructure

AI and privacy in healthcare ICT infrastructure

The significant advancements in ICT have paved the way to its utilization in improving healthcare for individuals and communities all over the world. ICT has revolutionized healthcare systems in many advanced and developing countries in multiple aspects such as digitization and dissemination of medical data for accurate diagnosis and treatments, providing medical assistance in remote areas where the medical facilities are few and far between, unassisted monitoring of a patient’s vitals and real-time transmission of the data to medical experts, anonymous consultation with doctors to avoid revealing private information, applying data analytics tools on medical data for discovering better treatments of diseases. In particular, the recent developments in Artificial Intelligence (AI) and machine learning have been instrumental in transforming healthcare systems.

AI contributes to healthcare systems in many ways such as reducing visits to doctors, understanding the trends of newly discovered diseases, predicting diseases with unprecedented accuracy, discovering the hidden patterns and correlation in medical data for designing support systems in clinical field, and early prediction of menacing diseases.

Challenges for privacy in healthcare ICT infrastructure

The heterogeneity, versatility and the increasing inter-connectivity of IoT devices in ICT healthcare system produces huge amount of sensitive personal data including biometric information and patients’ medical histories. This data and the underlying technological infrastructure where it is being processed and stored is prone to a number of malicious cyber-attacks. The interconnected nature of electronic health records means hackers have access to the data that has collected under patients’ names for years. These records may contain information about patients’ social security number, home address, phone number, emergency contacts, email address, health insurance information, medical history and possibly driver’s license numbers, and credit card payment information. Sharing these highly sensitive pieces of information is integral to providing the best possible treatment to patients. At the same time, it also makes medical networks extremely valuable targets.

Hackers can misuse the patients’ medical information in a number of ways. These usually revolve around gaining illegal monetary benefits, identity theft, social engineering. The sensitive patient data is usually sold to other parties via dark web, used for personal purpose including extortion and blackmail, setting appointments with insurance companies for large medical claims, launching spear phishing scams and demanding a ransom from the victim to restore access to the data upon payment. These sorts of attacks are not only a threat to patients’ identity and finances. They can also impede hospital operations and place the health and well-being of patients at risk.

The ICT Healthcare System

The AI4HealthSec Project

AI4HealthSec is a multi-disciplinary R&D project funded by the European Union. Carried out by an international consortium of 14 members from 9 countries, the project aims at providing a dynamic and self-organized solution based on artificial swarm intelligence for security and privacy threats in healthcare ICT infrastructures.

Started on October 30th 2020, AI4HealthSec will devise efficient mechanisms for improving the prediction and analytics of existing and emerging attacks in healthcare information infrastructures. At the same time, it will also contribute to the scientific knowledge on contemporary security and privacy issues in digital healthcare systems, opening new research arenas. Additionally, AI4HealthSec will give useful insights to the healthcare operators into the risk and situational awareness, incident handling and risk management.

Other salient objectives of AI4HealthSec include:

  • Ensuring reliable and trusted, incident-related exchange of information among healthcare operators without revealing sensitive corporate details
  • Pro-active risk and threat prevention through efficient prediction with swarm artificial intelligence
  • To provide support to healthcare operators in a variety of healthcare supply chain services
  • To devise distributed data management and reasoning mechanisms
  • To enable the system for validation in real operation environments

Implementing privacy in healthcare ICT infrastructure

It is evident that the protection of special categories of personal data and coping with privacy, data protection and ethical aspects is indispensable in ICT healthcare systems. The dissemination of personal data and medical information in general in an ICT healthcare infrastructure is unavoidable. This means that devising appropriate security and privacy protection mechanisms under the constraints of unobstructed exchange of information among the ICT healthcare parties is not trivial.

Specialist in ethics, privacy, data protection and information security, Privanova assists the AI4HealthSec consortium in devising and implementing efficient privacy preserving mechanisms within ethical compliance framework relevant for massively connected IoT devices which form the building blocks of an ICT healthcare system.

Besides acting as Data Protection Officer for AI4HealthSec, Privanova ensures the management of privacy and data protection risks for the consortium including the necessity to perform Privacy Impact Assessments. For the whole duration of the project, it is Privanova’s role to ensure respect of relevant legal, privacy and data protection requirements by providing continuous monitoring, guidance and support to the consortium.

This covers all phases of the project: from requirements analysis and research to pilots, trials and testing. Privanova facilitates the development of a solution for sharing, computing and extracting value from personal data, in a privacy friendly way. Besides contribution to the risk management component of the project, Privanova will also be responsible for the Ethics Advisory Board and ensures the liaison between its members and consortium partners.