Imperial researcher talks about improving security around healthcare data

New European projects are looking at how to protect critical data transfers including healthcare data by detecting and deflecting cyber-attacks.

Professor Erol Gelenbe, from the College’s Department of Electrical and Electronic Engineering, is the Imperial lead on a European project to enhance cyber-security in order to safeguard our healthcare information, as well as on other projects related to the security of the Internet of Things. One of the aims of the initiative is to develop computer programs that can quickly detect potential cyber threats that targets healthcare data, and evade them, using the internet to move data that is being targeted by cyber attackers to more secure locations.

Below, Professor Gelenbe talks to Colin Smith about the new KONFIDO project, which is funded via the European Union’s Horizon 2020 programme. This initiative involves fifteen different partners from industry, academia and healthcare. Professor Gelenbe talks about the emerging benefits of sharing our health information online and the project he is working on to keep such information safe.

In the UK, how much of our health-related data can be accessed via the internet?

Professor Erol Gelenbe

All health data is stored on computers, both in the UK and across Western Europe, by hospitals and other health organisations. All of these computers are connected to the internet. Our world is becoming increasingly interconnected and there are a number of advantages to sharing more of our healthcare information between trusted organisations over the internet. There are a number of safeguards already in place to ensure our health data does not fall into the wrong hands.

What types of data can be accessed online?

The types of data accessible online to the qualified and relevant healthcare professionals include information about past conditions of patients, past and ongoing courses of medication and possible adverse reactions, as well as related data concerning costs and billing. Data on blood tests, genetic testing and mental health are also kept online. Other types include information about biopsies, diagnostic images such as X-ray scans, ultrasounds or Magnetic Resonance Imaging and details on family medical history.

Are people also collecting their own health data?

On a personal level, many more people are using sensors such as Fitbits, which wrap around the wrist – and other body sensors - to collect a lot of personal data about our day-to-day health. The information collected is wirelessly transmitted so that it can be accessed by apps on your phone, and beyond that via the internet by healthcare organisations. Information that can be collected includes heart pulse rate, blood pressure, blood sugar levels, perspiration, and general exercise activities such as how far we’ve walked or run each day and how that directly relates to calorie loss. The advantage of monitoring our own health is that it can help to make us healthier, potentially helping us to avoid but also to manage and cure illnesses. Beyond that it helps to evaluate and manage our individual and collective healthcare and reduce the cost of disease.

Are security breaches in healthcare commonplace?

A report that came out in the USA late last year found that the US healthcare industry suffered an estimated of $6.2 Billion in data breaches per year. The report also stated that around 90 percent of healthcare organisations have experienced a breach in the past two years, with each one costing an average $2.2 million per hack. Another study found that healthcare organisations are twice as likely to suffer data breaches compared to other industries.

If this is the case then why would we want to make healthcare data even more accessible online?

Improving how we share healthcare information between trusted sources online could have a range of benefits. For example, on a personal level, collecting healthcare information from devices such as our phones or Fitbits and sharing it with your GP over the internet could make our treatments more personalised, rapid and therefore more effective. Online access of health data is also important for people who travel for work or holidays, and who may unexpectedly need medical treatment.

There are many advantages to sharing health information on an organisational and national level. For example, sharing information could help governments to detect the very early stages of epidemics before they spread. As a consequence organisations could order drugs at lower costs, before they skyrocket during an epidemic, or design drugs that are tailored to specific emergent medical conditions, associated with the spread of an epidemic. This could enable countries to be more responsive, planning contingencies for specific age groups that may be most at risk.

So how will your project be able to safeguard our healthcare data so this vision can become a reality?

Part of the project will be developing the legal and technical framework under which health data security and protection operates between different European countries.

We will also be developing new types of computer programs, based on a form of artificial intelligence called machine learning, to detect possible attacks via the internet. As the attack begins, our program will deflect the attack in real-time by blocking the attack and moving the data that the hacker is intending to compromise or steal to a more secure location via the internet. 

Hackers are smart and resilient and they are always looking for ways to get the upper hand, so we will also be developing simulation and modelling tools so that we can replay these types of attacks so that further countermeasures can be developed and deployed in the future.

You’ve also been working with the European Union on another project. Can you tell us about that?

Since last October I have been working closely with the High Level Group, a special committee composed of Nobel and Fields Medal Laureates, which advises the EU Commissioners on future programmes and measures regarding cyber-security and privacy in particular. This work is carried out in the context of the advisory role to the EU played by the European Association of Science Academies and of Engineering Academies. I am one of four advisors selected by the relevant National Academies, and we have been tasked with finalising a shortlist of recommendations on cyber security and privacy. These recommendations will shape future research programmes as well as cybersecurity policy across the European Union. I am also working on another new project, which will focus cyber-security around the Internet of Things, which is where devices will be able to share data between one another to carry out tasks.