Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
The objective of this research is to investigate the influence of interest in white hat capabilities, income levels, and perceptions of being apprehended on the willingness to violate privacy regulations as measured by the amount of money required to violate medical privacy. The research model was developed by drawing on the economics of crime literature, prospect theory and the emerging Capability, Opportunity, and Motivation Behavior model. This study involved 523 individuals on the cusp of entering the workforce, which places them all as potential insider hackers according to zero trust models of insider behavior. Despite many subjects believing there is a high probability of being caught, they could still be incentivized to violate HIPAA laws. Approximately 306 (or 58%) of the survey participants indicated a price, ranging from zero dollars to over $10 million, that they deemed acceptable for violating HIPAA laws. Income levels, white hat hacking capabilities, monetary incentives to commit a crime, and the perceived probability of being apprehended were statistically significant predictors of the amount of money required to violate HIPAA laws.more » « less
-
The objective of this research is to investigate the influence of interest in white hat capabilities, income levels, and perceptions of being apprehended on the willingness to violate privacy regulations as measured by the amount of money required to violate medical privacy. The research model was developed by drawing on the economics of crime literature, prospect theory and the emerging Capability, Opportunity, and Motivation Behavior model. This study involved 523 individuals on the cusp of entering the workforce, which places them all as potential insider hackers according to zero trust models of insider behavior. Despite many subjects believing there is a high probability of being caught, they could still be incentivized to violate HIPAA laws. Approximately 222 (or 42%) of the survey participants indicated a price, ranging from zero dollars to over $10 million, that they deemed acceptable for violating HIPAA laws. Income levels, white hat hacking capabilities, monetary incentives to commit a crime, and the perceived probability of being apprehended were statistically significant predictors of the amount of money required to violate HIPAA laws.more » « less
-
The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept.more » « less
-
Deception has been proposed in the literature as an effective defense mechanism to address Advanced Persistent Threats (APT). However, administering deception in a cost-effective manner requires a good understanding of the attack landscape. The attacks mounted by APT groups are highly diverse and sophisticated in nature and can render traditional signature based intrusion detection systems useless. This necessitates the development of behavior oriented defense mechanisms. In this paper, we develop Decepticon (Deception-based countermeasure) a Hidden Markov Model based framework where the indicators of compromise (IoC) are used as the observable features to aid in detection. This framework would help in selecting an appropriate deception script when faced with APTs or other similar malware and trigger an appropriate defensive response. The effectiveness of the model and the associated framework is demonstrated by considering ransomware as the offending APT in a networked system.more » « less