Search

Your search keyword '"Cunjin Luo"' showing total 105 results
Start Over Author "Cunjin Luo"
105 results on '"Cunjin Luo"'

1. Artificial Intelligence–Based Ethical Hacking for Health Information Systems: Simulation Study

Author

Ying He, Efpraxia Zamani, Iryna Yevseyeva, and Cunjin Luo

Subjects
Computer applications to medicine. Medical informatics, R858-859.7, Public aspects of medicine, RA1-1270
Abstract

BackgroundHealth information systems (HISs) are continuously targeted by hackers, who aim to bring down critical health infrastructure. This study was motivated by recent attacks on health care organizations that have resulted in the compromise of sensitive data held in HISs. Existing research on cybersecurity in the health care domain places an imbalanced focus on protecting medical devices and data. There is a lack of a systematic way to investigate how attackers may breach an HIS and access health care records. ObjectiveThis study aimed to provide new insights into HIS cybersecurity protection. We propose a systematic, novel, and optimized (artificial intelligence–based) ethical hacking method tailored specifically for HISs, and we compared it with the traditional unoptimized ethical hacking method. This allows researchers and practitioners to identify the points and attack pathways of possible penetration attacks on the HIS more efficiently. MethodsIn this study, we propose a novel methodological approach to ethical hacking in HISs. We implemented ethical hacking using both optimized and unoptimized methods in an experimental setting. Specifically, we set up an HIS simulation environment by implementing the open-source electronic medical record (OpenEMR) system and followed the National Institute of Standards and Technology’s ethical hacking framework to launch the attacks. In the experiment, we launched 50 rounds of attacks using both unoptimized and optimized ethical hacking methods. ResultsEthical hacking was successfully conducted using both optimized and unoptimized methods. The results show that the optimized ethical hacking method outperforms the unoptimized method in terms of average time used, the average success rate of exploit, the number of exploits launched, and the number of successful exploits. We were able to identify the successful attack paths and exploits that are related to remote code execution, cross-site request forgery, improper authentication, vulnerability in the Oracle Business Intelligence Publisher, an elevation of privilege vulnerability (in MediaTek), and remote access backdoor (in the web graphical user interface for the Linux Virtual Server). ConclusionsThis research demonstrates systematic ethical hacking against an HIS using optimized and unoptimized methods, together with a set of penetration testing tools to identify exploits and combining them to perform ethical hacking. The findings contribute to the HIS literature, ethical hacking methodology, and mainstream artificial intelligence–based ethical hacking methods because they address some key weaknesses of these research fields. These findings also have great significance for the health care sector, as OpenEMR is widely adopted by health care organizations. Our findings offer novel insights for the protection of HISs and allow researchers to conduct further research in the HIS cybersecurity domain.

Published
2023
Full Text
View/download PDF

2. Mechanistic insights into spontaneous transition from cellular alternans to ventricular fibrillation

Author

Tingting You, Yulong Xie, Cunjin Luo, Kevin Zhang, and Henggui Zhang

Subjects
arrhythmia, impaired repolarization, optical mapping, patch clamp, spatially discordant alternans, sudden cardiac death, Physiology, QP1-981
Abstract

Abstract T‐wave alternans (TWA) has been used for predicting the risk of malignant cardiac arrhythmias and sudden cardiac death (SCD) in multiple clinical settings; however, possible mechanism(s) underlying the spontaneous transition from cellular alternans reflected by TWA to arrhythmias in impaired repolarization remains unclear. The healthy guinea pig ventricular myocytes under E‐4031 blocking IKr (0.1 μM, N = 12; 0.3 μM, N = 10; 1 μM, N = 10) were evaluated using whole‐cell patch‐clamp. The electrophysiological properties of isolated perfused guinea pig hearts under E‐4031 (0.1 μM, N = 5; 0.3 μM, N = 5; 1 μM, N = 5) were evaluated using dual‐ optical mapping. The amplitude/threshold/restitution curves of action potential duration (APD) alternans and potential mechanism(s) underlying the spontaneous transition of cellular alternans to ventricular fibrillation (VF) were examined. There were longer APD80 and increased amplitude and threshold of APD alternans in E‐4031 group compared with baseline group, which was reflected by more pronounced arrhythmogenesis at the tissue level, and were associated with steep restitution curves of the APD and the conduction velocity (CV). Conduction of AP alternans augmented tissue's functional spatiotemporal heterogeneity of regional AP/Ca alternans, as well as the AP/Ca dispersion, leading to localized uni‐directional conduction block that spontaneous facilitated the formation of reentrant excitation waves without the need for additional premature stimulus. Our results provide a possible mechanism for the spontaneous transition from cardiac electrical alternans in cellular action potentials and intercellular conduction without the involvement of premature excitations, and explain the increased susceptibility to ventricular arrhythmias in impaired repolarization. In this study, we implemented voltage‐clamp and dual‐optical mapping approaches to investigate the underlying mechanism(s) for the arrhythmogenesis of cardiac alternans in the guinea pig heart at cellular and tissue levels. Our results demonstrated a spontaneous development of reentry from cellular alternans, arising from a combined actions of restitution properties of action potential duration, conduction velocity of excitation wave and interplay between alternants of action potential and the intracellular Ca handling. We believe this study provides new insights into underlying the mechanism, by which cellular cardiac alternans spontaneously evolves into cardiac arrhythmias.

Published
2023
Full Text
View/download PDF

3. IP3R1/GRP75/VDAC1 complex mediates endoplasmic reticulum stress-mitochondrial oxidative stress in diabetic atrial remodeling

Author

Ming Yuan, Mengqi Gong, Jinli He, Bingxin Xie, Zhiwei Zhang, Lei Meng, Gary Tse, Yungang Zhao, Qiankun Bao, Yue Zhang, Meng Yuan, Xing Liu, Cunjin Luo, Feng Wang, Guangping Li, and Tong Liu

Subjects
Endoplasmic reticulum stress, IP3R1–GRP75–VDAC1 complex, Mitochondria, Diabetes, Atrial fibrillation, Medicine (General), R5-920, Biology (General), QH301-705.5
Abstract

Rationale: Endoplasmic reticulum (ER) stress and mitochondrial dysfunction are important mechanisms of atrial remodeling, predisposing to the development of atrial fibrillation (AF) in type 2 diabetes mellitus (T2DM). However, the molecular mechanisms underlying these processes especially their interactions have not been fully elucidated. Objective: To explore the potential role of ER stress–mitochondrial oxidative stress in atrial remodeling and AF induction in diabetes. Methods and results: Mouse atrial cardiomyocytes (HL-1 cells) and rats with T2DM were used as study models. Significant ER stress was observed in the diabetic rat atria. After treatment with tunicamycin (TM), an ER stress agonist, mass spectrometry (MS) identified several known ER stress and calmodulin proteins, including heat shock protein family A (HSP70) member [HSPA] 5 [GRP78]) and HSPA9 (GRP75, glucose-regulated protein 75). In situ proximity ligation assay indicated that TM led to increased protein expression of the IP3R1–GRP75–VDAC1 (inositol 1,4,5-trisphosphate receptor 1–glucose-regulated protein 75–voltage-dependent anion channel 1) complex in HL-1 cells. Small interfering RNA silencing of GRP75 in HL-1 cells and GRP75 conditional knockout in a mouse model led to impaired calcium transport from the ER to the mitochondria and alleviated mitochondrial oxidative stress and calcium overload. Moreover, GRP75 deficiency attenuated atrial remodeling and AF progression in Myh6-Cre+/Hspa9flox/flox + TM mice. Conclusions: The IP3R1–GRP75–VDAC1 complex mediates ER stress–mitochondrial oxidative stress and plays an important role in diabetic atrial remodeling.

Published
2022
Full Text
View/download PDF

4. Real-Time Information Security Incident Management: A Case Study Using the IS-CHEC Technique

Author

Mark Evans, Ying He, Cunjin Luo, Iryna Yevseyeva, Helge Janicke, Efpraxia Zamani, and Leandros A. Maglaras

Subjects
Human error assessment and reduction technique (HEART), human error related information security incidents, human reliability analysis (HRA), information security, information security core human error causes (IS-CHEC), Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Information security recognised the human as the weakest link. Despite numerous international or sector-specific standards and frameworks, the information security community has not yet adopted formal mechanisms to manage human errors that cause information security breaches. Such techniques have been however established within the safety field where human reliability analysis (HRA) techniques are widely applied. In previous work we developed Information Security Core Human Error Causes (IS-CHEC) to fill this gap. This case study presents empirical research that uses IS-CHEC over a 12 month period within two participating public and private sector organisations in order to observe and understand how the implementation of the IS-CHEC information security HRA technique affected the respective organisations. The application of the IS-CHEC technique enabled the proportions of human error related information security incidents to be understood as well as the underlying causes of these incidents. The study captured the details of the incidents in terms of the most common underlying causes, selection of remedial and preventative measures, volumes of reported information security incidents, proportions of human error, common tasks undertaken at the time the incident occurred, as well as the perceptions of key individuals within the participating organisations through semi-structured interviews. The study confirmed in both cases that the vast majority of reported information security incidents relate to human error, and although the volumes of human error related incidents pertaining to both participating organisations fluctuated over the 12 month period, the proportions of human error remained consistently as the majority root cause.

Published
2019
Full Text
View/download PDF

5. Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

Author

Mark Evans, Ying He, Cunjin Luo, Iryna Yevseyeva, Helge Janicke, and Leandros A. Maglaras

Subjects
Human error assessment and reduction technique (HEART), human error related information security incidents, human reliability analysis (HRA), information security, IS-CHEC, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

The objective of the research was to establish data relating to underlying causes of human error which are the most common cause of information security incidents within a private sector healthcare organization. A survey questionnaire was designed to proactively apply the IS-CHEC information security human reliability analysis (HRA) technique. The IS-CHEC technique questionnaire identified the most likely core human error causes that could result in incidents, their likelihood, the most likely tasks that could be affected, suggested remedial and preventative measures, systems or processes that would be likely to be affected by human error and established the levels of risk exposure. The survey was operational from 15th November 2018 to 15th December 2018. It achieved a response rate of 65% which equated to 485 of 749 people targeted by the research. The research found that, in the case of this particular participating organization, the application of the IS-CHEC technique through a questionnaire added beneficial value as an enhancement to a standard approach of holistic risk assessment. The research confirmed that the IS-CHEC in questionnaire form can be successfully applied within a private sector healthcare organization and also that a distributed approach for information security human error assessment can be successfully undertaken in order to add beneficial value. The results of this paper indicate, from the questionnaire responses supplied by employees, that organizational focus on its people and their working environment can improve information security posture and reduce the likelihood of associated information security incidents through a reduction in human error.

Published
2019
Full Text
View/download PDF

6. Electrophysiological Mechanisms Underlying T-Wave Alternans and Their Role in Arrhythmogenesis

Author

Tingting You, Cunjin Luo, Kevin Zhang, and Henggui Zhang

Subjects
T-wave alternans, sudden cardiac death, spatial discordant alternans, arrhythmia, simulation, Physiology, QP1-981
Abstract

T-wave alternans (TWA) reflects every-other-beat alterations in the morphology of the electrocardiogram ST segment or T wave in the setting of a constant heart rate, hence, in the absence of heart rate variability. It is believed to be associated with the dispersion of repolarization and has been used as a non-invasive marker for predicting the risk of malignant cardiac arrhythmias and sudden cardiac death as numerous studies have shown. This review aims to provide up-to-date review on both experimental and simulation studies in elucidating possible mechanisms underlying the genesis of TWA at the cellular level, as well as the genesis of spatially concordant/discordant alternans at the tissue level, and their transition to cardiac arrhythmia. Recent progress and future perspectives in antiarrhythmic therapies associated with TWA are also discussed.

Published
2021
Full Text
View/download PDF

7. Effects of amiodarone on short QT syndrome variant 3 in human ventricles: a simulation study

Author

Cunjin Luo, Kuanquan Wang, and Henggui Zhang

Subjects
Arrhythmia, Short QT syndrome, Computer simulation, KCNJ2, D172N, Amiodarone, Medical technology, R855-855.5
Abstract

Abstract Background Short QT syndrome (SQTS) is a newly identified clinical disorder associated with atrial and/or ventricular arrhythmias and increased risk of sudden cardiac death (SCD). The SQTS variant 3 is linked to D172N mutation to the KCNJ2 gene that causes a gain-of-function to the inward rectifier potassium channel current (I K1), which shortens the ventricular action potential duration (APD) and effective refractory period (ERP). Pro-arrhythmogenic effects of SQTS have been characterized, but less is known about the possible pharmacological treatment of SQTS. Therefore, in this study, we used computational modeling to assess the effects of amiodarone, class III anti-arrhythmic agent, on human ventricular electrophysiology in SQT3. Methods The ten Tusscher et al. model for the human ventricular action potentials (APs) was modified to incorporate I K1 formulations based on experimental data of Kir2.1 channels (including WT, WT-D172N and D172N conditions). The modified cell model was then implemented to construct one-dimensional (1D) and 2D tissue models. The blocking effects of amiodarone on ionic currents were modeled using IC50 and Hill coefficient values from literatures. Effects of amiodarone on APD, ERP and pseudo-ECG traces were computed. Effects of the drug on the temporal and spatial vulnerability of ventricular tissue to genesis and maintenance of re-entry were measured, as well as on the dynamic behavior of re-entry. Results Amiodarone prolonged the ventricular cell APD and decreased the maximal voltage heterogeneity (δV) among three difference cells types across transmural ventricular wall, leading to a decreased transmural heterogeneity of APD along a 1D model of ventricular transmural strand. Amiodarone increased cellular ERP, prolonged QT interval and decreased the T-wave amplitude. It reduced tissue’s temporal susceptibility to the initiation of re-entry and increased the minimum substrate size necessary to sustain re-entry in the 2D tissue. Conclusions At the therapeutic-relevant concentration of amiodarone, the APD and ERP at the single cell level were increased significantly. The QT interval in pseudo-ECG was prolonged and the re-entry in tissue was prevented. This study provides further evidence that amiodarone may be a potential pharmacological agent for preventing arrhythmogenesis for SQT3 patients.

Published
2017
Full Text
View/download PDF

8. In silico assessment of the effects of quinidine, disopyramide and E-4031 on short QT syndrome variant 1 in the human ventricles.

Author

Cunjin Luo, Kuanquan Wang, and Henggui Zhang

Subjects
Medicine, Science
Abstract

Short QT syndrome (SQTS) is an inherited disorder associated with abnormally abbreviated QT intervals and an increased incidence of atrial and ventricular arrhythmias. SQT1 variant (linked to the rapid delayed rectifier potassium channel current, IKr) of SQTS, results from an inactivation-attenuated, gain-of-function mutation (N588K) in the KCNH2-encoded potassium channels. Pro-arrhythmogenic effects of SQT1 have been well characterized, but less is known about the possible pharmacological antiarrhythmic treatment of SQT1. Therefore, this study aimed to assess the potential effects of E-4031, disopyramide and quinidine on SQT1 using a mathematical model of human ventricular electrophysiology.The ten Tusscher et al. biophysically detailed model of the human ventricular action potential (AP) was modified to incorporate IKr Markov chain (MC) formulations based on experimental data of the kinetics of the N588K mutation of the KCNH2-encoded subunit of the IKr channels. The modified ventricular cell model was then integrated into one-dimensional (1D) strand, 2D regular and realistic tissues with transmural heterogeneities. The channel-blocking effect of the drugs on ion currents in healthy and SQT1 cells was modeled using half-maximal inhibitory concentration (IC50) and Hill coefficient (nH) values from literatures. Effects of drugs on cell AP duration (APD), effective refractory period (ERP) and pseudo-ECG traces were calculated. Effects of drugs on the ventricular temporal and spatial vulnerability to re-entrant excitation waves were measured. Re-entry was simulated in both 2D regular and realistic ventricular tissue.At the single cell level, the drugs E-4031 and disopyramide had hardly noticeable effects on the ventricular cell APD at 90% repolarization (APD90), whereas quinidine caused a significant prolongation of APD90. Quinidine prolonged and decreased the maximal transmural AP heterogeneity (δV); this led to the decreased transmural heterogeneity of APD across the 1D strand. Quinidine caused QT prolongation and a decrease in the T-wave amplitude, and increased ERP and decreased temporal susceptibility of the tissue to the initiation of re-entry and increased the minimum substrate size necessary to prevent re-entry in the 2D regular model, and further terminated re-entrant waves in the 2D realistic model. Quinidine exhibited significantly better therapeutic effects on SQT1 than E-4031 and disopyramide.The simulated pharmacological actions of quinidine exhibited antiarrhythmic effects on SQT1. This study substantiates a causal link between quinidine and QT interval prolongation in SQT1 and suggests that quinidine may be a potential pharmacological agent for treating SQT1 patients.

Published
2017
Full Text
View/download PDF

40. Healthcare Security Incident Response Strategy - A Proactive Incident Response (IR) Procedure

Author

Ying He, Leandros Maglaras, Aliyu Aliyu, Cunjin Luo, and Thippa Reddy, G.

Subjects
Article Subject, Computer Networks and Communications, Incident Response, Information Systems
Abstract

open access article The healthcare information system (HIS) has become a victim of cyberattacks. Traditional ways to handle cyber incidents in healthcare organizations follow a predefined incident response (IR) procedure. However, this procedure is usually reactive, missing the opportunities to foresee danger on the horizon. Cyber threat intelligence (CTI) contains information on emerging attacks and should be ideally utilized to inform the IR procedure. However, current research shows that the IR has not been effectively informed by CTI, especially in healthcare organizations. This paper fills in this gap by proposing a proactive IR response procedure based on the National Institute of Standards and Technology (NIST) IR methodology. This paper then presents the NHS WannaCry case study to demonstrate the use of the proposed IR methodology. We collate cyber security advisories from different CTI sources such as US/UK CERT to protect interconnected systems and devices from Ransomware attacks. This research provides novel insights into the IR in healthcare through embedding CTI advisories into IR processes and concludes that our proposed IR procedure can be used to counteract WannaCry Ransomware using CTI advisories. It has the significance of transforming the way of IR from reactive to proactive using the CTI in healthcare.

Published
2022

41. AI-based Ethical Hacking for Health Information Systems (HIS): a simulation study

Author

He, Ying, Efpraxia, Zamani, Kun, Ni, Iryna, Yevseyeva, and Cunjin, Luo

Subjects
AI-based Hacking, Cyber Defence Solutions, Ethical Hacking, Health Information System (HIS), OpenEMR
Abstract

Background: Health Information systems (HIS) are continuously targeted by hackers, who aim to bring down the Health Critical Infrastructure. This study is motivated by recent attacks to healthcare organisations that have resulted in the compromise of the sensitive data held in HIS. Existing cyber security research in the healthcare domain places an imbalanced focus on protecting medical devices and data. There is a lack of a systematic way to investigate how attackers may breach a HIS and access healthcare records, with the view to improving cybersecurity in the future. Objective: This research aims to provide new insights regarding HIS cybersecurity protection. We propose a systematic and novel optimized (AI-based) ethical hacking method tailored specifically for HIS, and we compare it with traditional unoptimized ethical hacking method. It allows researchers and practitioners to identify the points and attack pathways of possible penetration attacks to HIS more efficiently. Methods: In this study, we propose a novel methodological approach to ethical hacking for HIS. We launched ethical hacking using both optimized and unoptimized methods in an experimental setting. Specifically, we set up an HIS simulation environment by implementing the OpenEMR (Open Electronic Medical Record) system and followed the National Institute of Standards and Technology's (NIST) ethical hacking framework to launch the attacks. In the experiment, we launched 50 rounds of attacks using both unoptimized and optimized ethical hacking methods. Results: Ethical hacking was successful using both optimized and unoptimized methods. The results show that the optimized ethical hacking method outperforms the unoptimized one in terms of average time used, average success rate of exploit, number of exploits launched, and number of successful exploits. We are able to identify the successful attack paths, and the exploits that are related to remote code execution, cross-site request forgery, improper authentication, vulnerability in the Oracle Business Intelligence Publisher, an elevation of privilege vulnerability (in MediaTek), and remote access backdoor (in the Web GUI for the Linux Virtual Server). Conclusions: This research demonstrates systematic ethical hacking against HIS using optimized and unoptimized methods together with a set of penetration testing tools to identify exploits and combining them to perform ethical hacking. The findings contribute to Health Information Systems (HIS) literature, ethical hacking methodology and mainstream AI-based ethical hacking method as it addresses some key weaknesses of these research fields. The findings also have great significance for the healthcare sector, as OpenEMR is widely adopted by healthcare organisations. Our findings offer novel insights for the protection of HIS and equips researchers toward conducting further research in the HIS cybersecurity domain.

Published
2023

47. Cardiac abnormalities after induction of endoplasmic reticulum stress are associated with mitochondrial dysfunction and connexin43 expression

Author

Gary Tse, Daiqi Liu, Tong Liu, Mengqi Gong, Zaojia Wang, Bingxin Xie, Jinli He, Cunjin Luo, and Guangping Li

Subjects
Male, medicine.medical_specialty, Heart Diseases, Physiology, MFN2, Connexin, Antineoplastic Agents, Apoptosis, Mitochondrion, Antiviral Agents, Rats, Sprague-Dawley, chemistry.chemical_compound, Physiology (medical), Internal medicine, medicine, Animals, Pharmacology, Tunicamycin, Endoplasmic reticulum, Heart, Endoplasmic Reticulum Stress, Phenylbutyrates, Mitochondria, Rats, Disease Models, Animal, Endocrinology, chemistry, mitochondrial fusion, Mitochondrial biogenesis, Connexin 43, Unfolded protein response
Abstract

The endoplasmic reticulum (ER) is responsible for protein synthesis and calcium storage. ER stress, reflected by protein unfolding and calcium handling abnormalities, has been studied as a pathogenic factor in cardiovascular diseases. The aim of this study is to examine the effects of ER stress on mechanical and electrophysiological functions in the heart and explore the underlying molecular mechanisms. A total of 30 rats were randomly divided into control, ER stress inducer (tunicamycin[TN]) and ER stress inhibitor (tunicamycin+4-phenylbutyric acid [4-PBA]) groups. ER stress induction led to significantly systolic and diastolic dysfunction as reflected by maximal increasing/decreasing rate of left intraventricular pressure (±dp/dt), left ventricular peaksystolic pressure(LVSP) and LV end-diastolic pressure(LVEDP). Epicardial mapping performed in vivo revealed reduced conduction velocity and increased conduction heterogeneity associated with the development of spontaneous ventricular tachycardia. Masson's trichrome staining revealed marked fibrosis in the myocardial interstitial and sub-pericardial regions, and thickened epicardium. Western blot analysis revealed increased pro-fibrotic factor transforming growth factor-β1 (TGF-β1), decreased mitochondrial biogenesis protein peroxlsome proliferator-activated receptor-γ coactlvator-1α (PGC-1a), and decreased mitochondrial fusion protein mitofusin-2 (MFN2). These changes were associated with mitochondria dysfunction and connexin 43(CX43)translocation to mitochondria. These abnormalities can be partially prevented by the ER stress inhibitor 4-PBA. Our study shows that ER stress induction can produce cardiac electrical and mechanism dysfunction as well as structural remodelling. Mitochondrial function alterations are contributed by CX43 transposition to mitochondria. These abnormalities can be partially prevented by the ER stress inhibitor 4-PBA.

Published
2021

48. Artificial Intelligence–Based Ethical Hacking for Health Information Systems: Simulation Study (Preprint)

Author

Ying He, Efpraxia Zamani, Iryna Yevseyeva, and Cunjin Luo

Abstract

BACKGROUND Health information systems (HISs) are continuously targeted by hackers, who aim to bring down critical health infrastructure. This study was motivated by recent attacks on health care organizations that have resulted in the compromise of sensitive data held in HISs. Existing research on cybersecurity in the health care domain places an imbalanced focus on protecting medical devices and data. There is a lack of a systematic way to investigate how attackers may breach an HIS and access health care records. OBJECTIVE This study aimed to provide new insights into HIS cybersecurity protection. We propose a systematic, novel, and optimized (artificial intelligence–based) ethical hacking method tailored specifically for HISs, and we compared it with the traditional unoptimized ethical hacking method. This allows researchers and practitioners to identify the points and attack pathways of possible penetration attacks on the HIS more efficiently. METHODS In this study, we propose a novel methodological approach to ethical hacking in HISs. We implemented ethical hacking using both optimized and unoptimized methods in an experimental setting. Specifically, we set up an HIS simulation environment by implementing the open-source electronic medical record (OpenEMR) system and followed the National Institute of Standards and Technology’s ethical hacking framework to launch the attacks. In the experiment, we launched 50 rounds of attacks using both unoptimized and optimized ethical hacking methods. RESULTS Ethical hacking was successfully conducted using both optimized and unoptimized methods. The results show that the optimized ethical hacking method outperforms the unoptimized method in terms of average time used, the average success rate of exploit, the number of exploits launched, and the number of successful exploits. We were able to identify the successful attack paths and exploits that are related to remote code execution, cross-site request forgery, improper authentication, vulnerability in the Oracle Business Intelligence Publisher, an elevation of privilege vulnerability (in MediaTek), and remote access backdoor (in the web graphical user interface for the Linux Virtual Server). CONCLUSIONS This research demonstrates systematic ethical hacking against an HIS using optimized and unoptimized methods, together with a set of penetration testing tools to identify exploits and combining them to perform ethical hacking. The findings contribute to the HIS literature, ethical hacking methodology, and mainstream artificial intelligence–based ethical hacking methods because they address some key weaknesses of these research fields. These findings also have great significance for the health care sector, as OpenEMR is widely adopted by health care organizations. Our findings offer novel insights for the protection of HISs and allow researchers to conduct further research in the HIS cybersecurity domain.

Published
2022

Catalog

Books, media, physical & digital resources
See catalog results