ML-based Cyber Incident Detection for Electronic Medical Record (EMR) Systems

David McGlade, Sandra Scott-Hayward

Research output: Contribution to journalSpecial issuepeer-review

14 Citations (Scopus)
313 Downloads (Pure)


An upward trend in cyber incidents across both U.K. and U.S. hospitals has been observed since 2015. Attacks range from identity theft to insurance fraud and extortion/blackmail. The Electronic Medical Record (EMR) systems used in hospitals are targeted due to the sensitivity of data within a healthcare setting. This work is motivated by the necessity to protect patient information and to ensure the availability of such EMR systems. A failure in either case can have grave implications for patients being treated and practitioners using the system. In this research, we propose the application of Machine Learning (ML) and Time Series (TS) anomaly detection to the problem of confidentiality and availability attacks on EMR systems. The results presented in this paper indicate that confidentiality incident detection is fully achievable using ML, with Support Vector Machines obtaining the highest accuracy, precision and recall of a number of models tested. Results from the availability prototype show that the detection of a message surge is possible within 10 seconds, by using an Exponential Moving Average implementation to identify anomalies in message flow. This finding paves the way for an automated surge defence to be developed, presenting a significant advance over the manual method used today. The feasibility and practicality of implementing these detection systems in a clinical setting are also discussed with consideration of parameter tuning, skill-sets, and data protection.
Original languageEnglish
JournalSmart Health
Early online date07 May 2018
Publication statusEarly online date - 07 May 2018


Dive into the research topics of 'ML-based Cyber Incident Detection for Electronic Medical Record (EMR) Systems'. Together they form a unique fingerprint.

Cite this