A survey of healthcare sector digitization strategies: Vulnerabilities, countermeasures and opportunities

The adoption of electronic healthcare in hospital environment can potentially reduce costs and improve the quality of life of the patients. However, numerous security and privacy issues arise when sensitive patient data is shared among multiple devices and users. Owing to its vulnerable nature, electronic health records seem to be more attractive to attackers compared to other forms of records such as financial transactions. Consequently, the patient data collected at the sensors, transmitted across communication channels and residing in hospital servers is susceptible to various threats. The goal of this paper was to carry out a survey of the electronic healthcare environment and attempt to understand the various weaknesses that can be exploited. This is followed by some descriptions of the various preventive mechanisms as well as the noted gaps. Therefore, numerous recommendations are given that are deemed fit for enhanced security and privacy posture in electronic healthcare domain


Introduction
The healthcare sector in most developing countries is facing a myriad of setbacks such as high costs, lack of public health systems, personnel and medications.The recent past has seen the rise in the incorporation of Information and Communication Technology (ICT) in the healthcare sector [1], creating an e-healthcare system.The goal is to enhance medical quality, data security and reduce costs.The utilization of ICT can therefore improve healthcare processes and facilitate remote health monitoring, more so in the rural areas.In this respect, smart medical devices, mobile devices and Internet of Things (IoT) offer remote patient monitoring.In this setting, IoT devices have embedded sensors that can establish connections over the internet and exchange information.Therefore, it becomes easy to control chronic ailments such as diabetes, high blood pressure and kidney diseases.These diseases are challenging for the healthcare system in terms of management and sustainability.However, with ICT incorporation, it becomes easier for doctors to offer assistance to patients in diverse phases such as diagnoses, monitoring and treatment.As explained in [2], IoT offers an infrastructure to facilitate the development of e-health systems.As shown in Figure 1, IoT provides tools such as sensors that collect vital patient physiological parameters such as heart rate, blood pressure and glucose level employed for remote monitoring for patients.In so doing, e-healthcare aid physicians to automate the process of medical signs collection and transmission so as to detect and report risk situations [3].
The continued usage of ICT in the healthcare sector has given rise to Internet of Healthcare Things (IoHT), Electronic Health Records (EHR) and Personal health record (PHR).Here, IoHT comprises of smart health devices that monitor, process, store and transmit sensitive information [4], [5].A typical IoHT environment is characterized with uniquely identifiable devices, services, and software [6] as shown in Figure 2.These devices monitor patients by generating clinical data that is forwarded to remote servers over wireless communication channels.As such, the physicians and medical staff are able to remotely monitor their patients.IoHT also enable the patients to manage their health data with ease [7].In so doing, IoHT offers efficient, reliable and cost effective healthcare services.On the other hand, PHR refers to an electronic application that enables individuals to access, manage and share their health information with parties that they authorize.This information exchange is executed in a secure, confidential and private environment [8].On its part, EHR is the health sector's core digital strategy for enhancing the quality of care administered to patients.It accurately consolidates patient records from diverse healthcare providers over time [9] and shows the health status of the patients by checking their own EHR.Its adoption has led to the reduction of medical errors, enhancement of healthcare quality and minimization of costs [10], [11].In so doing, it offers health education that fosters conscious decisions about health care [12].
Figure 1 IoT body sensors [4] Since EHR contains sensitive information, it is protected by law through the Health Information and Portability Accountability Association (HIPAA) [13].It is clear that electronic health (E-health) has many promising outcomes in saving lives and hence has the potential of rapid adoption and expansion.Healthcare digitization offers reliability, efficiency, costs reductions, scalability and flexibility [14], [15], [16].As pointed out in [17], many healthcare professional are considering it as part of the healthcare sector's future systems.

Figure 2
IoHT implementation [7] Despite the many services offered by e-healthcare [18] systems, they face numerous challenges such as data privacy violations [4].As such, there has been slower adoption of this digital transformation among healthcare organizations.Owing to the high volume and sensitive nature of patient records, the healthcare sector is cautious in the implementation of HER [19].In addition, there have been reported cases of disrupted services, compromised health records, expensive payments to ransomware attackers, unavailability of essential health care services, and the stealing and selling of patient health records in the black market [20], [21].During the COVID-19 pandemic, the big data held by the healthcare sector became a major target for ransom and attackers.As pointed out in [19], there has been an increase in the risks of attacks for non-optimal EHR implementations.For instance, there have been numerous high profile data breaches that have exposed EHR cyber security challenges.The authors in [22] explain that the limitations of IoT devices in terms of energy, computation and memory put constraints for the integration of IoT in healthcare.The mobility nature of IoT devices enables these devices to establish connections to the internet over different networks, hence affecting their security.As such, there has been slow adoption of IoHT in the healthcare sector despite the many investments from governments [23].This is also due to the sector's strict security and privacy requirements since it deals with human lives.Therefore, safety is the top priority in healthcare organizations and they cannot risk adopting immature technology [24], [25].
The above issues point to the importance of deploying efficient security and privacy techniques to offer protection to ehealthcare systems from all threats [26], [27].Privacy and security requirements such as integrity, confidentiality, authorization, authentication, non-repudiation and availability should be considered for IoT-healthcare applications [28].As pointed out in [29], the protection of personal data from malicious entities and systems must be implemented at different levels such as processing, storage, communication and device levels.Although digital transformation is significant for the healthcare sector, susceptibility to cyber attacks is a fundamental challenge [30], [31], [32], [33].The general public trepidation towards e-healthcare is mainly due to privacy and security issues [30], [34].Whereas privacy is concerned with the protection of the collected patients' data that can uniquely identify them, security is concerned with the restriction and authorization during access to this personal information [35].In these healthcare systems, these two requirements are critical since leaked information has serious repercussions.As such, numerous cryptographic solutions have been proposed, which are geared towards data storage, privacy, access control, security and data ownership [36], [37].The major contributions of this paper include the following:  Extensive review of the electronic healthcare environment is provided so as to understand the various technological vulnerabilities that can be exploited by attackers. A survey of the various mechanisms challenges encountered during the sharing of the patient data are described  The diverse techniques for privacy protection in an electronic healthcare domain are evaluated. The algorithms and protocols that have been developed for access control in e-health environment are studied and their weaknesses pointed out. A review of the techniques employed to protect stored data in patient IoT devices, hospital and cloud servers are analyzed. Some of the open research gaps are described so as to point out the possible research directions.
The rest of this article is structured as follows: Section 2 discusses the challenges in patient data sharing while Section 3 describes the various schemes for privacy protection.On the other hand, Section 4 analyses the diverse techniques for access control, while Section 5 discusses data storage security mechanisms.In Section 6, the key findings are reported while Section 7 points out some open research gaps.Finally, Section 8 concludes this paper and describes some future research scope.

Challenges in patient data sharing
Due to the continued enhancements in the digitization efforts in the healthcare sector, the volume of medical data is on the increase [38].In this environment, sharing of patient electronic medical data becomes necessary to realize efficient integration of medical resources as well as improving medical staffs' diagnosis and treatment.Authors in [39], [40] explain that online diagnostic services offer analytics services to users at any time and place regarding real world healthcare services.However, medical data is sensitive and personal asset.This sharing increases the risks of data privacy leakages and abuses which pose major threats [41] to the lives and property of the patients.In this environment, interoperability is a key issue as it facilitates unified data exchange among researchers, patients and healthcare providers [42].As pointed out in [43], medical data sharing promotes smart medicine but information systems heterogeneity among various medical institutions makes sharing difficult.In addition, sharing this sensitive medical data may lead to leakage of personal privacy [44].
Over the years, many IoT devices have been connected to the internet to store data on centralized servers.In this environment, the client-server architecture is employed to execute device connection, authorization and authentication.However, this architecture presents some challenges such as access control [45], single point of failure [46] and authentication.For instance, systems based on centralized communication with cloud servers [47] increases privacy and security risks [1].On their part, authors in [48] explain that medical records in different formats are normally scattered among various medical institutions.This makes cumbersome to realize efficient data exchange and hence creating information islands.This curtails any efforts towards rapid, convenient, accurate diagnosis and treatment of the patients.This is supported by the authors in [49] who explain that contradictions exist regarding interoperability specifications of standard-based communication systems [50] as well as personal health devices.On their part, authors in [51] have pointed out that EHRs are vulnerable to numerous unauthorized accesses that violate privacy and data security.In addition, ransomware targeting e-health systems are on the rise [52].Unfortunately, the current privacy preserving schemes are insufficient in the provision of foolproof security especially in e-health cloud environment.Therefore, the health records in the cloud are exposed to risks posed by internal attackers who have authorized access.These privileged insiders may include system administrators, key managers and database administrators [53], [54], [55].Figure 3 gives an illustration on the common causes of data leakages in an IoHT environment.[4] The authors in [56] have explained the necessity of maintaining data privacy during the sharing of patient healthcare data.However, there are numerous challenges that crop up during the process of implementing privacy and security of telemedicine services.These challenges have continued to curtail the adoption of e-health services in most developing countries [57].This can be explained by the adverse consequences that any successful security and privacy breach can have in these telemedicine services [58].The risks are exponentially increased when the underlying telemedicine infrastructure is susceptible to security threats due to weak security measures [59], [60].In addition, some ethical and legal issues may crop up in telemedicine services when proper authorization techniques are not put in place [61], [62].In the preservation of semantic and structural integrity during the exchange of digital health data, heterogeneity has been cited in [63] to be a major problem.The current solutions to these challenges center around log analysis, access control, identity authentication and cryptography [64].Unfortunately, these approaches are only concerned with the upholding of security and privacy of patient data but lack transparency guarantee during data access.

Figure 3 Sources of data leakages in IoHT environment
To address the issues above, many schemes and models have been developed to address these challenges.For instance, the authors in [65] have presented an application model to address interoperability issues in PHR.On the other hand, blockchain technology [66] has been cited in [67], [68], [69] to have crucial role in developing efficient and secure systems that can help resolve majority of the ethical and security issues in telemedicine services.For instance, blockchain can connect heterogeneous systems and offer authenticity as well as integrity guarantees for medical data sharing [43].This position is supported by the authors in [70] who point out that there have been increasing attempts to deploy blockchain technology in the healthcare industry to address many of the EHR issues.Apart from this technology numerous regulatory standards have been created to protect sensitive patient data from being disclosed as well as enhance effectiveness and efficiency in the healthcare system.One of these standards is the Health Insurance Portability and Accountability Act (HIPAA).The HIPAA privacy rule has helped create national standards that help protect patient data.Specifically, it offers a set of rules that uphold privacy and security of health information during its transfer, reception, handling and sharing.In addition to HIPAA, some necessary measures need to be incorporated in ehealth systems to secure EHRs.These measures revolve around audit trails, data encryption and access control.

Schemes for privacy protection
The network architecture in e-health involves different entities.For instance, telemedicine systems comprise of diverse entities that must ensure the privacy of user data is maintained [71].Data privacy is regarded as a fundamental requirement for e-health acceptance.To uphold data privacy, various approaches such as authentication, data flow representation as well as the authorization of the executed actions.These actions may include data collection, retention, processing and transmission.Unfortunately, many malicious activities might compromise the privacy of the users.Such activities may include unauthorized collection, usage, access, storage and sharing of the highly sensitive patient data.To protect against personal data leakages occasioned by these activities, suitable protection and security measures are needed [72], [73], [74], [75].In addition, there is need for IoHT systems to be transparent to patients while at the same time providing updated information to ensure the protection of patients' data.To this end, a ubiquitous patient health record framework is presented in [76] to enable first-time patients to communicate their healthcare data to the medical providers.On the other hand, a privacy-preserving encryption [77] scheme is developed in [78] for medical data transmission and classification.On their part, the authors in [79] have presented an Attribute-Based Encryption (ABE) and Identity-Based Encryption (IBE) scheme to encrypt data and hence facilitating fine-grained access control.However, identity based schemes are vulnerable to key escrow issues [80].To solve these challenges, blockchain technology has been cited in [81] to be capable of improving data security and privacy.This is attributed to the ability of blockchain to offer security and data immutability through decentralization and cryptography [82] as shown in Figure 4.

Figure 4
Patient interaction models in blockchain environment [4] For instance, a blockchain based patient data transparent framework is developed in [83] to facilitate electronic medical record authorization management through the analysis [84] of the generated log events.Similarly, a blockchain based scheme is introduced in [85] to facilitate data encryption and storage in the local cloud.Using the consortium blockchain, authors in [43] have presented a medical data sharing scheme that achieves effective attribute-based access control [86], [87].On the other hand, the Ethereum blockchain based solution in [88] has been shown to help in secure storage of EHR data.To offer optimized and intelligent medical data exchange among various entities, a medical-edgeblockchain scheme is developed in [89].On the other hand, a Multi-Authority Attribute-Based Signatures (MA-ABS) based technique is developed in [68] to uphold privacy of patients.Similarly, a Hyperledger Fabric is introduced in [90] to conceal the identity of patients.
To boost privacy preservation and data security [91], encryption and proxy re-encryption technologies are amalgamated in [92] and implemented on Ethereum with the help of cloud storage [93], [94], [95], [96].On the other hand, blockchain technology has been deployed in [97] and [70] to improve accuracy and efficiency [98] through effective medical data sharing among different institutions.Similarly, a data sharing management system based on the blockchain is presented in [99], while a blockchain based framework for patient-centered records and exchange is introduced in [100].To improve security and privacy preservation [101] during electronic medical record sharing, a blockchain based approach is introduced in [102], while a lightweight backup recovery scheme for the medical blockchain key is developed in [103] to offer efficient [104] privacy protection.On the other hand, a blockchain based distributed model is developed in [65] to permit patient data to be interconnected between health organizations.To facilitate verifiability, privacy, auditability and data sharing, a decentralized medical record management system is introduced in [105].Similarly, a privacy-preserving e-health system is presented in [106] to facilitate medical data exchange and speedy retrieval, while a blockchain-based data sharing framework for electronic medical records is developed in [107].To offer data access control, tracing [108] and auditing, an effective medical record management system is presented in [109].On the other hand, a blockchain based scheme is developed in [110] for secure image transmission and diagnoses.On the flip side, the blockchain technologies in [83], [89], [97], [70], [99], [102], [103], [106], [107], [109] has high space and computation complexities [111].

Techniques for access control
In an e-health environment, the patients have complete control when it comes to granting and revoking access to their medical records [112], [113].This helps preserve confidentiality of the health data.In addition, encryption has been cited in [78] to be an effective means of secure transmission of medical data over public network.For instance, a blockchain-based e-health integrity model is developed in [114] to boost information integrity.Similarly, a blockchainbased architecture is introduced in [115] to ensure availability, security [116], confidentiality and integrity of patient records.This architecture also supports secure international, cross-institutional and internal exchange of health records.To permit authenticated users to access the record for a particular session, authors in [117] have developed a public-key cryptography based scheme for the encryption of the data in the off-chain storage [118].On the other hand, a decentralized platform for tracking and exchanging patients' health records is developed in [119].To enhance confidentiality through encryption of medical data being stored on the cloud, authors in [120] have developed elliptical curve [121] certificateless aggregate cryptography signature scheme.Through encryption, this scheme is demonstrated to prevent forgery of medical data blocks, while the secure certificateless public auditing scheme facilitates the checking of data using an auditor.
To facilitate confidential medical data sharing in a multi-authority cloud storage environment, cloud storage, [122] and attribute-based signcryption (ABSC) algorithm are deployed.Similarly, a general framework for sharing critical EHR records is introduced in [123].Here, access control and encryption are employed to uphold the confidentiality of the health records [124].To ensure proper authentication in EHR solutions, a data aggregation scheme and group authentication based on blockchain technology is developed in [125].Here, the group session key [126] is deployed by multiple authorized users such as patients, doctors, caregivers, family and friends to freely access the patient's encrypted private information [127].On the other hand, a multi-agent based distributed ledger system is developed in [128] to enhance EHR security.Similarly, a Hyperledger Fabric blockchain based access control management system is introduced in [129] for emergency medical situations, while a blockchain-based system for securing IoT devices in the healthcare environment is developed in [1].
To facilitate the secure sharing of medical image, a blockchain [130] based scheme is introduced in [131], while a finegrained access control system is developed in [132] to improve data privacy and security.Here, all access management processes are executed on the blockchain.Therefore, these processes are logged in a transparent and traceable manner.To facilitate medical data sharing devoid of intermediaries, a novel medical data processing architecture is developed in [133].This approach is demonstrated to prevent data leakage risks that may be occasioned by improper operation during processing.Similarly, a fine-grained access control scheme for medical records [134] is introduced in [112] based on the blockchain.Here, the medical records are stored in the cloud and proxy re-encryption is utilized for data sharing [135].On the other hand, a user-centric medical record sharing solution is developed in [136] based on blockchain technology Hyperledger Fabric [137].This system is shown to preserve privacy and prevent any vulnerability during data storage.Similarly, authors in [138] have developed an architecture that facilitates electronic medical record sharing based on the Hyperledger.This system also implements an access control using symmetric key cryptography to enhance data accessibility between healthcare providers.On their part, the authors in [139] have developed a blockchain based framework that facilitates fine-grained access control [140] and keyword search in the decentralized storage systems.
An electronic medical record architecture is presented in [141] to offer fine-grained access authorization while at the same time maintaining compatibility with blockchain.Similarly, a technique based on blockchain and smart contract is developed in [142] to enable healthcare centers to securely share their encrypted HER.To attain secure search, data security, privacy protection and access control, a personal health information sharing scheme is introduced in [143] based on blockchain technology.Unfortunately, the schemes in [129], [131], [133], [136], [138], [139], [141], [142] and [143] have high space and storage complexities [144].As such, a lightweight secure and privacy preserving scheme for ECG diagnoses and visualization is presented in [145].

Secure storage mechanisms
The continued deployment of IoHT has led to corresponding increase in the need for cost-effective data storage.As such, many approaches have been presented in literature over the recent past.For instance, a scheme that uses symmetric and asymmetric key cryptography is introduced in [146] for secure data storage.Here, one smart contract is employed to store the mapping between the patient, combined key and the hash values, while another smart contract is utilized by patients to control the granting and revoking of access.To offer security for health and medicinal data in cloud based IoT platform, a remote health-monitoring technique is presented in [147].In this approach, a lightweight [148] block encryption technique is deployed to offer the required protection.On the other hand, a blockchain based data preservation system is developed in [149] for medical data.Here, the blockchain architecture is deployed to provide verifiability and primitiveness of saved data as well as preserving the client privacy.Similarly, a hybrid of data encryption modules is introduced in [150] to protect diagnoses data in medicinal images, while a holistic on-chain and off-chain collaborative storage system is developed in [151] for efficient storage [152] and verification of EHR data [153].On the other hand, a hash table based scheme is introduced in [154] for medical data storage and retrieval from the cloud.Here, the EHR data is enciphered using the blockchain's hash function so as to preserve its confidentiality [155].On their part, their authors in [156] introduce a novel steganography system to protect stored records, while a technique for encrypting medical images is developed in [157].Similarly, a scheme to secure mobile healthcare network data is presented in [158], while a technique to protect stored medical data is introduced in [159].Here, users are able to send and receive encrypted data [160] from a wearable devices [161].This is unlike an approach in [162] where the emphasis was on secure sharing of health data in the digital healthcare system [163], [105], [164].
On the other hand, a secure, low cost, scalable and tamper-proof health data sharing system is developed in [165].This approach is shown to solve numerous challenges problems that blockchain-based technologies have faced.On their part, authors in [166] have extended the framework in [161] by developing a General Data Protection Regulation (GDPR) compliant proof-of-concept system that is shown to facilitate efficient [167] and secure health data exchange.On the other hand, the authors in [168] have developed a consent management system to uphold availability of data to concerned parties.In addition, this system offers scalability and integrity of the data.Similarly, a secure and scalable solution is presented in [169] which is based on Ethereum blockchain technology.On their part, the authors in [170] have presented blockchain architecture for storing health records to address privacy and accessibility challenges of patients' records.This approach is shown to ensure data privacy and accessibility.To store the states of access control to patient data, a state machine is introduced in [171], in which the three states include access policy, individual authorization state and record life cycle.On their part, Ethereum blockchain based protocol is developed in [172] to enable the IoT sensors to communicate securely with smart contract implemented smart device.

Key Findings
It is evident that healthcare has evolved significantly over the recent past due to the adoption of ICT in healthcare processes such as data collection, storage, diagnostics, and treatment [159].The emergence of the industrial internet of things (IIoT) has advanced e-health by facilitating the development of connected healthcare systems that enhance interoperability, visibility and data connectivity.However, the deployment of such technology has led to growing concerns regarding security and privacy [173] of healthcare data.The risks are further increased when the collection, sharing and processing is accomplished via cutting-edge connected sensor devices.It has also been noted that EHRs systems have been deployed in many healthcare environments, where the technological advancements have revolutionized access control, storage and processing of health data [174].However, digital health information may lead to misinterpreted health information due to unreliable data, which could put a patient's life at risk [175].Similarly, it has been observed that unauthorized third-party access to health data collected by smart devices and wearable devices might put sensitive information at risk.As such, quality and validated medical devices, smart-phones, and sensors [176] are needed to offer accurate health data to the participants [177].
It has been established that EHR systems have numerous benefits that have positively impacted the healthcare sector.However, there are also many security and privacy challenges that affect development of e-Health [178] and hence have curtailed the deployment of existing e-health systems [179].Since these systems collected sensitive information [180] whose leakage might effect the patient's life and social status [181], proper security and privacy protection should be provided.As explained in [182], health records digitization has lead to an array of attacks such as privileged inside, denial of service and information leakages.Therefore, organizations have to setup guidelines for the administration of healthcare information so as to achieve the desired level of security and privacy.In this context, security ensures that authorized access is granted to only those parties with rights to access health information [183].Therefore, availability, integrity and confidentiality of medical data are advocated here.Particularly, confidentiality ensures that sensitive information such as medical history, behavior problems and various patient issues are kept secret.This ensures that illegal access which can affect the mental and physical health of a patient is prevented.It is also important that accuracy and correctness be upheld for e-health systems so as to ensure that this data is free from faults.
Regarding stored data, the significance of confidentiality, integrity, and privacy concerns have been stressed in [184] and [185].Over the recent past, blockchain has appeared to be a secure [186] and decentralized platform and hence can address some of these issues.As pointed out in [187], this technology has greatly changed the storing and sharing of health data by promoting security and accuracy of the data whilst reducing maintenance cost [188].Here, patient medical data are stored in a distributed manner, devoid of full access to that medical data [189].However, there are certain limitations to blockchain technology such as high storage complexities.It has also been noted that IIoT has become a disruptive computing paradigm across various domains such as smart cities [190], [191], [192], healthcare [193], [194], [195] and manufacturing [196], [133].It has introduced ubiquity in the sharing of healthcare data [197] and therefore transforming healthcare from digital to intelligent [198].This has greatly improved the quality of healthcare services.However, this paradigm is plagued with numerous privacy and security challenges [199].For instance, the usage of wearable and embedded devices for diagnostic and treatment procedures is increasingly common [200], [201], raising concerns about privacy and security of patient data.It is therefore common for the healthcare data to become an attractive target for cyber attacks.
It has been revealed that the data sent by IoT devices generally do not follow any end-to-end encryption and decryption scheme.Worse still, patient data are shared across diverse tiers of the healthcare system and hence attaining security and privacy of such data is a challenge task [200], [201].In this environment, any disruptions in transfer, update or sharing of data can lead to exposure of patient data [202], [203].For instance, authors in [204] have pointed out that cyber security breaches in health data is considered more lucrative than credit cards on the illegal market due to their life-threatening nature.In this environment, distributed ledger technologies such as Bitcoin can be deployed to facilitate decentralized data collection and processing in a tamper-proof manner [205], [206], [207], [208].However, the deployment of blockchain in IoHT is inefficient to a number of factors [209].To start with, the transparency in blockchain means that all patient data is visible to everyone on blockchain [210], [211], [212].Obviously, this leads to leakage of the highly sensitive [213] personal medical records.Another challenge is that of scalability and speed since blockchain transactions are very long.For instance, authors in [214] explain that for a transaction to be final on the blockchain, it has to wait for 6 blocks to be added to the longest chain.This means that blockchain solutions cannot be applicable in medical emergency scenarios [188].Moreover, the blockchain can be expensive to implement [215], [216] since a node has to pay some fees for the transactions.

Open research gaps
It has been shown that the e-health environment is characterized with confidential and sensitive data that may include social security number and credit card details.Therefore, any successful compromise can leak sensitive person data and cause some financial losses.Although many techniques have been put forward to prevent data leakages, many challenges still exist.For instance, the attribute -based encryption (ABE) techniques are ineffective due to their costly computations.As explained in [217], issues such as effective access control, authentication, key management efficient user revocation, secure storage and data encryption are yet to be addressed.To address some of these problems, IoTrelated data privacy protection policies, protocols [218] and frameworks have been developed for user privacy and data protection.However, these frameworks and policies are yet to attain intended results.Therefore, healthcare data privacy protection is insufficient [73].It has also been shown that some limitations exist of the current healthcare data privacy laws in that they fail to offer a particular set of instructions to protect IoHT data.
To address the shortcomings in the existing IoHT devices' operating systems, specialized operating systems such as Contiki, RIOT, TinyOS and FreeRTOS have been developed [219].However, the constrained nature of IoT devices in terms of power, memory and computation still renders them vulnerable to the system and network attacks.This is because complex encryption and authentication schemes cannot be implemented in these resource constrained devices.As such, it is easy for attackers to employ memory vulnerabilities to compromises the security of such devices [220].The literature reviewed has shown that the blockchain technology offers salient features such as autonomy, transparency, anonymity, openness as well as decentralized, unforgeable and tamper resistance EHR protection.In so doing, it helps address challenges of poor reliability, low security, low efficiency and high costs associated with current centralized security models.In light of these challenges, the following recommendations are critical in resolving healthcare data security and privacy problems.

Complete anonymization of health records
In a typical e-health environment, the IoT devices gather and aggregate data from various patients before fording it to the router or any intermediary device for further processing.During this process, compression technique are deployed to minimize storage requirements especially for big headers like Internet Protocol IPv6 header.To prevent privacy leaks, these records should be anonymized such that tracing them to their owner becomes tricky.

Penalties and fines for privacy leaks
High volumes of data are collected and processed by IoHT devices and hence privacy risks are always inherent regarding access and usage of this data.For instance, behavior monitoring and individual identification are serious issues.As such, entities that maliciously perform these activities must be penalized with heavy fines.

Sufficient laws and guidelines
In IoT healthcare domain, several communication protocols have been developed.However, there are no particular guidelines provided in data privacy laws regarding protocol security.There is also lack of guidelines concerning the encryption type or anonymity standards to be adopted in IoT devices.There is therefore need for privacy laws that offer transparent policies regarding communication security of these devices, especially for hospital usage.

User friendly designs
The controls in healthcare system should be designed in such a manner that they are user-friendly.The patients should also be able to have full control over their collected data at any moment.This means that the controls should enable the patient to decide whom to share or not to share the data with.The controls should also allow the patients to know who has their data, what data has been collected and for which purpose is the data intended.

Education and awareness
The awareness programs are crucial for management staff, IT staff and other relevant healthcare facility staff so as to highlight the importance of data privacy.All these parties should be aware of secure processing of healthcare data, as well as the consequences of data leakages.In addition, they should be familiar with the penalties they would be charged in the case of carelessness.This education and awareness should involve secure usage of staff devices such as laptops and cell-phones that are linked to healthcare systems.For instance, authors in [221] explain that despite concerted efforts in executing e-health ideas and projects, many of these efforts have failed to satisfactorily reach their goals due to lack of awareness among the population.

Embed privacy in the designs
The system developers should strive to implement privacy safeguard framework in the e-healthcare infrastructure from the beginning of the system engineering process.Conventionally, the e-healthcare devices operate through user interactions or web interfaces where there are no privacy protection guidelines dictating how device interfaces should be designed.In addition, numerous vulnerabilities lurk in web-based interfaces which can be exploited to cause data leakages and information leakage attacks.Unfortunately, most of the devices lack authentication features, while other have default passwords which are cumbersome to input due to their small size interfaces.

Interoperable data protection laws
Although there are various data privacy laws, their enforcement varies regionally and internationally.This presents some challenges when healthcare data of citizens are processed in a different country or state where different data privacy laws are enforced.This is to do with the possible legal issues that should apply to that citizen's processed data.

Conclusion
This paper sought to offer some survey on the vulnerabilities, threats and exploits in an electronic health domain.In addition, the various security solutions implemented during patient data sharing, storage and collection are discussed.The findings have indicated that the e-health environment is characterized by numerous threats and vulnerabilities that can be exploited by attackers.As a matter of fact, numerous attacks have already been perpetrated in this domain, leading to serious privacy leaks and financial losses.As such, many security solutions have been developed.Therefore, this paper provided some review of these techniques upon which various weaknesses and performance issues were pointed out.In a nutshell, the attainment of perfect security in an e-health scenario is quite challenging.This can be explained by the many devices and users involved, as well as the limited computation and energy at the sensor devices.Therefore, various recommendations have been given in this paper, which are thought to be significant for the improvement of privacy in patient data handling.Future research may include the extensive study of the technical recommendations that have been provided so as to envision how they can be put into actual practice.