IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v17y2025i6p262-d1679220.html
   My bibliography  Save this article

Enhancing Healthcare Security: A Unified RBAC and ABAC Risk-Aware Access Control Approach

Author

Listed:
  • Hany F. Atlam

    (Cyber Security Centre, Warwick Manufacturing Group, University of Warwick, Coventry CV4 7AL, UK
    Department of Computer Science and Engineering, Faculty of Electronic Engineering, Menoufia University, Menouf 32952, Egypt)

  • Yifu Yang

    (Cyber Security Centre, Warwick Manufacturing Group, University of Warwick, Coventry CV4 7AL, UK)

Abstract

Healthcare systems are increasingly vulnerable to security threats due to their reliance on digital platforms. Traditional access control models like Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) have limitations in mitigating evolving risks in these systems. Despite their unique features, these models face limitations in mitigating evolving risks in healthcare systems. Traditional models are primarily oriented towards allocating permissions according to predetermined roles or policies, which results in challenges in effectively adapting to the dynamic complexities of modern healthcare ecosystems. Therefore, this paper proposes a novel risk-aware RBAC and ABAC access control model to enhance the flexibility, adaptability and security issues associated with healthcare systems. The proposed model integrates RBAC for role-based categorization, ABAC for fine-grained control based on user attributes and environmental factors, and Risk-Based Access Control (RiBAC) for dynamic risk assessment. The proposed model dynamically adjusts access permissions based on risk values, ensuring accurate and adaptable access control decisions. The experimental results demonstrate the feasibility and effectiveness of the proposed model in granting access to authorized users while denying access to unauthorized users. Through a series of 43 experiments that simulate various scenarios of access control operations in the healthcare system, the proposed model demonstrates significant improvement in the accuracy, precision, and recall of access control decisions compared to traditional models. The proposed model’s ability to dynamically assess risk and adjust access permissions based on contextual factors significantly enhances its ability to mitigate threats and protect sensitive medical data.

Suggested Citation

  • Hany F. Atlam & Yifu Yang, 2025. "Enhancing Healthcare Security: A Unified RBAC and ABAC Risk-Aware Access Control Approach," Future Internet, MDPI, vol. 17(6), pages 1-30, June.
    • Handle: RePEc:gam:jftint:v:17:y:2025:i:6:p:262-:d:1679220
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/17/6/262/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/17/6/262/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Dal Mas, Francesca & Massaro, Maurizio & Rippa, Pierluigi & Secundo, Giustina, 2023. "The challenges of digital transformation in healthcare: An interdisciplinary literature review, framework, and future research agenda," Technovation, Elsevier, vol. 123(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kai-Ling CHANG & Lu-Ming TSENG, 2024. "The Impact Of Transformational Leadership, Career Adaptability And Creativity On Salespeople’S Reactions Toward Digital Transformation," Business Excellence and Management, Faculty of Management, Academy of Economic Studies, Bucharest, Romania, vol. 14(3), pages 40-57, September.
    2. Basile, L.J. & Carbonara, N. & Panniello, U. & Pellegrino, R., 2024. "The role of big data analytics in improving the quality of healthcare services in the Italian context: The mediating role of risk management," Technovation, Elsevier, vol. 133(C).
    3. Emerson C. Angeles, Rn & Dr. Leonardo S. Garcia, 2024. "The Implementation of Outpatient Consultation Digitalization for Healthcare Services: Basis for Development Plan," International Journal of Research and Innovation in Social Science, International Journal of Research and Innovation in Social Science (IJRISS), vol. 8(12), pages 3640-3680, December.
    4. Martina Pisarra & Marta Marsilio & Letizia Magnani & Gian Vincenzo Zuccotti, 2024. "Sostenibilit? in sanit?: una valutazione degli impatti della telemedicina," MECOSAN, FrancoAngeli Editore, vol. 2024(130), pages 109-136.
    5. Mohammed Alojail & Jawaher Alshehri & Surbhi Bhatia Khan, 2023. "Critical Success Factors and Challenges in Adopting Digital Transformation in the Saudi Ministry of Education," Sustainability, MDPI, vol. 15(21), pages 1-24, October.
    6. Miozza, Mario & Brunetta, Federica & Appio, Francesco Paolo, 2024. "Digital transformation of the Pharmaceutical Industry: A future research agenda for management studies," Technological Forecasting and Social Change, Elsevier, vol. 207(C).
    7. Andrea Billi & Alessandro Bernardo, 2025. "The Effects of Digital Transformation, IT Innovation, and Sustainability Strategies on Firms’ Performances: An Empirical Study," Sustainability, MDPI, vol. 17(3), pages 1-19, January.
    8. Abi Saad, Elie & Tremblay, Nathalie & Agogué, Marine, 2024. "A multi-level perspective on innovation intermediaries: The case of the diffusion of digital technologies in healthcare," Technovation, Elsevier, vol. 129(C).
    9. Weiwei Wu & Jian Shi & Yexin Liu, 2024. "The impact of corporate social responsibility in technological innovation on sustainable competitive performance," Palgrave Communications, Palgrave Macmillan, vol. 11(1), pages 1-13, December.
    10. Liu, Chuanhui & Sheng, Zhongyuan & Hu, Xuetong & Tian, Chunxiao, 2025. "Hand in hand or left behind: The dual impact of leading firms’ digital technologies on industry digital transformation," The North American Journal of Economics and Finance, Elsevier, vol. 75(PA).
    11. Behl, Abhishek & Sampat, Brinda & Gaur, Jighyasu & Pereira, Vijay & Laker, Benjamin & Shankar, Amit & Shi, Yangyan & Roohanifar, Mohammad, 2024. "Can gamification help green supply chain management firms achieve sustainable results in servitized ecosystem? An empirical investigation," Technovation, Elsevier, vol. 129(C).
    12. Paola Paoloni & Martina Manzo & Veronica Procacci, 2023. "The impact of the pandemic crisis on the digital transition process of Italian SMEs," MANAGEMENT CONTROL, FrancoAngeli Editore, vol. 2023(2 Suppl.), pages 83-107.
    13. Rialti, Riccardo & Filieri, Raffaele, 2024. "Leaders, let’s get agile! Observing agile leadership in successful digital transformation projects," Business Horizons, Elsevier, vol. 67(4), pages 439-452.
    14. Hatem Abuseta & Kolawole Iyiola & Hasan Yousef Aljuhmani, 2025. "Digital Technologies and Business Model Innovation in Turbulent Markets: Unlocking the Power of Agility and Absorptive Capacity," Sustainability, MDPI, vol. 17(12), pages 1-28, June.
    15. Shumin Wang & Xin Jiang & Muhammad Bilawal Khaskheli, 2024. "The Role of Technology in the Digital Economy’s Sustainable Development of Hainan Free Trade Port and Genetic Testing: Cloud Computing and Digital Law," Sustainability, MDPI, vol. 16(14), pages 1-20, July.
    16. Mauro, Marianna & Noto, Guido & Prenestini, Anna & Sarto, Fabrizia, 2024. "Digital transformation in healthcare: Assessing the role of digital technologies for managerial support processes," Technological Forecasting and Social Change, Elsevier, vol. 209(C).

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:6:p:262-:d:1679220. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.