Predictive maintenance systems rely on data sharing across organisations, yet commercially sensitive information requires precise access control to prevent competitive disadvantage. Existing centralised mechanisms require blind trust among participants, creating significant barriers to collaborative machine learning in industrial settings. This paper extends SDDK-AC (Secure Decentralised Data and Knowledge Access Control for Predictive Machinery Maintenance), an access control mechanism that couples Attribute-Based Access Control policies with blockchain and smart contracts, by implementing contextual attributes for geolocation verification and data integrity via hash comparison. The mechanism runs on a Hyperledger Besu permissioned blockchain, integrated with Keycloak and an Access Control Proxy. This paper evaluates 30,000 policy decisions across 30 experimental rounds, each comprising 1000 transactions, using a custom-developed Python evaluation script. The results show that most SDDK-AC functions achieve throughput above 60 transactions per second with an average latency of 14 ms, incurring approximately 16% overhead relative to a centralised ABAC baseline while still meeting predictive maintenance performance requirements.

Federated unlearning (FUL) enables removal of the data influence from a model trained across distributed clients, upholding the right to be forgotten as mandated by privacy regulations. FUL facilitates a value exchange where clients gain privacy-preserving control over their data contributions, while service providers leverage decentralized computing and data freshness. However, this entire proposition is undermined because clients have no reliable way to verify that their data influence has been provably removed as current metrics and simple notifications offer insufficient assurance. We envision unlearning verification becoming a pivotal and trust-by-design part of FUL lifecycle development, essential for highly regulated and data-sensitive services and applications like health care. This article introduces VeriFUL, a reference framework for verifiable FUL that formalizes verification entities, goals, approaches, and metrics. Specifically, we consolidate existing efforts and contribute new insights, concepts, and metrics to this domain. Finally, we highlight research challenges and identify potential applications and developments for verifiable FUL and VeriFUL.

Enterprise Information Systems have a long-established and crucial role for modern organizations, as they enable seamless integration and management of critical business processes, ensuring efficiency in operations, data accuracy, and enhanced decision-making capabilities. One of their most interesting emerging technologies refer to the use of Artificial Intelligence as they may seamlessly automate routine tasks, offer predictive analytics, and provide deep insights, ultimately leading to intelligent data-driven decisions and improved operational efficiency. Of course, this direction of work is accompanied by some important challenges that come from the opacity of certain AI models and their potential biases due to low-quality training data used. In this paper, we argue that such challenges can be mitigated by a novel framework able to integrate, in a transparent manner, quality-related metadata on datasets used for training the AI-enabled emerging technologies in the field of EIS systems. These metadata are minted as Non-Fungible Tokens (NFTs) over the blockchain.

Research data sharing requires provision of adequate security. The requirements for data privacy are extremely demanding for medical data that is reused for research purposes. To address these requirements, the research institutions must implement adequate security measurements, and this demands large effort and costs to do it properly. The usage of adequate access controls and data encryption are key approaches to effectively protect research data confidentiality; however, the management of the encryption keys is challenging. There are novel mechanisms that can be explored for managing access to the encryption keys and encrypted files. These mechanisms guarantee that data are accessed by authorised users and that auditing is possible. In this paper we explore these mechanisms to implement a secure research medical data sharing system. In the proposed system, the research data are stored on a secure cloud system. The data are partitioned into subsets, each one encrypted with a unique key. After the authorisation process, researchers are given rights to use one or more of the keys and to selectively access and decrypt parts of the dataset. Our proposed solution offers automated fine-grain access control to research data, saving time and work usually made manually. Moreover, it maximises and fortifies users' trust in data sharing through secure clouds solutions. We present an initial evaluation and conclude with a discussion about the limitations, open research questions and future work around this challenging topic.

Cloud computing has many benefits relevant to the healthcare industry. Although the adoption of cloud services for healthcare systems is increasing, employment of cloud services raises many security and privacy concerns for patients and healthcare providers. We still lack a clear set of requirements consented by the different stakeholders; here in particular IT and healthcare professionals. In this study, we examine whether user perspectives on requirements for e-health on the cloud are consistent with best practice guidelines and regulatory requirements. This work contributes to the requirements engineering phase for a secure e-health cloud framework developed in a European project (ASCLEPIOS, https://www.asclepios-project.eu/). We used qualitative analysis, based on in-depth interviews, to describe and characterize clinicians' perspectives on the requirements of cloud services for healthcare data security and privacy. We examined whether these user perspectives were in harmony with the regulatory framework of the General Data Protection Regulation (GDPR), and best practice guidelines of a relevant standard, ISO 18308:2011. Ten clinicians were identified and interviewed at six healthcare organizations in Norway, the Netherlands and Germany. While user perspectives were largely consistent with both GDPR and ISO, some concerning differences in access control were noted between large and small healthcare institutions.

Acute care demands the collaboration of multiple healthcare professionals and various organisations. During an emergency, the availability of Electronic Medical Records (EMR) allows acute care teams to access a patient's data promptly, which facilitates the decision-making process. Cloud solutions offer an environment to store and share patients' EMR. However, security and privacy issues arise, which affect the availability of the patients' EMR. Inspired by a hybrid encryption scheme combining Dynamic index-based Symmetric Searchable Encryption (DSSE) and Attribute-Based Encryption (ABE), we proposed the data Access Control for Acute Care teams (AC-AC). AC-AC is a dynamic revocable access control protocol that enables break-glass access for an authorised member of an acute care team that is treating the patient. The proposed protocol allows a team to grant and revoke access for other teams to the patient's EMR dynamically according to the treatment's demands. We present a formal security analysis proving that AC-AC protocol is resilient to multiple attacks. Finally, we analysed the overhead in time complexity for the protocol execution and experimented with each algorithm. The experimental expected execution time for the AC-AC algorithms was below 170 ms, therefore feasible for an acute care timeline.

Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device.