The Italian Electronic Health Record is designed to systematically log every access, operation and transaction within its infrastructure. This capability is essential from a security standpoint, as it provides accountability and robust access control over data and resources in an environment where security and data protection take on specific dimensions due to the sensitivity of healthcare information. Audit logs comply with the IHE ATNA (Audit Trail and Node Authentication) specification, ensuring that all interactions are recorded in a standardized format. Manually analyzing such logs to identify unauthorized accesses, data breaches or anomalous behaviors is infeasible given the dimensionality of the problem, with volumes reaching millions of transactions per day. Moreover, ATNA audit logs have a complex hierarchical XML structure and domain-specific semantics that distinguish them from generic system logs. Consequently, a dual approach is required to account for both their structural and behavioral aspects. This project introduces a multi-modal deep learning architecture that combines Graph Neural Networks (GNN) and Transformer encoder to explicitly model the log structure and to capture sequential and behavioral patterns. The anomaly detection system is trained in an unsupervised manner by using a Variational Autoencoder (VAE) that learns the normal distribution of data and therefore is able to detect deviations and anomalies. The experimental results, obtained from a dataset simulating real production data, are promising. Such data have been provided by Arsenàl.IT, the Veneto Research and Innovation Center for Digital Health, a consortium acting as the regional competence center for ICT development and system interoperability within the health and social care sector. The proposed anomaly detection system is capable of capturing anomalies in which the underlying patterns deviate from expected patterns, positioning itself as an innovative advancement in the state-of-the-art of anomaly detection in healthcare IT systems. Keywords: Anomaly detection, Italian Electronic Health Record, FSE, IHE transactions, ATNA, multi-modal deep learning, healthcare security, audit log.
The Italian Electronic Health Record is designed to systematically log every access, operation and transaction within its infrastructure. This capability is essential from a security standpoint, as it provides accountability and robust access control over data and resources in an environment where security and data protection take on specific dimensions due to the sensitivity of healthcare information. Audit logs comply with the IHE ATNA (Audit Trail and Node Authentication) specification, ensuring that all interactions are recorded in a standardized format. Manually analyzing such logs to identify unauthorized accesses, data breaches or anomalous behaviors is infeasible given the dimensionality of the problem, with volumes reaching millions of transactions per day. Moreover, ATNA audit logs have a complex hierarchical XML structure and domain-specific semantics that distinguish them from generic system logs. Consequently, a dual approach is required to account for both their structural and behavioral aspects. This project introduces a multi-modal deep learning architecture that combines Graph Neural Networks (GNN) and Transformer encoder to explicitly model the log structure and to capture sequential and behavioral patterns. The anomaly detection system is trained in an unsupervised manner by using a Variational Autoencoder (VAE) that learns the normal distribution of data and therefore is able to detect deviations and anomalies. The experimental results, obtained from a dataset simulating real production data, are promising. Such data have been provided by Arsenàl.IT, the Veneto Research and Innovation Center for Digital Health, a consortium acting as the regional competence center for ICT development and system interoperability within the health and social care sector. The proposed anomaly detection system is capable of capturing anomalies in which the underlying patterns deviate from expected patterns, positioning itself as an innovative advancement in the state-of-the-art of anomaly detection in healthcare IT systems. Keywords: Anomaly detection, Italian Electronic Health Record, FSE, IHE transactions, ATNA, multi-modal deep learning, healthcare security, audit log.
Security of the Italian Electronic Health Record: a multi-modal anomaly detection model
MENEGHELLO, MAURO
2025/2026
Abstract
The Italian Electronic Health Record is designed to systematically log every access, operation and transaction within its infrastructure. This capability is essential from a security standpoint, as it provides accountability and robust access control over data and resources in an environment where security and data protection take on specific dimensions due to the sensitivity of healthcare information. Audit logs comply with the IHE ATNA (Audit Trail and Node Authentication) specification, ensuring that all interactions are recorded in a standardized format. Manually analyzing such logs to identify unauthorized accesses, data breaches or anomalous behaviors is infeasible given the dimensionality of the problem, with volumes reaching millions of transactions per day. Moreover, ATNA audit logs have a complex hierarchical XML structure and domain-specific semantics that distinguish them from generic system logs. Consequently, a dual approach is required to account for both their structural and behavioral aspects. This project introduces a multi-modal deep learning architecture that combines Graph Neural Networks (GNN) and Transformer encoder to explicitly model the log structure and to capture sequential and behavioral patterns. The anomaly detection system is trained in an unsupervised manner by using a Variational Autoencoder (VAE) that learns the normal distribution of data and therefore is able to detect deviations and anomalies. The experimental results, obtained from a dataset simulating real production data, are promising. Such data have been provided by Arsenàl.IT, the Veneto Research and Innovation Center for Digital Health, a consortium acting as the regional competence center for ICT development and system interoperability within the health and social care sector. The proposed anomaly detection system is capable of capturing anomalies in which the underlying patterns deviate from expected patterns, positioning itself as an innovative advancement in the state-of-the-art of anomaly detection in healthcare IT systems. Keywords: Anomaly detection, Italian Electronic Health Record, FSE, IHE transactions, ATNA, multi-modal deep learning, healthcare security, audit log.| File | Dimensione | Formato | |
|---|---|---|---|
|
Meneghello_Mauro.pdf
Accesso riservato
Dimensione
1.03 MB
Formato
Adobe PDF
|
1.03 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/108083