MACHINE LEARNING–BASED ANOMALY DETECTION FOR EARLY IDENTIFICATION OF EMR BREACH PATHWAYS

Genevieve Donkor Armah*, Idoko Peter Idoko, Yewande Iyimide Adeyeye, Lawrence Anebi Enyejo, Azonuche Tony Isioma

ABSTRACT

Electronic Medical Records (EMRs) are central to modern healthcare delivery, yet their growing accessibility and integration have expanded the attack surface for data breaches that often unfold gradually and evade traditional security controls. Conventional rule-based and signature-driven intrusion detection systems are largely reactive and ill-suited to identifying early-stage breach behaviors embedded within legitimate clinical workflows. This study proposes a machine learning–based anomaly detection framework for the early identification of EMR breach pathways, treating breaches as sequential processes rather than isolated events. The framework integrates EMR audit logs, role and contextual metadata, and temporal modeling to detect subtle deviations in access behavior. A comprehensive evaluation is conducted using baseline statistical methods, classical machine learning models, and deep learning approaches, including autoencoders and LSTM-based architectures. Experimental results demonstrate that deep and hybrid models significantly outperform traditional approaches in detection accuracy, time-to-detection, and robustness to noise and behavioral drift. Importantly, the study incorporates an interpretability layer that maps anomalies into coherent breach pathways, enhancing usability for security analysts and compliance officers. The findings highlight the effectiveness of sequence-aware, explainable machine learning in enabling proactive EMR security monitoring, improving audit readiness, and supporting timely intervention before breach escalation.

Keywords: Electronic Medical Records (EMR); Anomaly Detection; Healthcare Cybersecurity; Machine Learning; Deep Learning; LSTM Autoencoder.