Cyber Security as a Threat to Health Care

Authors

  • Adegoke Adebukola Marshall University
  • Achen Navya Marshall University
  • Foreman Jordan Marshall University
  • Nwaobi Jenifer Marshall University
  • Richard D. Begley Marshall University

DOI:

https://doi.org/10.47941/jts.1149

Keywords:

Cybersecurity, Healthcare, Healthcare Technology, Data

Abstract

Purpose: Cyber security incidents are posing an increasing risk to the healthcare industry. The healthcare industry has lagged behind other industries in protecting its most important stakeholder (patients), and hospitals must now invest significant capital and effort in protecting their systems. The goal of this research was to understand the complexities of the operating environment as well as document the technological vulnerabilities to avoid cybersecurity incidents. The eight Aggregated Response Strategies (EARS) framework contains 8 methodologies, which could be used by all the personnel in medical services associations. The secondary hypothesis derived out of this research was the six-step plans introduced by the American Health Association, which aided in ensuring cybersecurity with facilities and organizations in cases of potential threat. 

Methodology: The methodology used to derive this hypothesis was through literary reviews, which constituted research articles, journals, and peer-reviewed articles published between 2005 and 2021. These were obtained from PubMed, Google scholar, NCBI, ScienceDirect, CDC.gov, CMS.gov, and Census.gov databases.

Finding: The finding suggested overall security awareness and training must be established immediately after a potential threat is detected. Authorities advise against paying ransomware attackers since there is no assurance that an attack will be reversed, Law enforcement should be immediately contacted in the event of a ransomware attack besides cloud data backups will make it simple to rebuild networks, disaster recovery planning should be done before a cybersecurity threat occurs.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cyber Security as a Threat to Health Care

Adegoke Adebukola, Achen Navya, Foreman Jordan, Nwaobi Jenifer, Richard D. Begley

Marshall University Department of Computer Science and Engineering Building

Corresponding Author's Email: adegoke@marshall.edu

 

ABSTRACT

Purpose: Cyber security incidents are posing an increasing risk to the healthcare industry. The healthcare industry has lagged behind other industries in protecting its most important stakeholder (patients), and hospitals must now invest significant capital and effort in protecting their systems. The goal of this research was to understand the complexities of the operating environment as well as document the technological vulnerabilities to avoid cybersecurity incidents. The eight Aggregated Response Strategies (EARS) framework contains 8 methodologies, which could be used by all the personnel in medical services associations. The secondary hypothesis derived out of this research was the six-step plans introduced by the American Health Association, which aided in ensuring cybersecurity with facilities and organizations in cases of potential threat. 

Methodology: The methodology used to derive this hypothesis was through literary reviews, which constituted research articles, journals, and peer-reviewed articles published between 2005 and 2021. These were obtained from PubMed, Google scholar, NCBI, ScienceDirect, CDC.gov, CMS.gov, and Census.gov databases.

Finding: The finding suggested overall security awareness and training must be established immediately after a potential threat is detected. Authorities advise against paying ransomware attackers since there is no assurance that an attack will be reversed, Law enforcement should be immediately contacted in the event of a ransomware attack besides cloud data backups will make it simple to rebuild networks, disaster recovery planning should be done before a cybersecurity threat occurs.

Downloads

Download data is not yet available.

Author Biographies

Adegoke Adebukola, Marshall University

Department of Computer Science and Engineering Building

Achen Navya, Marshall University

Department of Computer Science and Engineering Building

Foreman Jordan, Marshall University

Marshall University Department of Computer Science and Engineering Building

Nwaobi Jenifer, Marshall University

Marshall University Department of Computer Science and Engineering Building

Richard D. Begley, Marshall University

Department of Computer Science and Engineering Building

References

• Alharam, A. K., & El-Madany, W. (2017, May). The effects of cyber-security on healthcare industry. In 2017 9th IEEE-GCC Conference and Exhibition (GCCCE) (pp. 1-9). IEEE.

• Arain, M. A., Tarraf, R., & Ahmad, A. (2019). Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization. Journal of multidisciplinary healthcare, 12, 73–81. https://doi.org/10.2147/JMDH.S183275

• Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M.-V., Calcavecchia, F., Anderson, D., . . . Eshaya-Chauvin, B. (2020). Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1), 1-10.

• Bhuyan, S.S., Kabir, U., Escareno, J.M. et al. Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations. J Med Syst 44, 98 (2020). https://doi.org/10.1007/s10916-019-1507-y

• Bhuyan, S. S., Kabir, U. Y., Escareno, J. M., Ector, K., Palakodeti, S., Wyant, D., . . . Dobalian, A. (2020). Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations. J Med Syst, 44(5), 98. doi:10.1007/s10916-

-1507-y

• Bai, G., Jiang, J. X., & Flasher, R. (2017). Hospital Risk of Data Breaches. JAMA internal medicine, 177(6), 878–880. https://doi.org/10.1001/jamainternmed.2017.0336

• Bouazzaoui, S., & Daniels, C. (2020, March). Electronic Healthcare Record and Cyber Security Threats: A Development of an Agile Framework. In International Conference on Cyber Warfare and Security (pp. 67-XII). Academic Conferences International Limited.

• Bowman, S. (2013). Impact of electronic health record systems on information integrity: quality and safety implications. Perspect Health Inf Manag, 10(Fall), 1c.

• Brady, J. W. (2011). Securing health care: Assessing factors that affect HIPAA security compliance in academic medical centers. Proceedings of the 44th Hawaii International Conference on System Sciences (pp. 1-10). Kauai: IEEE. Civic Impulse. (2009). H.R. 1 — 111th Congress: American Recovery and Reinvestment Act of 2009. Retrieved from https://www.govtrack.us/congress/bills/111/hr1

• Camp, L. J. (2011). Reconceptualizing the Role of Security User. Daedalus, 140(4), 93- 107. doi:10.1162/DAED_a_00117

• Chon, A., Dave, C., & Ronald, R. S. (2019). Muddling through cybersecurity: Insights from the U.S. healthcare industry. Business Horizons, 62(4), 539-548. doi:https://doi.org/10.1016/j.bushor.2019.03.010

• Conn, J. (2013, August 13). Advocate data breach highlights lack of encryption, a widespread issue. Modern Healthcare. Retrieved from

http://www.modernhealthcare.com/article/20130830/NEWS/308309953

• Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas, 113, 48-52.

• Cuenca, J. V. (2017). Cybersecurity Challenges in Healthcare Industries. Utica College, DeZabala, T., Saif, I., & Westermann, G. (2011, July 1). Evolve or fail. Deliotte University Press. Retrieved from http://dupress.com/articles/evolve-or-fail-how-security-can-keeppace-with-strategy/

• Dogaru, D. I., & Dumitrache, I. (2017, June). Cyber security in healthcare networks. In 2017 E-Health and Bioengineering Conference (EHB) (pp. 414-417). IEEE.

• Doherty, N., & Fulford, H. (2006). Aligning the information security policy with the strategic information systems plan. Computers & Security, 25, 55-63.

• Filkins, B. (2014). SANS health care cyberthreat report: widespread compromises detected, compliance nightmare on horizon. Retrieved from

http://www.sans.org/readingroom/whitepapers/analyst/health-care-cyberthreat-reportwidespread-compromises-detectedcompliance-nightmare-horizon-34735

• Gade, N. R., & Reddy, U. (2014). A Study Of Cyber Security Challenges And Its Emerging Trends On Latest Technologies.

• Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., & Aylin, P. (2019). A retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ digital medicine, 2, 98. https://doi.org/10.1038/s41746-019-0161-6

• Gikas, C. (2010). A general comparison of FISMA, HIPPA, ISO 27000 and PCI-DSS standards. Information Security Journal: A Global Perspective, 19(3), 132-141.

• Gode, S. (2014). Increasing data breach costs should lead to a review of insurance policies and vendor contracts. Linkedin.com. Retrieved 26 April 2021, from https://www.linkedin.com/pulse/20140625132714-7012399-increasing-data-breachcosts-should-lead-to-a-review-of-insurance-policies-and-vendorcontracts?trk=portfolio_article-card_title

• HITRUST Alliance. (2014, July). Cyber threat intelligence and incident coordination center: Protecting the healthcare industry form cyber-attacks. Health Information Trust Alliance (HITRUST). Retrieved from http://hitrustalliance.net/content/uploads/2014/07/HiTrustC3Datasheet.pdf

• Jadoon, A. K., Iqbal, W., Amjad, M. F., Afzal, H., & Bangash, Y. A. (2019). Forensic Analysis of Tor Browser: A Case Study for Privacy and Anonymity on the Web. Forensic science international, 299, 59–73. https://doi.org/10.1016/j.forsciint.2019.03.030

• Jalali, M. S., Russell, B., Razak, S., & Gordon, W. J. (2019). EARS to cyber incidents in health care. Journal of the American Medical Informatics Association : JAMIA, 26(1), 81– 90. https://doi.org/10.1093/jamia/ocy148

• Jalali, M. S., & Kaiser, J. P. (2018). Cybersecurity in Hospitals: A Systematic, Organizational Perspective. Journal of medical Internet research, 20(5), e10059. https://doi.org/10.2196/10059

Judy, H.L., David, S.L., Hayes, B.S., Ritter, J.B., & Rotenberg, M. (2009). Privacy in cyberspace: U.S. and European perspectives. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (5th ed). New York, NY: John Wiley & Sons.

• Keizer, G. (2006). FBI Recovers Stolen Veterans Affairs Laptop. Retrieved from http://www.informationweek.com/fbi-recovers-stolen-veterans-affairs-laptop/d/did/1044759?

• Kwon, J. & Johnson, M. E. (2013). Security practices and regulatory compliance in the healthcare industry. Journal of the American Medical Informatics Association, 20(1), 44-47.

• Marianna, L., Mariangela, L., & Angelo, C. (2018). Cybersecurity for Industry 4.0 in the current literature: A reference framework. Computers in Industry, 103, 97-110. doi: https://doi.org/10.1016/j.compind.2018.09.004

• Martin, G., Martin, P., Hankin, C., Darzi, A., & Kinross, J. (2017). Cybersecurity and healthcare: how safe are we? BMJ, 358.

• McCann, E. (2014, October 6). Missed Ebola diagnosis leads to debate. Healthcare IT News. Retrieved from http://www.healthcareitnews.com/news/epic-pushes-back-againstebola-ehr-blame-shifting

• McDavid, S. (2014, March). A primer on cybersecurity litigation for the not-so-tech-savvy attorney. American Bar Association, 3(8), 17-19. Retrieved from http://www.americanbar.org/publications/gpsolo_ereport/2014/march_2014/primer_cybersecurity_ litigation_for_not-so-tech-savvy_attorney.html

• McGrory-Dixon, A. (2013). HHS toughens HIPAA violation penalties. Benefits Pro. Retrieved from http://www.benefitspro.com/2013/04/09/hhs-toughens-hipaa-violationpenalties

• Micro, T. (2013). VA records breach shows difficulty of balancing cyber security, physical security. Retrieved from http://blog.trendmicro.com/va-records-breach-shows-difficultybalancing-cybersecurity-physical-security/

• Mindykowski, P., Honfi, D., Lange, D., Sjostrom, J., Cadete, G., Carreira, E., . . . Petersen, L. (2016). Physical exposure identification and mapping methodologies.

• Offner, K. L., Sitnikova, E., Joiner, K., & MacIntyre, C. R. (2020). Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation. Intelligence and National Security, 35(4), 556-585.

• Ponemon Institute. (2013). 2013 Cost of Data Breach Study: Global Analysis. Ponemon.org. Retrieved 26 April 2021, from

https://www.ponemon.org/local/upload/file/2013%20Report%20GLOBAL%20CODB%2 0FINAL%205-2.pdf

• Ponemon Institute. (2017). 2017 Cost of Cyber Crime Study: Insights On The Security Investments That Make A Difference. Retrieved 27 April 2021, from https://www.accenture.com/_acnmedia/PDF-62/Accenture-2017CostCybercrime-USFINAL.pdf#zoom=50

• Ren, A., Wu, D., Zhang, W., Terpenny, J., & Liu, P. (2017). Cyber security in smart manufacturing: Survey and challenges. IIE Annual Conference.Proceedings, , 716-721. Retrieved from https://www-proquest-com.marshall.idm.oclc.org/scholarlyjournals/cyber-security-smart-manufacturing-survey/docview/1951124648/se2?accountid=12281

• Saba, V. K., & McCormick, K. A. (2015). Essentials of nursing informatics (Sixth edition. ed.). New York: McGraw-Hill Education

• Williams, P. A., & Woodward, A. J. (2015). Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Medical devices (Auckland,N.Z.), 8, 305–316. https://doi.org/10.2147/MDER.S50048

Downloads

Published

2022-12-13

How to Cite

Adebukola, A. A., Navya, A. N., Jordan, F. J., Jenifer, N. J., & Begley, R. D. (2022). Cyber Security as a Threat to Health Care. Journal of Technology and Systems, 4(1), 32–64. https://doi.org/10.47941/jts.1149

Issue

Vol. 4 No. 1 (2022)

Section

Articles

License

Copyright (c) 2022 Journal of Technology and Systems

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.