Healthcare Cybersecurity Vulnerabilities
Downloads
The healthcare industry sector is often considered a soft target for malicious actors. Having a large attack surface coupled with a focus directed toward patient care rather than security, often health organizations haven’t taken the necessary precautions to secure patient data or access to medical devices within their infrastructures. As the severity and the associated costs of cyber-attacks on entities within healthcare organizations continue to escalate, an increased effort within this industry to mitigate the risks associated with these vulnerabilities is necessary. This study seeks to present the most common types of healthcare attacks and their mitigation methodologies. Additionally, a discussion of how compliance with the GDPR in the European Union and the HIPPA regulation in the United States can positively affect a healthcare organization’s defensive posture.
Downloads
J. Mold, “Goal-Directed health care: Redefining health and health care in the era of value-based care,” Cureus, vol. 9, no. 2, Feb. 2017, doi: 10.7759/cureus.1043.
S. Nifakos et al., “Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review,” Sensors, vol. 21, no. 15, p. 5119, Jul. 2021, doi: 10.3390/s21155119.
F. Luh and Y. Yen, “Cybersecurity in Science and Medicine: Threats and Challenges,” Trends in Biotechnology, Mar. 2020, doi: 10.1016/j.tibtech.2020.02.010.
December 2021 Healthcare Data Breach Report,” HIPAA Journal, Jan. 18, 2022. https://www.hipaajournal.com/december-2021-healthcare-data-breach-report/
W. Priestman, T. Anstis, I. G. Sebire, S. Sridharan, and N. J. Sebire, “Phishing in healthcare organisations: threats, mitigation and approaches,” BMJ Health & Care Informatics, vol. 26, no. 1, p. e100031, Sep. 2019, doi: 10.1136/bmjhci-2019-100031.
Conaty-Buck, S. (2017). Cybersecurity and healthcare records. Am Nurse Today, 12(9).
N. O'brien, G. Martin, M. Durkin, and S. Ghafur, “SAFEGUARDING OUR HEALTHCARE SYSTEMS A GLOBAL FRAMEWORK FOR CYBERSECURITY.”
EU’s General Data Protection Regulation Set To Disrupt The Medical Industry,” www.healthitoutcomes.com.
“Who does the data protection law apply to?,” European Commission, 2021. https://ec.europa.eu/info/law/law-topic/data-protection/
O. for C. Rights (OCR), “Summary of the HIPAA Privacy Rule,” HHS.gov, May 07, 2 008. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html#.
K. Jercich, “The biggest healthcare data breaches of 2021,” Healthcare IT News, Nov. 16, 2021. https://www.healthcareitnews.com/news/biggest-healthcare-data-breaches-2021
A. H. Seh et al., “Healthcare Data Breaches: Insights and Implications,” Healthcare, vol. 8, no. 2, p. 133, May 2020, doi: 10.3390/healthcare8020133.
L. Fernández Maimó, A. Huertas Celdrán, Á. Perales Gómez, F. García Clemente, J. Weimer, and I. Lee, “Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments,” Sensors, vol. 19, no. 5, p. 1114, Mar. 2019.
G. Martin, P. Martin, C. Hankin, A. Darzi, and J. Kinross, “Cybersecurity and healthcare: how safe are we?,” BMJ, vol. 358, p. j3179, Jul. 2017, doi: 10.1136/bmj.j3179.
OWASP, “OWASP Top 10:2021,” owasp.org, 2021. https://owasp.org/Top10/.
M. Eichelberg, K. Kleber, and M. Kämmerer, “Cybersecurity in PACS and Medical Imaging: an Overview,” Journal of Digital Imaging, vol. 33, no. 6, pp. 1527–1542, Oct. 2020, doi: 10.1007/s10278-020-00393-3.
J. Gillum, J. Kao and J. Larson, “Millions of Americans’ medical images and data are available on the internet. Anyone can take a peek,” ProRepublica report, 2019, Online: https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet.
EMA, “Medical devices - European Medicines Agency,” European Medicines Agency, Nov. 26, 2018. https://www.ema.europa.eu/en/human-regulatory/overview/medical-devices#borderline-products-section (accessed Apr. 06, 2022).
S. Venkatesha, K. R. Reddy, and B. R. Chandavarkar, “Social Engineering Attacks During the COVID-19 Pandemic,” SN Computer Science, vol. 2, no. 2, Feb. 2021.
A. Marotta and S. E. Madnick, “Analyzing the Interplay Between Regulatory Compliance and Cybersecurity (Revised),” SSRN Electronic Journal, 2020, doi: 10.2139.
S. T. Argaw et al., “Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks,” BMC Medical Informatics and Decision Making, vol. 20, no. 1, Jul. 2020, doi: 10.1186/s12911-020-01161-7.
D. Tyler and T. Viana, “Trust No One? A Framework for Assisting Healthcare Organisations in Transitioning to a Zero-Trust Network Architecture,” Applied Sciences, vol. 11, no. 16, p. 7499, Aug. 2021, doi: 10.3390/app11167499.
