You are viewing a javascript disabled version of the site. Please enable Javascript for this site to function properly.
Go to headerGo to navigationGo to searchGo to contentsGo to footer
In content section. Select this link to jump to navigation

Cybersecurity in healthcare: A systematic review of modern threats and trends

Article type: Research Article

Authors: Kruse, Clemens Scott* | Frederick, Benjamin | Jacobson, Taylor | Monticone, D. Kyle

Affiliations: Texas State University, San Marcos, TX, USA

Correspondence: [*] Corresponding author: Clemens Scott Kruse, 601 University Drive, College of Health Professions, rm 254, Texas State University, San Marcos, TX 78666, USA. Tel.: +1 512 245 4662; E-mail:s_k97@txstate.edu

Keywords: Cyber attack, cybercrime, cybersecurity, cyber threats, health, healthcare, ransomware

DOI: 10.3233/THC-161263

Journal: Technology and Health Care, vol. 25, no. 1, pp. 1-10, 2017

Published: 21 February 2017
Get PDF open access

Abstract

BACKGROUND:

The adoption of healthcare technology is arduous, and it requires planning and implementation time. Healthcare organizations are vulnerable to modern trends and threats because it has not kept up with threats.

OBJECTIVE:

The objective of this systematic review is to identify cybersecurity trends, including ransomware, and identify possible solutions by querying academic literature.

METHODS:

The reviewers conducted three separate searches through the CINAHL and PubMed (MEDLINE) and the Nursing and Allied Health Source via ProQuest databases. Using key words with Boolean operators, database filters, and hand screening, we identified 31 articles that met the objective of the review.

RESULTS:

The analysis of 31 articles showed the healthcare industry lags behind in security. Like other industries, healthcare should clearly define cybersecurity duties, establish clear procedures for upgrading software and handling a data breach, use VLANs and deauthentication and cloud-based computing, and to train their users not to open suspicious code.

CONCLUSIONS:

The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It is imperative that time and funding is invested in maintaining and ensuring the protection of healthcare technology and the confidentially of patient information from unauthorized access.

References

[1] 

Centers for Medicare & Medicaid Services [Internet]. Electronic health records (EHR) incentive programs Baltimore, MD: CMS; 2016. URL:https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/index.html?redirect=/ehrincentiveprograms. Accessed: 2016-08-09. (Archived by WebCite® at http://www.webcitation.org/6je8QNlo0).

[2] 

CW Jobs [Internet]. London, UK: (2016) . Cyber crime timeline; URL:http://www.cwjobs.co.uk/careers-advice/it-glossary/cyber-crime-timeline.Accessed: 2016-08-09. (Archived by WebCite® at http://www.webcitation.org/6je8V9 cyI).

[3] 

U.S. Department of Health and Human Services. Security standards: technical safeguards [Internet]. Baltimore, MD: CMS; URL:http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf. Accessed: 2016-08-09. (Archived by WebCite® at http://www.webcitation.org/6je8cfMpZ).

[4] 

U.S. Department of Health and Human Services. Fact sheet: ransomware and HIPAA [Internet]. Baltimore, MD: CMS; URL:http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf. Accessed: 2016-08-09. (Archived by Web Cite#174; at http://www.webcitation.org/6je8iBYI5).

[5] 

AHC Media LLC. Hackers target hospitals with ``ransomware''. ED LEGAL LETT. (2016) Apr; 27: (4): 1-4.

[6] 

Jayanthi A. First known ransomware attack in 1989 also targeted healthcare. http://www.beckershospitalreview.com/healthcare-information-technology/first-known-ransomware-attack-in-1989-also-targeted-healthcare.html.

[7] 

Luna R, , Rhine E, , Myhra M, , Sullivan R, , Kruse CS. Cyber threats to health information systems: A systematic review. Technol Health Care. (2016) Jan 27;24: (1): 1-9. Available from: 10.3233/THC-151102.

[8] 

AHC Media LLC. Ransomware attacks are on the rise, and hackers are getting better. ED LEGAL LETT. (2016) May; 1: (4): 1-4.

[9] 

Wu F, , Eagles S. Cybersecurity for medical device manufacturers: Ensuring safety and functionality. Biomed Instrum Technol. (2016) Jan 20; 50: (1): 23-33. Available from: 10.2345/0899-8205-50.1.23.

[10] 

HCPro.com Ransomware a new threat to healthcare sector. Physician Practice Perspective. May (2016) ; 11-12.

[11] 

Conn J. Federal task force takes on healthcare cybersecurity. Modern Healthcare. URL:http://www.modernhealthcare.com/article/20160416/MAGAZINE/304169890. Accessed: 2016-08-09. (Archived by WebCite® at http://www.webcitation.org/6jdtejLCt) April 16, (2016) .

[12] 

Rowe K. Healthcare IT transformation: how has ransomware shifted the landscape of healthcare data security? Healthc Inform. (2016) May; 33: (3): 44-45.

[13] 

Blanke SJ, , McGrady E. When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: a cybersecurity risk assessment checklist. J Healthc Risk Manag. (2016) Jul; 36: (1): 14-24. Available from: 10.1002/jhrm.21230.

[14] 

Hagland M. With the ransomware crisis, the landscape of data security shifts in healthcare. Healthc Inform. (2016) May; 33: (3): 41-47.

[15] 

American Health Information Management Association. Healthcare increasingly targeted by ransomware attacks. J AHIMA. (2016) May; 87: (5): 12.

[16] 

Streger M. Ransomware: a ticking bomb for public safety. News Network. July (2016) : 12.

[17] 

American Association of Critical-Care Nurses. Ransomware poses major threat to hospitals. AACN BOLD VOICES. (2016) Jun; 8: (6): 14.

[18] 

Van Alstin CM. Ransomware: It's as scary as it sounds. But with security best practices, you can fight back. Health Manag Technol (2016) 6;37: (4): 26-27.

[19] 

Post W. LA Hospital Pays Hackers After Ransomware Attack OpenNotes Expands, Shares Lessons. (2016) .

[20] 

Goedert J. Security: the ransomware nightmare. HEALTH DATA MANAGE. (2016) Apr; 24: (3): 10.

[21] 

Conn J. Ransomware scare: Will hospitals pay for protection? Modern Healthcare. (2016) Apr 11; 46: (15): 8.

[22] 

Hospitals become major target for ransomware. Network Security 2016 4; (2016) (4): 1-2.

[23] 

Tuttle H. Ransomware Attacks Pose Growing Threat. Risk Management. (2016) May 1; 63: (4): 4.

[24] 

Valach AP. What to Do After a Ransomware Attack. Risk Management. (2016) Jun 1; 63: (5): 12.

[25] 

Koppel R, , Smith S, , Blythe J, , Kothari V. Workarounds to computer access in healthcare organizations: you want my password or a dead patient? Stud Health Technol Inform. (2015) ; 208: : 215-220. Available from: 10.3233/978-1-61499-488-6-215.

[26] 

Page A, , Kocabas O, , Soyata T, , Aktas M, , Couderc JP. Cloud-based privacy-preserving remot ECG monitoring and surveillance. Annals ofNnoninvasive Electrocardiology. (2015) Jul 1; 20: (4): 328-37.

[27] 

Rios B. Cybersecurity expert: medical devices have `a long way to go'. Biomed Instrum Technol. (2015) May 20; 49: (3): 197-200. Available from: 10.2345/0899-8205-49.3.197.

[28] 

McNeil M. 2015 will require implementation of thorough security programs. Wired Magazine, 1-28-2015. Found on 8-9-2016 at https://www.mdtmag.com/blog/2015/01/2015-will-require-implementatin-thorough-security-programs.

[29] 

Welch SS. Five things providers need to know about cybersecurity. Journal of the Medical Association of Georgia. (2015) ; 104: (1): 40-2.

[30] 

McDermott IE. Ransomeware: Tales from the cryptolocker. Internet Express. Jun (2015) : 35-37.

[31] 

McGuire CF. TIM Lecture Series-The Expanding Cybersecurity Threat. Technology Innovation Management Review. (2015) Mar 1; 5: (3): 56.

[32] 

Coronado AJ, , Wong TL. Healthcare cybersecurity risk management: keys to an effective plan. Biomed Instrum Technol. (2014) ;(Suppl): 26-30. Available from: 10.2345/0899-8205-48.s1.26.

[33] 

Loughlin S, , Fu K, , Gee T, , Gieras I, , Hoyme K, , Rajagopalan SR, et al. A roundtable discussion: safeguarding information and resources against emerging cybersecurity threats. Biomed Instrum Technol. (2014) ; 8-17. Available from: 10.2345/0899-8205-48.s1.8.

[34] 

Bangs G. New Ransomware and Cyber extortion Schemes Hold Businesses Hostage. Risk Management. (2014) Oct 1; 61: (8): 30.

[35] 

Fu K, , Blum J. Controlling for cybersecurity risks of medical device software. Commun ACM. (2013) Oct; 56: (10): 35-37. Available from: 10.1145/2508701.

[36] 

Luo X, , Liao Q. Awareness education as the key to ransomware prevention. Information Systems Security. (2007) Jul; 16: (4): 195-202. Available from: 10.1080/10658980701576412.

[37] 

Mueller L. Webjacking, and how to boot it out. Network Security. (2006) Aug 31; (8): 15-8.

[38] 

Health Resources and Services Administration. Baltimore, MD: HHS; 2016. What is ``meaningful use''?; URL:http://www.hrsa.gov/healthit/meaningfuluse/MU%20Stage1%20CQM/whatis.html. Accessed: 201 6-08-09. (Archived by Web Cite® at http://www.webcitation.org/6je785Ed5)

Show more