More Web Proxy on the site http://driver.im/

research-article

The landscape of cybersecurity vulnerabilities and challenges in healthcare: Security standards and paradigm shift recommendations

Authors:

Haralambos MouratidisAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 136, Pages 1 - 9

https://doi.org/10.1145/3465481.3470033

Published: 17 August 2021 Publication History

Abstract

Digital technology provides unique opportunities to revolutionize the healthcare ecosystem and health research. However, this comes with serious security, safety, and privacy threats. The healthcare sector has been proven unequipped and unready to face cyberattacks while its vulnerabilities are being systematically exploited by attackers. The growing need and use of medical devices and smart equipment, the complexity of operations and the incompatible systems are leaving healthcare organizations exposed to various malware, including ransomware, which result in compromised healthcare access, quality, safety and care. To fully benefit from the advantages of technology, cybersecurity issues need to be resolved. Cybersecurity measures are being suggested via a number of healthcare standards which are often contradicting and confusing, making these measures ineffective and difficult to implement. To place a solid foundation for the healthcare sector, in improving the understanding of complex cybersecurity issues, this paper explores the existing vulnerabilities in the health care critical information infrastructures which are used in cyberattacks and discusses the reasons why this sector is under attack. Furthermore, the existing security standards in healthcare are presented alongside with their implementation challenges. The paper also discusses the use of living labs as a novel way to discover how to practically implement cybersecurity measures and also provides a set of recommendations as future steps. Finally, to our knowledge this is the first paper that analyses security in the context of living labs and provides suggestions relevant to this context.

References

[1]

SIEMENS. 2021. Digitalizing healthcare: How to build a digital enterprise. Retrieved from https://www.siemens-healthineers.com/insights/digitalizing-healthcare

[2]

Stephen O. Agboola, David W. Bates, Joseph C. Kvedar. 2016. Digital health and patient safety. JAMA 315, 16 (April 2016), 1697-1698.

[3]

Arash Keshavarzi Arshadi, Julia Webb, Milad Salem, Emmanuel Cruz, Stacie Calad-Thomson, Niloofar Ghadirian, Jennifer Collins, Elena Diez-Cecilia, Brendan Kelly, Hani Goodarzi, Jian Shiun Yuan. 2020. Artificial intelligence for Covid-19 drug discovery and vaccine development. Front Artif Intell 3, 65 (August 2020), 1-13.

[4]

World Economic Forum. 2018. Value in healthcare: laying the foundation for health system transformation. Retrieved from http://www3.weforum.org/docs/WEF_Insight_ Report_Value_Healthcare_Laying_Foundation.pdf

[5]

Hassane Alami, Marie-Pierre Gagnon, Mohamed Ali Ag Ahmed, Jean-Paul Fortin. 2019. Digital Health: Cybersecurity is a value creation lever, not only a source of expenditure. Health Policy and Technology 8, 4 (December 2019), 319-321.

[6]

ENISA. 2020. Procurement guidelines for cybersecurity in hospitals. Retrieved from https://www.enisa.europa.eu/publications/good-practices-for-the-security-of-healthcare-services

[7]

Department of Health and Human Services. 2013. Summary of the HIPAA privacy rule. Retrieved from https://www.hhs.gov/hipaa/ for-professionals/privacy/laws-regulations/

[8]

Barbara Filkins. 2014. Health Care Cyberthreat report: Widespread compromises detected, compliance nightmare on horizon. SANS Norse. Retrieved from https://www.sans.org/reading-room/ whitepapers/analyst/health-care-cyberthreat-report-widespread-compromises-detected-compliance-nightmare-horizon-34735

[9]

Daniel Berger. 2016. Breach Report 2015: Protected health information (PHI). Retrieved from https://www.redspin.com/ resources/download/breach-report-2015-protected-health- information-phi/

[10]

Verizon. 2018. Data Breach Investigations Report. Retrieved from https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf

[11]

Infoguard Cyber Security. 2017. 5 industries that top the hit list of cyber criminals in 2017. Retrieved from http://www.infoguardsecurity.com/5-industries-top-hit-list- cyber-criminals-2017/

[12]

IBM. 2018. Cost of a data breach study: global overview. Retrieved from https://www- 01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=55017055USEN&

[13]

Menaka Muthupalapania, Kerrie Stevenson. 2021. Healthcare cyber-attacks and the Covid-19 pandemic: an urgent threat to global health. Int J Qual Health Care 33, 1 (February 2021), 1-12

[14]

ENISA. 2020. Cybersecurity in the healthcare sector during Covid-19 pandemic. Retrieved from https://www.enisa.europa.eu/news/enisa-news/cybersecurity-in-the-healthcare-sector-during-covid-19-pandemic

[15]

The CyberPeace Institute. 2021. Playing with lives: Cyberattacks on healthcare are attacks on people. Retrieved from https://cyberpeaceinstitute.org/report/2021-03-CyberPeaceInstitute-SAR001-Healthcare.pdf

[16]

Lynne Coventry, Dawn Branley. 2018. Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas 113, 1 (July 2018), 48-52.

[17]

Aatif Sulleyman. 2017. NHS cyber-attack: why stolen medical information is so much more valuable than financial data. Retrieved from https://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-medical-data-records-stolen-why-so-valuable-sell-financial-a7733171.html

[18]

Joshua Berlinger. 2018. Justice Department Files Record $900 Million Healthcare Fraud Case. Retrieved from https://edition.cnn.com/2016/06/23/health/health-care-fraud-takedown/index.html

[19]

LUXSCI. 2017. Why Are Hackers Targeting Your Medical Records? Retrieved from https://luxsci.com/blog/hackers-targeting-medical-records.html

[20]

Kim Sengupta. 2017. Isis-linked hackers attack NHS websites to show gruesome Syrian civil war images. Retrieved from http://www.independent.co.uk/news/uk/crime/isis- islamist-hackers-nhs-websites-cyber-attack-syrian-civil-war-images-islamic-state- a7567236.html.

[21]

Fred Donovan. 2018. Healthcare data security programs get short shrift in IT budgets. Health IT Security. Retrieved from https://healthitsecurity.com/news/healthcare-data- security-programs-get-short-shrift-in-it-budgets

[22]

Fred Donovan. 2018. NIST warns about cybersecurity vulnerabilities in healthcare IoT. Retrieved from https://healthitsecurity.com/news/nist-warns-about-cybersecurity-vulnerabilities-in-healthcare-iot

[23]

Piotr Kaminski, Chris Rezek, Wolf Richter, Marc Sorel. 2017. Protecting your critical digital assets: Not all systems and data are created equal. Retrieved from https:// www.mckinsey.com/business-functions/risk/our-insights/ protecting-your-critical-digital-assets-not-all-systems-and- data-are-created-equal

[24]

Klon Kitchen, Megan Reiss. 2018. Ransomware is coming; It'll make you wannacry. Retrieved from https://www.heritage.org/technology/commentary/ransomware-coming-itll-make-you-wannacry

[25]

Ying He, Aliyu Aliyu, Mark Evans, Cunjin Luo. 2021. Health care cybersecurity challenges and solutions under the climate of covid-19: Scoping Review. J Med Internet Res 23, 4 (April 2021), 21-47.

[26]

Kitty Kioskli, Nineta Polemi. 2020. A socio-technical approach to cyber risk assessment. International Journal of Electrical Computer Engineering 14, 10 (December 2020), 305-309.

[27]

Kayla Matthews. 2018. Exciting IoT use cases in healthcare. IoT for all. Retrieved from https://theinternetofthings.report/blogs/6-exciting-iot-use-cases-in-healthcare/5382

[28]

Nate Lord. 2018. Information security: The top INFOSEC considerations for healthcare organizations today. Retrieved from https://digitalguardian.com/blog/healthcare-information-security-top-infosec-considerations-healthcare-organizations-today

[29]

Saira Ghafur, Emilia Grass, Nick R Jennings, Ara Darzi. 2019. The challenges of cybersecurity in health care: the UK National Health Service as a case study. Lancet Digit Health 1, 1 (May 2019), 10-12.

[30]

National Health Service. 2019. Preparing the healthcare workforce to deliver the digital future. Retrieved from https://topol.hee.nhs.uk/

[31]

William J. Mitchell. 2003. Me++ The Cyborg self and the networked city. Retrieved from https://mitpress.mit.edu/books/me

[32]

European Network of Living Labs. 2020. What are the living labs. Retrieved from https://enoll.org/about-us

[33]

Mokter Hossain, Seppo Leminen, Mika Westerlund. 2019. A systematic review of living lab literature. Journal of Cleaner Production 213, 1 (March 2019), 976-988.

[34]

European Institute of Innovation and Technology. 2015. EIT ICT labs: An entire testing platform of SMEs to boost the international growth of Trilogis. Retrieved from http://eit.europa.eu/newsroom/eit-ict-labs-entire-testing-platform-smes-boost-international-growth-trilogis

[35]

Kris Steen, Ellen van Bueren. 2017. Urban Living Labs: A Living Lab Way of Working. AMS Research Report, Amsterdam: AMS Institute.

[36]

Paul Bate, Glenn Robert. 2006. Experience-based design: from redesigning the system around the patient to co-designing services with the patient. Qual Saf Health Care 15, 5 (October 2006), 307-310.

[37]

Elizabeth B N Sanders, Piete Jan Stappers. 2008. Co-creation and the new landscapes of design. CoDesign 4, 1 (June 2008), 5-18.

[38]

Anna Ståhlbröst. 2012. A set of key principles to assess the impact of Living Labs. Int J Prod Dev 17, 1-2 (January 2012), 60-75.

[39]

Anand Sundaralingam, Theo Fotis. 2019. Making the case for responsible innovation. The Journal of mHealth 6, 5 (September 2019), 25-26.

[40]

U4IoT. 2017. Living Labs Methodology Handbook. Retrieved from https://u4iot.eu/pdf/D2.2_LivingLabsMethodologyHandbook.pdf

[41]

Cristina B Gibson, Julian Birkinshaw. 2004. The antecedents, consequences and mediating role of organizational ambidexterity. Academy of Management Journal 47, 2 (April 2004), 209-226.

[42]

Antonio Capaldo. 2007. Network structure and innovation: The leveraging of a dual network as a distinctive relational capability. Strategic Management Journal 28, 6 (June 2007), 585-608.

[43]

Javier Garcia Guzman, Alvaro Fernandez del Carpio, Ricardo Colomo-Palacios, Manuel Velasco de Diego. 2015. Living labs for user-driven innovation: a process reference model. Res Technol Manag 56, 3 (Decemver 2015), 1-12.

[44]

Kristian Moller, Arto Rajala, Senja Svahn. 2005. Strategic business nets-their type and management. Journal of Business Research 58, 9 (September 2005), 1274-1284.

[45]

Linus Dahlander, David M. Gann. 2010. How open is innovation? Res Pol 39, 6 (July 2010), 699-709.

[46]

Seppo Leminen, Mika Westerlund. 2017. Categorization of innovation tools in living labs. Technol Innovat Manag Rev 7, 1 (January 2017), 15-25.

[47]

James Evans, Ross Jones, Andrew Karvonen, Lucy Millard, Jana Wendler. 2015. Living labs and co- production: university campuses as platforms for sustainability science. Curr Opin Environ Sustain 16, 1 (October 2015), 1-6.

[48]

ANSI/CTA. 2020. Definitions/Characteristics Of Artificial Intelligence In Health Care. Retrieved from https://webstore.ansi.org/Standards/ANSI/ANSICTA20892020

[49]

Declaration of Helsinki (1964). BMJ 313, 7070 (December 1996), 1448-1449.

[50]

World Medical. 2001. World Medical Association Declaration of Helsinki. Retrieved from http://www.hl7.org/implement/standards/fhir

[51]

interoEHRate Consortium. 2020. D2.7 FHIR Profile for EHR interoperability-V1. Retrieved from https://www.interopehrate.eu/wp-content/uploads/2019/11/InteropEHRate-D2.7-FHIR-profile-for-EHR-interoperability-V1.pdf

[52]

Chon Abraham, Dave Chatterjee, Ronald S. Sims. 2019. Muddling through cybersecurity: Insights from the U.S. healthcare industry. Business Horizons 62, 4 (July-August 2019), 539-548.

[53]

Sati Gürdas ̧ Topkaya, Nurten Kaya. 2015. Nurses’ computer literacy and attitudes towards the use of computers in health care. Int J Nurs Pract 21, 1 (May 2015), 141-149.

[54]

Henry G. Torres, Saurabh Gupta. 2018. The misunderstood link: information security training strategy. Retrieved from https://aisel.aisnet.org/amcis2018/Security/Presentations/16/

[55]

Kitty Kioskli, Nineta Polemi. 2020. Psychosocial approach to cyber threat intelligence. International Journal of Chaotic Computing 7, 1 (February 2021), 159-165.

Cited By

Komalasari R(2024)Safeguarding the FutureBlockchain and IoT Approaches for Secure Electronic Health Records (EHR)10.4018/979-8-3693-1662-7.ch003(48-72)Online publication date: 28-May-2024
https://doi.org/10.4018/979-8-3693-1662-7.ch003
Jayaraj IShanmugam BAzam SThennadil S(2024)Detecting and Localizing Wireless Spoofing Attacks on the Internet of Medical ThingsJournal of Sensor and Actuator Networks10.3390/jsan1306007213:6(72)Online publication date: 1-Nov-2024
https://doi.org/10.3390/jsan13060072
Ewoh PVartiainen T(2024)Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic ReviewJournal of Medical Internet Research10.2196/4690426(e46904)Online publication date: 31-May-2024
https://doi.org/10.2196/46904
Show More Cited By

Index Terms

The landscape of cybersecurity vulnerabilities and challenges in healthcare: Security standards and paradigm shift recommendations

Index terms have been assigned to the content through auto-classification.

Recommendations

Cybersecurity Indexes for eHealth
ACSW '19: Proceedings of the Australasian Computer Science Week Multiconference

This study aimed to explore the cybersecurity landscape to identify cybersecurity indexes that may be relevant to the health industry. While the healthcare sector poses security concerns regarding patients' records, cybersecurity in the healthcare ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations
Abstract
The recent rise in cybersecurity breaches in healthcare organizations has put patients’ privacy at a higher risk of being exposed. Despite this threat and the additional danger posed by such incidents to patients’ safety, as well as operational ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

European Commission

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
874
Total Downloads

Downloads (Last 12 months)301
Downloads (Last 6 weeks)15

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Komalasari R(2024)Safeguarding the FutureBlockchain and IoT Approaches for Secure Electronic Health Records (EHR)10.4018/979-8-3693-1662-7.ch003(48-72)Online publication date: 28-May-2024
https://doi.org/10.4018/979-8-3693-1662-7.ch003
Jayaraj IShanmugam BAzam SThennadil S(2024)Detecting and Localizing Wireless Spoofing Attacks on the Internet of Medical ThingsJournal of Sensor and Actuator Networks10.3390/jsan1306007213:6(72)Online publication date: 1-Nov-2024
https://doi.org/10.3390/jsan13060072
Ewoh PVartiainen T(2024)Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic ReviewJournal of Medical Internet Research10.2196/4690426(e46904)Online publication date: 31-May-2024
https://doi.org/10.2196/46904
Tschider CYurcik W(2024)Position Paper: Revealing the Limits of Cybersecurity Law for Healthcare AIProceedings of the 2024 Workshop on Cybersecurity in Healthcare10.1145/3689942.3694755(125-134)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689942.3694755
Singh SChauhan SAlsafrani AIslam MSherazi HUllah I(2024)Optimizing healthcare data quality with optimal features driven mutual entropy gainExpert Systems10.1111/exsy.13737Online publication date: 25-Sep-2024
https://doi.org/10.1111/exsy.13737
Moiz SAbro AEbrahim MAbro A(2024)Unveiling The Arsenal of User Data Protection Tools and Practices2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC)10.1109/KHI-HTC60760.2024.10482280(1-7)Online publication date: 8-Jan-2024
https://doi.org/10.1109/KHI-HTC60760.2024.10482280
Arora GDhariwal NMarken G(2024)IoT Security Challenges in Healthcare: Navigating Risks, Strategies, and Innovations for a Safer Connected Health Ecosystem2024 International Conference on Emerging Innovations and Advanced Computing (INNOCOMP)10.1109/INNOCOMP63224.2024.00021(60-68)Online publication date: 25-May-2024
https://doi.org/10.1109/INNOCOMP63224.2024.00021
Khan ASiddiqui SKhan AKaram K(2024)Advancing Patient-Centric Care: Harnessing CPS for Smart Hospitals and Healthcare FacilitiesIntelligent Cyber-Physical Systems for Healthcare Solutions10.1007/978-981-97-8983-2_16(377-399)Online publication date: 8-Dec-2024
https://doi.org/10.1007/978-981-97-8983-2_16
Boopathi SKhang A(2023)AI-Integrated Technology for a Secure and Ethical Healthcare EcosystemAI and IoT-Based Technologies for Precision Medicine10.4018/979-8-3693-0876-9.ch003(36-59)Online publication date: 18-Oct-2023
https://doi.org/10.4018/979-8-3693-0876-9.ch003
Liang B(2023)Exploration on Online Resources Construction of Health Information Management System Curriculum Under the Background of Integration of Production and EducationProceedings of the 2023 4th International Conference on Education, Knowledge and Information Management (ICEKIM 2023)10.2991/978-94-6463-172-2_222(1995-2002)Online publication date: 30-Jun-2023
https://doi.org/10.2991/978-94-6463-172-2_222
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents