Clemens Scott Kruse,Benjamin Frederick,Taylor Jacobson,D Kyle Monticone

DOI: https://doi.org/10.3233/THC-161263

Abstract:Background: The adoption of healthcare technology is arduous, and it requires planning and implementation time. Healthcare organizations are vulnerable to modern trends and threats because it has not kept up with threats. Objective: The objective of this systematic review is to identify cybersecurity trends, including ransomware, and identify possible solutions by querying academic literature. Methods: The reviewers conducted three separate searches through the CINAHL and PubMed (MEDLINE) and the Nursing and Allied Health Source via ProQuest databases. Using key words with Boolean operators, database filters, and hand screening, we identified 31 articles that met the objective of the review. Results: The analysis of 31 articles showed the healthcare industry lags behind in security. Like other industries, healthcare should clearly define cybersecurity duties, establish clear procedures for upgrading software and handling a data breach, use VLANs and deauthentication and cloud-based computing, and to train their users not to open suspicious code. Conclusions: The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It is imperative that time and funding is invested in maintaining and ensuring the protection of healthcare technology and the confidentially of patient information from unauthorized access.

Cartwright, Anthony James

DOI: https://doi.org/10.1007/s10877-023-01013-5

IF: 1.977

2023-04-24

Journal of Clinical Monitoring and Computing

Abstract:Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient—the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.

anesthesiology

Stephanie Ness,Tushar Khinvasara

DOI: https://doi.org/10.9734/jerr/2024/v26i21075

2024-01-29

Journal of Engineering Research and Reports

Abstract:Currently, the majority of economic, commercial, cultural, social, and governmental activity and contacts between countries, encompassing individuals, non-governmental organizations, and government institutions, occur in the virtual realm known as cyberspace. In recent times, numerous private enterprises and governmental institutions worldwide have encountered the issue of cyber- attacks and the peril associated with wireless communication technology. The modern society heavily relies on electronic technology, and safeguarding this data from cyber-attacks poses a formidable challenge. Cyber-attacks are intended to inflict financial harm onto companies. Cyber- attacks may serve military or political objectives in certain instances. Some examples of these damages include PC infections, knowledge breaches, data distribution service (DDS), and other attack routes. For this purpose, different companies employ diverse strategies to mitigate the harm caused by cyber-attacks. Cybersecurity monitors up-to-date information on the most recent IT data. Researchers worldwide have proposed several techniques to prevent cyber-attacks or mitigate their impact. Several approaches are currently in the operational phase, while others are still in the study phase. The objective of this study is to conduct a thorough examination and evaluation of the latest advancements in the field of cyber security, with the purpose of identifying and analyzing the problems, vulnerabilities, and strengths of the proposed methodologies. A comprehensive analysis is conducted on several forms of novel descendant attacks. The discussion revolves around conventional security frameworks, encompassing their historical context and early-generation approaches to cyber-security. Furthermore, this report presents the latest advancements and developing patterns in the field of cyber security, as well as the current problems and risks to security. The comprehensive review study offered for IT and cyber security researchers is anticipated to be beneficial.

Raul Luna,Emily Rhine,Matthew Myhra,Ross Sullivan,Clemens Scott Kruse

DOI: https://doi.org/10.3233/THC-151102

Abstract:Background: Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. Objective: The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. Methods: The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Results: Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. Conclusions: The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

Megha M. Moncy,Sadia Afreen,Saptarshi Purkayastha

2023-11-07

Abstract:This research examines the pivotal role of human behavior in the realm of healthcare data management, situated at the confluence of technological advancements and human conduct. An in-depth analysis of security breaches in the United States from 2009 to the present elucidates the dominance of human-induced security breaches. While technological weak points are certainly a concern, our study highlights that a significant proportion of breaches are precipitated by human errors and practices, thus pinpointing a conspicuous deficiency in training, awareness, and organizational architecture. In spite of stringent federal mandates, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, breaches persist, emphasizing the indispensable role of human factors within this domain. Such oversights not only jeopardize patient data confidentiality but also undermine the foundational trust inherent in the healthcare infrastructure. By probing the socio-technical facets of healthcare security infringements, this article advocates for an integrated, dynamic, and holistic approach to healthcare data security. The findings underscore the imperative of augmenting technological defenses while concurrently elevating human conduct and institutional ethos, thereby cultivating a robust and impervious healthcare data management environment.

Computers and Society,Cryptography and Security

Kishu Gupta,Vinaytosh Mishra,Aaisha Makkar

DOI: https://doi.org/10.1109/JBHI.2024.3467179

2024-10-06

Abstract:Healthcare has witnessed an increased digitalization in the post-COVID world. Technologies such as the medical internet of things and wearable devices are generating a plethora of data available on the cloud anytime from anywhere. This data can be analyzed using advanced artificial intelligence techniques for diagnosis, prognosis, or even treatment of disease. This advancement comes with a major risk to protecting and securing protected health information (PHI). The prevailing regulations for preserving PHI are neither comprehensive nor easy to implement. The study first identifies twenty activities crucial for privacy and security, then categorizes them into five homogeneous categories namely: $\complement_1$ (Policy and Compliance Management), $\complement_2$ (Employee Training and Awareness), $\complement_3$ (Data Protection and Privacy Control), $\complement_4$ (Monitoring and Response), and $\complement_5$ (Technology and Infrastructure Security) and prioritizes these categories to provide a framework for the implementation of privacy and security in a wise manner. The framework utilized the Delphi Method to identify activities, criteria for categorization, and prioritization. Categorization is based on the Density-Based Spatial Clustering of Applications with Noise (DBSCAN), and prioritization is performed using a Technique for Order of Preference by Similarity to the Ideal Solution (TOPSIS). The outcomes conclude that $\complement_3$ activities should be given first preference in implementation and followed by $\complement_1$ and $\complement_2$ activities. Finally, $\complement_4$ and $\complement_5$ should be implemented. The prioritized view of identified clustered healthcare activities related to security and privacy, are useful for healthcare policymakers and healthcare informatics professionals.

Cryptography and Security,Machine Learning

Chukwuka Elendu,Eunice K. Omeludike,Praise O. Oloyede,Babajide T. Obidigbo,Janet C. Omeludike

DOI: https://doi.org/10.1097/md.0000000000039887

IF: 1.6

2024-09-29

Medicine

Abstract:In recent years, integrating digital technologies in healthcare has revolutionized medical practice, enhancing patient care, data management, and operational efficiency. However, this digital transformation has also exposed healthcare systems to significant cybersecurity threats, leading to legal and ethical challenges for clinicians. [ 1–3 ] The increasing frequency and sophistication of cyber-attacks, such as ransomware, data breaches, and hacking incidents, pose substantial risks to patient privacy, data integrity, and overall healthcare delivery. [ 1–3 ] These incidents jeopardize patient safety and implicate healthcare professionals in potential legal liabilities. Emerging technologies, including artificial intelligence (AI) and quantum computing, are at the forefront of cybersecurity innovations and challenges. AI, for instance, offers promising applications in detecting and mitigating cyber threats through advanced algorithms and machine learning (ML) techniques. However, deploying AI systems in healthcare raises concerns regarding data security, privacy, and ethical implications. If not properly managed, AI systems can introduce biases that may result in discriminatory practices or inaccurate decision-making. [ 4 , 5 ] Moreover, quantum computing, potentially breaking traditional encryption methods, further complicates the cybersecurity landscape, necessitating new cryptographic approaches and legal frameworks to safeguard sensitive health information. [ 6 ] The global nature of cybersecurity threats underscores the importance of international cooperation and regulatory harmonization. Countries have adopted varying approaches to managing cybersecurity incidents in healthcare, influenced by their legal systems, cultural values, and technological infrastructures. For example, the European Union's General Data Protection Regulation (GDPR) imposes stringent data protection requirements, including reporting data breaches within 72 hours. [ 7 ] In contrast, the United States has a more fragmented regulatory landscape, with laws such as the Health Insurance Portability and Accountability Act (HIPAA) providing a framework for protecting patient information. Still, varying state laws complicate compliance. [ 8 ] A comparative analysis of these international regulations reveals best practices and highlights areas where further harmonization is needed to protect healthcare data globally. The legal implications of cybersecurity incidents extend beyond compliance with data protection regulations. As custodians of patient data, clinicians may face legal consequences in data breaches or unauthorized access to sensitive information. These legal responsibilities necessitate a thorough understanding of cybersecurity best practices and implementing robust security measures. For instance, clinicians must ensure secure communication channels, regular updates to software systems, and adherence to data encryption standards. [ 9 ] Furthermore, clinicians should be aware of their obligations to report cybersecurity incidents and cooperate with investigations, as failure can result in legal penalties and damage to professional reputations. [ 10 ] Ethical considerations are also paramount in the context of cybersecurity in healthcare. The principle of patient autonomy, which underpins informed consent and confidentiality, is challenged when cybersecurity incidents compromise patient data. Healthcare professionals must navigate these ethical dilemmas, balancing the need to protect patient information with the necessity of using digital tools for medical care. [ 11 ] Moreover, deploying AI in healthcare introduces questions about the transparency and accountability of decision-making processes. Ensuring that AI systems are transparent, explainable, and free from biases is crucial to maintaining public trust and ensuring equitable healthcare outcomes. [ 12 ] Case studies of cybersecurity incidents in healthcare provide valuable insights into the practical challenges and consequences clinicians face. For example, the WannaCry ransomware attack in 2017 severely disrupted the UK's National Health Service (NHS), affecting numerous hospitals and clinics and leading to the cancelation of thousands of appointments. [ 13 ] This incident highlighted the vulnerability of healthcare systems to cyber threats and underscored the importance of proactive cybersecurity measures. Similarly, the breach of patient data at Ant -Abstract Truncated-

medicine, general & internal

Pius Ewoh,Tero Vartiainen

DOI: https://doi.org/10.2196/46904

2024-05-31

Abstract:Background: Health care organizations worldwide are faced with an increasing number of cyberattacks and threats to their critical infrastructure. These cyberattacks cause significant data breaches in digital health information systems, which threaten patient safety and privacy. Objective: From a sociotechnical perspective, this paper explores why digital health care systems are vulnerable to cyberattacks and provides sociotechnical solutions through a systematic literature review (SLR). Methods: An SLR using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) was conducted by searching 6 databases (PubMed, Web of Science, ScienceDirect, Scopus, Institute of Electrical and Electronics Engineers, and Springer) and a journal (Management Information Systems Quarterly) for articles published between 2012 and 2022 and indexed using the following keywords: "(cybersecurity OR cybercrime OR ransomware) AND (healthcare) OR (cybersecurity in healthcare)." Reports, review articles, and industry white papers that focused on cybersecurity and health care challenges and solutions were included. Only articles published in English were selected for the review. Results: In total, 5 themes were identified: human error, lack of investment, complex network-connected end-point devices, old legacy systems, and technology advancement (digitalization). We also found that knowledge applications for solving vulnerabilities in health care systems between 2012 to 2022 were inconsistent. Conclusions: This SLR provides a clear understanding of why health care systems are vulnerable to cyberattacks and proposes interventions from a new sociotechnical perspective. These solutions can serve as a guide for health care organizations in their efforts to prevent breaches and address vulnerabilities. To bridge the gap, we recommend that health care organizations, in partnership with educational institutions, develop and implement a cybersecurity curriculum for health care and intelligence information sharing through collaborations; training; awareness campaigns; and knowledge application areas such as secure design processes, phase-out of legacy systems, and improved investment. Additional studies are needed to create a sociotechnical framework that will support cybersecurity in health care systems and connect technology, people, and processes in an integrated manner.

Jahnavi Reddy,Nelly Elsayed,Zag ElSayed,Murat Ozer

DOI: https://doi.org/10.48550/arXiv.2111.00582

2022-08-31

Abstract:Providing security to Health Information is considered to be the topmost priority when compared to any other field. After the digitalization of the patient's records in the medical field, the healthcare/medical field has become a victim of several internal and external cyberattacks. Data breaches in the healthcare industry have been increasing rapidly. Despite having security standards such as HIPAA (Health Insurance Portability and Accountability Act), data breaches still happen on a daily basis. All various types of data breaches have the same harmful impact on healthcare data, especially on patients' privacy. The main objective of this paper is to analyze why healthcare data breaches occur and what is the impact of these breaches. The paper also presents the possible improvements that can be made in the current standards, such as HIPAA, to increase security in the healthcare field.

Cryptography and Security

AKM Iqridar Newaz,Amit Kumar Sikder,Mohammad Ashiqur Rahman,A. Selcuk Uluagac

DOI: https://doi.org/10.48550/arXiv.2005.07359

2020-05-15

Cryptography and Security

Abstract:The recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of the patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices (IMDs), body area networks (BANs), and Internet of Things (IoT) technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems as any security or privacy violation can lead to severe effects on patients' treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this paper, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the paper with future research directions toward securing healthcare systems against common vulnerabilities.

Mohammad S Jalali,Sabina Razak,William Gordon,Eric Perakslis,Stuart Madnick

DOI: https://doi.org/10.2196/12644

2019-02-15

Abstract:Background: Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery. Objective: The objective of this study was to provide an overview of the literature at the intersection of cybersecurity and health care delivery. Methods: A comprehensive search was conducted using PubMed and Web of Science for English-language peer-reviewed articles. We carried out chronological analysis, domain clustering analysis, and text analysis of the included articles to generate a high-level concept map composed of specific words and the connections between them. Results: Our final sample included 472 English-language journal articles. Our review results revealed that majority of the articles were focused on technology: Technology-focused articles made up more than half of all the clusters, whereas managerial articles accounted for only 32% of all clusters. This finding suggests that nontechnological variables (human-based and organizational aspects, strategy, and management) may be understudied. In addition, Software Development Security, Business Continuity, and Disaster Recovery Planning each accounted for 3% of the studied articles. Our results also showed that publications on Physical Security account for only 1% of the literature, and research in this area is lacking. Cyber vulnerabilities are not all digital; many physical threats contribute to breaches and potentially affect the physical safety of patients. Conclusions: Our results revealed an overall increase in research on cybersecurity and identified major gaps and opportunities for future work.

Kevin Hore,Mong Hoi Tan,Anne Kehoe,Aidan Beegan,Sabina Mason,Nader Al Mane,Deirdre Hughes,Caroline Kelly,John Wells,Claire Magner

DOI: https://doi.org/10.1016/j.ijmedinf.2024.105412

IF: 4.73

2024-05-01

International Journal of Medical Informatics

Abstract:INTRODUCTION: Cyberattacks on healthcare organisations are becoming increasingly common and represent a growing threat to patient safety. The majority of breaches in cybersecurity have been attributed to human error. Intensive care departments are particularly vulnerable to cyberattacks. The aim of this study was to investigate cybersecurity awareness, knowledge and behaviours among critical care staff.METHODS: This was a multi-site cross-sectional survey study administered to critical care staff. Cybersecurity awareness was evaluated using the validated HAIS-Q instrument. Knowledge and behaviours were evaluated by direct questioning and scenario-based multiple-choice questions. Free text options were also offered to respondents. Thematic analysis was performed on free text sections.RESULTS: Median scores of 12-15 in each of the HAIS-Q focus areas were achieved, indicating high levels of cybersecurity awareness among critical care staff. However, self-reported confidence in cybersecurity practices, especially identifying signs of cybersecurity breaches and reporting cybersecurity incidents, were relatively low. Participants responses to the scenarios demonstrated a lack of knowledge and awareness of some of the mechanisms of cyberattacks. Barriers to safe cybersecurity practices among staff that emerged from the qualitative analysis included: a lack of training and education; heavy workloads and staff fatigue; perceived lack of IT support and poor IT infrastructure.CONCLUSION: Critical care staff appear to have a high-level cybersecurity awareness. However, in practice safe cybersecurity practices are not always followed. ICU departments and hospitals must invest in the human aspect of cybersecurity to strength their cyber-defences and to protect patients.

health care sciences & services,computer science, information systems,medical informatics

Mariam Ibrahim,Abdallah Al-Wadi,Ruba Elhafiz

DOI: https://doi.org/10.3390/s24113375

IF: 3.9

2024-05-25

Sensors

Abstract:The healthcare industry went through reformation by integrating the Internet of Medical Things (IoMT) to enable data harnessing by transmission mediums from different devices, about patients to healthcare staff devices, for further analysis through cloud-based servers for proper diagnosis of patients, yielding efficient and accurate results. However, IoMT technology is accompanied by a set of drawbacks in terms of security risks and vulnerabilities, such as violating and exposing patients' sensitive and confidential data. Further, the network traffic data is prone to interception attacks caused by a wireless type of communication and alteration of data, which could cause unwanted outcomes. The advocated scheme provides insight into a robust Intrusion Detection System (IDS) for IoMT networks. It leverages a honeypot to divert attackers away from critical systems, reducing the attack surface. Additionally, the IDS employs an ensemble method combining Logistic Regression and K-Nearest Neighbor algorithms. This approach harnesses the strengths of both algorithms to improve attack detection accuracy and robustness. This work analyzes the impact, performance, accuracy, and precision outcomes of the used model on two IoMT-related datasets which contain multiple attack types such as Man-In-The-Middle (MITM), Data Injection, and Distributed Denial of Services (DDOS). The yielded results showed that the proposed ensemble method was effective in detecting intrusion attempts and classifying them as attacks or normal network traffic, with a high accuracy of 92.5% for the first dataset and 99.54% for the second dataset and a precision of 96.74% for the first dataset and 99.228% for the second dataset.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Kimmarie Donahue,Shawon Rahman

DOI: https://doi.org/10.48550/arXiv.1512.01731

2015-11-30

Cryptography and Security

Abstract:Healthcare Information Technology (IT) has made great advances over the past few years and while these advances have enable healthcare professionals to provide higher quality healthcare to a larger number of individuals it also provides the criminal element more opportunities to access sensitive information, such as patient protected health information (PHI) and Personal identification Information (PII). Having an Information Assurance (IA) programallows for the protection of information and information systems and ensures the organization is in compliance with all requires regulations, laws and directive is essential. While most organizations have such a policy in place, often it is inadequate to ensure the proper protection to prevent security breaches. The increase of data breaches in the last few years demonstrates the importance of an effective IA program. To ensure an effective IA policy, the policy must manage the operational risk, including identifying risks, assessment and mitigation of identified risks and ongoing monitoring to ensure compliance

Steve G Langer

DOI: https://doi.org/10.1007/s10278-016-9913-x

Abstract:In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

Dev Taneja,Shriram V Kulkarni,Sagar Sinha,Ramakrishnan N Dindigal

DOI: https://doi.org/10.59556/japi.71.0372

Abstract:Digital technology has encompassed all aspects of healthcare. There are many international and national organizations, guidelines, and formats available in health information systems (HIS), but many are presently still not being used in India. The aim is to give a flawless, secure, and user-friendly health information technology (IT) system for Indian healthcare. We discuss the timeline of digital technology in hospital administration, administrative applications, and the importance of clinical quality in health. Clinical perspectives of clinical information systems (CIS), both in acute as well as chronic clinical care models. Cross-integration of healthcare in IT (HIT) in electronic health records (EHR) or electronic medical records (EMRs), in chronic disease management (CDM) systems, and in clinical decision support systems (CDSS) are elaborated. Also, practical strategic application methods are discussed. The limitations of the current HIS software in India are mostly used for transaction reporting, prescription, and administrative tools. They lack CIS and strategic business applications as compared to mature multinational company (MNC) HIS software. Along with this, various features and levels of HIS Software, challenges of HIT adoption, Indian health IT standards, and the future framework of IT in health in India are systematically analyzed. We aim at all physicians in India and at all levels of practice, from individuals, group practices, health institutes, or corporate hospitals, and to encourage them to make strategic use of CIS and strategic IT applications in their individual practice and hospital management. This will improve clinical outcomes, patient safety, practitioner performance, adherence to treatment guidelines, and reduction in medical errors, along with efficiency improvements and cost reductions. How to cite this article: Taneja D, Kulkarni SV, Sinha S, et al. Digital Technology in Hospital Administration: A Strategic Choice. J Assoc Physicians India 2023;71(10):83-88.

Muhammad Adil,Muhammad Khurram Khan,Neeraaj Kumar,Muhammad Attique,Ahmed Farouk,Mohsen Guizani,Zhanpeng Jin

DOI: https://doi.org/10.1109/jiot.2024.3360289

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) applications are switching from general to precise in different industries, e.g., healthcare, automation, military, maritime, smart cities, transportation, logistics, and many more. In the healthcare domain, these applications had demonstrated an incredible improvement in patient assessment, monitoring, and prescription, etc., with ease of access through the Internet. Despite its benefits, this technology also offers several security challenges for the research community and healthcare stakeholders, because of its wireless communication and open-area deployment. To explore, patient wearable devices and other networking entities follows unstructured communication format to share their accumulated data in the network, which makes them susceptible to manifold security threats. Considering the significance of these applications, data acquisition, processing, storage, and assessment on client and remote sides need a high standard of secure communication infrastructure. Therefore, security of these applications is one of the major obstacles that prevent their widespread use in different healthcare domains. To discuss different security constraints, in this paper, we present a comprehensive survey of the theoretical literature from 2015-to-2023 to highlight the unresolved security problems of this emerging technology. Based on the evaluated literature pros and cons, we determine the security requirements and challenges of Healthcare-IoT (HC-IoT) applications. Following this, we demonstrate future research directions that could be useful for the researchers and industry stakeholders working in this domain. To demonstrate the uniqueness of this work and claim its contribution, we compare our work section-wise with previously published papers to answer the question of reviewers, editors, students, and readers, why this review article is required in the presence of already published review articles.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wendy Burke,Andrew Stranieri,Taiwo Oseni,Iqbal Gondal

DOI: https://doi.org/10.1186/s12911-024-02551-x

IF: 3.298

2024-05-26

BMC Medical Informatics and Decision Making

Abstract:The Australian healthcare sector is a complex mix of government departments, associations, providers, professionals, and consumers. Cybersecurity attacks, which have recently increased, challenge the sector in many ways; however, the best approaches for the sector to manage the threat are unclear. This study will report on a semi-structured focus group conducted with five representatives from the Australian healthcare and computer security sectors. An analysis of this focus group transcript yielded four themes: 1) the challenge of securing the Australian healthcare landscape; 2) the financial challenges of cybersecurity in healthcare; 3) balancing privacy and transparency; 4) education and regulation. The results indicate the need for sector-specific tools to empower the healthcare sector to mitigate cybersecurity threats, most notably using a self-evaluation tool so stakeholders can proactively prepare for incidents. Despite the vast amount of research into cybersecurity, little has been conducted on proactive cybersecurity approaches where security weaknesses are identified weaknesses before they occur.

medical informatics

Mohit Kumar,Ashwani Kumar,Sahil Verma,Pronaya Bhattacharya,Deepak Ghimire,Seong-heum Kim,A. S. M. Sanwar Hosen

DOI: https://doi.org/10.3390/electronics12092050

IF: 2.9

2023-04-29

Electronics

Abstract:Advancements in Healthcare Internet of Things (H-IoT) systems have created new opportunities and solutions for healthcare services, including the remote treatment and monitoring of patients. In addition, the security and privacy of personal health data must be ensured during data transfer. Security breaches in H-IoT can have serious safety and legal implications. This comprehensive review provides insights about secured data accession by employing cryptographic platforms such as H-IoT in big data, H-IoT in blockchain, H-IoT in machine learning and deep learning, H-IoT in edge computing, and H-IoT in software-defined networks. With this information, this paper reveals solutions to mitigate threats caused by different kinds of attacks. The prevailing challenges in H-IoT systems, including security and scalability challenges, real-time operating challenges, resource constraints, latency, and power consumption challenges are also addressed. We also discuss in detail the current trends in H-IoT, such as remote patient monitoring and predictive analytics. Additionally, we have explored future prospects, such as leveraging health data for informed strategic planning. A critical analysis performed by highlighting the prevailing limitations in H-IoT systems is also presented. This paper will hopefully provide future researchers with in-depth insights into the selection of appropriate cryptographic measures to adopt an energy-efficient and resource-optimized healthcare system.

engineering, electrical & electronic,computer science, information systems,physics, applied

Isabel Straw,Irina Brass,Andrew Mkwashi,Inika Charles,Amelie Soares,Caroline Steer

DOI: https://doi.org/10.2196/50505

2024-07-11

Abstract:Background: Health care professionals receive little training on the digital technologies that their patients rely on. Consequently, practitioners may face significant barriers when providing care to patients experiencing digitally mediated harms (eg, medical device failures and cybersecurity exploits). Here, we explore the impact of technological failures in clinical terms. Objective: Our study explored the key challenges faced by frontline health care workers during digital events, identified gaps in clinical training and guidance, and proposes a set of recommendations for improving digital clinical practice. Methods: A qualitative study involving a 1-day workshop of 52 participants, internationally attended, with multistakeholder participation. Participants engaged in table-top exercises and group discussions focused on medical scenarios complicated by technology (eg, malfunctioning ventilators and malicious hacks on health care apps). Extensive notes from 5 scribes were retrospectively analyzed and a thematic analysis was performed to extract and synthesize data. Results: Clinicians reported novel forms of harm related to technology (eg, geofencing in domestic violence and errors related to interconnected fetal monitoring systems) and barriers impeding adverse event reporting (eg, time constraints and postmortem device disposal). Challenges to providing effective patient care included a lack of clinical suspicion of device failures, unfamiliarity with equipment, and an absence of digitally tailored clinical protocols. Participants agreed that cyberattacks should be classified as major incidents, with the repurposing of existing crisis resources. Treatment of patients was determined by the role technology played in clinical management, such that those reliant on potentially compromised laboratory or radiological facilities were prioritized. Conclusions: Here, we have framed digital events through a clinical lens, described in terms of their end-point impact on the patient. In doing so, we have developed a series of recommendations for ensuring responses to digital events are tailored to clinical needs and center patient care.