1
|
Luidold C, Jungbauer C. Cybersecurity policy framework requirements for the establishment of highly interoperable and interconnected health data spaces. Front Med (Lausanne) 2024; 11:1379852. [PMID: 38784226 PMCID: PMC11111971 DOI: 10.3389/fmed.2024.1379852] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/31/2024] [Accepted: 04/23/2024] [Indexed: 05/25/2024] Open
Abstract
This paper examines cybersecurity policy framework requirements for establishing highly interoperable and interconnected health data spaces, with a focus on the European Health Data Space (EHDS) and its corresponding joint action Toward European Health Data Space (TEHDAS). It explores the challenges of ensuring data security within an increasingly digital and collaborative healthcare environment, emphasizing the need for robust policy management to protect sensitive health information across diverse healthcare systems and supply chains. Through an analysis of use cases and held expert workshops, the study identifies key requirements for enhancing cybersecurity measures, fostering cross-border data exchange, and ensuring compliance with regulatory standards. It illustrates the practical implications of cybersecurity policies in a real-world scenario, demonstrating how they can be applied to enhance data security and policy effectiveness.
Collapse
Affiliation(s)
- Christian Luidold
- Faculty of Computer Science, Multimedia Information Systems, University of Vienna, Vienna, Austria
| | - Christoph Jungbauer
- Faculty of Computer Science, Multimedia Information Systems, University of Vienna, Vienna, Austria
| |
Collapse
|
2
|
Hines E, Trivedi S, Hoang-Tran C, Mocharnuk J, Pfaff MJ. Perspectives on Cybersecurity and Plastic Surgery: A Survey of Plastic Surgeons and Scoping Review of the Literature. Aesthet Surg J 2023; 43:1376-1383. [PMID: 37186025 DOI: 10.1093/asj/sjad122] [Citation(s) in RCA: 1] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/12/2023] [Revised: 04/21/2023] [Accepted: 04/23/2023] [Indexed: 05/17/2023] Open
Abstract
BACKGROUND Data breach costs in the United States are among the highest in the world, making robust cybersecurity an important bulwark of national defense. Healthcare is a popular target for cyber threats, and there is increasing emphasis on cybersecurity safeguards to protect sensitive patient data. OBJECTIVES The objective of this national survey and scoping review is to (1) identify cybersecurity awareness, preparedness, and practices among plastic surgeons, and (2) to provide guidelines to mitigate the threat of cyberattacks. METHODS A 16-question, anonymous online survey was developed and distributed to The Aesthetic Society registrants to ascertain plastic surgeons' cybersecurity practices. Utilizing PubMed, CINAHL, and Embase databases, eligible articles were identified as part of this scoping review. RESULTS Of 89 individuals who began the survey, 69 completed it (77.5%). Sixty respondents agreed or strongly agreed that cybersecurity is an important issue in plastic surgery. The greatest perceived limitations for protection against cyberattacks were insufficient expertise (41.7%), followed by lack of funding and insufficient time to dedicate to this goal. Most respondents (78.7%) had cybersecurity policies incorporated into their practice. Those who agreed or strongly agreed they had technology to prevent data theft/breach were significantly more likely to be older than 54 years of age (P < .001). No articles identified in the literature specifically addressed cybersecurity in plastic surgery; however, 12 articles detailing cybersecurity in healthcare were identified and included. CONCLUSIONS Despite possessing adequate technology and procedures in place to prevent cyberattacks, plastic surgeons perceive significant barriers to cybersecurity protection, including insufficient expertise and lack of dedicated funding. It is imperative that our field establishes standards and protocols to protect our patients.
Collapse
|
3
|
Sari PK, Handayani PW, Hidayanto AN. Demographic Comparison of Information Security Behavior Toward Health Information System Protection: Survey Study. JMIR Form Res 2023; 7:e49439. [PMID: 37616025 PMCID: PMC10485712 DOI: 10.2196/49439] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/29/2023] [Revised: 07/11/2023] [Accepted: 07/24/2023] [Indexed: 08/25/2023] Open
Abstract
BACKGROUND The health information system (HIS) functions are getting wider with more diverse users. Information security in the health industry is crucial because it involves comprehensive and strategic information that might harm human life. The human factor is one of the biggest security threats to HIS. OBJECTIVE This study aims to investigate the information security behavior (ISB) of HIS users using a comprehensive assessment scale suited to the information security concerns in health care. Patients are increasingly being asked to submit their own data into HIS systems. As a result, this study examines the security behavior of health workers and patients, as well as their demographic variables. METHODS We used a quantitative approach using surveys of health workers and patients. We created a research instrument from 4 existing measurement scales to measure prosecurity and antisecurity behavior. We analyzed statistical differences to test the hypotheses, that is, the Kruskal-Wallis test and the Mann-Whitney test. The descriptive analysis was used to determine whether the group exhibited exemplary behavior when processing the survey results. A correlational test using the Spearman correlation coefficient was performed to establish the significance of the relationship between ISB and age as well as level of education. RESULTS We analyzed 421 responses from the survey. According to demographic factors, the hypotheses tested for full and partial security behavior reveal substantial differences. Education levels most significantly affect security behavior differences, followed by user type, gender, and age. The health workers' ISB is higher than that of the patients. Women are more likely than men to engage in prosecurity actions while avoiding antisecurity behaviors. The older the HIS user, the more likely it is that they will participate in prosecurity behavior and the less probable it is that they will engage in antisecurity behavior. According to this study, differences in prosecurity behavior are mostly impacted by education level. Higher education, on the other hand, does not guarantee improved ISB for HIS users. All demographic characteristics, particularly concerning user type, show discrepancies that are caused mainly by antisecurity behavior rather than prosecurity behavior. CONCLUSIONS Since patients engage in antisecurity behavior more frequently than health workers and may pose security risks, health care facilities should start to consider information security education for patients. More comprehensive research on ISB in health care facilities is required to better understand the patient's perspective, which is currently understudied.
Collapse
Affiliation(s)
- Puspita Kencana Sari
- Faculty of Computer Science, Universitas Indonesia, Depok, Indonesia
- Faculty of Economics & Business, Telkom University, Bandung, Indonesia
| | | | | |
Collapse
|
4
|
Watkins ME. Designing an Effective Organizational Culture to Guard Against the Cyber Risks of Emerging Technologies. J Healthc Manag 2023; 68:239-250. [PMID: 37410988 DOI: 10.1097/jhm-d-23-00097] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 07/08/2023]
Abstract
The Internet of Medical Things (IoMT) and interoperable technologies have transformed how patient data affect medical care; such technological innovations revolutionize how healthcare organizations (HCOs) improve cost, quality, and access. New cyber risks, however, accompany developing cyber ecosystems. Although immediate data exchange is beneficial, risk arises from the IoMT's increased susceptibility to human influence. The success of quality care relies on protecting health information technology (HIT) against newly developing cyber vulnerabilities. Therefore, managers must be just as invested in their HCO's cybersecurity protocols as cybercriminals are in bypassing those protocols. This essay proposes a healthcare cyber resiliency model that leverages human and technical factors through a cycle of feedback and process improvement. It intends to equip healthcare administrators with the foundational philosophy necessary to secure their emerging technologies.
Collapse
|
5
|
McGregor R, Reaiche C, Boyle S, Corral de Zubielqui G. Cyberspace and Personal Cyber Insurance: A Systematic Review. JOURNAL OF COMPUTER INFORMATION SYSTEMS 2023. [DOI: 10.1080/08874417.2023.2185551] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 04/08/2023]
Affiliation(s)
| | - Carmen Reaiche
- James Cook University, Townsville, Queensland, Australia
| | - Stephen Boyle
- James Cook University, Townsville, Queensland, Australia
| | | |
Collapse
|
6
|
Patel AU, Williams CL, Hart SN, Garcia CA, Durant TJS, Cornish TC, McClintock DS. Cybersecurity and Information Assurance for the Clinical Laboratory. J Appl Lab Med 2023; 8:145-161. [PMID: 36610432 DOI: 10.1093/jalm/jfac119] [Citation(s) in RCA: 1] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/18/2022] [Accepted: 10/26/2022] [Indexed: 01/09/2023]
Abstract
BACKGROUND Network-connected medical devices have rapidly proliferated in the wake of recent global catalysts, leaving clinical laboratories and healthcare organizations vulnerable to malicious actors seeking to ransom sensitive healthcare information. As organizations become increasingly dependent on integrated systems and data-driven patient care operations, a sudden cyberattack and the associated downtime can have a devastating impact on patient care and the institution as a whole. Cybersecurity, information security, and information assurance principles are, therefore, vital for clinical laboratories to fully prepare for what has now become inevitable, future cyberattacks. CONTENT This review aims to provide a basic understanding of cybersecurity, information security, and information assurance principles as they relate to healthcare and the clinical laboratories. Common cybersecurity risks and threats are defined in addition to current proactive and reactive cybersecurity controls. Information assurance strategies are reviewed, including traditional castle-and-moat and zero-trust security models. Finally, ways in which clinical laboratories can prepare for an eventual cyberattack with extended downtime are discussed. SUMMARY The future of healthcare is intimately tied to technology, interoperability, and data to deliver the highest quality of patient care. Understanding cybersecurity and information assurance is just the first preparative step for clinical laboratories as they ensure the protection of patient data and the continuity of their operations.
Collapse
Affiliation(s)
- Ankush U Patel
- Department of Laboratory Medicine and Pathology, Mayo Clinic, Rochester, MN
| | - Christopher L Williams
- Department of Pathology, University of Oklahoma Health Sciences Center, Oklahoma City, OK
| | - Steven N Hart
- Department of Laboratory Medicine and Pathology, Mayo Clinic, Rochester, MN
| | | | - Thomas J S Durant
- Department of Laboratory Medicine, Yale School of Medicine, New Haven, CT
| | - Toby C Cornish
- Department of Pathology, University of Colorado School of Medicine, Aurora, CO
| | - David S McClintock
- Department of Laboratory Medicine and Pathology, Mayo Clinic, Rochester, MN
| |
Collapse
|
7
|
Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors. Healthcare (Basel) 2022; 10:healthcare10122531. [PMID: 36554055 PMCID: PMC9777837 DOI: 10.3390/healthcare10122531] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/18/2022] [Revised: 12/09/2022] [Accepted: 12/12/2022] [Indexed: 12/23/2022] Open
Abstract
This study aims to review the literature on antecedent factors of information security related to the protection of health information systems (HISs) in the healthcare organization. We classify those factors into organizational and individual aspects. We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Academic articles were sourced from five online databases (Scopus, PubMed, IEEE, ScienceDirect, and SAGE) using keywords related to information security, behavior, and healthcare facilities. The search yielded 35 studies, in which the three most frequent individual factors were self-efficacy, perceived severity, and attitudes, while the three most frequent organizational factors were management support, cues to action, and organizational culture. Individual factors for patients and medical students are still understudied, as are the organizational factors of academic healthcare facilities. More individual factors have been found to significantly influence security behavior. Previous studies have been dominated by the security compliance behavior of clinical and non-clinical hospital staff. These research gaps highlight the theoretical implications of this study. This study provides insight for managers of healthcare facilities and governments to consider individual factors in establishing information security policies and programs for improving security behavior.
Collapse
|
8
|
Ünözkan H, Ertem M, Bendak S. Using attack graphs to defend healthcare systems from cyberattacks: a longitudinal empirical study. NETWORK MODELING ANALYSIS IN HEALTH INFORMATICS AND BIOINFORMATICS 2022; 11:52. [PMCID: PMC9668211 DOI: 10.1007/s13721-022-00391-1] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Received: 08/06/2022] [Revised: 10/01/2022] [Accepted: 10/19/2022] [Indexed: 11/17/2022]
Affiliation(s)
- Hüseyin Ünözkan
- Department of Industrial Engineering, Haliç University, Eyüpsultan, Istanbul, Turkey
| | - Mehmet Ertem
- Department of Industrial Engineering, Eskişehir Osmangazi University, Eskişehir, Turkey
| | - Salaheddine Bendak
- Department of Industrial Engineering, Haliç University, Eyüpsultan, Istanbul, Turkey
| |
Collapse
|
9
|
Hilowle M, Yeoh W, Grobler M, Pye G, Jiang F. Users’ Adoption of National Digital Identity Systems: Human-Centric Cybersecurity Review. JOURNAL OF COMPUTER INFORMATION SYSTEMS 2022. [DOI: 10.1080/08874417.2022.2140089] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/18/2022]
Affiliation(s)
- Malyun Hilowle
- Cyber Security Cooperative Research Centre (CSCRC), Centre for Cyber Security Research and Innovation (CSRI), School of Information Technology, Deakin University, Australia
| | - William Yeoh
- Cyber Security Cooperative Research Centre (CSCRC), Centre for Cyber Security Research and Innovation (CSRI), Department of Information Systems and Business Analytics, Deakin University, Geelong, Australia
| | - Marthie Grobler
- Data61 Commonwealth Scientific and Industrial Research Organisation, Melbourne, Australia
| | - Graeme Pye
- Cyber Security Cooperative Research Centre (CSCRC), Centre for Cyber Security Research and Innovation (CSRI), Department of Information Systems and Business Analytics, Deakin University, Geelong, Australia
| | - Frank Jiang
- Cyber Security Cooperative Research Centre (CSCRC), Centre for Cyber Security Research and Innovation (CSRI), School of Information Technology, Deakin University, Australia
| |
Collapse
|
10
|
Research on the Effectiveness of Cyber Security Awareness in ICS Risk Assessment Frameworks. ELECTRONICS 2022. [DOI: 10.3390/electronics11101659] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social engineering attacks. This research aimed to determine the effect of cyber security awareness on the emergency response to cyber security incidents in the ICS. Additionally, this study has adopted a variety of cyber security emergency response process measures and frameworks and comprehensively proposes a new organizational model of cyber security incident response. The corresponding measures are evaluated based on the MP2DR2 risk control matrix model to assess their practical value in the evaluation stage. This study found that after adding security awareness measures to response control measures, the influential value ranking of other control measures changed. The practical value of security awareness control measures was given a higher priority than that of other control measures. The research results highlight the importance of cyber security awareness and aim to inspire ICSs to place a higher priority on staff cyber security awareness in relation to cyber security incidents, which can effectively prevent the occurrence of cyber security incidents and make the field of industrial control application agency respond to incidents faster to restore the regular progress of all works.
Collapse
|