1
|
Elendu C, Omeludike EK, Oloyede PO, Obidigbo BT, Omeludike JC. Legal implications for clinicians in cybersecurity incidents: A review. Medicine (Baltimore) 2024; 103:e39887. [PMID: 39331908 PMCID: PMC11441973 DOI: 10.1097/md.0000000000039887] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Indexed: 09/29/2024] Open
Abstract
Cybersecurity incidents in healthcare present significant legal implications for clinicians, necessitating careful consideration of technological advancements and regulatory frameworks. This literature examines the healthcare cybersecurity landscape, emphasizing clinicians' challenges, and legal responsibilities. It explores the impact of advanced technologies such as artificial intelligence and quantum computing, highlighting the potential benefits and risks, including biases and ethical dilemmas. The review addresses international regulatory differences, offering a comparative analysis of how various countries handle cybersecurity incidents. This analysis provides insights into best practices and identifies areas for improvement. Practical recommendations are provided, tailored to different healthcare settings, including large hospitals and small clinics, to enhance cybersecurity preparedness. Case studies illustrate real-world scenarios, offering practical guidance for clinicians in managing cybersecurity challenges. The review also identifies critical gaps in the literature, particularly concerning artificial intelligence ethics and international regulatory frameworks, suggesting specific areas for future research. These findings underscore the need for robust cybersecurity policies, comprehensive training for healthcare professionals, and a nuanced understanding of the legal landscape. This review informs policymakers, clinicians, and researchers about the evolving nature of cybersecurity challenges in healthcare, addressing key concerns raised by reviewers and contributing to a comprehensive understanding of the field.
Collapse
Affiliation(s)
| | | | | | - Babajide T Obidigbo
- York and Scarborough Teaching Hospital NHS Foundation Trust, York, United Kingdom
| | | |
Collapse
|
2
|
Wani TA, Mendoza A, Gray K. BYOD security behaviour and preferences among hospital clinicians - A qualitative study. Int J Med Inform 2024; 192:105606. [PMID: 39226635 DOI: 10.1016/j.ijmedinf.2024.105606] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/07/2024] [Revised: 08/13/2024] [Accepted: 08/20/2024] [Indexed: 09/05/2024]
Abstract
BACKGROUND/OBJECTIVE The use of personal devices for work purposes (Bring-your-own-device) has increased in hospitals, as it facilitates productivity and mobility for clinicians. However, owing to increased risk of leaking patient information, and heavy reliance of patient data privacy on user actions, BYOD is a major challenge for hospitals. There has been a dearth of empirical research studying clinicians' BYOD security behaviour. Therefore, the study's aim was to attain subjective understanding of clinicians' attitudes and preferences towards protecting patient data on their devices through a qualitative study. METHODS 14 semi-structured interviews were conducted among Australian hospital-based clinicians. A hybrid thematic analysis was conducted using the framework method to explore socio-technical themes pertaining to the clinicians' BYOD security behavioural practices. RESULTS Limited use of secure tools like antivirus and passcodes, and inadequate separation of patient and personal data on BYOD devices was found. Key technology concerns included malware introduction into hospital network, inadvertent patient data sharing, and slow remote access. Hospitals lacked dedicated BYOD policies and training, resulting in unsafe practices. Participants also cited misalignment of BYOD policies with workflow needs, privacy maintenance challenges and fears of personal data breaches, while calling for improved communication between technical and clinical staff and a strong cybersecurity culture. CONCLUSION This study provides a comprehensive understanding of BYOD related user behaviour and the usefulness of security controls used in time-sensitive and complex hospital environments. It can inform future policies or processes by advocating for secure and productive BYOD use.
Collapse
Affiliation(s)
- Tafheem Ahmad Wani
- School of Psychology & Public Health, La Trobe University, Victoria 3086, Australia; School of Computing and Information Systems, University of Melbourne, Victoria 3010, Australia.
| | - Antonette Mendoza
- School of Computing and Information Systems, University of Melbourne, Victoria 3010, Australia
| | - Kathleen Gray
- Centre for Digital Transformation of Health, University of Melbourne, Victoria 3010, Australia
| |
Collapse
|
3
|
Ibrahim AM, Abdel-Aziz HR, Mohamed HAH, Zaghamir DEF, Wahba NMI, Hassan GA, Shaban M, El-Nablaway M, Aldughmi ON, Aboelola TH. Balancing confidentiality and care coordination: challenges in patient privacy. BMC Nurs 2024; 23:564. [PMID: 39148055 PMCID: PMC11328515 DOI: 10.1186/s12912-024-02231-1] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/17/2024] [Accepted: 08/06/2024] [Indexed: 08/17/2024] Open
Abstract
BACKGROUND In the digital age, maintaining patient confidentiality while ensuring effective care coordination poses significant challenges for healthcare providers, particularly nurses. AIM To investigate the challenges and strategies associated with balancing patient confidentiality and effective care coordination in the digital age. METHODS A cross-sectional study was conducted in a general hospital in Egypt to collect data from 150 nurses across various departments with at least six months of experience in patient care. Data were collected using six tools: Demographic Form, HIPAA Compliance Checklist, Privacy Impact Assessment (PIA) Tool, Data Sharing Agreement (DSA) Framework, EHR Privacy and Security Assessment Tool, and NIST Cybersecurity Framework. Validity and Reliability were ensured through pilot testing and factor analysis. RESULTS Participants were primarily aged 31-40 years (45%), with 75% female and 60% staff nurses. High compliance was observed in the HIPAA Compliance Checklist, especially in Administrative Safeguards (3.8 ± 0.5), indicating strong management and training processes, with an overall score of 85 ± 10. The PIA Tool showed robust privacy management, with Project Descriptions scoring 4.5 ± 0.3 and a total score of 30 ± 3. The DSA Framework had a mean total score of 20 ± 2, with Data Protection Measures scoring highest at 4.0 ± 0.4. The EHR assessments revealed high scores in Access Controls (4.4 ± 0.3) and Data Integrity Measures (4.3 ± 0.3), with an overall score of 22 ± 1.5. The NIST Cybersecurity Framework had a total score of 18 ± 2, with the highest scores in Protect (3.8) and lower in Detect (3.6). Strong positive correlations were found between HIPAA Compliance and EHR Privacy (r = 0.70, p < 0.05) and NIST Cybersecurity (r = 0.55, p < 0.05), reflecting effective data protection practices. CONCLUSION The study suggests that continuous improvement in privacy practices among healthcare providers, through ongoing training and comprehensive privacy frameworks, is vital for enhancing patient confidentiality and supporting effective care coordination.
Collapse
Affiliation(s)
- Ateya Megahed Ibrahim
- College of Nursing, Prince Sattam Bin Abdulaziz University, Alkarj, Saudi Arabia.
- Family and Community Health Nursing Department, Faculty of Nursing, Port Said University, Port Said City, Port Said, 42526, Egypt.
| | - Hassanat Ramadan Abdel-Aziz
- College of Nursing, Prince Sattam Bin Abdulaziz University, Alkarj, Saudi Arabia
- Gerontological Nursing Department, Faculty of Nursing, Zagazig University, Zagazig, Egypt
| | - Heba Ali Hamed Mohamed
- Community Health Nursing Department, Faculty of Nursing, Mansoura University, Mansoura City, Dakahlia, Egypt
| | - Donia Elsaid Fathi Zaghamir
- College of Nursing, Prince Sattam Bin Abdulaziz University, Alkarj, Saudi Arabia
- Pediatric Nursing Department, Faculty of Nursing, Port Said University, Port Said City, 42526, Egypt
| | - Nadia Mohamed Ibrahim Wahba
- College of Nursing, Prince Sattam Bin Abdulaziz University, Alkarj, Saudi Arabia
- Psychiatric Nursing and Mental Health Department, Faculty of Nursing, Port Said University, Port Said, 42526, Egypt
| | - Ghada A Hassan
- Pediatric Nursing Department, Faculty of Nursing, Menoufia University, Shibin el Kom, Egypt
| | - Mostafa Shaban
- Community Health Nursing Department, College of Nursing, Jouf University, Sakaka, Al Jouf, 72388, Saudi Arabia
| | - Mohammad El-Nablaway
- Department of Basic Medical Sciences, College of Medicine, AlMaarefa University, P.O.Box 71666, 11597, Riyadh, Saudi Arabia
| | - Ohoud Naif Aldughmi
- Department of Medical and Surgical Nursing, Northern Border University, Arar, Saudi Arabia
| | | |
Collapse
|
4
|
Ghadi YY, Mazhar T, Shahzad T, Amir Khan M, Abd-Alrazaq A, Ahmed A, Hamam H. The role of blockchain to secure internet of medical things. Sci Rep 2024; 14:18422. [PMID: 39117650 PMCID: PMC11310483 DOI: 10.1038/s41598-024-68529-x] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/24/2024] [Accepted: 07/24/2024] [Indexed: 08/10/2024] Open
Abstract
This study explores integrating blockchain technology into the Internet of Medical Things (IoMT) to address security and privacy challenges. Blockchain's transparency, confidentiality, and decentralization offer significant potential benefits in the healthcare domain. The research examines various blockchain components, layers, and protocols, highlighting their role in IoMT. It also explores IoMT applications, security challenges, and methods for integrating blockchain to enhance security. Blockchain integration can be vital in securing and managing this data while preserving patient privacy. It also opens up new possibilities in healthcare, medical research, and data management. The results provide a practical approach to handling a large amount of data from IoMT devices. This strategy makes effective use of data resource fragmentation and encryption techniques. It is essential to have well-defined standards and norms, especially in the healthcare sector, where upholding safety and protecting the confidentiality of information are critical. These results illustrate that it is essential to follow standards like HIPAA, and blockchain technology can help ensure these criteria are met. Furthermore, the study explores the potential benefits of blockchain technology for enhancing inter-system communication in the healthcare industry while maintaining patient privacy protection. The results highlight the effectiveness of blockchain's consistency and cryptographic techniques in combining identity management and healthcare data protection, protecting patient privacy and data integrity. Blockchain is an unchangeable distributed ledger system. In short, the paper provides important insights into how blockchain technology may transform the healthcare industry by effectively addressing significant challenges and generating legal, safe, and interoperable solutions. Researchers, doctors, and graduate students are the audience for our paper.
Collapse
Affiliation(s)
- Yazeed Yasin Ghadi
- Department of Computer Science and Software Engineering, Al Ain University, Abu Dhabi, 15322, UAE
| | - Tehseen Mazhar
- Department of Computer Science, Virtual University of Pakistan, Lahore, 55150, Pakistan.
| | - Tariq Shahzad
- Department of Computer Science, COMSATS University Islamabad, Sahiwal Campus, Sahiwal, 57000, Pakistan
| | - Muhammad Amir Khan
- School of Computing Sciences, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA, 40450, Shah Alam, Selangor, Malaysia
| | - Alaa Abd-Alrazaq
- AI Center for Precision Health, Weill Cornell Medicine-Qatar, Doha, Qatar
| | - Arfan Ahmed
- AI Center for Precision Health, Weill Cornell Medicine-Qatar, Doha, Qatar.
| | - Habib Hamam
- Faculty of Engineering, Université de Moncton, Moncton, NB, E1A3E9, Canada
- School of Electrical Engineering, Department of Electrical and Electronic Engineering Science, University of Johannesburg, Johannesburg, 2006, South Africa
- Hodmas University College, Taleh Area, Mogadishu, Somalia
- Bridges for Academic Excellence, Tunis, Tunisia
| |
Collapse
|
5
|
Ewoh P, Vartiainen T. Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic Review. J Med Internet Res 2024; 26:e46904. [PMID: 38820579 PMCID: PMC11179043 DOI: 10.2196/46904] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/03/2023] [Revised: 10/17/2023] [Accepted: 03/08/2024] [Indexed: 06/02/2024] Open
Abstract
BACKGROUND Health care organizations worldwide are faced with an increasing number of cyberattacks and threats to their critical infrastructure. These cyberattacks cause significant data breaches in digital health information systems, which threaten patient safety and privacy. OBJECTIVE From a sociotechnical perspective, this paper explores why digital health care systems are vulnerable to cyberattacks and provides sociotechnical solutions through a systematic literature review (SLR). METHODS An SLR using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) was conducted by searching 6 databases (PubMed, Web of Science, ScienceDirect, Scopus, Institute of Electrical and Electronics Engineers, and Springer) and a journal (Management Information Systems Quarterly) for articles published between 2012 and 2022 and indexed using the following keywords: "(cybersecurity OR cybercrime OR ransomware) AND (healthcare) OR (cybersecurity in healthcare)." Reports, review articles, and industry white papers that focused on cybersecurity and health care challenges and solutions were included. Only articles published in English were selected for the review. RESULTS In total, 5 themes were identified: human error, lack of investment, complex network-connected end-point devices, old legacy systems, and technology advancement (digitalization). We also found that knowledge applications for solving vulnerabilities in health care systems between 2012 to 2022 were inconsistent. CONCLUSIONS This SLR provides a clear understanding of why health care systems are vulnerable to cyberattacks and proposes interventions from a new sociotechnical perspective. These solutions can serve as a guide for health care organizations in their efforts to prevent breaches and address vulnerabilities. To bridge the gap, we recommend that health care organizations, in partnership with educational institutions, develop and implement a cybersecurity curriculum for health care and intelligence information sharing through collaborations; training; awareness campaigns; and knowledge application areas such as secure design processes, phase-out of legacy systems, and improved investment. Additional studies are needed to create a sociotechnical framework that will support cybersecurity in health care systems and connect technology, people, and processes in an integrated manner.
Collapse
Affiliation(s)
- Pius Ewoh
- School of Technology and Innovations, Information Systems Science, University of Vaasa, Vaasa, Finland
| | - Tero Vartiainen
- School of Technology and Innovations, Information Systems Science, University of Vaasa, Vaasa, Finland
| |
Collapse
|
6
|
Burke W, Stranieri A, Oseni T, Gondal I. The need for cybersecurity self-evaluation in healthcare. BMC Med Inform Decis Mak 2024; 24:133. [PMID: 38783250 PMCID: PMC11118990 DOI: 10.1186/s12911-024-02551-x] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/26/2023] [Accepted: 05/21/2024] [Indexed: 05/25/2024] Open
Abstract
The Australian healthcare sector is a complex mix of government departments, associations, providers, professionals, and consumers. Cybersecurity attacks, which have recently increased, challenge the sector in many ways; however, the best approaches for the sector to manage the threat are unclear. This study will report on a semi-structured focus group conducted with five representatives from the Australian healthcare and computer security sectors. An analysis of this focus group transcript yielded four themes: 1) the challenge of securing the Australian healthcare landscape; 2) the financial challenges of cybersecurity in healthcare; 3) balancing privacy and transparency; 4) education and regulation. The results indicate the need for sector-specific tools to empower the healthcare sector to mitigate cybersecurity threats, most notably using a self-evaluation tool so stakeholders can proactively prepare for incidents. Despite the vast amount of research into cybersecurity, little has been conducted on proactive cybersecurity approaches where security weaknesses are identified weaknesses before they occur.
Collapse
Affiliation(s)
- Wendy Burke
- Global Professional School, Federation University, PO Box 663, Ballarat, 3353, Victoria, Australia.
| | - Andrew Stranieri
- Institute of Innovation, Science and Sustainability, Federation University, PO Box 663, Ballarat, 3353, Victoria, Australia
| | - Taiwo Oseni
- Institute of Innovation, Science and Sustainability, Federation University, PO Box 663, Ballarat, 3353, Victoria, Australia
| | - Iqbal Gondal
- School of Computing Technologies, RMIT University, GPO Box 2476, Melbourne, 3001, Victoria, Australia
| |
Collapse
|
7
|
Tran S, Smith L, Carter S. Understanding Patient Perspectives on the Use of Gamification and Incentives in mHealth Apps to Improve Medication Adherence: Qualitative Study. JMIR Mhealth Uhealth 2024; 12:e50851. [PMID: 38743461 PMCID: PMC11134245 DOI: 10.2196/50851] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/14/2023] [Revised: 12/20/2023] [Accepted: 03/27/2024] [Indexed: 05/16/2024] Open
Abstract
BACKGROUND Medication nonadherence remains a significant health and economic burden in many high-income countries. Emerging smartphone interventions have started to use features such as gamification and financial incentives with varying degrees of effectiveness on medication adherence and health outcomes. A more consistent approach to applying these features, informed by patient perspectives, may result in more predictable and beneficial results from this type of intervention. OBJECTIVE This qualitative study aims to identify patient perspectives on the use of gamification and financial incentives in mobile health (mHealth) apps for medication adherence in Australian patients taking medication for chronic conditions. METHODS A total of 19 participants were included in iterative semistructured web-based focus groups conducted between May and December 2022. The facilitator used exploratory prompts relating to mHealth apps, gamification, and financial incentives, along with concepts raised from previous focus groups. Transcriptions were independently coded to develop a set of themes. RESULTS Three themes were identified: purpose-driven design, trust-based standards, and personal choice. All participants acknowledged gamification and financial incentives as potentially effective features in mHealth apps for medication adherence. However, they also indicated that the effectiveness heavily depended on implementation and execution. Major concerns relating to gamification and financial incentives were perceived trivialization and potential for medication abuse, respectively. CONCLUSIONS The study's findings provide a foundation for developers seeking to apply these novel features in an app intervention for a general cohort of patients. However, the study highlights the need for standards for mHealth apps for medication adherence, with particular attention to the use of gamification and financial incentives. Future research with patients and stakeholders across the mHealth app ecosystem should be explored to formalize and validate a set of standards or framework.
Collapse
Affiliation(s)
- Steven Tran
- School of Pharmacy, Faculty of Medicine and Health, University of Sydney, Camperdown, Australia
| | - Lorraine Smith
- School of Pharmacy, Faculty of Medicine and Health, University of Sydney, Camperdown, Australia
| | - Stephen Carter
- School of Pharmacy, Faculty of Medicine and Health, University of Sydney, Camperdown, Australia
| |
Collapse
|
8
|
Duffy C, Murray C, Boran G, Srinivasan R, Kane A, Leonard A. Survey of Laboratory Medicine's national response to the HSE cyberattack in the Republic of Ireland. Ir J Med Sci 2024; 193:889-896. [PMID: 37737914 DOI: 10.1007/s11845-023-03511-6] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/08/2023] [Accepted: 08/21/2023] [Indexed: 09/23/2023]
Abstract
BACKGROUND On Friday 14 May 2021, the Health Service Executive (HSE) was subjected to a serious cyberattack on their information technology (IT) infrastructure. Healthcare workers lost access to HSE-provided clinical and non-clinical IT systems, including laboratory systems. AIM The aim of this national survey was to capture Laboratory Medicine's response across the Republic of Ireland during the HSE cyberattack. METHOD An electronic survey developed using Microsoft Forms® was emailed on 24 September 2021 to 58 local representatives of the PeriAnalytic and Laboratory Medicine Society (PALMSoc). RESULTS The survey was sent to 43 clinical laboratories across the Republic of Ireland. A total of 41 responses from 43 laboratories across all laboratory disciplines were received (95% response rate). From these, 55% did not have access to a functioning LIS, with 56% of these not having access to a LIS for greater than 2 weeks. A decrease in specimen requests received during this period was reported by 74% of laboratories, with 32% experiencing a reduction that lasted in excess of one month. Over half of the laboratories (55%) experienced a reduction of > 30% in requests, indicating that clinicians stopped investigating patients (87% reduction in primary care), further escalating the disruption to healthcare. CONCLUSION The cyberattack burdened the HSE and laboratories at a time when healthcare staffs were coming to terms with the impact of the COVID-19 pandemic. Despite this, the survey confirms the agility of laboratory staff in meeting the demands placed on it during this time.
Collapse
Affiliation(s)
- Catriona Duffy
- Laboratory Medicine Innovation Hub, Department of Laboratory Medicine, Tallaght University Hospital, Dublin 24, Ireland.
| | - Caroline Murray
- Laboratory Medicine Innovation Hub, Department of Laboratory Medicine, Tallaght University Hospital, Dublin 24, Ireland
| | - Gerard Boran
- Laboratory Medicine Innovation Hub, Department of Laboratory Medicine, Tallaght University Hospital, Dublin 24, Ireland
- School of Medicine, Trinity College Dublin, Dublin, Ireland
| | - Rama Srinivasan
- Department of Chemical Pathology, Blackrock Clinic, Co., Dublin, Ireland
| | - Anne Kane
- Irish External Quality Assessment Scheme (IEQAS), Dublin, Dublin 14, Ireland
| | - Ann Leonard
- Laboratory Medicine Innovation Hub, Department of Laboratory Medicine, Tallaght University Hospital, Dublin 24, Ireland
- School of Medicine, Trinity College Dublin, Dublin, Ireland
| |
Collapse
|
9
|
Veritti D, Rubinato L, Sarao V, De Nardin A, Foresti GL, Lanzetta P. Behind the mask: a critical perspective on the ethical, moral, and legal implications of AI in ophthalmology. Graefes Arch Clin Exp Ophthalmol 2024; 262:975-982. [PMID: 37747539 PMCID: PMC10907411 DOI: 10.1007/s00417-023-06245-4] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/19/2023] [Revised: 07/24/2023] [Accepted: 09/15/2023] [Indexed: 09/26/2023] Open
Abstract
PURPOSE This narrative review aims to provide an overview of the dangers, controversial aspects, and implications of artificial intelligence (AI) use in ophthalmology and other medical-related fields. METHODS We conducted a decade-long comprehensive search (January 2013-May 2023) of both academic and grey literature, focusing on the application of AI in ophthalmology and healthcare. This search included key web-based academic databases, non-traditional sources, and targeted searches of specific organizations and institutions. We reviewed and selected documents for relevance to AI, healthcare, ethics, and guidelines, aiming for a critical analysis of ethical, moral, and legal implications of AI in healthcare. RESULTS Six main issues were identified, analyzed, and discussed. These include bias and clinical safety, cybersecurity, health data and AI algorithm ownership, the "black-box" problem, medical liability, and the risk of widening inequality in healthcare. CONCLUSION Solutions to address these issues include collecting high-quality data of the target population, incorporating stronger security measures, using explainable AI algorithms and ensemble methods, and making AI-based solutions accessible to everyone. With careful oversight and regulation, AI-based systems can be used to supplement physician decision-making and improve patient care and outcomes.
Collapse
Affiliation(s)
- Daniele Veritti
- Department of Medicine - Ophthalmology, University of Udine, Udine, Italy.
| | - Leopoldo Rubinato
- Department of Medicine - Ophthalmology, University of Udine, Udine, Italy
| | - Valentina Sarao
- Department of Medicine - Ophthalmology, University of Udine, Udine, Italy
- Istituto Europeo di Microchirurgia Oculare - IEMO, Udine, Italy
| | - Axel De Nardin
- Department of Mathematics, Informatics and Physics, University of Udine, Udine, Italy
| | - Gian Luca Foresti
- Department of Mathematics, Informatics and Physics, University of Udine, Udine, Italy
| | - Paolo Lanzetta
- Department of Medicine - Ophthalmology, University of Udine, Udine, Italy
- Istituto Europeo di Microchirurgia Oculare - IEMO, Udine, Italy
| |
Collapse
|
10
|
Cervera García A, Goussens A. [Cybersecurity and use of ICT in the health sector]. Aten Primaria 2024; 56:102854. [PMID: 38219392 PMCID: PMC10823061 DOI: 10.1016/j.aprim.2023.102854] [Citation(s) in RCA: 1] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/01/2023] [Revised: 12/11/2023] [Accepted: 12/12/2023] [Indexed: 01/16/2024] Open
Abstract
Cybercrime in the health sector is a growing threat in the digital age. With computerization of medical records and telemedicine on the rise, cyberattacks can have devastating consequences. Leaking sensitive data or hijacking systems can compromise patient's privacy and jeopardize healthcare. To counter this threat, robust cybersecurity measures are required as a protective measure. This article aims to expose the main dangers and threats faced by ICT, as well as present cybersecurity with its bioethical implications and, finally, the ideal scheme for it in the health sector in order to create a safer and more efficient environment. This article aims to address these issues and provide a comprehensive view of how cybersecurity and ICT can coexist safely and effectively in the healthcare field.
Collapse
Affiliation(s)
- Alejandro Cervera García
- L'Equip d'Atenció Primària de Figueres (EAP Figueres), Institut Català de la Salut, Girona, España
| | - Alyson Goussens
- L'Equip d'Atenció Primària de Figueres (EAP Figueres), Institut Català de la Salut, Girona, España.
| |
Collapse
|
11
|
Abbou B, Kessel B, Ben Natan M, Gabbay-Benziv R, Dahan Shriki D, Ophir A, Goldschmid N, Klein A, Roguin A, Dudkiewicz M. When all computers shut down: the clinical impact of a major cyber-attack on a general hospital. Front Digit Health 2024; 6:1321485. [PMID: 38433989 PMCID: PMC10904636 DOI: 10.3389/fdgth.2024.1321485] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/14/2023] [Accepted: 02/05/2024] [Indexed: 03/05/2024] Open
Abstract
Importance Healthcare organizations operate in a data-rich environment and depend on digital computerized systems; thus, they may be exposed to cyber threats. Indeed, one of the most vulnerable sectors to hacks and malware is healthcare. However, the impact of cyberattacks on healthcare organizations remains under-investigated. Objective This study aims to describe a major attack on an entire medical center that resulted in a complete shutdown of all computer systems and to identify the critical actions required to resume regular operations. Setting This study was conducted on a public, general, and acute care referral university teaching hospital. Methods We report the different recovery measures on various hospital clinical activities and their impact on clinical work. Results The system malfunction of hospital computers did not reduce the number of heart catheterizations, births, or outpatient clinic visits. However, a sharp drop in surgical activities, emergency room visits, and total hospital occupancy was observed immediately and during the first postattack week. A gradual increase in all clinical activities was detected starting in the second week after the attack, with a significant increase of 30% associated with the restoration of the electronic medical records (EMR) and laboratory module and a 50% increase associated with the return of the imaging module archiving. One limitation of the present study is that, due to its retrospective design, there were no data regarding the number of elective internal care hospitalizations that were considered crucial. Conclusions and relevance The risk of ransomware cyberattacks is growing. Healthcare systems at all levels of the hospital should be aware of this threat and implement protocols should this catastrophic event occur. Careful evaluation of steady computer system recovery weekly enables vital hospital function, even under a major cyberattack. The restoration of EMR, laboratory systems, and imaging archiving modules was found to be the most significant factor that allowed the return to normal clinical hospital work.
Collapse
Affiliation(s)
- Benyamine Abbou
- Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
| | - Boris Kessel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Surgical Division, Hillel Yaffe Medical Center, Hadera, Israel
| | - Merav Ben Natan
- Pat Matthews Academic School of Nursing, Hillel Yaffe Medical Center, Hadera, Israel
| | - Rinat Gabbay-Benziv
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Obstetrics and Gynecology, Hillel Yaffe Medical Center, Hadera, Israel
| | | | - Anna Ophir
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Surgical Division, Hillel Yaffe Medical Center, Hadera, Israel
| | - Nimrod Goldschmid
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Risk Management Department, Hillel Yaffe Medical Center, Hadera, Israel
| | - Adi Klein
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Pediatrics, Hillel Yaffe Medical Center, Hadera, Israel
| | - Ariel Roguin
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Cardiology, Hillel Yaffe Medical Center, Hadera, Israel
| | - Mickey Dudkiewicz
- Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
| |
Collapse
|
12
|
Galbusera F, Cina A. Image annotation and curation in radiology: an overview for machine learning practitioners. Eur Radiol Exp 2024; 8:11. [PMID: 38316659 PMCID: PMC10844188 DOI: 10.1186/s41747-023-00408-y] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/01/2023] [Accepted: 11/07/2023] [Indexed: 02/07/2024] Open
Abstract
"Garbage in, garbage out" summarises well the importance of high-quality data in machine learning and artificial intelligence. All data used to train and validate models should indeed be consistent, standardised, traceable, correctly annotated, and de-identified, considering local regulations. This narrative review presents a summary of the techniques that are used to ensure that all these requirements are fulfilled, with special emphasis on radiological imaging and freely available software solutions that can be directly employed by the interested researcher. Topics discussed include key imaging concepts, such as image resolution and pixel depth; file formats for medical image data storage; free software solutions for medical image processing; anonymisation and pseudonymisation to protect patient privacy, including compliance with regulations such as the Regulation (EU) 2016/679 "General Data Protection Regulation" (GDPR) and the 1996 United States Act of Congress "Health Insurance Portability and Accountability Act" (HIPAA); methods to eliminate patient-identifying features within images, like facial structures; free and commercial tools for image annotation; and techniques for data harmonisation and normalisation.Relevance statement This review provides an overview of the methods and tools that can be used to ensure high-quality data for machine learning and artificial intelligence applications in radiology.Key points• High-quality datasets are essential for reliable artificial intelligence algorithms in medical imaging.• Software tools like ImageJ and 3D Slicer aid in processing medical images for AI research.• Anonymisation techniques protect patient privacy during dataset preparation.• Machine learning models can accelerate image annotation, enhancing efficiency and accuracy.• Data curation ensures dataset integrity, compliance, and quality for artificial intelligence development.
Collapse
Affiliation(s)
- Fabio Galbusera
- Spine Center, Schulthess Clinic, Lengghalde 2, Zurich, 8008, Switzerland.
| | - Andrea Cina
- Spine Center, Schulthess Clinic, Lengghalde 2, Zurich, 8008, Switzerland
- ETH Zürich, Department of Health Sciences and Technologies, Zurich, Switzerland
| |
Collapse
|
13
|
Bekbolatova M, Mayer J, Ong CW, Toma M. Transformative Potential of AI in Healthcare: Definitions, Applications, and Navigating the Ethical Landscape and Public Perspectives. Healthcare (Basel) 2024; 12:125. [PMID: 38255014 PMCID: PMC10815906 DOI: 10.3390/healthcare12020125] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/11/2023] [Revised: 12/27/2023] [Accepted: 01/02/2024] [Indexed: 01/24/2024] Open
Abstract
Artificial intelligence (AI) has emerged as a crucial tool in healthcare with the primary aim of improving patient outcomes and optimizing healthcare delivery. By harnessing machine learning algorithms, natural language processing, and computer vision, AI enables the analysis of complex medical data. The integration of AI into healthcare systems aims to support clinicians, personalize patient care, and enhance population health, all while addressing the challenges posed by rising costs and limited resources. As a subdivision of computer science, AI focuses on the development of advanced algorithms capable of performing complex tasks that were once reliant on human intelligence. The ultimate goal is to achieve human-level performance with improved efficiency and accuracy in problem-solving and task execution, thereby reducing the need for human intervention. Various industries, including engineering, media/entertainment, finance, and education, have already reaped significant benefits by incorporating AI systems into their operations. Notably, the healthcare sector has witnessed rapid growth in the utilization of AI technology. Nevertheless, there remains untapped potential for AI to truly revolutionize the industry. It is important to note that despite concerns about job displacement, AI in healthcare should not be viewed as a threat to human workers. Instead, AI systems are designed to augment and support healthcare professionals, freeing up their time to focus on more complex and critical tasks. By automating routine and repetitive tasks, AI can alleviate the burden on healthcare professionals, allowing them to dedicate more attention to patient care and meaningful interactions. However, legal and ethical challenges must be addressed when embracing AI technology in medicine, alongside comprehensive public education to ensure widespread acceptance.
Collapse
Affiliation(s)
- Molly Bekbolatova
- Department of Osteopathic Manipulative Medicine, College of Osteopathic Medicine, New York Institute of Technology, Old Westbury, NY 11568, USA; (M.B.); (J.M.)
| | - Jonathan Mayer
- Department of Osteopathic Manipulative Medicine, College of Osteopathic Medicine, New York Institute of Technology, Old Westbury, NY 11568, USA; (M.B.); (J.M.)
| | - Chi Wei Ong
- School of Chemistry, Chemical Engineering, and Biotechnology, Nanyang Technological University, 62 Nanyang Drive, Singapore 637459, Singapore
| | - Milan Toma
- Department of Osteopathic Manipulative Medicine, College of Osteopathic Medicine, New York Institute of Technology, Old Westbury, NY 11568, USA; (M.B.); (J.M.)
| |
Collapse
|
14
|
Selvaskandan H, Gee PO, Seethapathy H. Technological Innovations to Improve Patient Engagement in Nephrology. ADVANCES IN KIDNEY DISEASE AND HEALTH 2024; 31:28-36. [PMID: 38403391 DOI: 10.1053/j.akdh.2023.11.001] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 05/22/2023] [Revised: 11/08/2023] [Accepted: 11/10/2023] [Indexed: 02/27/2024]
Abstract
Technological innovation has accelerated exponentially over the last 2 decades. From the rise of smartphones and social media in the early 2000s to the mainstream accessibility of artificial intelligence (AI) in 2023, digital advancements have transformed the way we live and work. These innovations have permeated health care, covering a spectrum of applications from virtual reality training platforms to AI-powered clinical decision support tools. In this review, we explore fascinating recent innovations that have and can facilitate patient engagement in nephrology. These include integrated care mobile applications, wearable health monitoring tools, virtual/augmented reality consultation and education platforms, AI-powered appointment booking systems, and patient information tools. We also discuss potential pitfalls in implementation and paradigms to adopt that may protect patients from unintended consequences of being cared for in a digitalized health care system.
Collapse
Affiliation(s)
- Haresh Selvaskandan
- Mayer IgA Nephropathy Laboratories, Department of Cardiovascular Sciences, University of Leicester, Leicester, UK; John Walls Renal Unit, University Hospitals of Leicester NHS Trust, Leicester, UK.
| | | | - Harish Seethapathy
- Division of Nephrology, Department of Medicine, Massachusetts General Hospital, Harvard Medical School, Boston, MA
| |
Collapse
|
15
|
Mejía-Granda CM, Fernández-Alemán JL, Carrillo-de-Gea JM, García-Berná JA. Security vulnerabilities in healthcare: an analysis of medical devices and software. Med Biol Eng Comput 2024; 62:257-273. [PMID: 37789249 PMCID: PMC10758361 DOI: 10.1007/s11517-023-02912-0] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/10/2023] [Accepted: 08/14/2023] [Indexed: 10/05/2023]
Abstract
The integration of IoT in healthcare has introduced vulnerabilities in medical devices and software, posing risks to patient safety and system integrity. This study aims to bridge the research gap and provide valuable insights for addressing healthcare vulnerabilities and their mitigation mechanisms. Software vulnerabilities related to health systems from 2001 to 2022 were collected from the National Vulnerability Database (NVD) systematized by software developed by the researchers and assessed by a medical specialist for their impact on patient well-being. The analysis revealed electronic health records, wireless infusion pumps, endoscope cameras, and radiology information systems as the most vulnerable. In addition, critical vulnerabilities were identified, including poor credential management and hard-coded credentials. The investigation provides some insights into the consequences of vulnerabilities in health software products, projecting future security issues by 2025, offers mitigation suggestions, and highlights trends in attacks on life support and health systems are also provided. The healthcare industry needs significant improvements in protecting medical devices from cyberattacks. Securing communication channels and network schema and adopting secure software practices is necessary. In addition, collaboration, regulatory adherence, and continuous security monitoring are crucial. Industries, researchers, and stakeholders can utilize these findings to enhance security and safeguard patient safety.
Collapse
Affiliation(s)
- Carlos M Mejía-Granda
- Department of Informatics and Systems, Faculty of Computer Science, University of Murcia, 30100, Murcia, Spain.
| | - José L Fernández-Alemán
- Department of Informatics and Systems, Faculty of Computer Science, University of Murcia, 30100, Murcia, Spain
| | - Juan M Carrillo-de-Gea
- Department of Informatics and Systems, Faculty of Computer Science, University of Murcia, 30100, Murcia, Spain
| | - José A García-Berná
- Department of Informatics and Systems, Faculty of Computer Science, University of Murcia, 30100, Murcia, Spain
| |
Collapse
|
16
|
Chiaradonna S, Jevtić P, Lanchier N. Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach. RISK ANALYSIS : AN OFFICIAL PUBLICATION OF THE SOCIETY FOR RISK ANALYSIS 2023; 43:2450-2485. [PMID: 37038249 DOI: 10.1111/risa.14127] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/19/2023]
Abstract
Networks like those of healthcare infrastructure have been a primary target of cyberattacks for over a decade. From just a single cyberattack, a healthcare facility would expect to see millions of dollars in losses from legal fines, business interruption, and loss of revenue. As more medical devices become interconnected, more cyber vulnerabilities emerge, resulting in more potential exploitation that may disrupt patient care and give rise to catastrophic financial losses. In this paper, we propose a structural model of an aggregate loss distribution across multiple cyberattacks on a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient-monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. Our framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. To our knowledge, there exist no other models of an aggregate loss distribution for cyber risk in this setting. We contextualize the problem in the probabilistic graph-theoretical framework using a percolation model and combinatorial techniques to compute the mean and variance of the loss distribution for a mixed random network with associated random costs that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. By characterizing this distribution, we allow for the further utility of pricing cyber risk.
Collapse
Affiliation(s)
- Stefano Chiaradonna
- School of Mathematical and Statistical Sciences, Arizona State University, Tempe, Arizona, USA
| | - Petar Jevtić
- School of Mathematical and Statistical Sciences, Arizona State University, Tempe, Arizona, USA
| | - Nicolas Lanchier
- School of Mathematical and Statistical Sciences, Arizona State University, Tempe, Arizona, USA
| |
Collapse
|
17
|
Arshad HB, Butt SA, Khan SU, Javed Z, Nasir K. ChatGPT and Artificial Intelligence in Hospital Level Research: Potential, Precautions, and Prospects. Methodist Debakey Cardiovasc J 2023; 19:77-84. [PMID: 38028967 PMCID: PMC10655767 DOI: 10.14797/mdcvj.1290] [Citation(s) in RCA: 1] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/12/2023] [Accepted: 10/24/2023] [Indexed: 12/01/2023] Open
Abstract
Rapid advancements in artificial intelligence (AI) have revolutionized numerous sectors, including medical research. Among the various AI tools, OpenAI's ChatGPT, a state-of-the-art language model, has demonstrated immense potential in aiding and enhancing research processes. This review explores the application of ChatGPT in medical hospital level research, focusing on its capabilities for academic writing assistance, data analytics, statistics handling, and code generation. Notably, it delves into the model's ability to streamline tasks, support decision making, and improve patient interaction. However, the article also underscores the importance of exercising caution while dealing with sensitive healthcare data and highlights the limitations of ChatGPT, such as its potential for erroneous outputs and biases. Furthermore, the review discusses the ethical considerations that arise with AI use in health care, including data privacy, AI interpretability, and the risk of AI-induced disparities. The article culminates by envisioning the future of AI in medical research, emphasizing the need for robust regulatory frameworks and guidelines that balance the potential of AI with ethical considerations. As AI continues to evolve, it holds promising potential to augment medical research in a manner that is ethical, equitable, and patient-centric.
Collapse
Affiliation(s)
- Hassaan B. Arshad
- Houston Methodist DeBakey Heart & Vascular Center, Houston, Texas, US
| | - Sara A. Butt
- Houston Methodist Research Institute, Houston, Texas, US
| | - Safi U. Khan
- Houston Methodist DeBakey Heart & Vascular Center, Houston, Texas, US
| | | | - Khurram Nasir
- Houston Methodist DeBakey Heart & Vascular Center, Houston, Texas, US
| |
Collapse
|
18
|
von der Forst M, Popp E, Weigand MA, Neuhaus C. [Special emergency situations and hazard control in German hospitals-A survey on the current state]. DIE ANAESTHESIOLOGIE 2023; 72:784-790. [PMID: 37855945 PMCID: PMC10615912 DOI: 10.1007/s00101-023-01349-2] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 01/23/2023] [Revised: 07/02/2023] [Accepted: 09/07/2023] [Indexed: 10/20/2023]
Abstract
BACKGROUND AND RESEARCH QUESTION In case of events such as a cyber attack or a mass casualty incident, ad hoc measures have to be taken in hospitals. As part of the critical infrastructure, hospitals are required by law to prepare, update and exercise alarm and emergency plans for various special situations. The processes and instruments involved for emergency response are defined in the hospital alert and emergency planning. The present study aims to explain with which resources and for which special situations hospitals are prepared. METHODS A prospective, exploratory, anonymous survey of hospitals in Germany was conducted. Hospitals with both internal medicine and surgery departments were included. Out of 2497 hospitals listed in the German Hospital Directory ( www.deutsches-krankenhaus-verzeichnis.de ), 1049 met the inclusion criteria. After correcting for hospital groups with shared administrations, 850 employees were identified and contacted by e‑mail. Quality and risk management managers were asked about resources, risks, and content of their own hospital alert and emergency planning using a standardized questionnaire. The survey was conducted using the online platform EFS Survey (Tivian XI GmbH, Cologne) via www.unipark.de . Access to the survey was via a nonpersonalized hyperlink. Apart from the size and type of hospital surveyed, no data were collected that would allow identification of an individual person. RESULTS Of the participating hospitals 45% (n = 43) were primary care hospitals, 24% (n = 23) were specialty care hospitals, 10% (n = 9) were nonuniversity maximum care hospitals, and 21% (n = 20) were university maximum care hospitals. In total 95 hospitals participated in the survey, of which 98% (n = 93) reported having a hospital alert and emergency plan. Preparation for individual scenarios varied widely. Of the participating hospitals 45% (n = 43) reported having been the target of cyber attacks with an emphasis on maximum care hospitals (55%, n = 11 of 20). Technical redundancy for computer systems is available in 67% (n = 63) of participating hospitals, while independent means of communication exist in 50% (n = 47) of hospitals. A physician-staffed crisis and disaster management unit existed in 60% (n = 56) of the surveyed hospitals. At least a part time position for planning issues was installed in 12 hospitals. CONCLUSION Most participating hospitals are aware of the need for a hospital alert and emergency plan and have various scenario-specific plans in place. Especially mass casualty events, fire and hospital evacuation scenarios are uniformly covered among participating hospitals; however, gaps appear to exist not only for chemical, biological or radionuclear situations but also especially in the area of extreme weather events and infrastructure failures. Only about two thirds of all participating hospitals have contingency plans for water supply and/or heating failures. An important limitation of the study is the comparatively low response rate of 12.9% (n = 95 of 850). While primary care hospitals were underrepresented in the study, 32% of Germany's larger hospitals (> 800 beds) participated. In the future, there is a particular need to engage enough medical staff in the area of hospital alert and emergency planning and refunding of these measures by hospitals.
Collapse
Affiliation(s)
- M von der Forst
- Klinik für Anästhesiologie, Universität Heidelberg, Medizinische Fakultät Heidelberg, Im Neuenheimer Feld 420, 69120, Heidelberg, Deutschland
| | - E Popp
- Klinik für Anästhesiologie, Universität Heidelberg, Medizinische Fakultät Heidelberg, Im Neuenheimer Feld 420, 69120, Heidelberg, Deutschland
| | - M A Weigand
- Klinik für Anästhesiologie, Universität Heidelberg, Medizinische Fakultät Heidelberg, Im Neuenheimer Feld 420, 69120, Heidelberg, Deutschland
| | - C Neuhaus
- Klinik für Anästhesiologie, Universität Heidelberg, Medizinische Fakultät Heidelberg, Im Neuenheimer Feld 420, 69120, Heidelberg, Deutschland.
| |
Collapse
|
19
|
Cartwright AJ. The elephant in the room: cybersecurity in healthcare. J Clin Monit Comput 2023; 37:1123-1132. [PMID: 37088852 PMCID: PMC10123010 DOI: 10.1007/s10877-023-01013-5] [Citation(s) in RCA: 3] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/08/2023] [Accepted: 04/05/2023] [Indexed: 04/25/2023]
Abstract
Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient-the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.
Collapse
|
20
|
Alanazi AT. Clinicians' Perspectives on Healthcare Cybersecurity and Cyber Threats. Cureus 2023; 15:e47026. [PMID: 37965389 PMCID: PMC10642560 DOI: 10.7759/cureus.47026] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Accepted: 10/14/2023] [Indexed: 11/16/2023] Open
Abstract
INTRODUCTION In today's world, healthcare systems face various risks, including data breaches, theft, and damage. This is where cybersecurity comes in, as it helps protect sensitive personal and financial data, such as electronic health records. This study delved into the perspectives of clinicians on cybersecurity in healthcare, exploring how it impacts patient safety and the functioning of organizations. The study also identified challenges associated with implementing cybersecurity measures and the risks of not doing so. METHOD This is a qualitative study in which clinical informaticians from different health science backgrounds were asked to share their opinions using the Delphi technique, with 48 participants engaging in all three rounds. RESULTS The study highlighted that 96% of participants deemed cybersecurity in healthcare critical for protecting data. Compliance with regulations (91.7%), reduced disruptions (69%), improved patient care (65%), trust (58.3%), and reputation (54%) were additional advantages. However, the study also identified top challenges to cybersecurity implementation, such as time/resource constraints (65%) and disruption to workflows/services (60.4%). Staff resistance, insider threats, and legacy system issues were also anticipated obstacles. Neglecting to implement cybersecurity measures in healthcare could lead to a higher risk of data breaches (96%), financial/legal penalties for hospitals (79%), and concerns about patient safety (65%). CONCLUSION It is imperative to prioritize cybersecurity in the healthcare industry to mitigate these risks and ensure patient confidence, health system stability, and, ultimately, save lives. A unified approach is required to enforce policies, modify behaviors, and adopt innovative practices to combat cyberattacks effectively.
Collapse
Affiliation(s)
- Abdullah T Alanazi
- College of Public Health and Health Informatics, King Saud bin Abdulaziz University for Health Sciences, Riyadh, SAU
- Bioinformatics, King Abdullah International Medical Research Center (KAIMRC), Riyadh, SAU
| |
Collapse
|
21
|
Argyridou E, Nifakos S, Laoudias C, Panda S, Panaousis E, Chandramouli K, Navarro-Llobet D, Mora Zamorano J, Papachristou P, Bonacina S. Cyber Hygiene Methodology for Raising Cybersecurity and Data Privacy Awareness in Health Care Organizations: Concept Study. J Med Internet Res 2023; 25:e41294. [PMID: 37498644 PMCID: PMC10415935 DOI: 10.2196/41294] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/21/2022] [Revised: 12/23/2022] [Accepted: 01/19/2023] [Indexed: 01/21/2023] Open
Abstract
BACKGROUND Cyber threats are increasing across all business sectors, with health care being a prominent domain. In response to the ever-increasing threats, health care organizations (HOs) are enhancing the technical measures with the use of cybersecurity controls and other advanced solutions for further protection. Despite the need for technical controls, humans are evidently the weakest link in the cybersecurity posture of HOs. This suggests that addressing the human aspects of cybersecurity is a key step toward managing cyber-physical risks. In practice, HOs are required to apply general cybersecurity and data privacy guidelines that focus on human factors. However, there is limited literature on the methodologies and procedures that can assist in successfully mapping these guidelines to specific controls (interventions), including awareness activities and training programs, with a measurable impact on personnel. To this end, tools and structured methodologies for assisting higher management in selecting the minimum number of required controls that will be most effective on the health care workforce are highly desirable. OBJECTIVE This study aimed to introduce a cyber hygiene (CH) methodology that uses a unique survey-based risk assessment approach for raising the cybersecurity and data privacy awareness of different employee groups in HOs. The main objective was to identify the most effective strategy for managing cybersecurity and data privacy risks and recommend targeted human-centric controls that are tailored to organization-specific needs. METHODS The CH methodology relied on a cross-sectional, exploratory survey study followed by a proposed risk-based survey data analysis approach. First, survey data were collected from 4 different employee groups across 3 European HOs, covering 7 categories of cybersecurity and data privacy risks. Next, survey data were transcribed and fitted into a proposed risk-based approach matrix that translated risk levels to strategies for managing the risks. RESULTS A list of human-centric controls and implementation levels was created. These controls were associated with risk categories, mapped to risk strategies for managing the risks related to all employee groups. Our mapping empowered the computation and subsequent recommendation of subsets of human-centric controls to implement the identified strategy for managing the overall risk of the HOs. An indicative example demonstrated the application of the CH methodology in a simple scenario. Finally, by applying the CH methodology in the health care sector, we obtained results in the form of risk markings; identified strategies to manage the risks; and recommended controls for each of the 3 HOs, each employee group, and each risk category. CONCLUSIONS The proposed CH methodology improves the CH perception and behavior of personnel in the health care sector and provides risk strategies together with a list of recommended human-centric controls for managing a wide range of cybersecurity and data privacy risks related to health care employees.
Collapse
Affiliation(s)
- Elina Argyridou
- KIOS Research and Innovation Center of Excellence, University of Cyprus, Nicosia, Cyprus
| | - Sokratis Nifakos
- Health Informatics Centre, Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, Stockholm, Sweden
| | - Christos Laoudias
- KIOS Research and Innovation Center of Excellence, University of Cyprus, Nicosia, Cyprus
| | - Sakshyam Panda
- Internet of Things and Security Centre, University of Greenwich, London, United Kingdom
| | - Emmanouil Panaousis
- Internet of Things and Security Centre, University of Greenwich, London, United Kingdom
| | - Krishna Chandramouli
- Health Informatics Centre, Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, Stockholm, Sweden
| | - Diana Navarro-Llobet
- Department of Research and Innovation, Fundacio Privada Hospital Asil de Granollers, Barcelona, Spain
| | - Juan Mora Zamorano
- Instituto de Invest, Sanitaria Puerta de Hierro, Servicio Madrileno de Salud , Majadahonda, Madrid, Spain
| | - Panagiotis Papachristou
- Division of Family Medicine and Primary Care, Department of Neurobiology, Care Sciences and Society, Karolinska Institutet, Stockholm, Sweden
| | - Stefano Bonacina
- Health Informatics Centre, Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, Stockholm, Sweden
| |
Collapse
|
22
|
Neumann C, Straßberger-Nerschbach N, Delis A, Kamp J, Görtzen-Patin A, Cudian D, Fleischer A, Wietasch G, Coburn M, Schindler E, Schleifer G, Wittmann M. Digital Online Patient Informed Consent for Anesthesia before Elective Surgery-Recent Practice in Europe. Healthcare (Basel) 2023; 11:1942. [PMID: 37444775 DOI: 10.3390/healthcare11131942] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/16/2023] [Revised: 06/24/2023] [Accepted: 06/30/2023] [Indexed: 07/15/2023] Open
Abstract
BACKGROUND Digitalization in the health system is a topic that is rapidly gaining popularity, and not only because of the current pandemic. As in many areas of daily life, digitalization is becoming increasingly important in the medical field amid the exponential rise in the use of computers and smartphones. This opens up new possibilities for optimizing patient education in the context of anesthesia. The main aim of this study was to assess the implementation of remote consent in Europe. METHODS An online survey entitled "Digital online Patient Informed Consent for Anesthesia before Elective Surgery. Recent practice in Europe," with a total of 27 questions, was sent by the European Society of Anesthesiology and Intensive Care (ESAIC) to their members in 47 European countries. To assess the effect of the economy on digitalization and legal status with regard to anesthesia consent, data were stratified based on gross domestic product per capita (GDPPC). RESULTS In total, 23.1% and 37.2% of the 930 participants indicated that it was possible to obtain consent online or via telephone, respectively. This observation was more often reported in countries with high GDPPC levels than in countries with low GDPPC levels. Furthermore, 27.3% of the responses for simple anesthesia, 18.7% of the responses for complex anesthesia, and 32.2% of the responses for repeated anesthesia indicated that remote consent was in accordance with the law, and this was especially prevalent in countries with high GDPPC. Concerning the timing of consent, patients were informed at least one day before in 67.1% of cases for simple procedures and in 85.2% of cases for complex procedures. CONCLUSION Even European countries with high GDPPC use remote informed consent only in a minority of cases, and most of the time for repeated anesthetic procedures. This might reflect the inconsistent legal situation and inhomogeneous medical technical structures across Europe.
Collapse
Affiliation(s)
- Claudia Neumann
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| | | | - Achilles Delis
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| | - Johannes Kamp
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| | - Alexandra Görtzen-Patin
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| | - Dishalen Cudian
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| | - Andreas Fleischer
- Department of Anesthesiology and Intensive Care Medicine, Hospital Vest, 45657 Recklinghausen, Germany
| | - Götz Wietasch
- Department of Anesthesiology, University of Groningen, University Medical Center Groningen, 9713 GZ Groningen, The Netherlands
| | - Mark Coburn
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| | - Ehrenfried Schindler
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| | - Grigorij Schleifer
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| | - Maria Wittmann
- Department of Anesthesiology and Intensive Care Medicine, University Hospital, 53127 Bonn, Germany
| |
Collapse
|
23
|
Portela D, Nogueira-Leite D, Almeida R, Cruz-Correia R. Economic Impact of a Hospital Cyberattack in a National Health System: Descriptive Case Study. JMIR Form Res 2023; 7:e41738. [PMID: 37389934 PMCID: PMC10365569 DOI: 10.2196/41738] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/06/2022] [Revised: 04/24/2023] [Accepted: 05/10/2023] [Indexed: 07/01/2023] Open
Abstract
BACKGROUND Over the last decade, the frequency and size of cyberattacks in the health care industry have increased, ranging from breaches of processes or networks to encryption of files that restrict access to data. These attacks may have multiple consequences for patient safety, as they can, for example, target electronic health records, access to critical information, and support for critical systems, thereby causing delays in hospital activities. The effects of cybersecurity breaches are not only a threat to patients' lives but also have financial consequences due to causing inactivity in health care systems. However, publicly available information on these incidents quantifying their impact is scarce. OBJECTIVE We aim, while using public domain data from Portugal, to (1) identify data breaches in the public national health system since 2017 and (2) measure the economic impact using a hypothesized scenario as a case study. METHODS We retrieved data from multiple national and local media sources on cybersecurity from 2017 until 2022 and built a timeline of attacks. In the absence of public information on cyberattacks, reported drops in activity were estimated using a hypothesized scenario for affected resources and percentages and duration of inactivity. Only direct costs were considered for estimates. Data for estimates were produced based on planned activity through the hospital contract program. We use sensitivity analysis to illustrate how a midlevel ransomware attack might impact health institutions' daily costs (inferring a potential range of values based on assumptions). Given the heterogeneity of our included parameters, we also provide a tool for users to distinguish such impacts of different attacks on institutions according to different contract programs, served population size, and proportion of inactivity. RESULTS From 2017 to 2022, we were able to identify 6 incidents in Portuguese public hospitals using public domain data (there was 1 incident each year and 2 in 2018). Financial impacts were obtained from a cost point of view, where estimated values have a minimum-to-maximum range of €115,882.96 to €2,317,659.11 (a currency exchange rate of €1=US $1.0233 is applicable). Costs of this range and magnitude were inferred assuming different percentages of affected resources and with different numbers of working days while considering the costs of external consultation, hospitalization, and use of in- and outpatient clinics and emergency rooms, for a maximum of 5 working days. CONCLUSIONS To enhance cybersecurity capabilities at hospitals, it is important to provide robust information to support decision-making. Our study provides valuable information and preliminary insights that can help health care organizations better understand the costs and risks associated with cyber threats and improve their cybersecurity strategies. Additionally, it demonstrates the importance of adopting effective preventive and reactive strategies, such as contingency plans, as well as enhanced investment in improving cybersecurity capabilities in this critical area while aiming to achieve cyber-resilience.
Collapse
Affiliation(s)
- Diana Portela
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
| | - Diogo Nogueira-Leite
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
- Nova School of Business and Economics Health Economics and Management Knowledge Center, New University of Lisbon, Lisbon, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| | - Rafael Almeida
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| | - Ricardo Cruz-Correia
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| |
Collapse
|
24
|
Almansoori A, Al-Emran M, Shaalan K. Exploring the Frontiers of Cybersecurity Behavior: A Systematic Review of Studies and Theories. APPLIED SCIENCES 2023; 13:5700. [DOI: 10.3390/app13095700] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 09/01/2023]
Abstract
Cybersecurity procedures and policies are prevalent countermeasures for protecting organizations from cybercrimes and security incidents. Without considering human behaviors, implementing these countermeasures will remain useless. Cybersecurity behavior has gained much attention in recent years. However, a systematic review that provides extensive insights into cybersecurity behavior through different technologies and services and covers various directions in large-scale research remains lacking. Therefore, this study retrieved and analyzed 2210 articles published on cybersecurity behavior. The retrieved articles were then thoroughly examined to meet the inclusion and exclusion criteria, in which 39 studies published between 2012 and 2021 were ultimately picked for further in-depth analysis. The main findings showed that the protection motivation theory (PMT) dominated the list of theories and models examining cybersecurity behavior. Cybersecurity behavior and intention behavior counted for the highest purpose for most studies, with fewer studies focusing on cybersecurity awareness and compliance behavior. Most examined studies were conducted in individualistic contexts with limited exposure to collectivistic societies. A total of 56% of the analyzed studies focused on the organizational level, indicating that the individual level is still in its infancy stage. To address the research gaps in cybersecurity behavior at the individual level, this review proposes a number of research agendas that can be considered in future research. This review is believed to improve our understanding by revealing the full potential of cybersecurity behavior and opening the door for further research opportunities.
Collapse
Affiliation(s)
- Afrah Almansoori
- Faculty of Engineering & IT, The British University in Dubai, Dubai P.O. Box 345015, United Arab Emirates
- General Department of Forensic Science and Criminology, Dubai Police G.H.Q., Dubai P.O. Box 1493, United Arab Emirates
| | - Mostafa Al-Emran
- Faculty of Engineering & IT, The British University in Dubai, Dubai P.O. Box 345015, United Arab Emirates
- Department of Computer Techniques Engineering, Dijlah University College, Baghdad 00964, Iraq
| | - Khaled Shaalan
- Faculty of Engineering & IT, The British University in Dubai, Dubai P.O. Box 345015, United Arab Emirates
| |
Collapse
|
25
|
Silvestri S, Islam S, Papastergiou S, Tzagkarakis C, Ciampi M. A Machine Learning Approach for the NLP-Based Analysis of Cyber Threats and Vulnerabilities of the Healthcare Ecosystem. SENSORS (BASEL, SWITZERLAND) 2023; 23:651. [PMID: 36679446 PMCID: PMC9866080 DOI: 10.3390/s23020651] [Citation(s) in RCA: 3] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 10/31/2022] [Revised: 11/29/2022] [Accepted: 12/06/2022] [Indexed: 06/17/2023]
Abstract
Digitization in healthcare systems, with the wid adoption of Electronic Health Records, connected medical devices, software and systems providing efficient healthcare service delivery and management. On the other hand, the use of these systems has significantly increased cyber threats in the healthcare sector. Vulnerabilities in the existing and legacy systems are one of the key causes for the threats and related risks. Understanding and addressing the threats from the connected medical devices and other parts of the ICT health infrastructure are of paramount importance for ensuring security within the overall healthcare ecosystem. Threat and vulnerability analysis provides an effective way to lower the impact of risks relating to the existing vulnerabilities. However, this is a challenging task due to the availability of massive data which makes it difficult to identify potential patterns of security issues. This paper contributes towards an effective threats and vulnerabilities analysis by adopting Machine Learning models, such as the BERT neural language model and XGBoost, to extract updated information from the Natural Language documents largely available on the web, evaluating at the same time the level of the identified threats and vulnerabilities that can impact on the healthcare system, providing the required information for the most appropriate management of the risk. Experiments were performed based on CS news extracted from the Hacker News website and on Common Vulnerabilities and Exposures (CVE) vulnerability reports. The results demonstrate the effectiveness of the proposed approach, which provides a realistic manner to assess the threats and vulnerabilities from Natural Language texts, allowing adopting it in real-world Healthcare ecosystems.
Collapse
Affiliation(s)
- Stefano Silvestri
- Institute for High Performance Computing and Networking, National Research Council of Italy (ICAR-CNR), Via Pietro Castellino 111, 80131 Naples, Italy
| | - Shareeful Islam
- School of Computing and Information Science, Anglia Ruskin University, Cambridge CB1 1PT, UK
- Focal Point, 1410 Waterloo, Belgium
| | - Spyridon Papastergiou
- Focal Point, 1410 Waterloo, Belgium
- Department of Informatics, University of Piraeus, GR-185 34 Piraeus, Greece
| | - Christos Tzagkarakis
- Focal Point, 1410 Waterloo, Belgium
- Institute of Computer Science, Foundation for Research and Technology-Hellas, GR-700 13 Heraklion, Greece
| | - Mario Ciampi
- Institute for High Performance Computing and Networking, National Research Council of Italy (ICAR-CNR), Via Pietro Castellino 111, 80131 Naples, Italy
| |
Collapse
|
26
|
Chen Y, Gan W, Wu Y, Yu PS. Privacy-Preserving Federated Mining of Frequent Itemsets. Inf Sci (N Y) 2023. [DOI: 10.1016/j.ins.2023.01.002] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 01/09/2023]
|
27
|
Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors. Healthcare (Basel) 2022; 10:healthcare10122531. [PMID: 36554055 PMCID: PMC9777837 DOI: 10.3390/healthcare10122531] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/18/2022] [Revised: 12/09/2022] [Accepted: 12/12/2022] [Indexed: 12/23/2022] Open
Abstract
This study aims to review the literature on antecedent factors of information security related to the protection of health information systems (HISs) in the healthcare organization. We classify those factors into organizational and individual aspects. We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Academic articles were sourced from five online databases (Scopus, PubMed, IEEE, ScienceDirect, and SAGE) using keywords related to information security, behavior, and healthcare facilities. The search yielded 35 studies, in which the three most frequent individual factors were self-efficacy, perceived severity, and attitudes, while the three most frequent organizational factors were management support, cues to action, and organizational culture. Individual factors for patients and medical students are still understudied, as are the organizational factors of academic healthcare facilities. More individual factors have been found to significantly influence security behavior. Previous studies have been dominated by the security compliance behavior of clinical and non-clinical hospital staff. These research gaps highlight the theoretical implications of this study. This study provides insight for managers of healthcare facilities and governments to consider individual factors in establishing information security policies and programs for improving security behavior.
Collapse
|
28
|
Lorenzini G, Shaw DM, Elger BS. It takes a pirate to know one: ethical hackers for healthcare cybersecurity. BMC Med Ethics 2022; 23:131. [PMID: 36494715 PMCID: PMC9733027 DOI: 10.1186/s12910-022-00872-y] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/07/2022] [Accepted: 12/03/2022] [Indexed: 12/13/2022] Open
Abstract
Healthcare cybersecurity is increasingly targeted by malicious hackers. This sector has many vulnerabilities and health data is very sensitive and valuable. Consequently, any damage caused by malicious intrusions is particularly alarming. The consequences of these attacks can be enormous and endanger patient care. Amongst the already-implemented cybersecurity measures and the ones that need to be further improved, this paper aims to demonstrate how penetration tests can greatly benefit healthcare cybersecurity. It is already proven that this approach has enforced cybersecurity in other sectors. However, it is not popular in healthcare since many prejudices still surround the hacking practice and there is a lack of education on hackers' categories and their ethics. The present analysis aims to comprehend what hacker ethics is and who ethical hackers are. Currently, hacker ethics has the status of personal ethics; however, to employ penetration testers in healthcare, it is recommended to draft an official code of ethics, comprising principles, standards, expectations, and best practices. Additionally, it is important to distinguish between malicious hackers and ethical hackers. Amongst the latter, penetration testers are only a sub-category. Acknowledging the subtle differences between ethical hackers and penetration testers allows to better understand why and how the latter can offer their services to healthcare facilities.
Collapse
Affiliation(s)
- Giorgia Lorenzini
- grid.6612.30000 0004 1937 0642Institute for Biomedical Ethics, Faculty of Medicine, University of Basel, Bernoullistrasse 28, 4056 Basel, Switzerland
| | - David Martin Shaw
- grid.6612.30000 0004 1937 0642Institute for Biomedical Ethics, Faculty of Medicine, University of Basel, Bernoullistrasse 28, 4056 Basel, Switzerland ,grid.5012.60000 0001 0481 6099Care and Public Health Research Institute, Faculty of Health, Medicine and Life Sciences, Maastricht University, Maastricht, The Netherlands
| | - Bernice Simone Elger
- grid.6612.30000 0004 1937 0642Institute for Biomedical Ethics, Faculty of Medicine, University of Basel, Bernoullistrasse 28, 4056 Basel, Switzerland ,grid.8591.50000 0001 2322 4988Center of Legal Medicine, Faculty of Medicine, University of Geneva, Geneva, Switzerland
| |
Collapse
|
29
|
Ünözkan H, Ertem M, Bendak S. Using attack graphs to defend healthcare systems from cyberattacks: a longitudinal empirical study. NETWORK MODELING ANALYSIS IN HEALTH INFORMATICS AND BIOINFORMATICS 2022; 11:52. [PMCID: PMC9668211 DOI: 10.1007/s13721-022-00391-1] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Received: 08/06/2022] [Revised: 10/01/2022] [Accepted: 10/19/2022] [Indexed: 11/17/2022]
Affiliation(s)
- Hüseyin Ünözkan
- Department of Industrial Engineering, Haliç University, Eyüpsultan, Istanbul, Turkey
| | - Mehmet Ertem
- Department of Industrial Engineering, Eskişehir Osmangazi University, Eskişehir, Turkey
| | - Salaheddine Bendak
- Department of Industrial Engineering, Haliç University, Eyüpsultan, Istanbul, Turkey
| |
Collapse
|
30
|
Seastedt KP, Schwab P, O’Brien Z, Wakida E, Herrera K, Marcelo PGF, Agha-Mir-Salim L, Frigola XB, Ndulue EB, Marcelo A, Celi LA. Global healthcare fairness: We should be sharing more, not less, data. PLOS DIGITAL HEALTH 2022; 1:e0000102. [PMID: 36812599 PMCID: PMC9931202 DOI: 10.1371/journal.pdig.0000102] [Citation(s) in RCA: 28] [Impact Index Per Article: 14.0] [Reference Citation Analysis] [Abstract] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 04/16/2023]
Abstract
The availability of large, deidentified health datasets has enabled significant innovation in using machine learning (ML) to better understand patients and their diseases. However, questions remain regarding the true privacy of this data, patient control over their data, and how we regulate data sharing in a way that that does not encumber progress or further potentiate biases for underrepresented populations. After reviewing the literature on potential reidentifications of patients in publicly available datasets, we argue that the cost-measured in terms of access to future medical innovations and clinical software-of slowing ML progress is too great to limit sharing data through large publicly available databases for concerns of imperfect data anonymization. This cost is especially great for developing countries where the barriers preventing inclusion in such databases will continue to rise, further excluding these populations and increasing existing biases that favor high-income countries. Preventing artificial intelligence's progress towards precision medicine and sliding back to clinical practice dogma may pose a larger threat than concerns of potential patient reidentification within publicly available datasets. While the risk to patient privacy should be minimized, we believe this risk will never be zero, and society has to determine an acceptable risk threshold below which data sharing can occur-for the benefit of a global medical knowledge system.
Collapse
Affiliation(s)
- Kenneth P. Seastedt
- Beth Israel Deaconess Medical Center, Department of Surgery, Harvard Medical School, Boston, Massachusetts, United States of America
| | - Patrick Schwab
- GlaxoSmithKline, Artificial Intelligence & Machine Learning, Zug, Switzerland
| | - Zach O’Brien
- Australian and New Zealand Intensive Care Research Centre (ANZIC-RC), Department of Epidemiology and Preventive Medicine, Monash University, Melbourne, Victoria, Australia
| | - Edith Wakida
- Mbarara University of Science and Technology, Mbarara, Uganda
| | - Karen Herrera
- Quality and Patient Safety, Hospital Militar, Managua, Nicaragua
| | - Portia Grace F. Marcelo
- Department of Family & Community Medicine, University of the Philippines, Manila, Philippines
| | - Louis Agha-Mir-Salim
- Institute of Medical Informatics, Charité—Universitätsmedizin Berlin (corporate member of Freie Universität Berlin, Humboldt-Universität zu Berlin, and Berlin Institute of Health), Berlin, Germany
- Laboratory for Computational Physiology, Harvard-MIT Division of Health Sciences & Technology, Cambridge, Massachusetts, United States of America
| | - Xavier Borrat Frigola
- Laboratory for Computational Physiology, Harvard-MIT Division of Health Sciences & Technology, Cambridge, Massachusetts, United States of America
- Anesthesiology and Critical Care Department, Hospital Clinic de Barcelona, Barcelona, Spain
| | - Emily Boardman Ndulue
- Department of Journalism, Northeastern University, Boston, Massachusetts, United States of America
| | - Alvin Marcelo
- Department of Surgery, University of the Philippines, Manila, Philippines
| | - Leo Anthony Celi
- Laboratory for Computational Physiology, Harvard-MIT Division of Health Sciences & Technology, Cambridge, Massachusetts, United States of America
- Department of Medicine, Beth Israel Deaconess Medical Center, Harvard Medical School, Boston, Massachusetts, United States of America
- Department of Biostatistics Harvard T.H, Chan School of Public Health, Boston, Massachusetts, United States of America
| |
Collapse
|
31
|
Tariq A, Manzoor J, Aziz MA, Tariq ZUA, Masood A. Open source SIEM solutions for an enterprise. INFORMATION AND COMPUTER SECURITY 2022. [DOI: 10.1108/ics-09-2021-0146] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
Purpose
The security of applications, systems and networks has always been the source of great concern for both enterprises and common users. Different security tools like intrusion detection system/intrusion prevention system and firewalls are available that provide preventive security to the enterprise networks. However, security information and event management (SIEM) systems use these tools in combination to collect events from diverse data sources across the network. SIEM is a proactive tool that processes the events to present a unified security view of the whole network at one location. SIEM system has, therefore, become an essential component of an enterprise network security architecture. However, from various options available, the selection of a suitable and cost-effective open source SIEM solution that can effectively meet most of the security requirements of small-to-medium-sized enterprises (SMEs) is not simple because of the lack of strong analysis.
Design/methodology/approach
In this work, the authors first review the security challenges faced by different SME sectors and then consider a comprehensive comparative analysis of the capabilities of well-known open source SIEM solutions. Based on this, the authors provide requirements based recommendations of open source SIEM solutions for SMEs. This paper aims to provide a valuable resource that can be referred to by SMEs for the selection of a SIEM system best suited to their organization’s security posture.
Findings
Security requirements of SMEs vary according to their network infrastructure; therefore, every open source SIEM solution would not be suitable for an SME. Selection of a SIEM solution from available open source solutions based upon the security requirements of an SME network is a critical task. Therefore, in this work, a meaningful insight for the selection of an appropriate SIEM solution for SMEs is provided.
Originality/value
Major contribution of this work is the mapping of the security requirements of the SME sectors under consideration, against the open source SIEM options to provide meaningful insight for SMEs in the selection of an appropriate solution.
Collapse
|
32
|
Predicting demographics from meibography using deep learning. Sci Rep 2022; 12:15701. [PMID: 36127431 PMCID: PMC9489726 DOI: 10.1038/s41598-022-18933-y] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/29/2022] [Accepted: 08/22/2022] [Indexed: 11/08/2022] Open
Abstract
This study introduces a deep learning approach to predicting demographic features from meibography images. A total of 689 meibography images with corresponding subject demographic data were used to develop a deep learning model for predicting gland morphology and demographics from images. The model achieved on average 77%, 76%, and 86% accuracies for predicting Meibomian gland morphological features, subject age, and ethnicity, respectively. The model was further analyzed to identify the most highly weighted gland morphological features used by the algorithm to predict demographic characteristics. The two most important gland morphological features for predicting age were the percent area of gland atrophy and the percentage of ghost glands. The two most important morphological features for predicting ethnicity were gland density and the percentage of ghost glands. The approach offers an alternative to traditional associative modeling to identify relationships between Meibomian gland morphological features and subject demographic characteristics. This deep learning methodology can currently predict demographic features from de-identified meibography images with better than 75% accuracy, a number which is highly likely to improve in future models using larger training datasets, which has significant implications for patient privacy in biomedical imaging.
Collapse
|
33
|
Kumar R, Sharma S, Vachhani C, Yadav N. What changed in the cyber-security after COVID-19? Comput Secur 2022; 120:102821. [PMID: 35813991 PMCID: PMC9254575 DOI: 10.1016/j.cose.2022.102821] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/20/2022] [Revised: 06/24/2022] [Accepted: 06/28/2022] [Indexed: 11/27/2022]
Abstract
This paper examines the transition in the cyber-security discipline induced by the ongoing COVID-19 pandemic. Using the classical information retrieval techniques, a more than twenty thousand documents are analyzed for the cyber content. In particular, we build the topic models using the Latent Dirichlet Allocation (LDA) unsupervised machine learning algorithm. The literature corpus is build through a uniform keyword search process made on the scholarly and the non-scholarly platforms filtered through the years 2010-2021. To qualitatively know the impact of COVID-19 pandemic on cyber-security, and perform a trend analysis of key themes, we organize the entire corpus into various (combination of) categories based on time period and whether the literature has undergone peer review process. Based on the weighted distribution of keywords in the aggregated corpus, we identify the key themes. While in the pre-COVID-19 period, the topics of cyber-threats to technology, privacy policy, blockchain remain popular, in the post-COVID-19 period, focus has shifted to challenges directly or indirectly brought by the pandemic. In particular, we observe post-COVID-19 cyber-security themes of privacy in healthcare, cyber insurance, cyber risks in supply chain gaining recognition. Few cyber-topics such as of malware, control system security remain important in perpetuity. We believe our work represents the evolving nature of the cyber-security discipline and reaffirms the need to tailor appropriate interventions by noting the key trends.
Collapse
Affiliation(s)
- Rajesh Kumar
- Department of Computer Science and Information systems, Birla Institute of Technology and Science, Pilani, India
| | - Siddharth Sharma
- Department of Computer Science and Information systems, Birla Institute of Technology and Science, Pilani, India
| | - Chirag Vachhani
- Department of Computer Science and Information systems, Birla Institute of Technology and Science, Pilani, India
| | - Nitish Yadav
- Department of Computer Science and Information systems, Birla Institute of Technology and Science, Pilani, India
| |
Collapse
|
34
|
Wasserman L, Wasserman Y. Hospital cybersecurity risks and gaps: Review (for the non-cyber professional). Front Digit Health 2022; 4:862221. [PMID: 36033634 PMCID: PMC9403058 DOI: 10.3389/fdgth.2022.862221] [Citation(s) in RCA: 12] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/25/2022] [Accepted: 07/07/2022] [Indexed: 11/13/2022] Open
Abstract
Background Healthcare is facing a growing threat of cyberattacks. Myriad data sources illustrate the same trends that healthcare is one of the industries with the highest risk of cyber infiltration and is seeing a surge in security incidents within just a few years. The circumstances thus begged the question: are US hospitals prepared for the risks that accompany clinical medicine in cyberspace? Objective The study aimed to identify the major topics and concerns present in today's hospital cybersecurity field, intended for non-cyber professionals working in hospital settings. Methods Via structured literature searches of the National Institutes of Health's PubMed and Tel Aviv University's DaTa databases, 35 journal articles were identified to form the core of the study. Databases were chosen for accessibility and academic rigor. Eighty-seven additional sources were examined to supplement the findings. Results The review revealed a basic landscape of hospital cybersecurity, including primary reasons hospitals are frequent targets, top attack methods, and consequences hospitals face following attacks. Cyber technologies common in healthcare and their risks were examined, including medical devices, telemedicine software, and electronic data. By infiltrating any of these components of clinical care, attackers can access mounds of information and manipulate, steal, ransom, or otherwise compromise the records, or can use the access to catapult themselves to deeper parts of a hospital's network. Issues that can increase healthcare cyber risks, like interoperability and constant accessibility, were also identified. Finally, strategies that hospitals tend to employ to combat these risks, including technical, financial, and regulatory, were explored and found to be weak. There exist serious vulnerabilities within hospitals' technologies that many hospitals presently fail to address. The COVID-19 pandemic was used to further illustrate this issue. Conclusions Comparison of the risks, strategies, and gaps revealed that many US hospitals are unprepared for cyberattacks. Efforts are largely misdirected, with external-often governmental-efforts negligible. Policy changes, e.g., training employees in cyber protocols, adding advanced technical protections, and collaborating with several experts, are necessary. Overall, hospitals must recognize that, in cyber incidents, the real victims are the patients. They are at risk physically and digitally when medical devices or treatments are compromised.
Collapse
|
35
|
Predel C, Timmermann C, Ursin F, Orzechowski M, Ropinski T, Steger F. Conflicting Aims and Values in the Application of Smart Sensors in Geriatric Rehabilitation: Ethical Analysis. JMIR Mhealth Uhealth 2022; 10:e32910. [PMID: 35737429 PMCID: PMC9264133 DOI: 10.2196/32910] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/14/2021] [Revised: 11/27/2021] [Accepted: 02/22/2022] [Indexed: 11/13/2022] Open
Abstract
Background
Smart sensors have been developed as diagnostic tools for rehabilitation to cover an increasing number of geriatric patients. They promise to enable an objective assessment of complex movement patterns.
Objective
This research aimed to identify and analyze the conflicting ethical values associated with smart sensors in geriatric rehabilitation and provide ethical guidance on the best use of smart sensors to all stakeholders, including technology developers, health professionals, patients, and health authorities.
Methods
On the basis of a systematic literature search of the scientific databases PubMed and ScienceDirect, we conducted a qualitative document analysis to identify evidence-based practical implications of ethical relevance. We included 33 articles in the analysis. The practical implications were extracted inductively. Finally, we carried out an ethical analysis based on the 4 principles of biomedical ethics: autonomy, beneficence, nonmaleficence, and justice. The results are reported in categories based on these 4 principles.
Results
We identified 8 conflicting aims for using smart sensors. Gains in autonomy come at the cost of patient privacy. Smart sensors at home increase the independence of patients but may reduce social interactions. Independent measurements performed by patients may result in lower diagnostic accuracy. Although smart sensors could provide cost-effective and high-quality diagnostics for most patients, minorities could end up with suboptimal treatment owing to their underrepresentation in training data and studies. This could lead to algorithmic biases that would not be recognized by medical professionals when treating patients.
Conclusions
The application of smart sensors has the potential to improve the rehabilitation of geriatric patients in several ways. It is important that patients do not have to choose between autonomy and privacy and are well informed about the insights that can be gained from the data. Smart sensors should support and not replace interactions with medical professionals. Patients and medical professionals should be educated about the correct application and the limitations of smart sensors. Smart sensors should include an adequate representation of minorities in their training data and should be covered by health insurance to guarantee fair access.
Collapse
Affiliation(s)
- Christopher Predel
- Institute of the History, Philosophy and Ethics of Medicine, Ulm University, Ulm, Germany
| | - Cristian Timmermann
- Institute of the History, Philosophy and Ethics of Medicine, Ulm University, Ulm, Germany
| | - Frank Ursin
- Institute of the History, Philosophy and Ethics of Medicine, Ulm University, Ulm, Germany
| | - Marcin Orzechowski
- Institute of the History, Philosophy and Ethics of Medicine, Ulm University, Ulm, Germany
| | - Timo Ropinski
- Visual Computing Group, Ulm University, Ulm, Germany
| | - Florian Steger
- Institute of the History, Philosophy and Ethics of Medicine, Ulm University, Ulm, Germany
| |
Collapse
|
36
|
Angel D. Protection of Medical Information Systems Against Cyber Attacks: A Graph Theoretical Approach. WIRELESS PERSONAL COMMUNICATIONS 2022; 126:3455-3464. [PMID: 35756173 PMCID: PMC9209834 DOI: 10.1007/s11277-022-09873-x] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Accepted: 05/29/2022] [Indexed: 06/15/2023]
Abstract
Securing electronic health records of patients is the paramount concern in medical information systems which faces unique set of challenges. Safeguarding a health care's computer network against attacks on its nodes and links requires placing mobile guards on the nodes of a network. Bloom topologies are attractive networks that are potential structures for massively parallel computers. This paper focuses on the evaluation of exact value of the parameters which gives the minimum number of guards required to protect the bloom networks. A linear time algorithm is proposed for finding these parameters. This study is beneficial in locating the minimum number of detection devices or cyber security employees (mobile guards) to be deployed on the significant servers (nodes) of the bloom's architecture (healthcare system) which is essential for defending the network against a single malware attack by network monitoring.
Collapse
Affiliation(s)
- D. Angel
- Department of Mathematics, Sathyabama Institute of Science and Technology, Chennai, India
| |
Collapse
|
37
|
Kumar A, Kumar R, Sodhi SS. A novel privacy preserving blockchain based secure storage framework for electronic health records. JOURNAL OF INFORMATION & OPTIMIZATION SCIENCES 2022. [DOI: 10.1080/02522667.2022.2042092] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/18/2022]
Affiliation(s)
- Anil Kumar
- University School of Information, Communication and Technology, Guru Gobind Singh Indraprastha University, New Delhi, India
| | - Ravinder Kumar
- Skill Faculty of Engineering & Technology, Shri Vishwakarma Skill University Gurgaon, Haryana, India
| | - Sartaj Singh Sodhi
- University School of Information, Communication and Technology, Guru Gobind Singh Indraprastha University, Dwarka, New Delhi, India
| |
Collapse
|
38
|
Cappello GM, Colajanni G, Daniele P, Sciacca D. A constrained optimization model for the provision of services in a 5G network with multi-level cybersecurity investments. Soft comput 2022; 27:1-18. [PMID: 35528711 PMCID: PMC9062877 DOI: 10.1007/s00500-022-07117-5] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Accepted: 04/01/2022] [Indexed: 11/24/2022]
Abstract
In this paper, we present a multi-tiered network-based optimization model describing the provision of services by network slices of 5G-Service providers (e.g. through Unmanned Aerial Vehicles (UAVs) organized as Flying Ad hoc Networks (FANET)), taking into account the security levels of each provider. The three levels of the network consist of the infrastructure layers, which contain resources needed to execute a service, the slices layer, where services are served for the services layer, which represents the upper layer of the network and consists of services or applications required by users or devices. The objective of the proposed model is to establish the optimal flows between network layers and the optimal security levels in order to maximize the providers' profits, given by the difference between the revenues obtained by the sale of services and the rental of their resources and the costs. Numerical experiments are performed and solved with a new nature-inspired genetic algorithm adapted to the optimization 5G network problem.
Collapse
Affiliation(s)
- Giorgia M. Cappello
- Department of Mathematics and Computer Science, University of Catania, Viale A. Doria 6, Catania, Italy
| | - Gabriella Colajanni
- Department of Mathematics and Computer Science, University of Catania, Viale A. Doria 6, Catania, Italy
| | - Patrizia Daniele
- Department of Mathematics and Computer Science, University of Catania, Viale A. Doria 6, Catania, Italy
| | - Daniele Sciacca
- Department of Mathematics and Computer Science, University of Catania, Viale A. Doria 6, Catania, Italy
| |
Collapse
|
39
|
Wani TA, Mendoza A, Gray K, Smolenaers F. Status of Bring-Your-Own-Device (BYOD) Security Practices in Australian Hospitals – A National Survey. HEALTH POLICY AND TECHNOLOGY 2022. [DOI: 10.1016/j.hlpt.2022.100627] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
|
40
|
Gioulekas F, Stamatiadis E, Tzikas A, Gounaris K, Georgiadou A, Michalitsi-Psarrou A, Doukas G, Kontoulis M, Nikoloudakis Y, Marin S, Cabecinha R, Ntanos C. A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures. Healthcare (Basel) 2022; 10:healthcare10020327. [PMID: 35206941 PMCID: PMC8871847 DOI: 10.3390/healthcare10020327] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/07/2022] [Revised: 01/31/2022] [Accepted: 02/07/2022] [Indexed: 01/27/2023] Open
Abstract
Recent studies report that cybersecurity breaches noticed in hospitals are associated with low levels of personnel’s cybersecurity awareness. This work aims to assess the cybersecurity culture in healthcare institutions from middle- to low-income EU countries. The evaluation process was designed and performed via anonymous online surveys targeting individually ICT (internet and communication technology) departments and healthcare professionals. The study was conducted in 2019 for a health region in Greece, with a significant number of hospitals and health centers, a large hospital in Portugal, and a medical clinic in Romania, with 53.6% and 6.71% response rates for the ICT and healthcare professionals, respectively. Its findings indicate the necessity of establishing individual cybersecurity departments to monitor assets and attitudes while underlying the importance of continuous security awareness training programs. The analysis of our results assists in comprehending the countermeasures, which have been implemented in the healthcare institutions, and consequently enhancing cybersecurity defense, while reducing the risk surface.
Collapse
Affiliation(s)
- Fotios Gioulekas
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 411 10 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Evangelos Stamatiadis
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 411 10 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Athanasios Tzikas
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 411 10 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Konstantinos Gounaris
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 411 10 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Anna Georgiadou
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
- Correspondence:
| | - Ariadni Michalitsi-Psarrou
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
| | - Georgios Doukas
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
| | - Michael Kontoulis
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
| | - Yannis Nikoloudakis
- Department of Electrical & Computer Engineering, Hellenic Mediterranean University, 710 04 Heraklion, Greece;
| | - Sergiu Marin
- Polaris Medical Clinica de Tratament si Recuperare, Str. Principală, 407062 Suceagu, Romania;
| | - Ricardo Cabecinha
- Hospital do Espírito Santo de Évora, EPE, Largo Senhor da Pobreza, 7000-811 Évora, Portugal;
| | - Christos Ntanos
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
| |
Collapse
|
41
|
AIM and the Nexus of Security and Technology. Artif Intell Med 2022. [DOI: 10.1007/978-3-030-64573-1_301] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/19/2022]
|
42
|
Niki O, Saira G, Arvind S, Mike D. Cyber-attacks are a permanent and substantial threat to health systems: Education must reflect that. Digit Health 2022; 8:20552076221104665. [PMID: 35746951 PMCID: PMC9210086 DOI: 10.1177/20552076221104665] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/21/2022] [Accepted: 05/14/2022] [Indexed: 11/30/2022] Open
Abstract
Cyber-attacks on healthcare institutions have increased in recent years and have made headlines through the COVID-19 pandemic. With the fallout of attacks increasingly reported in academic research and in the media, there is a real urgency to address cyber-threats that must be augmented across and within health systems. Until now, clinical healthcare professionals have considered cyber-attacks on healthcare organisations a predominantly information and communication technology issue, but this perception is no longer fit-for-purpose. This commentary provides insights into the scale of cyber-attacks and their impact on staff wellbeing, arguing that cybersecurity education for all staff in healthcare organisations must be improved through online resources, simulation, and gaming. The role of national educators, policymakers, and multilateral organisations in achieving this is outlined alongside implications for future policy and practice.
Collapse
Affiliation(s)
- O’Brien Niki
- Institute of Global Health Innovation, Imperial College London, London, UK
| | - Ghafur Saira
- Institute of Global Health Innovation, Imperial College London, London, UK
| | | | - Durkin Mike
- Institute of Global Health Innovation, Imperial College London, London, UK
| |
Collapse
|
43
|
Biorepository - A key component of research studies. Contemp Clin Trials 2021; 112:106655. [PMID: 34906746 DOI: 10.1016/j.cct.2021.106655] [Citation(s) in RCA: 12] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/05/2021] [Revised: 12/04/2021] [Accepted: 12/08/2021] [Indexed: 01/01/2023]
Abstract
The last two decades have shown impressive advances in high-throughput assays for gene expression (genomics), proteins (proteomics), and metabolites (metabolomics). As a result, the quest for an equivalent need for human biological samples has increased exponentially. Translational investigations require good quality specimens to guarantee research results' integrity, probity, and reproducibility. A biorepository is a bank of specimens or specimens-derived neosamples (e.g., organoids, nucleic acids) linked to a database containing information related to these specimens. Two requirements must be met to safeguard the authenticity and stability of such a repository. First, the information provided should comprise relevant clinical and therapeutic communication, and second, the chain of custody is assured, guarded, versatile, and accessible. Completing these requirements is crucial for consistency, accuracy, verifiability, and disclosability of scientific and clinical outcomes. This commentary emphasizes that advocacy for standardization of operational workflows is a sine qua non for good science. Safe procedures for clinical trials are crucial to maintaining biorepositories' validity for all researchers.
Collapse
|
44
|
Ali A, Dindoust D, Grant J, Clarke D. Delivering epilepsy care in low-resource settings: the role of technology. Expert Rev Med Devices 2021; 18:13-23. [PMID: 34851222 DOI: 10.1080/17434440.2021.2013198] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/19/2022]
Abstract
INTRODUCTION The implementation of technology in the field of epileptology has traditionally focused on its use for diagnosis and treatment and has, unsurprisingly, been capital-intensive, making it therefore mainly implementable in advanced high-income countries. Because of technological innovations over the past 20 years there has been almost a paradigm shift, particularly in access to and the potential for implementing relevant technology in lesser developed environments. Nearly 80% of people living with epilepsy live in low and middle-income countries. AREAS COVERED The challenge and the purpose of this paper is to discuss how technology can be implemented into lesser-resourced contexts not only cost-effectively but in a cost-saving way while also building capacity and thus sustainability. EXPERT OPINION The rate of technological advancement presents the risk of progressive widening of the technology and care gaps between advanced and lesser developed regions. Implementing technology is both about finding relevant appropriate technologies for the individual contexts of a diverse range of countries but also about repurposing low-tech technologies for application in epilepsy care in these areas. Finally exciting advances such as autonomous driving, digital twinning and robotic surgery will likely transform epilepsy care in several lower-resourced settings in the next 5-10 years.
Collapse
Affiliation(s)
- Amza Ali
- Departments of Medicine, Kingston Public Hospital and University of the West Indies, Mona, Jamaica
| | | | - Justin Grant
- Rotman School of Management, University of Toronto, Toronto, Canada
| | - Dave Clarke
- Dell Medical School, University of Texas, Austin, Texas, USA
| |
Collapse
|
45
|
Under viral attack: An orthopaedic response to challenges faced by regional referral centres during a national cyber-attack. Surgeon 2021; 20:334-338. [PMID: 34782238 DOI: 10.1016/j.surge.2021.09.007] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/29/2021] [Revised: 08/24/2021] [Accepted: 09/30/2021] [Indexed: 12/30/2022]
Abstract
BACKGROUND A national ransomware attack on the Irish Health Service Executive left the Healthcare system bereft of access to IT systems, electronic patient records, and the national imaging system. Widespread disruption to internal and external referral pathways, and both trauma and elective Orthopaedic services occurred as a result. The purpose of this paper to discuss the challenges faced by Regional trauma units and adjustments made to overcome these. METHODS Issues occurring as a result of the IT cybersecurity attack were discussed at regional level. Local and specialist centre adaptations were collated to identify effective modifications to established practice in the wake of the IT attack. RESULTS The main areas affecting Orthopaedic regional practice were identified, including internal referrals, interhospital referrals to both regional and specialist centres, outpatient clinics, and elective practice. Strategies to overcome these were collated and shared between regional centres, including the use of secure messaging systems to safely transmit relevant clinical information between services, use of radiological hard copies, and integration of imaging resources to the outpatient department to expedite clinical review. CONCLUSION The national cyberattack necessitated rapid adaptations to overcome the challenges faced as a result of reduced clinical and radiological access. While the recent cyberattack highlights the vulnerability of electronic systems, and the need for vigilance including staff training on cybersecurity; Changes implemented by regional centres also illustrate the potential for further development and expansion of current clinical practices.
Collapse
|
46
|
Digitization in gynecology and obstetrics in times of COVID-19: Results of a national survey. Internet Interv 2021; 26:100478. [PMID: 34786351 PMCID: PMC8580852 DOI: 10.1016/j.invent.2021.100478] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Received: 08/14/2021] [Revised: 10/26/2021] [Accepted: 11/01/2021] [Indexed: 11/19/2022] Open
Abstract
INTRODUCTION In the COVID-19 pandemic, many consultations had to be cancelled, postponed, or converted to a virtual format. The use of telemedicine in the management of Women's Health Care could support doctors (tele-gynecology). This study analyses the use and perception of telemedicine applications among gynecologists in Germany. MATERIALS AND METHODS This prospective cross-sectional study was based on a survey of gynecologists in Germany during the COVID-19 pandemic. Descriptive statistics were calculated, and regression analyses were performed to show correlations. RESULTS The gynecologists expect telemedicine to be used in gynecology and obstetrics. 76.4% (365/478) of the respondents rated their knowledge of telemedicine as insufficient. The majority of respondents (437/478, 91.6%) said they did not currently use telemedicine, although 67.3% (321/478) would like to do so. Obstacles to the introduction of telemedicine include the purchase of technical equipment (325/478, 68.1%), administration (305/478, 64.0%) and poor reimbursement (233/478, 48.9%). Gynecologists surveyed would prefer telemedicine to communicate directly with other doctors (388/478, 81.2%) rather than to communicate with patients (228/478, 47.8%). In the treatment phases, 73.2% (349/478) of the respondents would use telemedicine during follow-up. Half of the respondents would choose tele counseling as a specific approach to improving care (246/478, 51.5%). CONCLUSION Telemedicine in gynecology finds little use but high acceptance. The absence of a structured framework is an obstacle to effective implementation. Training courses should be introduced to improve the limited knowledge in the use of telemedicine. More research in tele-gynecology is needed. These include large-scale randomized controlled trials, economic analyses and the exploration of user preferences.
Collapse
|
47
|
Enhancement of an Optimized Key for Database Sanitization to Ensure the Security and Privacy of an Autism Dataset. Symmetry (Basel) 2021. [DOI: 10.3390/sym13101912] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022] Open
Abstract
Interrupting, altering, or stealing autism-related sensitive data by cyber attackers is a lucrative business which is increasing in prevalence on a daily basis. Enhancing the security and privacy of autism data while adhering to the symmetric encryption concept is a critical challenge in the field of information security. To identify autism perfectly and for its data protection, the security and privacy of these data are pivotal concerns when transmitting information over the Internet. Consequently, researchers utilize software or hardware disk encryption, data backup, Data Encryption Standard (DES), TripleDES, Advanced Encryption Standard (AES), Rivest Cipher 4 (RC4), and others. Moreover, several studies employ k-anonymity and query to address security concerns, but these necessitate a significant amount of time and computational resources. Here, we proposed the sanitization approach for autism data security and privacy. During this sanitization process, sensitive data are concealed, which avoids the leakage of sensitive information. An optimal key was generated based on our improved meta-heuristic algorithmic framework called Enhanced Combined PSO-GWO (Particle Swarm Optimization-Grey Wolf Optimization) framework. Finally, we compared our simulation results with traditional algorithms, and it achieved increased output effectively. Therefore, this finding shows that data security and privacy in autism can be improved by enhancing an optimal key used in the data sanitization process to prevent unauthorized access to and misuse of data.
Collapse
|
48
|
Georgiadou A, Michalitsi-Psarrou A, Gioulekas F, Stamatiadis E, Tzikas A, Gounaris K, Doukas G, Ntanos C, Landeiro Ribeiro L, Askounis D. Hospitals' Cybersecurity Culture during the COVID-19 Crisis. Healthcare (Basel) 2021; 9:1335. [PMID: 34683015 PMCID: PMC8544388 DOI: 10.3390/healthcare9101335] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/25/2021] [Revised: 09/30/2021] [Accepted: 10/01/2021] [Indexed: 11/23/2022] Open
Abstract
The coronavirus pandemic led to an unprecedented crisis affecting all aspects of the concurrent reality. Its consequences vary from political and societal to technical and economic. These side effects provided fertile ground for a noticeable cyber-crime increase targeting critical infrastructures and, more specifically, the health sector; the domain suffering the most during the pandemic. This paper aims to assess the cybersecurity culture readiness of hospitals' workforce during the COVID-19 crisis. Towards that end, a cybersecurity awareness webinar was held in December 2020 targeting Greek Healthcare Institutions. Concepts of cybersecurity policies, standards, best practices, and solutions were addressed. Its effectiveness was evaluated via a two-step procedure. Firstly, an anonymous questionnaire was distributed at the end of the webinar and voluntarily answered by attendees to assess the comprehension level of the presented cybersecurity aspects. Secondly, a post-evaluation phishing campaign was conducted approximately four months after the webinar, addressing non-medical employees. The main goal was to identify security awareness weaknesses and assist in drafting targeted assessment campaigns specifically tailored to the health domain needs. This paper analyses in detail the results of the aforementioned approaches while also outlining the lessons learned along with the future scientific routes deriving from this research.
Collapse
Affiliation(s)
- Anna Georgiadou
- Decision Support Systems Laboratory, National Technical University of Athens, Iroon Polytechniou 9, 15780 Athens, Greece; (A.M.-P.); (G.D.); (C.N.); (D.A.)
| | - Ariadni Michalitsi-Psarrou
- Decision Support Systems Laboratory, National Technical University of Athens, Iroon Polytechniou 9, 15780 Athens, Greece; (A.M.-P.); (G.D.); (C.N.); (D.A.)
| | - Fotios Gioulekas
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 41110 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Evangelos Stamatiadis
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 41110 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Athanasios Tzikas
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 41110 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Konstantinos Gounaris
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 41110 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Georgios Doukas
- Decision Support Systems Laboratory, National Technical University of Athens, Iroon Polytechniou 9, 15780 Athens, Greece; (A.M.-P.); (G.D.); (C.N.); (D.A.)
| | - Christos Ntanos
- Decision Support Systems Laboratory, National Technical University of Athens, Iroon Polytechniou 9, 15780 Athens, Greece; (A.M.-P.); (G.D.); (C.N.); (D.A.)
| | - Luís Landeiro Ribeiro
- Projeto Desenvolvimento Manutenção Formação e Consultadoria-PDMFC, Rua Fradesso da Silveira n. 4, Piso 1 B, 1300-609 Lisbon, Portugal;
| | - Dimitris Askounis
- Decision Support Systems Laboratory, National Technical University of Athens, Iroon Polytechniou 9, 15780 Athens, Greece; (A.M.-P.); (G.D.); (C.N.); (D.A.)
| |
Collapse
|
49
|
Alhuwail D, Al-Jafar E, Abdulsalam Y, AlDuaij S. Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities. Appl Clin Inform 2021; 12:924-932. [PMID: 34587638 DOI: 10.1055/s-0041-1735527] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/20/2022] Open
Abstract
OBJECTIVES This study investigated information security behaviors of professionals working in the public health sector to guide policymakers toward focusing their investments in infrastructure and training on the most vulnerable segments. We sought to answer the following questions: (1) Are certain professional demographics more vulnerable to cybersecurity threats? (2) Do professionals in different institution types (i.e., hospitals vs. primary care clinics) exhibit different cybersecurity behaviors? (3) Can Internet usage behaviors by professionals be indicative of their cybersecurity awareness and the risk they introduce? METHODS A cross-sectional, anonymous, paper-based survey was distributed among professionals working in public health care organizations in Kuwait. Data were collected about each professional's role, experience, work environment, cybersecurity practices, and understanding to calculate a cybersecurity score which indicates their level of compliance to good cybersecurity practices. We also asked about respondents' internet usage and used K-means cluster analysis to segment respondents into three groups based on their internet activities at work. Ordinary least squares regression assessed the association between the collected independent variables in question on the overall cybersecurity behavior. RESULTS A total of 453/700 (64%) were responded to the survey. The results indicated that professionals with more work experience demonstrated higher compliance with good cybersecurity practices. Interestingly, nurses demonstrate higher cybersecurity aptitude relative to physicians. Professionals that were less inclined to use the internet for personal use during their work demonstrated higher cybersecurity aptitude. CONCLUSION Our findings provide some guidance regarding how to target health care professional training to mitigate cybersecurity risks. There is a need for ensuring that physicians receive adequate cybersecurity training, despite the opportunity costs and other issues competing for their attention. Additionally, classifying professionals based on their internet browsing patterns may identify individuals vulnerable to cybersecurity incidents better than more discrete indicators such as age or gender.
Collapse
Affiliation(s)
- Dari Alhuwail
- Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait.,Health Informatics Unit, Dasman Diabetes Institute, Kuwait City, Kuwait
| | - Eiman Al-Jafar
- Health Informatics and Information Management, Faculty of Allied Health Sciences, Kuwait University, Kuwait City, Kuwait
| | - Yousef Abdulsalam
- Quantitative Methods and Information Systems, College of Business Administration, Kuwait University, Kuwait City, Kuwait
| | - Shaikha AlDuaij
- Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait
| |
Collapse
|
50
|
Willing M, Dresen C, Gerlitz E, Haering M, Smith M, Binnewies C, Guess T, Haverkamp U, Schinzel S. Behavioral responses to a cyber attack in a hospital environment. Sci Rep 2021; 11:19352. [PMID: 34588503 PMCID: PMC8481235 DOI: 10.1038/s41598-021-98576-7] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/07/2021] [Accepted: 09/03/2021] [Indexed: 11/09/2022] Open
Abstract
Technical and organizational steps are necessary to mitigate cyber threats and reduce risks. Human behavior is the last line of defense for many hospitals and is considered as equally important as technical security. Medical staff must be properly trained to perform such procedures. This paper presents the first qualitative, interdisciplinary research on how members of an intermediate care unit react to a cyberattack against their patient monitoring equipment. We conducted a simulation in a hospital training environment with 20 intensive care nurses. By the end of the experiment, 12 of the 20 participants realized the monitors' incorrect behavior. We present a qualitative behavior analysis of high performing participants (HPP) and low performing participants (LPP). The HPP showed fewer signs of stress, were easier on their colleagues, and used analog systems more often than the LPP. With 40% of our participants not recognizing the attack, we see room for improvements through the use of proper tools and provision of adequate training to prepare staff for potential attacks in the future.
Collapse
Affiliation(s)
| | | | - Eva Gerlitz
- Fraunhofer Institute for Communication, Information Processing and Ergonomics, Wachtberg, Germany
| | | | - Matthew Smith
- University of Bonn, Bonn, Germany
- Fraunhofer Institute for Communication, Information Processing and Ergonomics, Wachtberg, Germany
| | | | - Tim Guess
- University Hospital Münster, Muenster, Germany
| | | | | |
Collapse
|