1
|
Elendu C, Omeludike EK, Oloyede PO, Obidigbo BT, Omeludike JC. Legal implications for clinicians in cybersecurity incidents: A review. Medicine (Baltimore) 2024; 103:e39887. [PMID: 39331908 PMCID: PMC11441973 DOI: 10.1097/md.0000000000039887] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Indexed: 09/29/2024] Open
Abstract
Cybersecurity incidents in healthcare present significant legal implications for clinicians, necessitating careful consideration of technological advancements and regulatory frameworks. This literature examines the healthcare cybersecurity landscape, emphasizing clinicians' challenges, and legal responsibilities. It explores the impact of advanced technologies such as artificial intelligence and quantum computing, highlighting the potential benefits and risks, including biases and ethical dilemmas. The review addresses international regulatory differences, offering a comparative analysis of how various countries handle cybersecurity incidents. This analysis provides insights into best practices and identifies areas for improvement. Practical recommendations are provided, tailored to different healthcare settings, including large hospitals and small clinics, to enhance cybersecurity preparedness. Case studies illustrate real-world scenarios, offering practical guidance for clinicians in managing cybersecurity challenges. The review also identifies critical gaps in the literature, particularly concerning artificial intelligence ethics and international regulatory frameworks, suggesting specific areas for future research. These findings underscore the need for robust cybersecurity policies, comprehensive training for healthcare professionals, and a nuanced understanding of the legal landscape. This review informs policymakers, clinicians, and researchers about the evolving nature of cybersecurity challenges in healthcare, addressing key concerns raised by reviewers and contributing to a comprehensive understanding of the field.
Collapse
Affiliation(s)
| | | | | | - Babajide T Obidigbo
- York and Scarborough Teaching Hospital NHS Foundation Trust, York, United Kingdom
| | | |
Collapse
|
2
|
Sabet C, Lin JC, Zhong A, Nguyen D. Cybersecurity in the age of digital pandemics: protecting patient data in low-income and middle-income countries. Lancet Glob Health 2024; 12:e911-e912. [PMID: 38642562 DOI: 10.1016/s2214-109x(24)00124-4] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/21/2024] [Accepted: 03/07/2024] [Indexed: 04/22/2024]
Affiliation(s)
- Cameron Sabet
- Department of Medicine, Georgetown University School of Medicine, Washington, DC, USA
| | - John C Lin
- Perelman School of Medicine, University of Pennsylvania, Philadelphia, PA, USA
| | | | - Dang Nguyen
- Massachusetts General Hospital,Corrigan Minehan Heart Center, Harvard Medical School, Boston, MA 02114, USA.
| |
Collapse
|
3
|
Ewoh P, Vartiainen T. Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic Review. J Med Internet Res 2024; 26:e46904. [PMID: 38820579 PMCID: PMC11179043 DOI: 10.2196/46904] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/03/2023] [Revised: 10/17/2023] [Accepted: 03/08/2024] [Indexed: 06/02/2024] Open
Abstract
BACKGROUND Health care organizations worldwide are faced with an increasing number of cyberattacks and threats to their critical infrastructure. These cyberattacks cause significant data breaches in digital health information systems, which threaten patient safety and privacy. OBJECTIVE From a sociotechnical perspective, this paper explores why digital health care systems are vulnerable to cyberattacks and provides sociotechnical solutions through a systematic literature review (SLR). METHODS An SLR using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) was conducted by searching 6 databases (PubMed, Web of Science, ScienceDirect, Scopus, Institute of Electrical and Electronics Engineers, and Springer) and a journal (Management Information Systems Quarterly) for articles published between 2012 and 2022 and indexed using the following keywords: "(cybersecurity OR cybercrime OR ransomware) AND (healthcare) OR (cybersecurity in healthcare)." Reports, review articles, and industry white papers that focused on cybersecurity and health care challenges and solutions were included. Only articles published in English were selected for the review. RESULTS In total, 5 themes were identified: human error, lack of investment, complex network-connected end-point devices, old legacy systems, and technology advancement (digitalization). We also found that knowledge applications for solving vulnerabilities in health care systems between 2012 to 2022 were inconsistent. CONCLUSIONS This SLR provides a clear understanding of why health care systems are vulnerable to cyberattacks and proposes interventions from a new sociotechnical perspective. These solutions can serve as a guide for health care organizations in their efforts to prevent breaches and address vulnerabilities. To bridge the gap, we recommend that health care organizations, in partnership with educational institutions, develop and implement a cybersecurity curriculum for health care and intelligence information sharing through collaborations; training; awareness campaigns; and knowledge application areas such as secure design processes, phase-out of legacy systems, and improved investment. Additional studies are needed to create a sociotechnical framework that will support cybersecurity in health care systems and connect technology, people, and processes in an integrated manner.
Collapse
Affiliation(s)
- Pius Ewoh
- School of Technology and Innovations, Information Systems Science, University of Vaasa, Vaasa, Finland
| | - Tero Vartiainen
- School of Technology and Innovations, Information Systems Science, University of Vaasa, Vaasa, Finland
| |
Collapse
|
4
|
Burke W, Stranieri A, Oseni T, Gondal I. The need for cybersecurity self-evaluation in healthcare. BMC Med Inform Decis Mak 2024; 24:133. [PMID: 38783250 PMCID: PMC11118990 DOI: 10.1186/s12911-024-02551-x] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/26/2023] [Accepted: 05/21/2024] [Indexed: 05/25/2024] Open
Abstract
The Australian healthcare sector is a complex mix of government departments, associations, providers, professionals, and consumers. Cybersecurity attacks, which have recently increased, challenge the sector in many ways; however, the best approaches for the sector to manage the threat are unclear. This study will report on a semi-structured focus group conducted with five representatives from the Australian healthcare and computer security sectors. An analysis of this focus group transcript yielded four themes: 1) the challenge of securing the Australian healthcare landscape; 2) the financial challenges of cybersecurity in healthcare; 3) balancing privacy and transparency; 4) education and regulation. The results indicate the need for sector-specific tools to empower the healthcare sector to mitigate cybersecurity threats, most notably using a self-evaluation tool so stakeholders can proactively prepare for incidents. Despite the vast amount of research into cybersecurity, little has been conducted on proactive cybersecurity approaches where security weaknesses are identified weaknesses before they occur.
Collapse
Affiliation(s)
- Wendy Burke
- Global Professional School, Federation University, PO Box 663, Ballarat, 3353, Victoria, Australia.
| | - Andrew Stranieri
- Institute of Innovation, Science and Sustainability, Federation University, PO Box 663, Ballarat, 3353, Victoria, Australia
| | - Taiwo Oseni
- Institute of Innovation, Science and Sustainability, Federation University, PO Box 663, Ballarat, 3353, Victoria, Australia
| | - Iqbal Gondal
- School of Computing Technologies, RMIT University, GPO Box 2476, Melbourne, 3001, Victoria, Australia
| |
Collapse
|
5
|
Borkar S, Chakole S, Prasad R, Bansod S. Revolutionizing Oncology: A Comprehensive Review of Digital Health Applications. Cureus 2024; 16:e59203. [PMID: 38807819 PMCID: PMC11131437 DOI: 10.7759/cureus.59203] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/08/2023] [Accepted: 02/14/2024] [Indexed: 05/30/2024] Open
Abstract
Digital health is poised to revolutionize the field of oncology, offering innovative solutions that enhance diagnostics, treatment, and patient care. This comprehensive review delves into the multifaceted landscape of digital health in oncology, encompassing its definition, significance, applications, benefits, challenges, ethical considerations, and future trends. Key findings highlight the potential for early detection, personalized treatment, enhanced care coordination, patient empowerment, accelerated research, and cost efficiency. Ethical concerns surrounding privacy, equitable access, and responsible data use are discussed. Looking ahead, the future of digital health in oncology is bright, driven by advancements in artificial intelligence, virtual and augmented reality, predictive analytics, global collaboration, and evolving regulations. This review underscores the need for collaboration among stakeholders and a patient-centered approach to harness the transformative power of digital health, promising a future where the burden of cancer is lessened through innovation and compassionate care.
Collapse
Affiliation(s)
- Samidha Borkar
- Medicine, Jawaharlal Nehru Medical College, Datta Meghe Institute of Higher Education & Research, Wardha, IND
| | - Swarupa Chakole
- Community Medicine, Jawaharlal Nehru Medical College, Datta Meghe Institute of Higher Education & Research, Wardha, IND
| | - Roshan Prasad
- Medicine, Jawaharlal Nehru Medical College, Datta Meghe Institute of Higher Education & Research, Wardha, IND
| | - Spandan Bansod
- Obstetrics and Gynecological Nursing, Srimati Radhikabai Meghe Memorial College of Nursing, Datta Meghe Institute of Higher Education and Research, Wardha, IND
| |
Collapse
|
6
|
Lee J, Kim H, Choi SJ. Do hospital data breaches affect health information technology investment? Digit Health 2024; 10:20552076231224164. [PMID: 39286785 PMCID: PMC11403686 DOI: 10.1177/20552076231224164] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/31/2023] [Accepted: 12/15/2023] [Indexed: 09/19/2024] Open
Abstract
Objectives Data breaches are a financial and operational threat to hospitals. In this study, we examine the association between a data breach and information technology capital and labor investment. Methods In this retrospective cohort study, we used American Hospital Association data from 2017 to 2019 and an unbalanced panel of hospitals with 6751 unique hospital-year observations. The breached group had 482 hospital-years, and the control group had 6269 hospital-years. We estimated the association between data breaches, information technology capital, and labor investment using the average treatment effect with propensity-score matching. Results From 2017 to 2019, hospitals experienced more hacking and information technology incidents but fewer thefts and losses. We found that hospital data breaches were associated with a 66% increase in employed information technology staff and a 57% increase in outsourced information technology staff. Breaches were not associated with information technology operating expenses and information technology capital expenses. Conclusion Higher information technology labor investment due to the remediation of data breaches is an added cost to the healthcare system. Hospitals and policymakers should consider initiatives to improve cybersecurity and protect patient data.
Collapse
Affiliation(s)
- Jinhyung Lee
- Department of Economics, Sungkyunkwan University, Seoul, Republic of Korea
| | - Hyeyeong Kim
- Department of Education, Incheon National University, Incheon, Republic of Korea
| | - Sung J Choi
- School of Global of Health Management and Informatics, University of Central Florida, Orlando, FL, USA
| |
Collapse
|
7
|
Jerry-Egemba N. Safe and sound: Strengthening cybersecurity in healthcare through robust staff educational programs. Healthc Manage Forum 2024; 37:21-25. [PMID: 37725069 DOI: 10.1177/08404704231194577] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 09/21/2023]
Abstract
This article emphasizes the importance of comprehensive cybersecurity education programs in the healthcare industry. The rapid development of technology in healthcare has brought numerous advantages, including electronic health records and telehealth services. However, these advancements also expose the healthcare industry to significant cybersecurity risks. The healthcare industry is an attractive target for cybercriminals due to the presence of sensitive personal and financial information. Current regulations, such as HIPAA and PIPEDA, are in place to protect patient information, but 95% of healthcare industry breaches result from human error. Healthcare organizations must prioritize robust cybersecurity measures and implement comprehensive education programs for all healthcare professionals. This article recommends tailoring educational content to different healthcare roles and incorporating ongoing learning and awareness as essential elements of cybersecurity education. Overall, it calls for a holistic approach to cybersecurity education in healthcare to protect patient information and mitigate cyberthreats.
Collapse
|
8
|
Kim E, Van Cain M, Hron J. Survey of clinical informatics fellows graduating 2016-2024: experiences before and during fellowship. J Am Med Inform Assoc 2023; 30:1608-1613. [PMID: 37386768 PMCID: PMC10531187 DOI: 10.1093/jamia/ocad112] [Citation(s) in RCA: 5] [Impact Index Per Article: 5.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/13/2023] [Revised: 05/15/2023] [Accepted: 06/09/2023] [Indexed: 07/01/2023] Open
Abstract
OBJECTIVE To describe experiences and activities of Clinical Informatics (CI) fellows since the first fellowships were accredited in 2014. MATERIALS AND METHODS We performed a voluntary and anonymous survey of 394 alumni and current clinical informatics fellows from the graduating classes of 2016-2024 in the summer of 2022. RESULTS We received 198 responses; 2% declined to participate. Most were male (62%), White (39%), 31-40 years old (72%), from primary care specialties (54%) and nonprocedural specialties (95%), and without prior informatics experience or any careers before medicine. Most fellows (87-94%) participated significantly in operations, research, coursework, quality improvement, and clinical care activities during fellowship. DISCUSSION Women, underrepresented racial and ethnic minorities, and procedural physicians were underrepresented. Many incoming CI fellows did not have an informatics background. During CI fellowship, trainees earned Master's degrees and certificates, were exposed to many different types of CI activities, and were able to spend most of their time pursuing projects that supported their personal career goals. CONCLUSION These findings represent the most comprehensive report to date of CI fellows and alumni. Physicians without prior informatics experience who are interested in CI should be encouraged to apply because CI fellowship provides a strong foundation of informatics knowledge while supporting fellows' personal career goals. There remains a lack of women and underrepresented minorities in CI fellowship programs; efforts to expand the pipeline are needed.
Collapse
Affiliation(s)
- Ellen Kim
- Department of Radiation Oncology, Brigham & Women’s Hospital, Boston, Massachusetts, USA
| | - Melissa Van Cain
- Department of Pediatrics, The University of Oklahoma Health Sciences Center, Oklahoma City, Oklahoma, USA
- Department of Medical Informatics, The University of Oklahoma-Tulsa, Tulsa, Oklahoma, USA
| | - Jonathan Hron
- Department of Pediatrics, Division of General Pediatrics, Boston Children’s Hospital, Boston, Massachusetts, USA
- Department of Pediatrics, Harvard Medical School, Boston, Massachusetts, USA
| |
Collapse
|
9
|
Russell SP, Fahey E, Curtin M, Rowley S, Kenny P, Cashman J. The Irish National Orthopaedic Register Under Cyberattack: What Happened, and What Were the Consequences? Clin Orthop Relat Res 2023; 481:1763-1768. [PMID: 37036406 PMCID: PMC10427069 DOI: 10.1097/corr.0000000000002643] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Received: 10/30/2022] [Revised: 02/02/2023] [Accepted: 03/07/2023] [Indexed: 04/11/2023]
Abstract
BACKGROUND On May 14, 2021, a criminal cyberattack was launched against the Irish public healthcare system, the Health Service Executive, resulting in a complete shutdown of all national healthcare computer systems, including the Irish National Orthopaedic Register (INOR). Cyberattacks of this kind occur sporadically, and postevent analyses can inform future preparedness efforts, but few such analyses have been published. QUESTION/PURPOSE What was the impact of the cyberattack in terms of (1) registry downtime, (2) harms to patients, and (3) costs to the INOR for data contingency and reconciliation? METHODS All nine hospitals using the INOR were included for data collection. Since establishment in 2014, the INOR has been rolled out to all eight public elective hospitals, capturing all hip and knee arthroplasty procedures. One private hospital was also captured, with plans to expand the private sector coverage. Individual institutional records and central INOR records were queried with respect to downtime, potential harms to patients (including intraoperative complications because of a lack of data on existing implanted components and complications directly attributed to delayed or canceled procedures), and costs related to additional person-hours addressing data reconciliation. Objective data directly related to the uncontrolled INOR downtime were collected, including duration of downtime, contingency methods employed, quality of contingency data collected, adverse patient events, methods of data salvage and reconciliation, and the cost of data contingency and reconciliation measures. Costs were estimated by the additional person-hours of work completed, multiplied by the hourly rate of that employee. Employees at each of the nine hospitals were asked to provide their additional person-hours of work performed because of the attack. These hours were corroborated by observing the time taken at each unit to reconcile data for single cases multiplied by the number of cases at that unit. Employees included nurses, clinical nurse specialists, and doctors of various grades. Person-hour rates were calculated using the Health Service Executive's published salary scales. RESULTS The INOR suffered a median downtime of 134 days (range 119 to 272 days) across nine sites. No serious adverse patient events were identified. The immediate implementation of a paperwork fallback method for the INOR successfully resulted in 100% case capture during the downtime. However, 2850 additional person-hours were required for data reconciliation at an estimated cost of USD 181,000 to USD 216,000. More subjectively, as reported by interviews with INOR leads at each hospital, the cyberattack negatively impacted operating room efficiency with delays between procedures because of additional paperwork data collection, disrupted patient flow for paperwork data collection on the ward level and in the outpatient clinics, and disrupted resource allocations and staff capabilities because of additional paperwork requirements during the contingency period. CONCLUSION Disruptions to data collection and data accessibility after this cyberattack were successfully countered by a contingency plan; however, substantial financial costs and additional resources were required for data conservation and reconciliation. CLINICAL RELEVANCE In addition to robust preventative security measures, national registers and other healthcare systems should have secondary data backup facilities and reliable fallback procedures prepared for such events.
Collapse
Affiliation(s)
- Shane P. Russell
- Royal College of Surgeons in Ireland, Dublin, Ireland
- National Office of Clinical Audit, Dublin, Ireland
| | - Eoin Fahey
- Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Mark Curtin
- Royal College of Surgeons in Ireland, Dublin, Ireland
| | | | - Paddy Kenny
- Royal College of Surgeons in Ireland, Dublin, Ireland
- National Office of Clinical Audit, Dublin, Ireland
| | - James Cashman
- Royal College of Surgeons in Ireland, Dublin, Ireland
- National Office of Clinical Audit, Dublin, Ireland
| |
Collapse
|
10
|
Prictor M, Rychkova M. Recording our genes: Stakeholder views on genetic test results in networked electronic medical records. HEALTH INF MANAG J 2023; 52:194-203. [PMID: 35615807 DOI: 10.1177/18333583221090969] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
Background: In Australia, national policy prioritises the integration of clinical genetic data with networked electronic medical records (EMRs) for enhanced coordination of care and clinical decision-making. Objective: To examine the needs, privacy expectations and concerns of patients, family members, patient advocates and clinicians in relation to the use of networked EMRs for clinical genetic information. Method: Purposive sampling was used to recruit 27 participants for a semi-structured qualitative interview, primarily over Zoom. The interviews were audio and video-recorded and externally transcribed. Interview transcripts were then coded and analysed in NVivo, using an inductive thematic approach. Results: Thematic analysis revealed diverse preferences regarding genetic information access and handling across participants, with five core themes being identified: degree of access and control; central role of genetic professionals as information gatekeepers; complexities of familial implications; external risks; and law, governance and policy; all strong themes that emerged across numerous participants. Conclusion: This project yielded unprecedented and significant insights into the views, needs and concerns of key stakeholders in Australia regarding the inclusion of health-related genetic test results in networked EMRs. Implications: These findings provide a critical reference point for much-needed law reform and policy-making around genetic test results in Australia.
Collapse
Affiliation(s)
- Megan Prictor
- Melbourne Law School, The University of Melbourne, Carlton, VIC, Australia
- Centre for Digital Transformation of Health, The University of Melbourne, Carlton, VIC, Australia
| | - Maria Rychkova
- Melbourne Law School, The University of Melbourne, Carlton, VIC, Australia
| |
Collapse
|
11
|
Choi SJ, Chen M, Tan X. Assessing the impact of health information exchange on hospital data breach risk. Int J Med Inform 2023; 177:105149. [PMID: 37453177 DOI: 10.1016/j.ijmedinf.2023.105149] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/18/2023] [Revised: 06/23/2023] [Accepted: 07/07/2023] [Indexed: 07/18/2023]
Abstract
OBJECTIVE Widespread electronic health information exchange (HIE) across hospitals remains an important policy goal for reducing costs and improving the quality of care. Meanwhile, cybersecurity incidents are a growing threat to hospitals. The relationship between the electronic sharing of health information and cybersecurity incidents is not well understood. The objective of this study was to empirically examine the impact of hospitals' HIE engagement on their data breach risk. MATERIALS AND METHODS A balanced panel dataset included 4,936 US community hospitals spanning the period 2010-2017, which was assembled by linking the American Hospital Association annual survey database and the Information Technology (IT) supplement, and the Department of Health and Human Services reports of health data breaches. The relationship between HIE engagement and hospital data breaches was modeled using a difference-in-differences specification controlling for time-varying hospital characteristics. RESULTS The percentage of hospitals electronically exchanging information has more than tripled (from 18% to 68%) from 2010 to 2017. Hospital data breaches increased concurrently, largely due to the rise in hacking and unauthorized access. HIE engagement was associated with a 0.672 percentage point increase in the probability of an IT breach three years after the engagement. Hospitals actively engaging in a health information organization and exchanging data with outside providers were associated with a higher risk of IT related breaches in the long run; however, hospitals actively engaging in HIE and exchanging data with inside providers were not associated with any significant risk of IT related breaches. DISCUSSION Over time, the increasing amount and complexity of patient information being exchanged can create challenges for cybersecurity if data protection is not up to date. Additionally, data security depends on the weakest link of HIE, and providers with fewer resources for data governance and infrastructure are more vulnerable to data breaches. CONCLUSION Moving toward widespread health information exchange has important cybersecurity implications that can significantly impact both patients and healthcare organizations.
Collapse
Affiliation(s)
- Sung J Choi
- School of Global Health Management and Informatics, University of Central Florida, 528 West Livingston St. DPAC 402D, Orlando, FL 32801, United States.
| | - Min Chen
- Department of Information Systems and Business Analytics, College of Business, Florida International University, 11200 S.W. 8th St, Miami, FL 33199, USA
| | - Xuan Tan
- Leavey School of Business, Santa Clara University, 500 El Camino Real, Santa Clara, CA 95053, United States
| |
Collapse
|
12
|
Argyridou E, Nifakos S, Laoudias C, Panda S, Panaousis E, Chandramouli K, Navarro-Llobet D, Mora Zamorano J, Papachristou P, Bonacina S. Cyber Hygiene Methodology for Raising Cybersecurity and Data Privacy Awareness in Health Care Organizations: Concept Study. J Med Internet Res 2023; 25:e41294. [PMID: 37498644 PMCID: PMC10415935 DOI: 10.2196/41294] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/21/2022] [Revised: 12/23/2022] [Accepted: 01/19/2023] [Indexed: 01/21/2023] Open
Abstract
BACKGROUND Cyber threats are increasing across all business sectors, with health care being a prominent domain. In response to the ever-increasing threats, health care organizations (HOs) are enhancing the technical measures with the use of cybersecurity controls and other advanced solutions for further protection. Despite the need for technical controls, humans are evidently the weakest link in the cybersecurity posture of HOs. This suggests that addressing the human aspects of cybersecurity is a key step toward managing cyber-physical risks. In practice, HOs are required to apply general cybersecurity and data privacy guidelines that focus on human factors. However, there is limited literature on the methodologies and procedures that can assist in successfully mapping these guidelines to specific controls (interventions), including awareness activities and training programs, with a measurable impact on personnel. To this end, tools and structured methodologies for assisting higher management in selecting the minimum number of required controls that will be most effective on the health care workforce are highly desirable. OBJECTIVE This study aimed to introduce a cyber hygiene (CH) methodology that uses a unique survey-based risk assessment approach for raising the cybersecurity and data privacy awareness of different employee groups in HOs. The main objective was to identify the most effective strategy for managing cybersecurity and data privacy risks and recommend targeted human-centric controls that are tailored to organization-specific needs. METHODS The CH methodology relied on a cross-sectional, exploratory survey study followed by a proposed risk-based survey data analysis approach. First, survey data were collected from 4 different employee groups across 3 European HOs, covering 7 categories of cybersecurity and data privacy risks. Next, survey data were transcribed and fitted into a proposed risk-based approach matrix that translated risk levels to strategies for managing the risks. RESULTS A list of human-centric controls and implementation levels was created. These controls were associated with risk categories, mapped to risk strategies for managing the risks related to all employee groups. Our mapping empowered the computation and subsequent recommendation of subsets of human-centric controls to implement the identified strategy for managing the overall risk of the HOs. An indicative example demonstrated the application of the CH methodology in a simple scenario. Finally, by applying the CH methodology in the health care sector, we obtained results in the form of risk markings; identified strategies to manage the risks; and recommended controls for each of the 3 HOs, each employee group, and each risk category. CONCLUSIONS The proposed CH methodology improves the CH perception and behavior of personnel in the health care sector and provides risk strategies together with a list of recommended human-centric controls for managing a wide range of cybersecurity and data privacy risks related to health care employees.
Collapse
Affiliation(s)
- Elina Argyridou
- KIOS Research and Innovation Center of Excellence, University of Cyprus, Nicosia, Cyprus
| | - Sokratis Nifakos
- Health Informatics Centre, Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, Stockholm, Sweden
| | - Christos Laoudias
- KIOS Research and Innovation Center of Excellence, University of Cyprus, Nicosia, Cyprus
| | - Sakshyam Panda
- Internet of Things and Security Centre, University of Greenwich, London, United Kingdom
| | - Emmanouil Panaousis
- Internet of Things and Security Centre, University of Greenwich, London, United Kingdom
| | - Krishna Chandramouli
- Health Informatics Centre, Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, Stockholm, Sweden
| | - Diana Navarro-Llobet
- Department of Research and Innovation, Fundacio Privada Hospital Asil de Granollers, Barcelona, Spain
| | - Juan Mora Zamorano
- Instituto de Invest, Sanitaria Puerta de Hierro, Servicio Madrileno de Salud , Majadahonda, Madrid, Spain
| | - Panagiotis Papachristou
- Division of Family Medicine and Primary Care, Department of Neurobiology, Care Sciences and Society, Karolinska Institutet, Stockholm, Sweden
| | - Stefano Bonacina
- Health Informatics Centre, Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, Stockholm, Sweden
| |
Collapse
|
13
|
Portela D, Nogueira-Leite D, Almeida R, Cruz-Correia R. Economic Impact of a Hospital Cyberattack in a National Health System: Descriptive Case Study. JMIR Form Res 2023; 7:e41738. [PMID: 37389934 PMCID: PMC10365569 DOI: 10.2196/41738] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/06/2022] [Revised: 04/24/2023] [Accepted: 05/10/2023] [Indexed: 07/01/2023] Open
Abstract
BACKGROUND Over the last decade, the frequency and size of cyberattacks in the health care industry have increased, ranging from breaches of processes or networks to encryption of files that restrict access to data. These attacks may have multiple consequences for patient safety, as they can, for example, target electronic health records, access to critical information, and support for critical systems, thereby causing delays in hospital activities. The effects of cybersecurity breaches are not only a threat to patients' lives but also have financial consequences due to causing inactivity in health care systems. However, publicly available information on these incidents quantifying their impact is scarce. OBJECTIVE We aim, while using public domain data from Portugal, to (1) identify data breaches in the public national health system since 2017 and (2) measure the economic impact using a hypothesized scenario as a case study. METHODS We retrieved data from multiple national and local media sources on cybersecurity from 2017 until 2022 and built a timeline of attacks. In the absence of public information on cyberattacks, reported drops in activity were estimated using a hypothesized scenario for affected resources and percentages and duration of inactivity. Only direct costs were considered for estimates. Data for estimates were produced based on planned activity through the hospital contract program. We use sensitivity analysis to illustrate how a midlevel ransomware attack might impact health institutions' daily costs (inferring a potential range of values based on assumptions). Given the heterogeneity of our included parameters, we also provide a tool for users to distinguish such impacts of different attacks on institutions according to different contract programs, served population size, and proportion of inactivity. RESULTS From 2017 to 2022, we were able to identify 6 incidents in Portuguese public hospitals using public domain data (there was 1 incident each year and 2 in 2018). Financial impacts were obtained from a cost point of view, where estimated values have a minimum-to-maximum range of €115,882.96 to €2,317,659.11 (a currency exchange rate of €1=US $1.0233 is applicable). Costs of this range and magnitude were inferred assuming different percentages of affected resources and with different numbers of working days while considering the costs of external consultation, hospitalization, and use of in- and outpatient clinics and emergency rooms, for a maximum of 5 working days. CONCLUSIONS To enhance cybersecurity capabilities at hospitals, it is important to provide robust information to support decision-making. Our study provides valuable information and preliminary insights that can help health care organizations better understand the costs and risks associated with cyber threats and improve their cybersecurity strategies. Additionally, it demonstrates the importance of adopting effective preventive and reactive strategies, such as contingency plans, as well as enhanced investment in improving cybersecurity capabilities in this critical area while aiming to achieve cyber-resilience.
Collapse
Affiliation(s)
- Diana Portela
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
| | - Diogo Nogueira-Leite
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
- Nova School of Business and Economics Health Economics and Management Knowledge Center, New University of Lisbon, Lisbon, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| | - Rafael Almeida
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| | - Ricardo Cruz-Correia
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| |
Collapse
|
14
|
Puder A, Henle J, Sax E. Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry. Healthcare (Basel) 2023; 11:healthcare11060872. [PMID: 36981529 PMCID: PMC10048460 DOI: 10.3390/healthcare11060872] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/29/2023] [Revised: 03/03/2023] [Accepted: 03/14/2023] [Indexed: 03/19/2023] Open
Abstract
Prevailing trends in the automotive and medical device industry, such as life cycle overarching configurability, connectivity, and automation, require an adaption of development processes, especially regarding the security and safety thereof. The changing requirements imply that interfaces are more exposed to the outside world, making them more vulnerable to cyberattacks or data leaks. Consequently, not only do development processes need to be revised but also cybersecurity countermeasures and a focus on safety, as well as privacy, have become vital. While vehicles are especially exposed to cybersecurity and safety risks, the medical devices industry faces similar issues. In the automotive industry, proposals and draft regulations exist for security-related risk assessment processes. The medical device industry, which has less experience in these topics and is more heterogeneous, may benefit from drawing inspiration from these efforts. We examined and compared current standards, processes, and methods in both the automotive and medical industries. Based on the requirements regarding safety and security for risk analysis in the medical device industry, we propose the adoption of methods already established in the automotive industry. Furthermore, we present an example based on an interoperable Operating Room table (OR table).
Collapse
Affiliation(s)
- Andreas Puder
- Embedded Systems, Getinge AB, 76437 Rastatt, Germany;
| | - Jacqueline Henle
- Embedded Systems and Sensors Engineering (ESS), FZI Research Center for Information Technology, 10117 Berlin, Germany;
| | - Eric Sax
- Institute for Information Processing Technologies (ITIV), Karlsruhe Institute of Technology (KIT), 76131 Karlsruhe, Germany
- Correspondence:
| |
Collapse
|
15
|
Ahouanmenou S, Van Looy A, Poels G. Information security and privacy in hospitals: a literature mapping and review of research gaps. Inform Health Soc Care 2023; 48:30-46. [PMID: 35300555 DOI: 10.1080/17538157.2022.2049274] [Citation(s) in RCA: 2] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/05/2022]
Abstract
Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function "Protect," meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.
Collapse
Affiliation(s)
- Steve Ahouanmenou
- Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, Belgium
| | - Amy Van Looy
- Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, Belgium
| | - Geert Poels
- Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, Belgium.,FlandersMake@UGent - core lab, CVAMO, Ghent, Belgium
| |
Collapse
|
16
|
Fernandez De Arroyabe I, Arranz CF, Arroyabe MF, Fernandez de Arroyabe JC. Cybersecurity capabilities and cyber-attacks as drivers of investment in cybersecurity systems: A UK survey for 2018 and 2019. Comput Secur 2023. [DOI: 10.1016/j.cose.2022.102954] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 12/05/2022]
|
17
|
Giovannoni G, Alvarez E, Tutton E, Hoffmann O, Xu Y, Vermersch P, Oreja-Guevara C, Trojano M, Gold R, Robles-Cedeño R, Khwaja M, Stadler B, Vandercappellen J, Ziemssen T. Development and usability testing of your MS questionnaire: A patient-based digital tool to monitor symptoms of multiple sclerosis. Digit Health 2023; 9:20552076231173531. [PMID: 37205165 PMCID: PMC10185975 DOI: 10.1177/20552076231173531] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/08/2022] [Accepted: 04/14/2023] [Indexed: 05/21/2023] Open
Abstract
Objectives We describe the development of Your Multiple Sclerosis Questionnaire and present the real-world usability testing results of Your Multiple Sclerosis Questionnaire. Methods The Your Multiple Sclerosis Questionnaire tool was developed in four stages to collect feedback from people living with MS (plwMS), patient organizations, and clinicians on content, format, and applicability. To assess its usability, 13 clinicians across 7 countries completed an online survey after using the tool with plwMS in a total of 261 consultations from September, 2020 to July, 2021. Results The initial Your Multiple Sclerosis Questionnaire version was based on findings from previous research developing MSProDiscuss™, a clinician-completed tool. Subsequently, insights from plwMS obtained during cognitive debriefing, patient councils and advisory boards led to changes including the addition of mood and sexual problems and the definition of relapse. All 13 clinicians completed the individual survey, whereas 10 clinicians completed the final survey. Clinicians "strongly agreed" or "agreed" that Your Multiple Sclerosis Questionnaire was easy to use and understand (98.5%; 257/261 patient consultations). The clinicians were willing to use the tool again with the same patient (98.1%; 256/261 patient consultations). All clinicians who completed the final survey (100%; 10/10) reported the tool to have a positive influence on their clinical practice, helped patients engage with their MS, facilitated discussion with patients, and complemented neurological assessment. Conclusion Your Multiple Sclerosis Questionnaire benefits both plwMS and clinicians by facilitating a structured discussion and engaging the plwMS to self-monitor and self-manage. Your Multiple Sclerosis Questionnaire is compatible with telemedicine practice and integration of the tool into electronic health records would enable tracking of the disease evolution and individual monitoring of MS symptoms over time.
Collapse
Affiliation(s)
- Gavin Giovannoni
- Blizard Institute, Barts and The London
School of Medicine and Dentistry, Queen Mary University of London, London, UK
| | | | | | - Olaf Hoffmann
- Department of Neurology, Alexianer St
Josefs Hospital, Potsdam, Germany
- Brandenburg Medical School Theodor
Fontane, Neuruppin, Germany
| | - Yan Xu
- Multiple Sclerosis Center, Department
of Neurology, Peking Union Medical College Hospital, Peking Union Medical College,
Chinese Academy of Medical Sciences, Beijing, People's Republic of China
| | - Patrick Vermersch
- University of Lille, Inserm UMR U1172
LilNCog, CHU Lille, FHU Precise, Lille, France
| | | | - Maria Trojano
- Department of Basic Medical Science,
Neurosciences and Sense Organs, University of Bari, Bari, Italy
| | - Ralf Gold
- Department of Neurology, St
Josef-Hospital/Ruhr-University Bochum, Bochum, Germany
| | | | | | | | | | - Tjalf Ziemssen
- Center of Clinical Neuroscience,
Department of Neurology, Carl Gustav Carus University Clinic, Technische Universität
Dresden, Dresden, Germany
| |
Collapse
|
18
|
Dart M, Ahmed M. CYBER-AIDD: A novel approach to implementing improved cyber security resilience for large Australian healthcare providers using a Unified Modelling Language ontology. Digit Health 2023; 9:20552076231191095. [PMID: 37533776 PMCID: PMC10392183 DOI: 10.1177/20552076231191095] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/17/2023] [Accepted: 07/13/2023] [Indexed: 08/04/2023] Open
Abstract
Purpose This paper proposes a novel cyber security risk governance framework and ontology for large Australian healthcare providers, using the structure and simplicity of the Unified Modelling Language (UML). This framework is intended to mitigate impacts from the risk areas of: (1) cyber-attacks, (2) incidents, (3) data breaches, and (4) data disclosures. Methods Using a mixed-methods approach comprised of empirical evidence discovery and phenomenological review, existing literature is sourced to confirm baseline ontological definitions. These are supplemented with Australian government reports, professional standards publications and legislation covering cyber security, data breach reporting and healthcare governance. Historical examples of healthcare cyber security incidents are reviewed, and a cyber risk governance UML presented to manage the defined problem areas via a single, simplified ontological diagram. Results A clear definition of 'cyber security' is generated, along with the 'CYBER-AIDD' risk model. Specific examples of cyber security incidents impacting Australian healthcare are confirmed as N = 929 over 5 years, with human factors the largest contributor. The CYBER-AIDD UML model presents a workflow across four defined classes, providing a clear approach to implementing the controls required to mitigate risks against verified threats. Conclusions The governance of cyber security in healthcare is complex, in part due to a lack of clarity around key terms and risks, and this is contributing to consistently poor operational outcomes. A focus on the most essential avenues of risk, using a simple UML model, is beneficial in describing these risks and designing governance controls around them.
Collapse
Affiliation(s)
- Martin Dart
- School of Science, Edith Cowan University, Joondalup, WA, Australia
| | - Mohiuddin Ahmed
- School of Science, Edith Cowan University, Joondalup, WA, Australia
| |
Collapse
|
19
|
He Y, Zamani E, Yevseyeva I, Luo C. AI-based Ethical Hacking for Health Information Systems (HIS): a simulation study (Preprint). J Med Internet Res 2022; 25:e41748. [PMID: 37097723 PMCID: PMC10170356 DOI: 10.2196/41748] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/07/2022] [Revised: 12/11/2022] [Accepted: 01/19/2023] [Indexed: 01/20/2023] Open
Abstract
BACKGROUND Health information systems (HISs) are continuously targeted by hackers, who aim to bring down critical health infrastructure. This study was motivated by recent attacks on health care organizations that have resulted in the compromise of sensitive data held in HISs. Existing research on cybersecurity in the health care domain places an imbalanced focus on protecting medical devices and data. There is a lack of a systematic way to investigate how attackers may breach an HIS and access health care records. OBJECTIVE This study aimed to provide new insights into HIS cybersecurity protection. We propose a systematic, novel, and optimized (artificial intelligence-based) ethical hacking method tailored specifically for HISs, and we compared it with the traditional unoptimized ethical hacking method. This allows researchers and practitioners to identify the points and attack pathways of possible penetration attacks on the HIS more efficiently. METHODS In this study, we propose a novel methodological approach to ethical hacking in HISs. We implemented ethical hacking using both optimized and unoptimized methods in an experimental setting. Specifically, we set up an HIS simulation environment by implementing the open-source electronic medical record (OpenEMR) system and followed the National Institute of Standards and Technology's ethical hacking framework to launch the attacks. In the experiment, we launched 50 rounds of attacks using both unoptimized and optimized ethical hacking methods. RESULTS Ethical hacking was successfully conducted using both optimized and unoptimized methods. The results show that the optimized ethical hacking method outperforms the unoptimized method in terms of average time used, the average success rate of exploit, the number of exploits launched, and the number of successful exploits. We were able to identify the successful attack paths and exploits that are related to remote code execution, cross-site request forgery, improper authentication, vulnerability in the Oracle Business Intelligence Publisher, an elevation of privilege vulnerability (in MediaTek), and remote access backdoor (in the web graphical user interface for the Linux Virtual Server). CONCLUSIONS This research demonstrates systematic ethical hacking against an HIS using optimized and unoptimized methods, together with a set of penetration testing tools to identify exploits and combining them to perform ethical hacking. The findings contribute to the HIS literature, ethical hacking methodology, and mainstream artificial intelligence-based ethical hacking methods because they address some key weaknesses of these research fields. These findings also have great significance for the health care sector, as OpenEMR is widely adopted by health care organizations. Our findings offer novel insights for the protection of HISs and allow researchers to conduct further research in the HIS cybersecurity domain.
Collapse
Affiliation(s)
- Ying He
- School of Computer Science, University of Nottingham, Nottingham, United Kingdom
| | - Efpraxia Zamani
- Information School, University of Sheffield, Sheffield, United Kingdom
| | - Iryna Yevseyeva
- School of Computer Science and Informatics, De Montfort University, Leicester, United Kingdom
| | - Cunjin Luo
- School of Computer Science and Electronic Engineering, University of Essex, Colchester, United Kingdom
- Key Laboratory of Medical Electrophysiology, Ministry of Education & Medical Electrophysiological Key Laboratory of Sichuan Province, Collaborative Innovation Center for Prevention of Cardiovascular Diseases, Institute of Cardiovascular Research, Southwest Medical University, Luzhou, China
| |
Collapse
|
20
|
Benis A, Grosjean J, Billey K, Gustavo Montanha Meireles Martins J, Dornauer V, Crisan-Vida M, Hackl WO, Stoicu-Tivadar L, Darmoni S. Medical Informatics and Digital Health Multilingual Ontology (MIMO): a tool to improve international collaborations. Int J Med Inform 2022; 167:104860. [PMID: 36084537 PMCID: PMC9582075 DOI: 10.1016/j.ijmedinf.2022.104860] [Citation(s) in RCA: 5] [Impact Index Per Article: 2.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/24/2022] [Revised: 05/10/2022] [Accepted: 08/24/2022] [Indexed: 11/21/2022]
Abstract
Background Even if English is the leading language for international communication, it is essential to keep in mind that research runs at the local level by local teams generally communicating in their local/national language, especially in Europe among European projects. Objective Therefore, the European Federation for Medical Informatics - Working Group on Health Informatics for Inter-regional Cooperation” has one objective: To develop a multilingual ontology focusing on Health Informatics and Digital Health as a collaboration tool that improves international and, in particular, European collaborations. Results We have developed the Medical Informatics and Digital Health Multilingual Ontology (MIMO). Hosted on the Health Terminology/Ontology Portal (HeTOP), MIMO contains around 1,000 concepts, 460 MeSH Descriptors, 220 MeSH Concepts, and more than 300 newly created concepts. MIMO is continuously updated to comprise as recent as possible concepts and their translations in more than 30 languages. Moreover, the MIMO’s development team constantly improves MIMO content and supporting information. Thus, during workshop discussions and one-on-one exchanges, the MIMO team has collected domain experts’ opinions about the community’s interests and suggestions for future enhancements. Moreover, MIMO will be integrated to support the annotation and categorization of research products into the HosmartAI European project involving more than 20 countries around Europe and worldwide. Conclusion MIMO is hosted by HeTOP (Health Terminology/Ontology Portal), which integrates 100 terminologies and ontologies in 55 languages. MIMO is freely available online. MIMO is portable to other knowledge platforms as part of MIMO’s main aims to facilitate communication between medical librarians, translators, and researchers as well as to support students’ self-learning.
Collapse
|
21
|
Tan TF, Li Y, Lim JS, Gunasekeran DV, Teo ZL, Ng WY, Ting DS. Metaverse and Virtual Health Care in Ophthalmology: Opportunities and Challenges. Asia Pac J Ophthalmol (Phila) 2022; 11:237-246. [PMID: 35772084 DOI: 10.1097/apo.0000000000000537] [Citation(s) in RCA: 21] [Impact Index Per Article: 10.5] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/27/2022] Open
Abstract
ABSTRACT The outbreak of the coronavirus disease 2019 has further increased the urgent need for digital transformation within the health care settings, with the use of artificial intelligence/deep learning, internet of things, telecommunication network/virtual platform, and blockchain. The recent advent of metaverse, an interconnected online universe, with the synergistic combination of augmented, virtual, and mixed reality described several years ago, presents a new era of immersive and real-time experiences to enhance human-to-human social interaction and connection. In health care and ophthalmology, the creation of virtual environment with three-dimensional (3D) space and avatar, could be particularly useful in patient-fronting platforms (eg, telemedicine platforms), operational uses (eg, meeting organization), digital education (eg, simulated medical and surgical education), diagnostics, and therapeutics. On the other hand, the implementation and adoption of these emerging virtual health care technologies will require multipronged approaches to ensure interoperability with real-world virtual clinical settings, user-friendliness of the technologies and clinical efficiencies while complying to the clinical, health economics, regulatory, and cybersecurity standards. To serve the urgent need, it is important for the eye community to continue to innovate, invent, adapt, and harness the unique abilities of virtual health care technology to provide better eye care worldwide.
Collapse
Affiliation(s)
- Ting Fang Tan
- Singapore National Eye Centre, Singapore Eye Research Institute, Singapore, Singapore
| | - Yong Li
- Singapore National Eye Centre, Singapore Eye Research Institute, Singapore, Singapore
- Duke-NUS Medical School, Singapore, Singapore
| | - Jane Sujuan Lim
- Singapore National Eye Centre, Singapore Eye Research Institute, Singapore, Singapore
| | | | - Zhen Ling Teo
- Singapore National Eye Centre, Singapore Eye Research Institute, Singapore, Singapore
| | - Wei Yan Ng
- Singapore National Eye Centre, Singapore Eye Research Institute, Singapore, Singapore
| | - Daniel Sw Ting
- Singapore National Eye Centre, Singapore Eye Research Institute, Singapore, Singapore
- Duke-NUS Medical School, Singapore, Singapore
| |
Collapse
|
22
|
Mosch LK, Poncette AS, Spies C, Weber-Carstens S, Schieler M, Krampe H, Balzer F. Creation of an Evidence-Based Implementation Framework for Digital Health Technology in the Intensive Care Unit: Qualitative Study. JMIR Form Res 2022; 6:e22866. [PMID: 35394445 PMCID: PMC9034425 DOI: 10.2196/22866] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/07/2020] [Revised: 02/01/2021] [Accepted: 11/27/2021] [Indexed: 12/01/2022] Open
Abstract
Background Digital health technologies such as continuous remote monitoring and artificial intelligence–driven clinical decision support systems could improve clinical outcomes in intensive care medicine. However, comprehensive evidence and guidelines for the successful implementation of digital health technologies into specific clinical settings such as the intensive care unit (ICU) are scarce. We evaluated the implementation of a remote patient monitoring platform and derived a framework proposal for the implementation of digital health technology in an ICU. Objective This study aims to investigate barriers and facilitators to the implementation of a remote patient monitoring technology and to develop a proposal for an implementation framework for digital health technology in the ICU. Methods This study was conducted from May 2018 to March 2020 during the implementation of a tablet computer–based remote patient monitoring system. The system was installed in the ICU of a large German university hospital as a supplementary monitoring device. Following a hybrid qualitative approach with inductive and deductive elements, we used the Consolidated Framework for Implementation Research and the Expert Recommendations for Implementing Change to analyze the transcripts of 7 semistructured interviews with clinical ICU stakeholders and descriptive questionnaire data. The results of the qualitative analysis, together with the findings from informal meetings, field observations, and previous explorations, provided the basis for the derivation of the proposed framework. Results This study revealed an insufficient implementation process due to lack of staff engagement and few perceived benefits from the novel solution. Further implementation barriers were the high staff presence and monitoring coverage in the ICU. The implementation framework includes strategies to be applied before and during implementation, targeting the implementation setting by involving all ICU stakeholders, assessing the intervention’s adaptability, facilitating the implementation process, and maintaining a vital feedback culture. Setting up a unit responsible for implementation, considering the guidance of an implementation advisor, and building on existing institutional capacities could improve the institutional context of implementation projects in the ICU. Conclusions Implementation of digital health in the ICU should involve a thorough preimplementation assessment of the ICU’s need for innovation and its readiness to change, as well as an ongoing evaluation of the implementation conditions. Involvement of all stakeholders, transparent communication, and continuous feedback in an equal atmosphere are essential, but leadership roles must be clearly defined and competently filled. Our proposed framework may guide health care providers with concrete, evidence-based, and step-by-step recommendations for implementation practice, facilitating the introduction of digital health in intensive care. Trial Registration ClinicalTrials.gov NCT03514173; https://clinicaltrials.gov/ct2/show/NCT03514173
Collapse
Affiliation(s)
- Lina Katharina Mosch
- Institute of Medical Informatics, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany.,Department of Anesthesiology and Intensive Care Medicine, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany
| | - Akira-Sebastian Poncette
- Institute of Medical Informatics, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany.,Department of Anesthesiology and Intensive Care Medicine, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany
| | - Claudia Spies
- Department of Anesthesiology and Intensive Care Medicine, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany
| | - Steffen Weber-Carstens
- Department of Anesthesiology and Intensive Care Medicine, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany
| | - Monique Schieler
- Department of Anesthesiology and Intensive Care Medicine, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany
| | - Henning Krampe
- Department of Anesthesiology and Intensive Care Medicine, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany
| | - Felix Balzer
- Institute of Medical Informatics, Charité - Universitätsmedizin Berlin, Corporate Member of Freie Universität Berlin and Humboldt-Universität zu Berlin, Berlin, Germany
| |
Collapse
|
23
|
Health-related quality of life in cancer immunotherapy: a systematic perspective, using causal loop diagrams. Qual Life Res 2022; 31:2357-2366. [PMID: 35298735 PMCID: PMC8929267 DOI: 10.1007/s11136-022-03110-5] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Accepted: 02/18/2022] [Indexed: 11/26/2022]
Abstract
Purpose System science offers a unique set of tools, including causal loop diagrams (CLDs), for stakeholders to better grasp the complexity of factors surrounding quality of life. Because the health-related quality of life (HRQoL) of cancer immunotherapy patients exists within an intricate system affected by and affecting many factors across multiple dimensions, the development of a systems-level model can provide a powerful framework to aid the understanding of this complexity. We developed a CLD for HRQoL of cancer immunotherapy patients. Methods We first applied a literature-based approach to construct a CLD for patients following immunotherapy. We then iteratively reviewed and enhanced the CLD through interviews with subject matter experts. Results Based on the reviewed literature and subject matter expert input, we produced a CLD representing the system surrounding cancer immunotherapy patients’ HRQoL. Several feedback loops are identified that span clinical experiences, oncology teams’ perceptions about immunotherapy, social support structures, and further research and development in cancer immunotherapy, in addition to other components. The CLD enables visualization of thought experiments regarding how a change anywhere in the system can ultimately worsen or improve patients’ HRQoL. Conclusion The CLD illustrates the valuable contribution of a systems perspective to quality-of-life research. This systems-based qualitative representation gives insight on strategies to inhibit harmful effects, enhance beneficial effects, and inherent tradeoffs within the system. The CLD identifies gaps in the literature and offers a communication tool for diverse stakeholders. Our research method provides an example for studying the complexities of quality of life in other health domains. Supplementary Information The online version contains supplementary material available at 10.1007/s11136-022-03110-5.
Collapse
|
24
|
Gioulekas F, Stamatiadis E, Tzikas A, Gounaris K, Georgiadou A, Michalitsi-Psarrou A, Doukas G, Kontoulis M, Nikoloudakis Y, Marin S, Cabecinha R, Ntanos C. A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures. Healthcare (Basel) 2022; 10:healthcare10020327. [PMID: 35206941 PMCID: PMC8871847 DOI: 10.3390/healthcare10020327] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/07/2022] [Revised: 01/31/2022] [Accepted: 02/07/2022] [Indexed: 01/27/2023] Open
Abstract
Recent studies report that cybersecurity breaches noticed in hospitals are associated with low levels of personnel’s cybersecurity awareness. This work aims to assess the cybersecurity culture in healthcare institutions from middle- to low-income EU countries. The evaluation process was designed and performed via anonymous online surveys targeting individually ICT (internet and communication technology) departments and healthcare professionals. The study was conducted in 2019 for a health region in Greece, with a significant number of hospitals and health centers, a large hospital in Portugal, and a medical clinic in Romania, with 53.6% and 6.71% response rates for the ICT and healthcare professionals, respectively. Its findings indicate the necessity of establishing individual cybersecurity departments to monitor assets and attitudes while underlying the importance of continuous security awareness training programs. The analysis of our results assists in comprehending the countermeasures, which have been implemented in the healthcare institutions, and consequently enhancing cybersecurity defense, while reducing the risk surface.
Collapse
Affiliation(s)
- Fotios Gioulekas
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 411 10 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Evangelos Stamatiadis
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 411 10 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Athanasios Tzikas
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 411 10 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Konstantinos Gounaris
- 5th Regional Health Authority of Thessaly & Sterea, Mezourlo, 411 10 Larissa, Greece; (F.G.); (E.S.); (A.T.); (K.G.)
| | - Anna Georgiadou
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
- Correspondence:
| | - Ariadni Michalitsi-Psarrou
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
| | - Georgios Doukas
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
| | - Michael Kontoulis
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
| | - Yannis Nikoloudakis
- Department of Electrical & Computer Engineering, Hellenic Mediterranean University, 710 04 Heraklion, Greece;
| | - Sergiu Marin
- Polaris Medical Clinica de Tratament si Recuperare, Str. Principală, 407062 Suceagu, Romania;
| | - Ricardo Cabecinha
- Hospital do Espírito Santo de Évora, EPE, Largo Senhor da Pobreza, 7000-811 Évora, Portugal;
| | - Christos Ntanos
- Decision Support Systems Laboratory, National Technical University of Athens, 15 780 Zografou, Greece; (A.M.-P.); (G.D.); (M.K.); (C.N.)
| |
Collapse
|
25
|
Zhou Q, Zuley M, Guo Y, Yang L, Nair B, Vargo A, Ghannam S, Arefan D, Wu S. A machine and human reader study on AI diagnosis model safety under attacks of adversarial images. Nat Commun 2021; 12:7281. [PMID: 34907229 PMCID: PMC8671500 DOI: 10.1038/s41467-021-27577-x] [Citation(s) in RCA: 14] [Impact Index Per Article: 4.7] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/13/2020] [Accepted: 11/26/2021] [Indexed: 11/08/2022] Open
Abstract
While active efforts are advancing medical artificial intelligence (AI) model development and clinical translation, safety issues of the AI models emerge, but little research has been done. We perform a study to investigate the behaviors of an AI diagnosis model under adversarial images generated by Generative Adversarial Network (GAN) models and to evaluate the effects on human experts when visually identifying potential adversarial images. Our GAN model makes intentional modifications to the diagnosis-sensitive contents of mammogram images in deep learning-based computer-aided diagnosis (CAD) of breast cancer. In our experiments the adversarial samples fool the AI-CAD model to output a wrong diagnosis on 69.1% of the cases that are initially correctly classified by the AI-CAD model. Five breast imaging radiologists visually identify 29%-71% of the adversarial samples. Our study suggests an imperative need for continuing research on medical AI model's safety issues and for developing potential defensive solutions against adversarial attacks.
Collapse
Affiliation(s)
- Qianwei Zhou
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA
- College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, 310023, China
- Key Laboratory of Visual Media Intelligent Processing Technology of Zhejiang Province, Hangzhou, 310023, China
| | - Margarita Zuley
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA
- Magee-Womens Hospital, University of Pittsburgh Medical Center, Pittsburgh, PA, 15213, USA
| | - Yuan Guo
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA
- Department of Radiology, Guangzhou First People's Hospital, School of Medicine, South China University of Technology, Guangzhou, 510180, China
| | - Lu Yang
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA
- Chongqing Key Laboratory of Translational Research for Cancer Metastasis and Individualized Treatment, Chongqing University Cancer Hospital, Chongqing, 400030, China
| | - Bronwyn Nair
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA
- Magee-Womens Hospital, University of Pittsburgh Medical Center, Pittsburgh, PA, 15213, USA
| | - Adrienne Vargo
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA
- Magee-Womens Hospital, University of Pittsburgh Medical Center, Pittsburgh, PA, 15213, USA
| | - Suzanne Ghannam
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA
- Magee-Womens Hospital, University of Pittsburgh Medical Center, Pittsburgh, PA, 15213, USA
| | - Dooman Arefan
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA
| | - Shandong Wu
- Department of Radiology, University of Pittsburgh, Pittsburgh, PA, 15213, USA.
- Department of Biomedical Informatics, University of Pittsburgh, Pittsburgh, PA, 15213, USA.
- Department of Bioengineering, University of Pittsburgh, Pittsburgh, PA, 15213, USA.
- Intelligent Systems Program, University of Pittsburgh, Pittsburgh, PA, 15213, USA.
| |
Collapse
|
26
|
Sfakianakis S, Spanakis EG, Mari P, Tesfai Ogbu I, Bossini Baroggi M, Magalini S, Sakkalis V. PANACEA resilient and secure toolkit for healthcare infrastructures. ANNUAL INTERNATIONAL CONFERENCE OF THE IEEE ENGINEERING IN MEDICINE AND BIOLOGY SOCIETY. IEEE ENGINEERING IN MEDICINE AND BIOLOGY SOCIETY. ANNUAL INTERNATIONAL CONFERENCE 2021; 2021:2015-2019. [PMID: 34891683 DOI: 10.1109/embc46164.2021.9630292] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/14/2023]
Abstract
Healthcare organizations are frequently subject to cybersecurity incidents. The outbreak of a pandemic such as COVID-19 has shown the need for specific operational and organizational measures to be in place in order to reduce the risk of successful cyberattacks. Time will be key: preparation is needed to ensure quick secure set-up of additional resources (IT, staff, medical devices) when the next emergency will hit. The PANACEA Solution Toolkit is a suite of complementary tools to provide Health Care Organizations (HCO) with assessment, guidance, technical and organizational "infrastructure" to address the cybersecurity challenges. It provides support for fortifying health organizations against cyber threats on multiple different levels (technical, behavioral, organizational, strategical) and across a diverse set of workflows and scenarios. In order to determine whether the toolkit satisfies the specific business and users' requirements in the selected use cases, a detailed validation plan and execution roadmap is established taking into account the constraints of the current emergent situation.
Collapse
|
27
|
Alhuwail D, Al-Jafar E, Abdulsalam Y, AlDuaij S. Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities. Appl Clin Inform 2021; 12:924-932. [PMID: 34587638 DOI: 10.1055/s-0041-1735527] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/20/2022] Open
Abstract
OBJECTIVES This study investigated information security behaviors of professionals working in the public health sector to guide policymakers toward focusing their investments in infrastructure and training on the most vulnerable segments. We sought to answer the following questions: (1) Are certain professional demographics more vulnerable to cybersecurity threats? (2) Do professionals in different institution types (i.e., hospitals vs. primary care clinics) exhibit different cybersecurity behaviors? (3) Can Internet usage behaviors by professionals be indicative of their cybersecurity awareness and the risk they introduce? METHODS A cross-sectional, anonymous, paper-based survey was distributed among professionals working in public health care organizations in Kuwait. Data were collected about each professional's role, experience, work environment, cybersecurity practices, and understanding to calculate a cybersecurity score which indicates their level of compliance to good cybersecurity practices. We also asked about respondents' internet usage and used K-means cluster analysis to segment respondents into three groups based on their internet activities at work. Ordinary least squares regression assessed the association between the collected independent variables in question on the overall cybersecurity behavior. RESULTS A total of 453/700 (64%) were responded to the survey. The results indicated that professionals with more work experience demonstrated higher compliance with good cybersecurity practices. Interestingly, nurses demonstrate higher cybersecurity aptitude relative to physicians. Professionals that were less inclined to use the internet for personal use during their work demonstrated higher cybersecurity aptitude. CONCLUSION Our findings provide some guidance regarding how to target health care professional training to mitigate cybersecurity risks. There is a need for ensuring that physicians receive adequate cybersecurity training, despite the opportunity costs and other issues competing for their attention. Additionally, classifying professionals based on their internet browsing patterns may identify individuals vulnerable to cybersecurity incidents better than more discrete indicators such as age or gender.
Collapse
Affiliation(s)
- Dari Alhuwail
- Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait.,Health Informatics Unit, Dasman Diabetes Institute, Kuwait City, Kuwait
| | - Eiman Al-Jafar
- Health Informatics and Information Management, Faculty of Allied Health Sciences, Kuwait University, Kuwait City, Kuwait
| | - Yousef Abdulsalam
- Quantitative Methods and Information Systems, College of Business Administration, Kuwait University, Kuwait City, Kuwait
| | - Shaikha AlDuaij
- Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait
| |
Collapse
|
28
|
Choi SJ, Johnson ME. The relationship between cybersecurity ratings and the risk of hospital data breaches. J Am Med Inform Assoc 2021; 28:2085-2092. [PMID: 34338786 DOI: 10.1093/jamia/ocab142] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/27/2020] [Revised: 06/01/2021] [Accepted: 06/24/2021] [Indexed: 11/12/2022] Open
Abstract
OBJECTIVE We investigated the progression of healthcare cybersecurity over 2014-2019 as measured by external risk ratings. We further examined the relationship between hospital data breaches and cybersecurity ratings. MATERIALS AND METHODS Using Fortune 1000 firms as a benchmark, time trends in hospital cybersecurity ratings were compared using linear regression. Further, the relationship between hospital data breaches and cybersecurity ratings was modeled using logistic regression. Hospital breach data were collected from US HHS, and cybersecurity ratings were provided by BitSight. The resulting study sample yielded 3528 hospital-year observations. RESULTS In aggregate, we found that hospitals had significantly lower cybersecurity ratings than Fortune 1000 firms, however, hospitals have closed the gap in recent years. We also found that hospitals with the low security ratings were associated with significant risk of a data breach, with the probability of a breach in a given year ranging from 14% to 33%. DISCUSSION Recent cyber-attacks in healthcare continue to illustrate the need to better secure information systems. While hospitals have reduced cyber risk over the past decade, they remain statistically more vulnerable than the Fortune 1000 firms against botnets, spam, and malware. CONCLUSION Policy makers should continue encouraging acute-care hospitals to proactively invest in security controls that reduce cyber risk. Best practices from other sectors like the financial services sector could provide useful guides and benchmarks for improvement.
Collapse
Affiliation(s)
- Sung J Choi
- School of Global Health Management and Informatics, College of Community Innovation and Education, University of Central Florida, Orlando, Florida, USA
| | - M Eric Johnson
- Owen Graduate School of Management, Vanderbilt University, Nashville, Tennessee, USA
| |
Collapse
|
29
|
Nifakos S, Chandramouli K, Nikolaou CK, Papachristou P, Koch S, Panaousis E, Bonacina S. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. SENSORS 2021; 21:s21155119. [PMID: 34372354 PMCID: PMC8348467 DOI: 10.3390/s21155119] [Citation(s) in RCA: 21] [Impact Index Per Article: 7.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/29/2021] [Revised: 07/15/2021] [Accepted: 07/16/2021] [Indexed: 01/05/2023]
Abstract
Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.
Collapse
Affiliation(s)
- Sokratis Nifakos
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
- Correspondence: ; Tel.: +46-73-7121-475
| | - Krishna Chandramouli
- School of Electronic Engineering and Computer Science, Queen Mary University of London, London E1 4NS, UK;
| | | | - Panagiotis Papachristou
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| | - Sabine Koch
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| | - Emmanouil Panaousis
- School of Computing and Mathematical Sciences, University of Greenwich, London SE10 9LS, UK;
| | - Stefano Bonacina
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| |
Collapse
|
30
|
Lambraki IA, Majowicz SE, Parmley EJ, Wernli D, Léger A, Graells T, Cousins M, Harbarth S, Carson C, Henriksson P, Troell M, Jørgensen PS. Building Social-Ecological System Resilience to Tackle Antimicrobial Resistance Across the One Health Spectrum: Protocol for a Mixed Methods Study. JMIR Res Protoc 2021; 10:e24378. [PMID: 34110296 PMCID: PMC8262547 DOI: 10.2196/24378] [Citation(s) in RCA: 7] [Impact Index Per Article: 2.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/16/2020] [Revised: 02/26/2021] [Accepted: 03/17/2021] [Indexed: 12/12/2022] Open
Abstract
BACKGROUND Antimicrobial resistance (AMR) is an escalating global crisis with serious health, social, and economic consequences. Building social-ecological system resilience to reduce AMR and mitigate its impacts is critical. OBJECTIVE The aim of this study is to compare and assess interventions that address AMR across the One Health spectrum and determine what actions will help to build social and ecological capacity and readiness to sustainably tackle AMR. METHODS We will apply social-ecological resilience theory to AMR in an explicit One Health context using mixed methods and identify interventions that address AMR and its key pressure antimicrobial use (AMU) identified in the scientific literature and in the gray literature using a web-based survey. Intervention impacts and the factors that challenge or contribute to the success of interventions will be determined, triangulated against expert opinions in participatory workshops and complemented using quantitative time series analyses. We will then identify indicators using regression modeling, which can predict national and regional AMU or AMR dynamics across animal and human health. Together, these analyses will help to quantify the causal loop diagrams (CLDs) of AMR in the European and Southeast Asian food system contexts that are developed by diverse stakeholders in participatory workshops. Then, using these CLDs, the long-term impacts of selected interventions on AMR will be explored under alternate future scenarios via simulation modeling and participatory workshops. A publicly available learning platform housing information about interventions on AMR from a One Health perspective will be developed to help decision makers identify promising interventions for application in their jurisdictions. RESULTS To date, 669 interventions have been identified in the scientific literature, 891 participants received a survey invitation, and 4 expert feedback and 4 model-building workshops have been conducted. Time series analysis, regression modeling of national and regional indicators of AMR dynamics, and scenario modeling activities are anticipated to be completed by spring 2022. Ethical approval has been obtained from the University of Waterloo's Office of Research Ethics (ethics numbers 40519 and 41781). CONCLUSIONS This paper provides an example of how to study complex problems such as AMR, which require the integration of knowledge across sectors and disciplines to find sustainable solutions. We anticipate that our study will contribute to a better understanding of what actions to take and in what contexts to ensure long-term success in mitigating AMR and its impact and provide useful tools (eg, CLDs, simulation models, and public databases of compiled interventions) to guide management and policy decisions. INTERNATIONAL REGISTERED REPORT IDENTIFIER (IRRID) DERR1-10.2196/24378.
Collapse
Affiliation(s)
- Irene Anna Lambraki
- School of Public Health and Health Systems, University of Waterloo, Waterloo, ON, Canada
| | | | - Elizabeth Jane Parmley
- Department of Population Medicine, Ontario Veterinary College, University of Guelph, Guelph, ON, Canada
| | - Didier Wernli
- Global Studies Institute, University of Geneva, Geneva, Switzerland
| | - Anaïs Léger
- Global Studies Institute, University of Geneva, Geneva, Switzerland
| | - Tiscar Graells
- Global Economic Dynamics and the Biosphere, Royal Swedish Academy of Sciences, Stockholm, Sweden
- Stockholm Resilience Centre, Stockholm University, Stockholm, Sweden
| | - Melanie Cousins
- School of Public Health and Health Systems, University of Waterloo, Waterloo, ON, Canada
| | - Stephan Harbarth
- Infection Control Programme and WHO Collaborating Centre on Patient Safety, Geneva University Hospitals and Faculty of Medicine, Geneva, Switzerland
| | - Carolee Carson
- Canadian Integrated Program for Antimicrobial Resistance Surveillance, Public Health Agency of Canada, Guelph, ON, Canada
| | - Patrik Henriksson
- Stockholm Resilience Centre, Stockholm University, Stockholm, Sweden
- Beijer Institute of Ecological Economics, Royal Swedish Academy of Sciences, Stockholm, Sweden
- WorldFish, Penang, Malaysia
| | - Max Troell
- Stockholm Resilience Centre, Stockholm University, Stockholm, Sweden
- Beijer Institute of Ecological Economics, Royal Swedish Academy of Sciences, Stockholm, Sweden
| | - Peter Søgaard Jørgensen
- Global Economic Dynamics and the Biosphere, Royal Swedish Academy of Sciences, Stockholm, Sweden
- Stockholm Resilience Centre, Stockholm University, Stockholm, Sweden
| |
Collapse
|
31
|
Maggio LA, Dameff C, Kanter SL, Woods B, Tully J. Cybersecurity Challenges and the Academic Health Center: An Interactive Tabletop Simulation for Executives. ACADEMIC MEDICINE : JOURNAL OF THE ASSOCIATION OF AMERICAN MEDICAL COLLEGES 2021; 96:850-853. [PMID: 33239532 DOI: 10.1097/acm.0000000000003859] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/11/2023]
Abstract
PROBLEM Academic health centers (AHCs) face cybersecurity vulnerabilities that have potential costs to an institution's finances, reputation, and ability to deliver care. Yet many AHC executives may not have sufficient knowledge of the potential impact of cyberattacks on institutional missions such as clinical care, research, and education. Improved cybersecurity awareness and education are areas of opportunity for many AHCs. APPROACH The authors developed and facilitated a tabletop cybersecurity simulation at an international conference for AHC leaders in September 2019 to raise awareness of cybersecurity issues and threats and to provide a forum for discussions of concerns specific to CEOs and C-suite-level executives. The 3.5-hour interactive simulation used an evolving, 3-phase case study describing a hypothetical cyberattack on an AHC with a ransomware demand. The approximately 70 participants, from AHCs spanning 25 states and 11 countries, worked in teams and discussed how they would react if they held roles similar to their real-life positions. The authors provide the full scenario as a resource. OUTCOMES The exercise was well received by the participants. In the postsession debrief, many participants noted that cybersecurity preparedness had not received the level of institutional attention given to threats such as epidemics or natural disasters. Significant variance in teams' courses of action during the simulation highlighted a lack of consensus with regard to foundational decisions. Participants identified this as an area that could be remedied by the development of guidelines or protocols. NEXT STEPS As health care cybersecurity challenges persist or grow in magnitude, AHCs will have increased opportunities to lead in the development of best practices for preparedness and response. AHCs are well positioned to work with clinicians, security professionals, regulators, law enforcement, and other stakeholders to develop tools and protocols to improve health care cybersecurity and better protect patients.
Collapse
Affiliation(s)
- Lauren A Maggio
- L.A. Maggio is programs scholar, Association of Academic Health Centers, Washington, DC, and professor of medicine, Uniformed Services University of the Health Sciences, Bethesda, Maryland
| | - Christian Dameff
- C. Dameff is assistant professor of emergency medicine, biomedical informatics and computer science, University of California, San Diego, La Jolla, California
| | - Steven L Kanter
- S.L. Kanter is president and CEO, Association of Academic Health Centers, Washington, DC
| | - Beau Woods
- B. Woods is a cyber safety innovation fellow, Atlantic Council, and leader, I Am the Cavalry, Washington, DC
| | - Jeffrey Tully
- J. Tully is assistant professor of anesthesiology and pain medicine, University of California, Davis, Medical Center, Sacramento, California
| |
Collapse
|
32
|
He Y, Aliyu A, Evans M, Luo C. Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review. J Med Internet Res 2021; 23:e21747. [PMID: 33764885 PMCID: PMC8059789 DOI: 10.2196/21747] [Citation(s) in RCA: 33] [Impact Index Per Article: 11.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/23/2020] [Revised: 12/08/2020] [Accepted: 02/21/2021] [Indexed: 01/14/2023] Open
Abstract
BACKGROUND COVID-19 has challenged the resilience of the health care information system, which has affected our ability to achieve the global goal of health and well-being. The pandemic has resulted in a number of recent cyberattacks on hospitals, pharmaceutical companies, the US Department of Health and Human Services, the World Health Organization and its partners, and others. OBJECTIVE The aim of this review was to identify key cybersecurity challenges, solutions adapted by the health sector, and areas of improvement needed to counteract the recent increases in cyberattacks (eg, phishing campaigns and ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people introduced through changes to working practices in response to the COVID-19 pandemic. METHODS A scoping review was conducted by searching two major scientific databases (PubMed and Scopus) using the search formula "(covid OR healthcare) AND cybersecurity." Reports, news articles, and industry white papers were also included if they were related directly to previously published works, or if they were the only available sources at the time of writing. Only articles in English published in the last decade were included (ie, 2011-2020) in order to focus on current issues, challenges, and solutions. RESULTS We identified 9 main challenges in cybersecurity, 11 key solutions that health care organizations adapted to address these challenges, and 4 key areas that need to be strengthened in terms of cybersecurity capacity in the health sector. We also found that the most prominent and significant methods of cyberattacks that occurred during the pandemic were related to phishing, ransomware, distributed denial-of-service attacks, and malware. CONCLUSIONS This scoping review identified the most impactful methods of cyberattacks that targeted the health sector during the COVID-19 pandemic, as well as the challenges in cybersecurity, solutions, and areas in need of improvement. We provided useful insights to the health sector on cybersecurity issues during the COVID-19 pandemic as well as other epidemics or pandemics that may materialize in the future.
Collapse
Affiliation(s)
- Ying He
- School of Computer Science, University of Nottingham, Nottingham, United Kingdom
| | - Aliyu Aliyu
- School of Computer Science and Informatics, De Montfort University, Leicester, United Kingdom
| | - Mark Evans
- School of Computer Science and Informatics, De Montfort University, Leicester, United Kingdom
| | - Cunjin Luo
- School of Computer Science and Electronic Engineering, University of Essex, Colchester, United Kingdom
- Key Lab of Medical Electrophysiology, Ministry of Education, Institute of Cardiovascular Research, Southwest Medical University, Luzhou, China
| |
Collapse
|
33
|
Falconer N, Monaghan C, Snoswell CL. The pharmacist informatician: providing an innovative model of care during the COVID-19 crisis. INTERNATIONAL JOURNAL OF PHARMACY PRACTICE 2021; 29:152-156. [PMID: 33729527 PMCID: PMC7953964 DOI: 10.1093/ijpp/riaa017] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/17/2020] [Accepted: 11/09/2020] [Indexed: 01/19/2023]
Abstract
OBJECTIVES The global coronavirus pandemic has expedited digitisation in every industry, especially healthcare, and has highlighted the potential for informatics pharmacists to provide valuable input into crisis management. Informatics pharmacists can combine their clinical and information technology skills to help provide essential patient safety services related to medication management, procurement and analytics. The objective of this study was to determine the key opportunities for a pharmacist informatician to improve patient care and outcomes during the COVID-19 pandemic. METHODS Fourteen expert informatics professionals involved in the provision of digital health in Queensland, Australia, were invited to participate in a brief semistructured interview. Transcripts were manually coded, through iterative readings of the text to identify participant responses related to opportunities for a pharmacist informatician to assist during COVID-19. Inductive thematic analysis as described by Braun and Clarke, was used to identify groups of text related to the provision of digital health, informatics and change of practice during a pandemic. The relevant codes were then grouped into themes to help answer the research question. KEY FINDINGS Twelve experts agreed to participate, they included nine informatics pharmacists and three digital health experts from hospital and community. Two key themes and 13 codes related to enabling safer and more efficient workflow and use of data analytics to optimise care were identified. The first theme related to 'social distancing without compromising care' for example, by using the electronic capabilities of digital hospitals and telehealth services. The second theme related to the use of real-time data streaming to optimise patient flow and timely medication procurement and management. Examples of quotes from transcripts were used to provide context and answer the research question. CONCLUSIONS The experts interviewed identified areas where informatics pharmacists have the potential to assist with maintaining high quality patient care during this pandemic, and in future disasters. Improving awareness, training, and the integration about informatics roles as a result of this global pandemic will likely assist with future patient management in the event of future disasters.
Collapse
Affiliation(s)
- Nazanin Falconer
- School of Pharmacy, The University of Queensland, Brisbane, Australia
- Pharmacy Department, Princess Alexandra Hospital, Brisbane, Australia
- Centre for Health Services Research, The University of Queensland, Brisbane, Australia
| | - Corey Monaghan
- Digital Business Solutions, Queensland University of Technology, Brisbane, Australia
| | - Centaine L Snoswell
- School of Pharmacy, The University of Queensland, Brisbane, Australia
- Pharmacy Department, Princess Alexandra Hospital, Brisbane, Australia
- Centre for Health Services Research, The University of Queensland, Brisbane, Australia
- Centre for Online Health, The University of Queensland, Brisbane, Australia
| |
Collapse
|
34
|
Gunasekeran DV, Tham YC, Ting DSW, Tan GSW, Wong TY. Digital health during COVID-19: lessons from operationalising new models of care in ophthalmology. LANCET DIGITAL HEALTH 2021; 3:e124-e134. [PMID: 33509383 DOI: 10.1016/s2589-7500(20)30287-9] [Citation(s) in RCA: 74] [Impact Index Per Article: 24.7] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/31/2020] [Revised: 11/11/2020] [Accepted: 11/18/2020] [Indexed: 12/13/2022]
Abstract
The COVID-19 pandemic has resulted in massive disruptions within health care, both directly as a result of the infectious disease outbreak, and indirectly because of public health measures to mitigate against transmission. This disruption has caused rapid dynamic fluctuations in demand, capacity, and even contextual aspects of health care. Therefore, the traditional face-to-face patient-physician care model has had to be re-examined in many countries, with digital technology and new models of care being rapidly deployed to meet the various challenges of the pandemic. This Viewpoint highlights new models in ophthalmology that have adapted to incorporate digital health solutions such as telehealth, artificial intelligence decision support for triaging and clinical care, and home monitoring. These models can be operationalised for different clinical applications based on the technology, clinical need, demand from patients, and manpower availability, ranging from out-of-hospital models including the hub-and-spoke pre-hospital model, to front-line models such as the inflow funnel model and monitoring models such as the so-called lighthouse model for provider-led monitoring. Lessons learnt from operationalising these models for ophthalmology in the context of COVID-19 are discussed, along with their relevance for other specialty domains.
Collapse
Affiliation(s)
- Dinesh V Gunasekeran
- Singapore Eye Research Institute, Singapore National Eye Centre, Singapore; Yong Loo Lin School of Medicine, National University of Singapore, Singapore
| | - Yih-Chung Tham
- Singapore Eye Research Institute, Singapore National Eye Centre, Singapore; Duke-NUS Medical School, Singapore
| | - Daniel S W Ting
- Singapore Eye Research Institute, Singapore National Eye Centre, Singapore; Duke-NUS Medical School, Singapore
| | - Gavin S W Tan
- Singapore Eye Research Institute, Singapore National Eye Centre, Singapore; Duke-NUS Medical School, Singapore
| | - Tien Y Wong
- Singapore Eye Research Institute, Singapore National Eye Centre, Singapore; Yong Loo Lin School of Medicine, National University of Singapore, Singapore; Duke-NUS Medical School, Singapore.
| |
Collapse
|
35
|
Cronin AO, Carlile MA, Dameff CJ, Coyne CJ, Castillo EM. Leveraging Remote Research Associates During a Pandemic. West J Emerg Med 2020; 21:1114-1117. [PMID: 32970563 PMCID: PMC7514379 DOI: 10.5811/westjem.2020.6.48043] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/05/2020] [Accepted: 06/24/2020] [Indexed: 11/11/2022] Open
Abstract
INTRODUCTION The coronavirus disease 2019 (COVID-19) pandemic has seriously impacted clinical research operations in academic medical centers due to social distancing measures and stay-at-home orders. The purpose of this paper is to describe the implementation of a program to continue clinical research based out of an emergency department (ED) using remote research associates (RA). METHODS Remote RAs were trained and granted remote access to the electronic health record (EHR) by the health system's core information technology team. Upon gaining access, remote RAs used a dual-authentication process to gain access to a host-based, firewall-protected virtual network where the EHR could be accessed to continue screening and enrollment for ongoing studies. Study training for screening and enrollment was also provided to ensure study continuity. RESULTS With constant support and guidance available to establish this EHR access pathway, the remote RAs were able to gain access relatively independently and without major technical troubleshooting. Each remote RA was granted access and trained on studies within one week and self-reported a high degree of program satisfaction, EHR access ease, and study protocol comfort through informal evaluation surveys. CONCLUSIONS In response to the COVID-19 pandemic, we virtualized a clinical research program to continue important ED-based studies.
Collapse
Affiliation(s)
- Alexandrea O Cronin
- University of California San Diego, Department of Emergency Medicine, San Diego, California
| | - Morgan A Carlile
- University of California San Diego, Department of Emergency Medicine, San Diego, California
| | - Christian J Dameff
- University of California San Diego, Department of Emergency Medicine, San Diego, California.,University of California, San Diego, Department of Biomedical Informatics, San Diego, California.,University of California, San Diego, Department of Computer Science and Engineering, San Diego, California
| | - Christopher J Coyne
- University of California San Diego, Department of Emergency Medicine, San Diego, California
| | - Edward M Castillo
- University of California San Diego, Department of Emergency Medicine, San Diego, California
| |
Collapse
|
36
|
Wani TA, Mendoza A, Gray K. Hospital Bring-Your-Own-Device Security Challenges and Solutions: Systematic Review of Gray Literature. JMIR Mhealth Uhealth 2020; 8:e18175. [PMID: 32554388 PMCID: PMC7333072 DOI: 10.2196/18175] [Citation(s) in RCA: 16] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/09/2020] [Revised: 04/08/2020] [Accepted: 04/09/2020] [Indexed: 12/16/2022] Open
Abstract
BACKGROUND As familiarity with and convenience of using personal devices in hospitals help improve the productivity, efficiency, and workflow of hospital staff, the health care bring-your-own-device (BYOD) market is growing consistently. However, security concerns owing to the lack of control over the personal mobile devices of staff, which may contain sensitive data such as personal health information of patients, make it one of the biggest health care information technology (IT) challenges for hospital administrations. OBJECTIVE Given that the hospital BYOD security has not been adequately addressed in peer-reviewed literature, the aim of this paper was to identify key security challenges associated with hospital BYOD usage as well as relevant solutions that can cater to the identified issues by reviewing gray literature. Therefore, this research will provide additional practical insights from current BYOD practices. METHODS A comprehensive gray literature review was conducted, which followed the stepwise guidelines and quality assessment criteria set out by Garousi et al. The searched literature included tier 1 sources such as health care cybersecurity market reports, white papers, guidelines, policies, and frameworks as well as tier 2 sources such as credible and reputed health IT magazines, databases, and news articles. Moreover, a deductive thematic analysis was conducted to organize the findings based on Schlarman's People Policy Technology model, promoting a holistic understanding of hospitals' BYOD security issues and solutions. RESULTS A total of 51 sources were found to match the designed eligibility criteria. From these studies, several sociotechnical issues were identified. The major challenges identified were the use of devices with insufficient security controls by hospital staff, lack of control or visibility for the management to maintain security requirements, lack of awareness among hospital staff, lack of direction or guidance for BYOD usage, poor user experience, maintenance of legal requirements, shortage of cybersecurity skills, and loss of devices. Although technologies such as mobile device management, unified endpoint management, containerization, and virtual private network allow better BYOD security management in hospitals, policies and people management measures such as strong security culture and staff awareness and training improve staff commitment in protecting hospital data. CONCLUSIONS The findings suggest that to optimize BYOD security management in hospitals, all 3 dimensions of the security process (people, policy, and technology) need to be given equal emphasis. As the nature of cybersecurity attacks is becoming more complex, all dimensions should work in close alignment with each other. This means that with the modernization of BYOD technology, BYOD strategy, governance, education, and relevant policies and procedures also need to adapt accordingly.
Collapse
Affiliation(s)
- Tafheem Ahmad Wani
- School of Computing and Information Systems, The University of Melbourne, Melbourne, Australia
| | - Antonette Mendoza
- School of Computing and Information Systems, The University of Melbourne, Melbourne, Australia
| | - Kathleen Gray
- Centre for Digital Transformation of Health, The University of Melbourne, Melbourne, Australia
| |
Collapse
|
37
|
Li P, Luo Y, Yu X, Wen J, Mason E, Li W, Jalali MS. Patients' Perceptions of Barriers and Facilitators to the Adoption of E-Hospitals: Cross-Sectional Study in Western China. J Med Internet Res 2020; 22:e17221. [PMID: 32525483 PMCID: PMC7317627 DOI: 10.2196/17221] [Citation(s) in RCA: 18] [Impact Index Per Article: 4.5] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/26/2019] [Revised: 03/11/2020] [Accepted: 04/12/2020] [Indexed: 02/05/2023] Open
Abstract
BACKGROUND As an innovative approach to providing web-based health care services from physical hospitals to patients at a distance, e-hospitals (ie, extended care hospitals through the internet) have been extensively developed in China. This closed health care delivery chain was developed by combining e-hospitals with physical hospitals; treatment begins with web-based consultation and registration, and then, patients are diagnosed and treated in a physical hospital. This approach is promising in its ability to improve accessibility, efficiency, and quality of health care. However, there is limited research on end users' acceptance of e-hospitals and the effectiveness of strategies aimed to prompt the adoption of e-hospitals in China. OBJECTIVE This study aimed to provide insights regarding the adoption of e-hospitals by investigating patients' willingness to use e-hospitals and analyzing the barriers and facilitators to the adoption of this technology. METHODS We used a pretested self-administered questionnaire and performed a cross-sectional analysis in 1032 patients across three hierarchical hospitals in West China from June to August 2019. Patients' sociodemographic characteristics, medical history, current disease status, proficiency with electronic devices, previous experience with web-based health services, willingness to use e-hospitals, and perceived facilitators and barriers were surveyed. Multiple significance tests were employed to examine disparities across four age groups, as well as those between patients who were willing to use e-hospitals and those who were not. Multivariate logistic regression was also performed to identify the potential predictors of willingness to use e-hospitals. RESULTS Overall, it was found that 65.6% (677/1032) of participants were willing to use e-hospitals. The significant predictors of willingness to use e-hospitals were employment status (P=.02), living with children (P<.001), education level (P=.046), information technology skills (P<.001), and prior experience with web-based health care services (P<.001), whereas age, income, medical insurance, and familiarity with e-hospitals were not predictors. Additionally, the prominent facilitators of e-hospitals were convenience (641/677, 94.7%) and accessibility to skilled medical experts (489/677, 72.2%). The most frequently perceived barrier varied among age groups; seniors most often reported their inability to operate technological devices as a barrier (144/166, 86.7%), whereas young participants most often reported that they avoided e-hospital services because they were accustomed to face-to-face consultation (39/52, 75%). CONCLUSIONS We identified the variables, facilitators, and barriers that play essential roles in the adoption of e-hospitals. Based on our findings, we suggest that efforts to increase the adoption of e-hospitals should focus on making target populations accustomed to web-based health care services while maximizing ease of use and providing assistance for technological inquiries.
Collapse
Affiliation(s)
- Peiyi Li
- Institute of Hospital Management, West China Hospital of Sichuan University, Chengdu, China
| | - Yunmei Luo
- Institute of Hospital Management, West China Hospital of Sichuan University, Chengdu, China
| | - Xuexin Yu
- Biomedical Big Data Center, West China Hospital of Sichuan University, Chengdu, China
| | - Jin Wen
- Institute of Hospital Management, West China Hospital of Sichuan University, Chengdu, China
| | - Elizabeth Mason
- Massachusetts General Hospital's Institute for Technology Assessment, Harvard Medical School, Boston, MA, United States
| | - Weimin Li
- Department of Respiratory Medicine, West China Hospital of Sichuan University, Chengdu, China
| | - Mohammad S Jalali
- Massachusetts General Hospital's Institute for Technology Assessment, Harvard Medical School, Boston, MA, United States
- MIT Sloan School of Management, Massachusetts Institute of Technology, Cambridge, MA, United States
| |
Collapse
|
38
|
MoLaBSS: Server-Specific Add-On Biometric Security Layer Model to Enhance the Usage of Biometrics. INFORMATION 2020. [DOI: 10.3390/info11060308] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022] Open
Abstract
With high-paced growth in biometrics, and its easy availability to capture various biometric features, it is emerging as one of the most valuable technologies for multifactor authentication to verify a user’s identity, for data security. Organizations encourage their members to use biometrics, but they are hesitant to use them due to perceived security risks. Because of its low usage rate, many medium and small segment organizations find it unfeasible to deploy robust biometric systems. We propose a server-specific add-on biometric security layer model (MoLaBSS) to enhance confidence in the usage of biometrics. We tested this model via a biometric mobile app, and the survey showed a favorable response of 80%. The innovative mobile app was tested for its usability and got a score of more than 71%. For test tool reliability, we examined the equal error rate (EER) of the app and got a reasonably low score of 6%. The results show good potential of this framework to enhance users’ confidence level in the usage of biometrics. Higher usage rates may make deployment of biometrics more cost-effective for many organizations to decrease their information security risk.
Collapse
|
39
|
Tully J, Selzer J, Phillips JP, O'Connor P, Dameff C. Healthcare Challenges in the Era of Cybersecurity. Health Secur 2020; 18:228-231. [DOI: 10.1089/hs.2019.0123] [Citation(s) in RCA: 15] [Impact Index Per Article: 3.8] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/12/2022] Open
Affiliation(s)
- Jeff Tully
- Jeff Tully, MD, is a Senior Resident, Department of Anesthesiology and Pain Medicine, UC Davis Medical Center, Sacramento, CA
| | - Jordan Selzer
- Jordan Selzer, MD, is a Research Instructor and Fellow, and James P. Phillips, MD, is an Assistant Professor and Chief; both in the Section of Disaster and Operational Medicine, Department of Emergency Medicine, George Washington University School of Medicine and Health Sciences, Washington, DC. Dr. Phillips is also a Senior Fellow, Center for Cyber and Homeland Security, Auburn University, Auburn, AL
| | - James P. Phillips
- Jordan Selzer, MD, is a Research Instructor and Fellow, and James P. Phillips, MD, is an Assistant Professor and Chief; both in the Section of Disaster and Operational Medicine, Department of Emergency Medicine, George Washington University School of Medicine and Health Sciences, Washington, DC. Dr. Phillips is also a Senior Fellow, Center for Cyber and Homeland Security, Auburn University, Auburn, AL
| | - Patrick O'Connor
- Patrick O'Connor, MD, is a Resident Physician, Department of Neurology, University of Utah, Salt Lake City, UT
| | - Christian Dameff
- Christian Dameff, MD, is an Assistant Professor, Departments of Emergency Medicine, Biomedical Informatics, and Computer Science and Engineering, University of California San Diego, San Diego, CA
| |
Collapse
|
40
|
Le Bris A, Mazille-Orfanos N, Simonot P, Luherne M, Flamant C, Gascoin G, ÓLaighin G, Harte R, Pladys P. Parents' and healthcare professionals' perceptions of the use of live video recording in neonatal units: a focus group study. BMC Pediatr 2020; 20:143. [PMID: 32238158 PMCID: PMC7110620 DOI: 10.1186/s12887-020-02041-9] [Citation(s) in RCA: 10] [Impact Index Per Article: 2.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Received: 11/08/2019] [Accepted: 03/20/2020] [Indexed: 01/05/2023] Open
Abstract
Background The emerging use of video in neonatology units raises ethical and practical questions. This study aims to gain a better understanding of the suitability, limitations and constraints concerning the use of live video as a tool in neonatal clinical practice. The perceptions of parents and healthcare professionals in regard to live video were examined. Methods Nine focus groups were conducted in four neonatal units involving 20 healthcare professionals and 19 parents. Data were triangulated using transcripts and field notes and analyzed using inductive and semantic thematic analysis. Results The seven major themes that emerged from the healthcare professionals focus groups were (i) the impact of video recording on healthcare professionals’ behavior; (ii) the impact on parents; (iii) forensic issues;(iv) guarantee of use; (v) benefits for the newborn; (vi) methodology of use; and (vii) technical considerations & feasibility. The five major themes that emerged from parents focus groups were (i) benefits for the newborn and care enhancement; (ii) impact on parents and potential benefits in case of newborn child/parent separation; (iii) informed consent and guarantee of use;(iv) concern about a possible disruptive impact on healthcare professionals; and (v) data protection. Conclusion Both parents and healthcare professionals found video recording useful and acceptable if measures were taken to protect the data and mitigate any negative impacts on healthcare professionals.
Collapse
Affiliation(s)
- Aude Le Bris
- Department of Neonatology, University Hospital of Rennes, 35000, Rennes, France.
| | | | - Pauline Simonot
- Department of Neonatology, University Hospital of Caen, Caen, France
| | - Maude Luherne
- Research and Innovation Department, Paediatric Department, University Hospital of Rennes and GCS HUGO, Rennes, France
| | - Cyril Flamant
- Department of Neonatology, University Hospital of Nantes, Nantes, France
| | - Geraldine Gascoin
- Department of Neonatology, University Hospital of Angers, Angers, France
| | | | - Richard Harte
- CURAM, Human Movement Laboratory, NUI Galway, Galway, Ireland
| | - Patrick Pladys
- Department of Neonatology, University Hospital of Rennes, 35000, Rennes, France.,Research and Innovation Department, Paediatric Department, University Hospital of Rennes and GCS HUGO, Rennes, France
| |
Collapse
|
41
|
Yesmin T, Carter MW. Evaluation framework for automatic privacy auditing tools for hospital data breach detections: A case study. Int J Med Inform 2020; 138:104123. [PMID: 32370950 DOI: 10.1016/j.ijmedinf.2020.104123] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/16/2019] [Revised: 02/15/2020] [Accepted: 03/18/2020] [Indexed: 10/24/2022]
Abstract
OBJECTIVE We aim to 1) design an evaluation framework to examine the accuracy of automatic privacy auditing tools, 2) apply the evaluation method at a hospital to validate the performance of an auditing tool that uses a machine learning algorithm to automate user access auditing, and 3) recommend further improvements in auditing for the hospital. MATERIALS AND METHODS Using the black box method of user acceptance testing, we have designed an evaluation framework consisting of appropriate and inappropriate behaviour scenarios to examine the privacy auditing tools. The scenarios were designed from clinical and non-clinical hospital staff perspective, taking expert opinions from the privacy officers and considering examples from the Information and Privacy Commission (IPC) and were tested using Mackenzie Richmond Hill Hospital's data. RESULTS The case study using this evaluation framework found that on average 98.09 % of total accesses of the hospital were identified as appropriate and the tool was unable to explain the remaining 1.91 % of accesses. In addition, a statistically significant (P < 0.05) increasing trend on categorizing appropriate accesses by the tool have been observed. Furthermore, an analysis of unexplained accesses revealed the contributing factors and found issues related to hospital workflows and data quality (information was missing about staff roles and departments). CONCLUSION Given that adoption of these machine learning tools is increasing in hospitals, this research provides an evaluation framework and an empirical evidence on the effectiveness of automated privacy auditing and detecting anomalies for dynamic hospital workflows.
Collapse
Affiliation(s)
- Tahera Yesmin
- Center for Healthcare Engineering, Department of Mechanical and Industrial Engineering, University of Toronto, Toronto, Canada.
| | - Michael W Carter
- Center for Healthcare Engineering, Department of Mechanical and Industrial Engineering, University of Toronto, Toronto, Canada.
| |
Collapse
|
42
|
Zerka F, Barakat S, Walsh S, Bogowicz M, Leijenaar RTH, Jochems A, Miraglio B, Townend D, Lambin P. Systematic Review of Privacy-Preserving Distributed Machine Learning From Federated Databases in Health Care. JCO Clin Cancer Inform 2020; 4:184-200. [PMID: 32134684 PMCID: PMC7113079 DOI: 10.1200/cci.19.00047] [Citation(s) in RCA: 44] [Impact Index Per Article: 11.0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Accepted: 01/16/2020] [Indexed: 02/06/2023] Open
Abstract
Big data for health care is one of the potential solutions to deal with the numerous challenges of health care, such as rising cost, aging population, precision medicine, universal health coverage, and the increase of noncommunicable diseases. However, data centralization for big data raises privacy and regulatory concerns.Covered topics include (1) an introduction to privacy of patient data and distributed learning as a potential solution to preserving these data, a description of the legal context for patient data research, and a definition of machine/deep learning concepts; (2) a presentation of the adopted review protocol; (3) a presentation of the search results; and (4) a discussion of the findings, limitations of the review, and future perspectives.Distributed learning from federated databases makes data centralization unnecessary. Distributed algorithms iteratively analyze separate databases, essentially sharing research questions and answers between databases instead of sharing the data. In other words, one can learn from separate and isolated datasets without patient data ever leaving the individual clinical institutes.Distributed learning promises great potential to facilitate big data for medical application, in particular for international consortiums. Our purpose is to review the major implementations of distributed learning in health care.
Collapse
Affiliation(s)
- Fadila Zerka
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Oncoradiomics, Liège, Belgium
| | - Samir Barakat
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Oncoradiomics, Liège, Belgium
| | - Sean Walsh
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Oncoradiomics, Liège, Belgium
| | - Marta Bogowicz
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Department of Radiation Oncology, University Hospital Zurich and University of Zurich, Zurich, Switzerland
| | - Ralph T. H. Leijenaar
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Oncoradiomics, Liège, Belgium
| | - Arthur Jochems
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
| | | | - David Townend
- Department of Health, Ethics, and Society, CAPHRI (Care and Public Health Research Institute), Maastricht University, Maastricht, The Netherlands
| | - Philippe Lambin
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
| |
Collapse
|
43
|
Rangabashyam M, Wee HE, Wang W, Mueller S, Karim KABA, Skanthakumar T, Hariraman B, Sommat K, Soong Y, Chua MLK, Tay G, Tan N‐C, Tan HK, Iyer NG. Electronic tumor board presentations as the basis for the development of a head and neck cancer database. Laryngoscope Investig Otolaryngol 2020; 5:46-54. [PMID: 32128430 PMCID: PMC7042654 DOI: 10.1002/lio2.337] [Citation(s) in RCA: 3] [Impact Index Per Article: 0.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/12/2019] [Revised: 08/27/2019] [Accepted: 11/20/2019] [Indexed: 12/18/2022] Open
Abstract
BACKGROUND Multidisciplinary team meetings or tumor boards (TBs) form a pivotal component of oncology practice. The crux of a TB revolves around making treatment decisions based on succinct head and neck cancer (HNC) patient data presentations, which can be challenging and complex. Apart from meticulous TB presentations, discussions and treatment plan documentation is equally important. The aim of this study was to structure an electronic synoptic TB data presentation to address all these areas. The overarching benefits of systematic TB data collection include facilitating audits and research. METHODS We utilized a secure web-based tool that was used for common scientific research purposes but customized to store HNC patient data. The data points were tabulated across eight TB pages: (a) TB scheduling, (b) patient biodata, (c) diagnosis details, (d) index presentation, (e) images, (f) management and histopathology, (g) TB presentation, and (h) TB discussion and decisions. Each data point leads to additional fields by branching logic to permit further relevant data entry. This was integrated within the patient electronic medical records allowing for a direct internal trajectory to recall TB data. RESULTS From October 2015 to October 2018, we recorded over 2000 presentations for 1279 individual patients. This is a quality improvement initiative, and hence, the results are more of a broad analysis of our TB presentation process. The most common cancers were squamous cell (523, 41%), thyroid (207, 16%), and nasopharyngeal (139, 11%) carcinomas. Importantly, this system has formed the basis for a number of clinical and translational research projects and audit outcomes. CONCLUSION Despite TBs being vital to oncologic practice, little attempt has been made to report TB data management. In this study, we present an efficient system that permits the integration of dual functions: TB data presentation and oncologic data collection for research, recall, and audit purposes.
Collapse
Affiliation(s)
- Mahalakshmi Rangabashyam
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
| | - Hide E. Wee
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
| | | | - Stefan Mueller
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
| | - Khairul A. B. A. Karim
- Clinical and Research Database Registry, Surgery Academic Clinical Program (ACP), Singapore General HospitalSingapore
| | | | | | - Kiattisa Sommat
- Division of Radiation OncologyNational Cancer Centre SingaporeSingapore
| | - Yoke‐Lim Soong
- Duke‐NUS Medical SchoolSingapore
- Division of Radiation OncologyNational Cancer Centre SingaporeSingapore
| | - Melvin L. K. Chua
- Duke‐NUS Medical SchoolSingapore
- Division of Radiation OncologyNational Cancer Centre SingaporeSingapore
| | - Gerald Tay
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
- Department of General SurgerySingapore General HospitalSingapore
| | - Ngian ‐Chye Tan
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
- Department of General SurgerySingapore General HospitalSingapore
- Duke‐NUS Medical SchoolSingapore
| | - Hiang Khoon‐ Tan
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
- Department of General SurgerySingapore General HospitalSingapore
- Duke‐NUS Medical SchoolSingapore
| | - N. Gopalakrishna Iyer
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
- Department of General SurgerySingapore General HospitalSingapore
- Duke‐NUS Medical SchoolSingapore
| |
Collapse
|
44
|
Jalali MS, Bruckes M, Westmattelmann D, Schewe G. Why Employees (Still) Click on Phishing Links: Investigation in Hospitals. J Med Internet Res 2020; 22:e16775. [PMID: 32012071 PMCID: PMC7005690 DOI: 10.2196/16775] [Citation(s) in RCA: 31] [Impact Index Per Article: 7.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/23/2019] [Revised: 12/11/2019] [Accepted: 12/16/2019] [Indexed: 12/25/2022] Open
Abstract
Background Hospitals have been one of the major targets for phishing attacks. Despite efforts to improve information security compliance, hospitals still significantly suffer from such attacks, impacting the quality of care and the safety of patients. Objective This study aimed to investigate why hospital employees decide to click on phishing emails by analyzing actual clicking data. Methods We first gauged the factors that influence clicking behavior using the theory of planned behavior (TPB) and integrating trust theories. We then conducted a survey in hospitals and used structural equation modeling to investigate the components of compliance intention. We matched employees’ survey results with their actual clicking data from phishing campaigns. Results Our analysis (N=397) reveals that TPB factors (attitude, subjective norms, and perceived behavioral control), as well as collective felt trust and trust in information security technology, are positively related to compliance intention. However, compliance intention is not significantly related to compliance behavior. Only the level of employees’ workload is positively associated with the likelihood of employees clicking on a phishing link. Conclusions This is one of the few studies in information security and decision making that observed compliance behavior by analyzing clicking data rather than using self-reported data. We show that, in the context of phishing emails, intention and compliance might not be as strongly linked as previously assumed; hence, hospitals must remain vigilant with vulnerabilities that cannot be easily managed. Importantly, given the significant association between workload and noncompliance behavior (ie, clicking on phishing links), hospitals should better manage employees’ workload to increase information security. Our findings can help health care organizations augment employees’ compliance with their cybersecurity policies and reduce the likelihood of clicking on phishing links.
Collapse
Affiliation(s)
- Mohammad S Jalali
- Massachusetts General Hospital Institute for Technology Assessment, Harvard Medical School, Boston, MA, United States.,Massachusetts Institute of Technology Sloan School of Management, Cambridge, MA, United States
| | - Maike Bruckes
- Center for Management, University of Muenster, Muenster, Germany
| | | | - Gerhard Schewe
- Center for Management, University of Muenster, Muenster, Germany
| |
Collapse
|
45
|
Karampela M, Ouhbi S, Isomursu M. Connected Health User Willingness to Share Personal Health Data: Questionnaire Study. J Med Internet Res 2019; 21:e14537. [PMID: 31774410 PMCID: PMC6906622 DOI: 10.2196/14537] [Citation(s) in RCA: 18] [Impact Index Per Article: 3.6] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/30/2019] [Revised: 07/19/2019] [Accepted: 10/09/2019] [Indexed: 12/24/2022] Open
Abstract
BACKGROUND Connected health has created opportunities for leveraging health data to deliver preventive and personalized health care services. The increasing number of personal devices and advances in measurement technologies contribute to an exponential growth in digital health data. The practices for sharing data across the health ecosystem are evolving as there are more opportunities for using such data to deliver responsive health services. OBJECTIVE The objective of this study was to explore user attitudes toward sharing personal health data (PHD). The study was executed within the first year after the implementation of the new General Data Protection Regulation (GDPR) legal framework. METHODS The authors analyzed the results of an online questionnaire survey to explore the willingness of 8004 people using connected health services across four European countries to share their PHD and the conditions under which they would be willing to do so. RESULTS Our findings indicate that the majority of users are willing to share their personal PHD for scientific research (1811/8004, 22.63%). Age, education level, and occupation of the participants, in addition to the level of digitalization in their country were found to be associated with data sharing attitudes. CONCLUSIONS Positive attitudes toward data sharing for scientific research can be perceived as an indication of trust established between users and academia. Nevertheless, the interpretation of data sharing attitudes is a complex process, related to and influenced by various factors.
Collapse
Affiliation(s)
| | - Sofia Ouhbi
- United Arab Emirates University, Al Ain, United Arab Emirates
| | | |
Collapse
|
46
|
A retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ Digit Med 2019; 2:98. [PMID: 31602404 PMCID: PMC6775064 DOI: 10.1038/s41746-019-0161-6] [Citation(s) in RCA: 42] [Impact Index Per Article: 8.4] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/16/2019] [Accepted: 08/05/2019] [Indexed: 11/16/2022] Open
Abstract
A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.
Collapse
|
47
|
Ghafur S, Grass E, Jennings NR, Darzi A. The challenges of cybersecurity in health care: the UK National Health Service as a case study. LANCET DIGITAL HEALTH 2019; 1:e10-e12. [PMID: 33323235 DOI: 10.1016/s2589-7500(19)30005-6] [Citation(s) in RCA: 21] [Impact Index Per Article: 4.2] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Received: 02/13/2019] [Revised: 03/13/2019] [Accepted: 03/14/2019] [Indexed: 11/15/2022]
Affiliation(s)
- Saira Ghafur
- Institute of Global Health Innovation and National Institute for Health Research Patient Safety Translational Research Centre, Imperial College London, London SW7 2AZ, UK.
| | - Emilia Grass
- Institute of Global Health Innovation and National Institute for Health Research Patient Safety Translational Research Centre, Imperial College London, London SW7 2AZ, UK
| | - Nick R Jennings
- Department of Computing and Department of Electrical and Electronic Engineering, Imperial College London, London, UK
| | - Ara Darzi
- Institute of Global Health Innovation and National Institute for Health Research Patient Safety Translational Research Centre, Imperial College London, London SW7 2AZ, UK
| |
Collapse
|
48
|
Gordon WJ, Wright A, Aiyagari R, Corbo L, Glynn RJ, Kadakia J, Kufahl J, Mazzone C, Noga J, Parkulo M, Sanford B, Scheib P, Landman AB. Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions. JAMA Netw Open 2019; 2:e190393. [PMID: 30848810 PMCID: PMC6484661 DOI: 10.1001/jamanetworkopen.2019.0393] [Citation(s) in RCA: 22] [Impact Index Per Article: 4.4] [Reference Citation Analysis] [Abstract] [MESH Headings] [Grants] [Track Full Text] [Figures] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Indexed: 12/02/2022] Open
Abstract
IMPORTANCE Cybersecurity is an increasingly important threat to health care delivery, and email phishing is a major attack vector against hospital employees. OBJECTIVE To describe the practice of phishing simulation and the extent to which health care employees are vulnerable to phishing simulations. DESIGN, SETTING, AND PARTICIPANTS Retrospective, multicenter quality improvement study of a convenience sample of 6 geographically dispersed US health care institutions that ran phishing simulations from August 1, 2011, through April 10, 2018. The specific institutions are anonymized herein for security and privacy concerns. EXPOSURES Simulated phishing emails received by employees at US health care institutions. MAIN OUTCOMES AND MEASURES Date of phishing campaign, campaign number, number of emails sent, number of emails clicked, and email content. Emails were classified into 3 categories (office related, personal, or information technology related). RESULTS The final study sample included 6 anonymized US health care institutions, 95 simulated phishing campaigns, and 2 971 945 emails, 422 062 of which were clicked (14.2%). The median institutional click rates for campaigns ranged from 7.4% (interquartile range [IQR], 5.8%-9.6%) to 30.7% (IQR, 25.2%-34.4%), with an overall median click rate of 16.7% (IQR, 8.3%-24.2%) across all campaigns and institutions. In the regression model, repeated phishing campaigns were associated with decreased odds of clicking on a subsequent phishing email (adjusted OR, 0.511; 95% CI, 0.382-0.685 for 6-10 campaigns; adjusted OR, 0.335; 95% CI, 0.282-0.398 for >10 campaigns). CONCLUSIONS AND RELEVANCE Among a sample of US health care institutions that sent phishing simulations, almost 1 in 7 simulated emails sent were clicked on by employees. Increasing campaigns were associated with decreased odds of clicking on a phishing email, suggesting a potential benefit of phishing simulation and awareness. With cyberattacks increasing against US health care systems, these click rates represent a major cybersecurity risk for hospitals.
Collapse
Affiliation(s)
- William J. Gordon
- Department of Medicine, Massachusetts General Hospital, Boston
- Division of General Internal Medicine and Primary Care, Brigham and Women’s Hospital, Boston, Massachusetts
- Partners HealthCare, Boston, Massachusetts
- Harvard Medical School, Boston, Massachusetts
| | - Adam Wright
- Division of General Internal Medicine and Primary Care, Brigham and Women’s Hospital, Boston, Massachusetts
- Partners HealthCare, Boston, Massachusetts
- Harvard Medical School, Boston, Massachusetts
| | - Ranjit Aiyagari
- Division of Pediatric Cardiology, Department of Pediatrics & Communicable Diseases, University of Michigan Medical School, Ann Arbor
| | - Leslie Corbo
- Department of Cybersecurity, Utica College, Utica, New York
| | - Robert J. Glynn
- Division of Preventive Medicine, Brigham and Women’s Hospital, Boston, Massachusetts
| | | | - Jack Kufahl
- Division of Information Assurance, University of Michigan Medical School, Ann Arbor
| | | | - James Noga
- Partners HealthCare, Boston, Massachusetts
| | - Mark Parkulo
- Center for Translational Informatics and Knowledge Management, Mayo Clinic, Jacksonville, Florida
| | - Brad Sanford
- Libraries and Information Technology Services: Enterprise Security, Emory University, Atlanta, Georgia
| | - Paul Scheib
- Information Services Division, Boston Children’s Hospital, Boston, Massachusetts
| | - Adam B. Landman
- Partners HealthCare, Boston, Massachusetts
- Harvard Medical School, Boston, Massachusetts
- Department of Emergency Medicine, Brigham and Women’s Hospital, Boston, Massachusetts
| |
Collapse
|
49
|
Jalali MS, Siegel M, Madnick S. Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment. JOURNAL OF STRATEGIC INFORMATION SYSTEMS 2019. [DOI: 10.1016/j.jsis.2018.09.003] [Citation(s) in RCA: 34] [Impact Index Per Article: 6.8] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/26/2022]
|
50
|
Jalali MS, Razak S, Gordon W, Perakslis E, Madnick S. Health Care and Cybersecurity: Bibliometric Analysis of the Literature. J Med Internet Res 2019; 21:e12644. [PMID: 30767908 PMCID: PMC6396074 DOI: 10.2196/12644] [Citation(s) in RCA: 54] [Impact Index Per Article: 10.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/31/2018] [Revised: 11/27/2018] [Accepted: 11/29/2018] [Indexed: 12/04/2022] Open
Abstract
Background Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery. Objective The objective of this study was to provide an overview of the literature at the intersection of cybersecurity and health care delivery. Methods A comprehensive search was conducted using PubMed and Web of Science for English-language peer-reviewed articles. We carried out chronological analysis, domain clustering analysis, and text analysis of the included articles to generate a high-level concept map composed of specific words and the connections between them. Results Our final sample included 472 English-language journal articles. Our review results revealed that majority of the articles were focused on technology: Technology–focused articles made up more than half of all the clusters, whereas managerial articles accounted for only 32% of all clusters. This finding suggests that nontechnological variables (human–based and organizational aspects, strategy, and management) may be understudied. In addition, Software Development Security, Business Continuity, and Disaster Recovery Planning each accounted for 3% of the studied articles. Our results also showed that publications on Physical Security account for only 1% of the literature, and research in this area is lacking. Cyber vulnerabilities are not all digital; many physical threats contribute to breaches and potentially affect the physical safety of patients. Conclusions Our results revealed an overall increase in research on cybersecurity and identified major gaps and opportunities for future work.
Collapse
Affiliation(s)
- Mohammad S Jalali
- MGH Institute for Technology Assessment, Harvard Medical School, Boston, MA, United States.,Sloan School of Management, Massachusetts Institute of Technology, Cambridge, MA, United States
| | - Sabina Razak
- Sloan School of Management, Massachusetts Institute of Technology, Cambridge, MA, United States
| | - William Gordon
- Division of General Internal Medicine, Department of Medicine, Brigham & Women's Hospital, Boston, MA, United States.,Partners Healthcare, Boston, MA, United States.,Department of Dermatology, Harvard Medical School, Boston, MA, United States
| | - Eric Perakslis
- Department of Biomedical Informatics, Harvard Medical School, Boston, MA, United States
| | - Stuart Madnick
- Sloan School of Management, Massachusetts Institute of Technology, Cambridge, MA, United States
| |
Collapse
|