You are viewing a javascript disabled version of the site. Please enable Javascript for this site to function properly.
Go to headerGo to navigationGo to searchGo to contentsGo to footer
In content section. Select this link to jump to navigation

Cybersecurity in healthcare: A systematic review of modern threats and trends

Abstract

BACKGROUND:

The adoption of healthcare technology is arduous, and it requires planning and implementation time. Healthcare organizations are vulnerable to modern trends and threats because it has not kept up with threats.

OBJECTIVE:

The objective of this systematic review is to identify cybersecurity trends, including ransomware, and identify possible solutions by querying academic literature.

METHODS:

The reviewers conducted three separate searches through the CINAHL and PubMed (MEDLINE) and the Nursing and Allied Health Source via ProQuest databases. Using key words with Boolean operators, database filters, and hand screening, we identified 31 articles that met the objective of the review.

RESULTS:

The analysis of 31 articles showed the healthcare industry lags behind in security. Like other industries, healthcare should clearly define cybersecurity duties, establish clear procedures for upgrading software and handling a data breach, use VLANs and deauthentication and cloud-based computing, and to train their users not to open suspicious code.

CONCLUSIONS:

The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It is imperative that time and funding is invested in maintaining and ensuring the protection of healthcare technology and the confidentially of patient information from unauthorized access.

References

[1] 

Centers for Medicare & Medicaid Services [Internet]. Electronic health records (EHR) incentive programs Baltimore, MD: CMS; 2016. URL:https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/index.html?redirect=/ehrincentiveprograms. Accessed: 2016-08-09. (Archived by WebCite® at http://www.webcitation.org/6je8QNlo0).

[2] 

CW Jobs [Internet]. London, UK: 2016. Cyber crime timeline; URL:http://www.cwjobs.co.uk/careers-advice/it-glossary/cyber-crime-timeline.Accessed: 2016-08-09. (Archived by WebCite® at http://www.webcitation.org/6je8V9 cyI).

[3] 

U.S. Department of Health and Human Services. Security standards: technical safeguards [Internet]. Baltimore, MD: CMS; URL:http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf. Accessed: 2016-08-09. (Archived by WebCite® at http://www.webcitation.org/6je8cfMpZ).

[4] 

U.S. Department of Health and Human Services. Fact sheet: ransomware and HIPAA [Internet]. Baltimore, MD: CMS; URL:http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf. Accessed: 2016-08-09. (Archived by Web Cite#174; at http://www.webcitation.org/6je8iBYI5).

[5] 

AHC Media LLC. Hackers target hospitals with ``ransomware''. ED LEGAL LETT. 2016 Apr; 27(4): 1-4.

[6] 

Jayanthi A. First known ransomware attack in 1989 also targeted healthcare. http://www.beckershospitalreview.com/healthcare-information-technology/first-known-ransomware-attack-in-1989-also-targeted-healthcare.html.

[7] 

Luna R, , Rhine E, , Myhra M, , Sullivan R, , Kruse CS. Cyber threats to health information systems: A systematic review. Technol Health Care. 2016 Jan 27;24(1): 1-9. Available from: 10.3233/THC-151102.

[8] 

AHC Media LLC. Ransomware attacks are on the rise, and hackers are getting better. ED LEGAL LETT. 2016 May; 1(4): 1-4.

[9] 

Wu F, , Eagles S. Cybersecurity for medical device manufacturers: Ensuring safety and functionality. Biomed Instrum Technol. 2016 Jan 20; 50(1): 23-33. Available from: 10.2345/0899-8205-50.1.23.

[10] 

HCPro.com Ransomware a new threat to healthcare sector. Physician Practice Perspective. May 2016; 11-12.

[11] 

Conn J. Federal task force takes on healthcare cybersecurity. Modern Healthcare. URL:http://www.modernhealthcare.com/article/20160416/MAGAZINE/304169890. Accessed: 2016-08-09. (Archived by WebCite® at http://www.webcitation.org/6jdtejLCt) April 16, 2016.

[12] 

Rowe K. Healthcare IT transformation: how has ransomware shifted the landscape of healthcare data security? Healthc Inform. 2016 May; 33(3): 44-45.

[13] 

Blanke SJ, , McGrady E. When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: a cybersecurity risk assessment checklist. J Healthc Risk Manag. 2016 Jul; 36(1): 14-24. Available from: 10.1002/jhrm.21230.

[14] 

Hagland M. With the ransomware crisis, the landscape of data security shifts in healthcare. Healthc Inform. 2016 May; 33(3): 41-47.

[15] 

American Health Information Management Association. Healthcare increasingly targeted by ransomware attacks. J AHIMA. 2016 May; 87(5): 12.

[16] 

Streger M. Ransomware: a ticking bomb for public safety. News Network. July 2016: 12.

[17] 

American Association of Critical-Care Nurses. Ransomware poses major threat to hospitals. AACN BOLD VOICES. 2016 Jun; 8(6): 14.

[18] 

Van Alstin CM. Ransomware: It's as scary as it sounds. But with security best practices, you can fight back. Health Manag Technol 2016 6;37(4): 26-27.

[19] 

Post W. LA Hospital Pays Hackers After Ransomware Attack OpenNotes Expands, Shares Lessons. 2016.

[20] 

Goedert J. Security: the ransomware nightmare. HEALTH DATA MANAGE. 2016 Apr; 24(3): 10.

[21] 

Conn J. Ransomware scare: Will hospitals pay for protection? Modern Healthcare. 2016 Apr 11; 46(15): 8.

[22] 

Hospitals become major target for ransomware. Network Security 2016 4; 2016 (4): 1-2.

[23] 

Tuttle H. Ransomware Attacks Pose Growing Threat. Risk Management. 2016 May 1; 63(4): 4.

[24] 

Valach AP. What to Do After a Ransomware Attack. Risk Management. 2016 Jun 1; 63(5): 12.

[25] 

Koppel R, , Smith S, , Blythe J, , Kothari V. Workarounds to computer access in healthcare organizations: you want my password or a dead patient? Stud Health Technol Inform. 2015; 208: 215-220. Available from: 10.3233/978-1-61499-488-6-215.

[26] 

Page A, , Kocabas O, , Soyata T, , Aktas M, , Couderc JP. Cloud-based privacy-preserving remot ECG monitoring and surveillance. Annals ofNnoninvasive Electrocardiology. 2015 Jul 1; 20(4): 328-37.

[27] 

Rios B. Cybersecurity expert: medical devices have `a long way to go'. Biomed Instrum Technol. 2015 May 20; 49(3): 197-200. Available from: 10.2345/0899-8205-49.3.197.

[28] 

McNeil M. 2015 will require implementation of thorough security programs. Wired Magazine, 1-28-2015. Found on 8-9-2016 at https://www.mdtmag.com/blog/2015/01/2015-will-require-implementatin-thorough-security-programs.

[29] 

Welch SS. Five things providers need to know about cybersecurity. Journal of the Medical Association of Georgia. 2015; 104(1): 40-2.

[30] 

McDermott IE. Ransomeware: Tales from the cryptolocker. Internet Express. Jun 2015: 35-37.

[31] 

McGuire CF. TIM Lecture Series-The Expanding Cybersecurity Threat. Technology Innovation Management Review. 2015 Mar 1; 5(3): 56.

[32] 

Coronado AJ, , Wong TL. Healthcare cybersecurity risk management: keys to an effective plan. Biomed Instrum Technol. 2014;(Suppl): 26-30. Available from: 10.2345/0899-8205-48.s1.26.

[33] 

Loughlin S, , Fu K, , Gee T, , Gieras I, , Hoyme K, , Rajagopalan SR, et al. A roundtable discussion: safeguarding information and resources against emerging cybersecurity threats. Biomed Instrum Technol. 2014; 8-17. Available from: 10.2345/0899-8205-48.s1.8.

[34] 

Bangs G. New Ransomware and Cyber extortion Schemes Hold Businesses Hostage. Risk Management. 2014 Oct 1; 61(8): 30.

[35] 

Fu K, , Blum J. Controlling for cybersecurity risks of medical device software. Commun ACM. 2013 Oct; 56(10): 35-37. Available from: 10.1145/2508701.

[36] 

Luo X, , Liao Q. Awareness education as the key to ransomware prevention. Information Systems Security. 2007 Jul; 16(4): 195-202. Available from: 10.1080/10658980701576412.

[37] 

Mueller L. Webjacking, and how to boot it out. Network Security. 2006 Aug 31; (8): 15-8.

[38] 

Health Resources and Services Administration. Baltimore, MD: HHS; 2016. What is ``meaningful use''?; URL:http://www.hrsa.gov/healthit/meaningfuluse/MU%20Stage1%20CQM/whatis.html. Accessed: 201 6-08-09. (Archived by Web Cite® at http://www.webcitation.org/6je785Ed5)