Abstract
Over the past several years, data breaches have grown and become more expensive in the healthcare sector. Healthcare organizations are the main target of cybercriminals due to the sensitive and valuable data, such as patient demographics, SSNs, and personal treatment records. Data breaches are costly to breached organizations and affected individuals; hospitals can suffer substantial damage after the breach, while losing customer trust. Attackers often use breached data maliciously, e.g., demanding ransom or selling patient’s information on the dark web. To this end, this paper investigates data breaches incidents in the healthcare sector, including community, federal, and non-federal hospitals. Our analysis focuses on the reasoning and vulnerabilities that lead to data breaches, including the compromised information assets, geographical distribution of incidents, size of healthcare providers, the timeline discovery of incidents, and the discovery tools for external and internal incidents. We use correlation to examine the impact of several dimensions on data breaches. Among other interesting findings, our in-depth analysis and measurements revealed that the average number of data breaches in the United States is significantly higher than in the rest of the world, and the size of the health provider, accounting for factors such as the population and number of adults in a region, highly influences the level of exposure to data breaches in each state.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Adebayo, A.O.: A foundation for breach data analysis. J. Inf. Eng. Appl. 2(4), 17–23 (2012)
Alkinoon, M., Choi, S.J., Mohaisen, D.: Measuring healthcare data breaches. In: Kim, H. (ed.) WISA 2021. LNCS, vol. 13009, pp. 265–277. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-89432-0_22
Chernyshev, M., Zeadally, S., Baig, Z.: Healthcare data breaches: implications for digital forensic readiness. J. Med. Syst. 43(1), 1–12 (2019)
Choi, S.J., Johnson, M.E.: Understanding the relationship between data breaches and hospital advertising expenditures. Am. J. Manag. Care 25(5), e14–e20 (2019)
Employers Council: What is the definition of a health plan under HIPAA? (2015). https://bit.ly/3Aherpb
Coventry, L., Branley, D.: Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. PubMed, April 2018. https://doi.org/10.1016/j.maturitas.2018.04.008
Developers: International organization for standardization: 3,166 country codes (2021). https://bit.ly/3Eoem5J
Verizon Enterprise: Verizon data breach investigations report (2021). https://vz.to/3AvCNfn
Gwebu, K., Barrows, C.W.: Data breaches in hospitality: is the industry different? J. Hosp. Tour. Technol. (2020)
(HC3), Health Sector Cybersecurity Coordination Center: A cost analysis of healthcare sector data breaches (2019). https://bit.ly/3hHpJMj
Kamoun, F., Nicho, M.: Human and organizational factors of healthcare data breaches: the swiss cheese model of data breach causation and prevention. Int. J. Healthc. Inf. Syst. Inform. (IJHISI) 9(1), 42–60 (2014)
Luo, E., Bhuiyan, M.Z.A., Wang, G., Rahman, M.A., Wu, J., Atiquzzaman, M.: PrivacyProtector: privacy-protected patient data collection in IoT-based healthcare systems. IEEE Commun. Mag. 56(2), 163–168 (2018)
Makridis, C., Dean, B.: Measuring the economic effects of data breaches on firm outcomes. J. Econ. Soc. Meas. 43(1–2), 59–83 (2018)
McLeod, A., Dolezel, D.: Cyber-analytics: modeling factors associated with healthcare data breaches. Decis. Support Syst. 108, 57–68 (2018). https://doi.org/10.1016/j.dss.2018.02.007
Menachemi, N., Collum, T.H.: Benefits and drawbacks of electronic health record systems (2011). https://bit.ly/3EscQ2k
Office for Civil Rights: Breach notification rule (2013). https://bit.ly/3jCpHXI
Rank, N.P.D.: NPDB guide book (2021). https://bit.ly/2XwgTdw
Sarabi, A., Naghizadeh, P., Liu, Y., Liu, M.: Risky business: fine-grained data breach prediction using business profiles. J. Cybersecur. 2(1), 15–28 (2016)
Seh, A.H., et al.: Healthcare data breaches: insights and implications. Healthcare 8, 133 (2020). https://doi.org/10.3390/healthcare8020133
Seh, A.H., et al.: Healthcare data breaches: insights and implications. In: Healthcare. vol. 8, p. 133. Multidisciplinary Digital Publishing Institute (2020)
Siddartha, B.K., Ravikumar, G.K.: Analysis of masking techniques to find out security and other efficiency issues in healthcare domain. In: Third International conference on I-SMAC, pp. 660–666 (2019). https://doi.org/10.1109/I-SMAC47947.2019.9032431
Smith, T.: Examining data privacy breaches in healthcare. Ph.D. thesis, Walden U. (2016)
U.S. HHS: Business associate contracts (2013). https://bit.ly/3ChsJH9
U.S. HHS: Business associates (2019). https://bit.ly/3tM4PQV
Walker-Roberts, S., Hammoudeh, M., Aldabbas, O., Aydin, M., Dehghantanha, A.: Threats on the horizon: understanding security threats in the era of cyber-physical systems. J. Supercomput. 76(4), 2643–2664 (2020). https://doi.org/10.1007/s11227-019-03028-9
Walker-Roberts, S., Hammoudeh, M., Dehghantanha, A.: A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access 6, 25167–25177 (2018)
Wikina, S.B.: What caused the breach? An examination of use of information technology and health data breaches. Perspect. Health Inf. Manag. 11(Fall), 1–16 (2014)
Yesmin, T., Carter, M.W.: Evaluation framework for automatic privacy auditing tools for hospital data breach detections: a case study. Int. J. Med. Inform. 138, 104123 (2020)
Acknowledgement
This work was supported by NRF-2016K1A1A2912757.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Al Kinoon, M., Omar, M., Mohaisen, M., Mohaisen, D. (2021). Security Breaches in the Healthcare Domain: A Spatiotemporal Analysis. In: Mohaisen, D., Jin, R. (eds) Computational Data and Social Networks. CSoNet 2021. Lecture Notes in Computer Science(), vol 13116. Springer, Cham. https://doi.org/10.1007/978-3-030-91434-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-91434-9_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91433-2
Online ISBN: 978-3-030-91434-9
eBook Packages: Computer ScienceComputer Science (R0)