Kitty Kioskli
ABSTRACT
Digital technology provides unique opportunities to revolutionize the healthcare ecosystem and health research. However, this comes with serious security, safety, and privacy threats. The healthcare sector has been proven unequipped and unready to face cyberattacks while its vulnerabilities are being systematically exploited by attackers. The growing need and use of medical devices and smart equipment, the complexity of operations and the incompatible systems are leaving healthcare organizations exposed to various malware, including ransomware, which result in compromised healthcare access, quality, safety and care. To fully benefit from the advantages of technology, cybersecurity issues need to be resolved. Cybersecurity measures are being suggested via a number of healthcare standards which are often contradicting and confusing, making these measures ineffective and difficult to implement. To place a solid foundation for the healthcare sector, in improving the understanding of complex cybersecurity issues, this paper explores the existing vulnerabilities in the health care critical information infrastructures which are used in cyberattacks and discusses the reasons why this sector is under attack. Furthermore, the existing security standards in healthcare are presented alongside with their implementation challenges. The paper also discusses the use of living labs as a novel way to discover how to practically implement cybersecurity measures and also provides a set of recommendations as future steps. Finally, to our knowledge this is the first paper that analyses security in the context of living labs and provides suggestions relevant to this context.
- SIEMENS. 2021. Digitalizing healthcare: How to build a digital enterprise. Retrieved from https://www.siemens-healthineers.com/insights/digitalizing-healthcareGoogle Scholar
- Stephen O. Agboola, David W. Bates, Joseph C. Kvedar. 2016. Digital health and patient safety. JAMA 315, 16 (April 2016), 1697-1698. DOI: 10.1001/jama.2016.2402Google ScholarCross Ref
- Arash Keshavarzi Arshadi, Julia Webb, Milad Salem, Emmanuel Cruz, Stacie Calad-Thomson, Niloofar Ghadirian, Jennifer Collins, Elena Diez-Cecilia, Brendan Kelly, Hani Goodarzi, Jian Shiun Yuan. 2020. Artificial intelligence for Covid-19 drug discovery and vaccine development. Front Artif Intell 3, 65 (August 2020), 1-13. DOI: 10.3389/frai.2020.00065Google ScholarCross Ref
- World Economic Forum. 2018. Value in healthcare: laying the foundation for health system transformation. Retrieved from http://www3.weforum.org/docs/WEF_Insight_ Report_Value_Healthcare_Laying_Foundation.pdfGoogle Scholar
- Hassane Alami, Marie-Pierre Gagnon, Mohamed Ali Ag Ahmed, Jean-Paul Fortin. 2019. Digital Health: Cybersecurity is a value creation lever, not only a source of expenditure. Health Policy and Technology 8, 4 (December 2019), 319-321. DOI: 10.1016/j.hlpt.2019.09.002Google ScholarCross Ref
- ENISA. 2020. Procurement guidelines for cybersecurity in hospitals. Retrieved from https://www.enisa.europa.eu/publications/good-practices-for-the-security-of-healthcare-servicesGoogle Scholar
- Department of Health and Human Services. 2013. Summary of the HIPAA privacy rule. Retrieved from https://www.hhs.gov/hipaa/ for-professionals/privacy/laws-regulations/Google Scholar
- Barbara Filkins. 2014. Health Care Cyberthreat report: Widespread compromises detected, compliance nightmare on horizon. SANS Norse. Retrieved from https://www.sans.org/reading-room/ whitepapers/analyst/health-care-cyberthreat-report-widespread-compromises-detected-compliance-nightmare-horizon-34735Google Scholar
- Daniel Berger. 2016. Breach Report 2015: Protected health information (PHI). Retrieved from https://www.redspin.com/ resources/download/breach-report-2015-protected-health- information-phi/Google Scholar
- Verizon. 2018. Data Breach Investigations Report. Retrieved from https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdfGoogle Scholar
- Infoguard Cyber Security. 2017. 5 industries that top the hit list of cyber criminals in 2017. Retrieved from http://www.infoguardsecurity.com/5-industries-top-hit-list- cyber-criminals-2017/Google Scholar
- IBM. 2018. Cost of a data breach study: global overview. Retrieved from https://www- 01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=55017055USEN&Google Scholar
- Menaka Muthupalapania, Kerrie Stevenson. 2021. Healthcare cyber-attacks and the Covid-19 pandemic: an urgent threat to global health. Int J Qual Health Care 33, 1 (February 2021), 1-12 DOI: 10.1093/intqhc/mzaa117Google Scholar
- ENISA. 2020. Cybersecurity in the healthcare sector during Covid-19 pandemic. Retrieved from https://www.enisa.europa.eu/news/enisa-news/cybersecurity-in-the-healthcare-sector-during-covid-19-pandemicGoogle Scholar
- The CyberPeace Institute. 2021. Playing with lives: Cyberattacks on healthcare are attacks on people. Retrieved from https://cyberpeaceinstitute.org/report/2021-03-CyberPeaceInstitute-SAR001-Healthcare.pdfGoogle Scholar
- Lynne Coventry, Dawn Branley. 2018. Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas 113, 1 (July 2018), 48-52. DOI: 10.1016/j.maturitas.2018.04.008Google ScholarCross Ref
- Aatif Sulleyman. 2017. NHS cyber-attack: why stolen medical information is so much more valuable than financial data. Retrieved from https://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-medical-data-records-stolen-why-so-valuable-sell-financial-a7733171.htmlGoogle Scholar
- Joshua Berlinger. 2018. Justice Department Files Record $900 Million Healthcare Fraud Case. Retrieved from https://edition.cnn.com/2016/06/23/health/health-care-fraud-takedown/index.htmlGoogle Scholar
- LUXSCI. 2017. Why Are Hackers Targeting Your Medical Records? Retrieved from https://luxsci.com/blog/hackers-targeting-medical-records.htmlGoogle Scholar
- Kim Sengupta. 2017. Isis-linked hackers attack NHS websites to show gruesome Syrian civil war images. Retrieved from http://www.independent.co.uk/news/uk/crime/isis- islamist-hackers-nhs-websites-cyber-attack-syrian-civil-war-images-islamic-state- a7567236.html.Google Scholar
- Fred Donovan. 2018. Healthcare data security programs get short shrift in IT budgets. Health IT Security. Retrieved from https://healthitsecurity.com/news/healthcare-data- security-programs-get-short-shrift-in-it-budgetsGoogle Scholar
- Fred Donovan. 2018. NIST warns about cybersecurity vulnerabilities in healthcare IoT. Retrieved from https://healthitsecurity.com/news/nist-warns-about-cybersecurity-vulnerabilities-in-healthcare-iotGoogle Scholar
- Piotr Kaminski, Chris Rezek, Wolf Richter, Marc Sorel. 2017. Protecting your critical digital assets: Not all systems and data are created equal. Retrieved from https:// www.mckinsey.com/business-functions/risk/our-insights/ protecting-your-critical-digital-assets-not-all-systems-and- data-are-created-equalGoogle Scholar
- Klon Kitchen, Megan Reiss. 2018. Ransomware is coming; It'll make you wannacry. Retrieved from https://www.heritage.org/technology/commentary/ransomware-coming-itll-make-you-wannacryGoogle Scholar
- Ying He, Aliyu Aliyu, Mark Evans, Cunjin Luo. 2021. Health care cybersecurity challenges and solutions under the climate of covid-19: Scoping Review. J Med Internet Res 23, 4 (April 2021), 21-47. DOI: 10.2196/21747Google Scholar
- Kitty Kioskli, Nineta Polemi. 2020. A socio-technical approach to cyber risk assessment. International Journal of Electrical Computer Engineering 14, 10 (December 2020), 305-309.Google Scholar
- Kayla Matthews. 2018. Exciting IoT use cases in healthcare. IoT for all. Retrieved from https://theinternetofthings.report/blogs/6-exciting-iot-use-cases-in-healthcare/5382Google Scholar
- Nate Lord. 2018. Information security: The top INFOSEC considerations for healthcare organizations today. Retrieved from https://digitalguardian.com/blog/healthcare-information-security-top-infosec-considerations-healthcare-organizations-todayGoogle Scholar
- Saira Ghafur, Emilia Grass, Nick R Jennings, Ara Darzi. 2019. The challenges of cybersecurity in health care: the UK National Health Service as a case study. Lancet Digit Health 1, 1 (May 2019), 10-12. DOI: 10.1016/S2589-7500(19)30005-6Google Scholar
- National Health Service. 2019. Preparing the healthcare workforce to deliver the digital future. Retrieved from https://topol.hee.nhs.uk/Google Scholar
- William J. Mitchell. 2003. Me++ The Cyborg self and the networked city. Retrieved from https://mitpress.mit.edu/books/meGoogle Scholar
- European Network of Living Labs. 2020. What are the living labs. Retrieved from https://enoll.org/about-usGoogle Scholar
- Mokter Hossain, Seppo Leminen, Mika Westerlund. 2019. A systematic review of living lab literature. Journal of Cleaner Production 213, 1 (March 2019), 976-988. DOI: 10.1016/j.jclepro.2018.12.257Google ScholarCross Ref
- European Institute of Innovation and Technology. 2015. EIT ICT labs: An entire testing platform of SMEs to boost the international growth of Trilogis. Retrieved from http://eit.europa.eu/newsroom/eit-ict-labs-entire-testing-platform-smes-boost-international-growth-trilogisGoogle Scholar
- Kris Steen, Ellen van Bueren. 2017. Urban Living Labs: A Living Lab Way of Working. AMS Research Report, Amsterdam: AMS Institute.Google Scholar
- Paul Bate, Glenn Robert. 2006. Experience-based design: from redesigning the system around the patient to co-designing services with the patient. Qual Saf Health Care 15, 5 (October 2006), 307-310. DOI: 10.1136/qshc.2005.016527Google ScholarCross Ref
- Elizabeth B N Sanders, Piete Jan Stappers. 2008. Co-creation and the new landscapes of design. CoDesign 4, 1 (June 2008), 5-18. DOI: 10.1080/15710880701875068Google ScholarCross Ref
- Anna Ståhlbröst. 2012. A set of key principles to assess the impact of Living Labs. Int J Prod Dev 17, 1-2 (January 2012), 60-75. DOI: 10.1504/IJPD.2012.051154Google ScholarCross Ref
- Anand Sundaralingam, Theo Fotis. 2019. Making the case for responsible innovation. The Journal of mHealth 6, 5 (September 2019), 25-26.Google Scholar
- U4IoT. 2017. Living Labs Methodology Handbook. Retrieved from https://u4iot.eu/pdf/D2.2_LivingLabsMethodologyHandbook.pdfGoogle Scholar
- Cristina B Gibson, Julian Birkinshaw. 2004. The antecedents, consequences and mediating role of organizational ambidexterity. Academy of Management Journal 47, 2 (April 2004), 209-226. DOI: 10.2307/20159573Google ScholarCross Ref
- Antonio Capaldo. 2007. Network structure and innovation: The leveraging of a dual network as a distinctive relational capability. Strategic Management Journal 28, 6 (June 2007), 585-608. DOI: 10.1002/smj.621Google ScholarCross Ref
- Javier Garcia Guzman, Alvaro Fernandez del Carpio, Ricardo Colomo-Palacios, Manuel Velasco de Diego. 2015. Living labs for user-driven innovation: a process reference model. Res Technol Manag 56, 3 (Decemver 2015), 1-12. DOI: 10.5437/08956308X5603087Google Scholar
- Kristian Moller, Arto Rajala, Senja Svahn. 2005. Strategic business nets-their type and management. Journal of Business Research 58, 9 (September 2005), 1274-1284. DOI: 10.1016/j.jbusres.2003.05.002Google ScholarCross Ref
- Linus Dahlander, David M. Gann. 2010. How open is innovation? Res Pol 39, 6 (July 2010), 699-709. DOI: 10.1016/j.respol.2010.01.013Google ScholarCross Ref
- Seppo Leminen, Mika Westerlund. 2017. Categorization of innovation tools in living labs. Technol Innovat Manag Rev 7, 1 (January 2017), 15-25. DOI: 10.22215/timreview/1046Google Scholar
- James Evans, Ross Jones, Andrew Karvonen, Lucy Millard, Jana Wendler. 2015. Living labs and co- production: university campuses as platforms for sustainability science. Curr Opin Environ Sustain 16, 1 (October 2015), 1-6. DOI: 10.1016/j.cosust.2015.06.005Google ScholarCross Ref
- ANSI/CTA. 2020. Definitions/Characteristics Of Artificial Intelligence In Health Care. Retrieved from https://webstore.ansi.org/Standards/ANSI/ANSICTA20892020Google Scholar
- Declaration of Helsinki (1964). BMJ 313, 7070 (December 1996), 1448-1449. DOI: 10.1136/bmj.313.7070.1448a Google Scholar
- World Medical. 2001. World Medical Association Declaration of Helsinki. Retrieved from http://www.hl7.org/implement/standards/fhirGoogle Scholar
- interoEHRate Consortium. 2020. D2.7 FHIR Profile for EHR interoperability-V1. Retrieved from https://www.interopehrate.eu/wp-content/uploads/2019/11/InteropEHRate-D2.7-FHIR-profile-for-EHR-interoperability-V1.pdfGoogle Scholar
- Chon Abraham, Dave Chatterjee, Ronald S. Sims. 2019. Muddling through cybersecurity: Insights from the U.S. healthcare industry. Business Horizons 62, 4 (July-August 2019), 539-548. DOI: 10.1016/j.bushor.2019.03.010Google ScholarCross Ref
- Sati Gürdas ̧ Topkaya, Nurten Kaya. 2015. Nurses’ computer literacy and attitudes towards the use of computers in health care. Int J Nurs Pract 21, 1 (May 2015), 141-149. DOI: 10.1111/ijn.12350Google Scholar
- Henry G. Torres, Saurabh Gupta. 2018. The misunderstood link: information security training strategy. Retrieved from https://aisel.aisnet.org/amcis2018/Security/Presentations/16/Google Scholar
- Kitty Kioskli, Nineta Polemi. 2020. Psychosocial approach to cyber threat intelligence. International Journal of Chaotic Computing 7, 1 (February 2021), 159-165. DOI: 10.20533/ijcc.2046.3359.2020.0021Google ScholarCross Ref
Recommendations
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations
AbstractThe recent rise in cybersecurity breaches in healthcare organizations has put patients’ privacy at a higher risk of being exposed. Despite this threat and the additional danger posed by such incidents to patients’ safety, as well as operational ...
Cybersecurity challenges in IoT-based smart renewable energy
AbstractThe Internet of Things (IoT) makes it possible to collect data from, and issue commands to, devices via the Internet, eliminating the need for humans in the process while increasing productivity, accuracy, and economic value. Therefore, the ...
Comments