Cyber Risk in Health Facilities: A Systematic Literature Review

Sardi, Alberto; Rizzi, Alessandro; Sorano, Enrico; Guerrieri, Anna

doi:10.3390/su12177002

Cited by 35 publications

(28 citation statements)

References 89 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In practice, it is not possible to build a completely secure system. Sundaram [9] explains that the internet is changing methods of computing rapidly, and possibilities and opportunities for malicious intrusions are very high and can cause high risk. Security mechanisms of a system are designed to prevent unauthorized access to system resources and data, however complete protection is unrealistic in this fast-paced cyber world users are in.…”

Section: Data and Informationmentioning

confidence: 99%

Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME)

et al. 2021

View full text Add to dashboard Cite

Cyber security has made an impact and has challenged Small and Medium Enterprises (SMEs) in their approaches towards how they protect and secure data. With an increase in more wired and wireless connections and devices on SME networks, unpredictable malicious activities and interruptions have risen. Finding the harmony between the advancement of technology and costs has always been a balancing act particularly in convincing the finance directors of these SMEs to invest in capital towards their IT infrastructure. This paper looks at various devices that currently are in the market to detect intrusions and look at how these devices handle prevention strategies for SMEs in their working environment both at home and in the office, in terms of their credibility in handling zero-day attacks against the costs of achieving so. The experiment was set up during the 2020 pandemic referred to as COVID-19 when the world experienced an unprecedented event of large scale. The operational working environment of SMEs reflected the context when the UK went into lockdown. Pre-pandemic would have seen this experiment take full control within an operational office environment; however, COVID-19 times has pushed us into a corner to evaluate every aspect of cybersecurity from the office and keeping the data safe within the home environment. The devices chosen for this experiment were OpenSource such as SNORT and pfSense to detect activities within the home environment, and Cisco, a commercial device, set up within an SME network. All three devices operated in a live environment within the SME network structure with employees being both at home and in the office. All three devices were observed from the rules they displayed, their costs and machine learning techniques integrated within them. The results revealed these aspects to be important in how they identified zero-day attacks. The findings showed that OpenSource devices whilst free to download, required a high level of expertise in personnel to implement and embed machine learning rules into the business solution even for staff working from home. However, when using Cisco, the price reflected the buy-in into this expertise and Cisco’s mainframe network, to give up-to-date information on cyber-attacks. The requirements of the UK General Data Protection Regulations Act (GDPR) were also acknowledged as part of the broader framework of the study. Machine learning techniques such as anomaly-based intrusions did show better detection through a commercially subscription-based model for support from Cisco compared to that of the OpenSource model which required internal expertise in machine learning. A cost model was used to compare the outcome of SMEs’ decision making, in getting the right framework in place in securing their data. In conclusion, finding a balance between IT expertise and costs of products that are able to help SMEs protect and secure their data will benefit the SMEs from using a more intelligent controlled environment with applied machine learning techniques, and not compromising on costs.

show abstract

Section: Data and Informationmentioning

confidence: 99%

Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME)

et al. 2021

View full text Add to dashboard Cite

show abstract

“…These systems are vulnerable to a large variety of threats such as malware, ransomware, etc [ 20 , 21 ]. Overall, the health care industry significantly lags behind other industries in terms of cybersecurity and coupled with a lack of digital literacy among staff mostly working from home, makes it a prominent target [ 15 , 22 ].…”

Section: Resultsmentioning

confidence: 99%

“…Offner et al [ 14 ] reviewed cyber threats and mitigation strategies among Australian health care organizations. Sardi et al [ 15 ] performed a systematic review of cyber risk in health facilities. However, there is limited research on an in-depth review and analysis of key cybersecurity challenges and solutions, specifically in the health sector, in the context of a pandemic situation such as COVID-19.…”

Section: Introductionmentioning

confidence: 99%

Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review

He¹,

Aliyu²,

Evans³

et al. 2021

J Med Internet Res

View full text Add to dashboard Cite

Background COVID-19 has challenged the resilience of the health care information system, which has affected our ability to achieve the global goal of health and well-being. The pandemic has resulted in a number of recent cyberattacks on hospitals, pharmaceutical companies, the US Department of Health and Human Services, the World Health Organization and its partners, and others. Objective The aim of this review was to identify key cybersecurity challenges, solutions adapted by the health sector, and areas of improvement needed to counteract the recent increases in cyberattacks (eg, phishing campaigns and ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people introduced through changes to working practices in response to the COVID-19 pandemic. Methods A scoping review was conducted by searching two major scientific databases (PubMed and Scopus) using the search formula “(covid OR healthcare) AND cybersecurity.” Reports, news articles, and industry white papers were also included if they were related directly to previously published works, or if they were the only available sources at the time of writing. Only articles in English published in the last decade were included (ie, 2011-2020) in order to focus on current issues, challenges, and solutions. Results We identified 9 main challenges in cybersecurity, 11 key solutions that health care organizations adapted to address these challenges, and 4 key areas that need to be strengthened in terms of cybersecurity capacity in the health sector. We also found that the most prominent and significant methods of cyberattacks that occurred during the pandemic were related to phishing, ransomware, distributed denial-of-service attacks, and malware. Conclusions This scoping review identified the most impactful methods of cyberattacks that targeted the health sector during the COVID-19 pandemic, as well as the challenges in cybersecurity, solutions, and areas in need of improvement. We provided useful insights to the health sector on cybersecurity issues during the COVID-19 pandemic as well as other epidemics or pandemics that may materialize in the future.

show abstract

“…Cybersecurity risk, also known as information technology risk, is the new management challenge of the third millennium; it affects the information and technology assets of organizations. On one hand, cybersecurity risk is defined in [6] as "operational risks to information and technology assets that have consequences affecting the confidentiality, availability, or integrity of information or information systems". In particular, a cybersecurity threat is a potential attack that exploits a vulnerability of the system to cause damage, whilst a threat scenario is a flow of events or attacks containing interactions between a malicious actor and a system to cause damage.…”

Section: Introductionmentioning

confidence: 99%

“…On the other hand, privacy risk assessment as indicated in [7] aims to "analyze and quantify the privacy risks associated with new systems". Accordingly, considerable research has been devoted to eliciting and analyzing cybersecurity and privacy risk assessment [6][7][8][9][10]. However, the applicability of these approaches in the context of cybersecurity and privacy risk assessment modeling for POC systems in healthcare ecosystems shows limitations with respect to (i) their support for explicitly specifying various types of cybersecurity threats, (ii) the definition of threat scenarios and (iii) the specification of mitigation and preventing actions (e.g., cyber hygiene) for these threats.…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity and Privacy Risk Assessment of Point-of-Care Systems in Healthcare—A Use Case Approach

et al. 2021

View full text Add to dashboard Cite

Point-of-care systems are generally used in healthcare to respond rapidly and prevent critical health conditions. Hence, POC systems often handle personal health information; and consequently, their cybersecurity and privacy requirements are of crucial importance. While, assessing these requirements is a significant task. In this work, we propose a use case approach to assess specifications of cybersecurity and privacy requirements of POC systems in a structured and self-contained form. Such an approach is appropriate since use cases are one of the most common means adopted by developers to derive requirements. As a result, we detail a use case approach in the framework of a real-based healthcare IT infrastructure that includes a health information system, integration engines, application servers, web services, medical devices, smartphone apps and medical modalities (all data simulated) together with the interaction with participants. Since our use case also sustains the analysis of cybersecurity and privacy risks in different threat scenarios, it also supports decision making and the analysis of compliance considerations.

show abstract

Cyber Risk in Health Facilities: A Systematic Literature Review

Cited by 35 publications

References 89 publications

Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME)

Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME)

Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review

Cybersecurity and Privacy Risk Assessment of Point-of-Care Systems in Healthcare—A Use Case Approach

Contact Info

Product

Resources

About