Cybersecurity Metrics for Enhanced Protection of Healthcare IT Systems

Ahmed, Yussuf; Naqvi, Syed; Josephs, Mark B.

doi:10.1109/ismict.2019.8744003

Cited by 15 publications

(9 citation statements)

References 54 publications

(53 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cyberattacks can cause serious consequences such as information dissemination, falsification, service failure, server congestion, and changes in medical image resolution. In this way, the bow-tie methodology contributes to improve cybersecurity practices in telemedicine, which is affected by several factors including training rate, security policies, security certification, risk management capacity, IT governance, and management security costs [ 60 ]. The bow-tie model for cybersecurity in telemedicine is based on the related literature (which are shown in Table 2 and Table 3 ).…”

Section: Resultsmentioning

confidence: 99%

“…In a general way, the bow-tie approach was created for security management and used mainly to identify threats, analyze barriers, and assess operational risks. In this sense, bow-tie analysis, which is a combination of FTA and ETA, is very popular because it incorporates both the causes and consequences of the incident scenario and can be used to assess all kinds of risks such as the ones regarding gas and oil pipelines [ 56 , 57 ], occupational risks [ 58 ], and industrial risks [ 59 , 60 ].…”

Section: Introductionmentioning

confidence: 99%

“…This is the default assumption of a traditional bow-tie analysis. However, several approaches can be used to assume that there are relationships among failure events such as correlation [ 56 ] and conditional probability [ 60 ]. Thus, the probabilities of an OR gate and an AND gate are calculated, respectively, as:

where

is a specific basic event,

is the total number of basic events which generate the risk event under analysis, and

is the probability of occurrence of the basic event

.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Risk Assessment Framework Proposal Based on Bow-Tie Analysis for Medical Image Diagnosis Sharing within Telemedicine

Poleto

Silva

Clemente

et al. 2021

Sensors

View full text Add to dashboard Cite

The purpose of this paper is to propose a framework for cybersecurity risk management in telemedicine. The framework, which uses a bow-tie approach for medical image diagnosis sharing, allows the identification, analysis, and assessment of risks, considering the ISO/TS 13131:2014 recommendations. The bow-tie method combines fault tree analysis (FTA) and event tree analysis (ETA). The literature review supported the identification of the main causes and forms of control associated with cybersecurity risks in telemedicine. The main finding of this paper is that it is possible, through a structured model, to manage risks and avoid losses for everyone involved in the process of exchanging medical image information through telemedicine services. Through the framework, those responsible for the telemedicine services can identify potential risks in cybersecurity and act preventively, recognizing the causes even as, in a mitigating way, identifying viable controls and prioritizing investments. Despite the existence of many studies on cybersecurity, the paper provides theoretical contributions to studies on cybersecurity risks and features a new methodological approach, which incorporates both causes and consequences of the incident scenario.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

where

is a specific basic event,

is the total number of basic events which generate the risk event under analysis, and

is the probability of occurrence of the basic event

.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Risk Assessment Framework Proposal Based on Bow-Tie Analysis for Medical Image Diagnosis Sharing within Telemedicine

Poleto

Silva

Clemente

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…One of the threats that healthcare faces are attacks on their medical devices, services they provide and their infrastructure, that could affect safety and well-being of their patients, indirectly harming them and possibly causing more health problems, and in worst case scenario, even death [67]. Reports have shown that healthcare infrastructure is among the most frequently targeted industries for cyber-attacks.…”

Section: Healthcarementioning

confidence: 99%

Cybersecurity challenges in Industry 4.0: A state of the art review

Avdibasic

Toksanovna

Duraković

2022

Defense and Security Studies

View full text Add to dashboard Cite

Cybersecurity is an important topic for Industry 4.0, which will face a lot of non-traditional challenges before it can be fully implemented to help society. The objective of the study is to recognize recent cybersecurity trends, newly occurring threats and challenges as well as their potential solutions. The articles reviewed in the paper are found through science direct, Scopus, Semantic scholar and google scholar. After reviewing them, ideas from articles were grouped together to show how different articles had similar thoughts. Through the analysis of 70 articles, it was found that cybersecurity still needs a lot of improvement in order to efficiently implement Industrial Internet of Things (IIoT), especially since many articles underline the need for security-by-design approach, followed by regular updating. Key challenges are lack of awareness and security experts, increased cybercriminal and the fact that the chain is as only as strong as its weakest point. Some of the most important solutions include incorporating security into design, stronger encryption, regular updates to patch vulnerabilities and good prevention and detection mechanisms. Once cybersecurity challenges are overcome, Industry 4.0 will be able to bloom to its full extent.

show abstract

“…It is emphasized that cybersecurity should not be analyzed only as a compliance practice given the occurrence of specific events causing additional costs [7,8], but should be designed in a structured and contingent way to consider all systems from the conception of telemedicine systems and services to be offered [9,10]. Deficiencies in the ICT infrastructure of these services contribute significantly to the increase of harmful attacks on health organizations that also adopt the strategy of promoting their services remotely [11].…”

Section: Introductionmentioning

confidence: 99%

Fuzzy Cognitive Scenario Mapping for Causes of Cybersecurity in Telehealth Services

et al. 2021

View full text Add to dashboard Cite

Hospital organizations have adopted telehealth systems to expand their services to a portion of the Brazilian population with limited access to healthcare, mainly due to the geographical distance between their communities and hospitals. The importance and usage of those services have recently increased due to the COVID-19 state-level mobility interventions. These services work with sensitive and confidential data that contain medical records, medication prescriptions, and results of diagnostic processes. Understanding how cybersecurity impacts the development of telehealth strategies is crucial for creating secure systems for daily operations. In the application reported in this article, the Fuzzy Cognitive Maps (FCMs) translated the complexity of cybersecurity in telehealth services into intelligible and objective results in an expert-based cognitive map. The tool also allowed the construction of scenarios simulating the possible implications caused by common factors that affect telehealth systems. FCMs provide a better understanding of cybersecurity strategies using expert knowledge and scenario analysis, enabling the maturation of cybersecurity in telehealth services.

show abstract

Cybersecurity Metrics for Enhanced Protection of Healthcare IT Systems

Cited by 15 publications

References 54 publications

A Risk Assessment Framework Proposal Based on Bow-Tie Analysis for Medical Image Diagnosis Sharing within Telemedicine

A Risk Assessment Framework Proposal Based on Bow-Tie Analysis for Medical Image Diagnosis Sharing within Telemedicine

Cybersecurity challenges in Industry 4.0: A state of the art review

Fuzzy Cognitive Scenario Mapping for Causes of Cybersecurity in Telehealth Services

Contact Info

Product

Resources

About