Phishing in healthcare organisations: threats, mitigation and approaches

Priestman, W; Anstis, Tony; Sebire, Isabel G; Sridharan, Shankar; Sebire, Neil J

doi:10.1136/bmjhci-2019-100031

Cited by 35 publications

(44 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are a few open issues regarding the security of the ICU; as shown in this paper, one of these issues is the human factor, which could be utilized as an attack vector through social engineering techniques [79] in 15 of the attacks we presented (for example, by sending a malicious link or inserting an infected USB into an operating system). Moreover, the trend of using social engineering techniques in healthcare, such as phishing, has been continuously growing [86]. Based on our understanding, the medical team is not well trained regarding seurity issues or aware of the security problems that exist.…”

Section: Discussionmentioning

confidence: 99%

SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems

2020

View full text Add to dashboard Cite

An intensive care unit (ICU) is dedicated to caring for patients whose medical condition places them at high risk of mortality or serious morbidity. ICU medical devices (ICUMDs) are used to closely monitor, stabilize, and treat ICU patients who are often unconscious and rely almost solely on ICUMDs. ICUMDs have become more autonomous, with a range of components, connectivity to external devices, and functionalities, opening the door to cyber-attacks. We present a taxonomy based on the functionality of 19 widely used ICUMDs, providing an explanation of each device's medical role, properties, interactions, and how they impact each other's security. We provide an extensive survey of 16 possible attacks aimed at ICUMDs and assess each device's vulnerability. We also create an ecosystem graph describing the roles and interactions of the players of each ICU sub-department. For each device type we produce a unique attack flow diagram that presents the most vulnerable vectors and components within the ecosystem. Finally, we survey relevant security mechanisms and map their coverage for the attacks, identifying existing gaps. We show that current security mechanisms generally fail to provide protection, covering just 12.5-56.3% of the attacks against ICUMDs, leaving the devices and the patients vulnerable.

show abstract

Section: Discussionmentioning

confidence: 99%

SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems

2020

View full text Add to dashboard Cite

show abstract

“…Apart from the studies enumerated above, we perused the work of Ward Priestman et al which is based on classifying different factors for healthcare sector [27]. This study, in particular, became the premise of our research investigations.…”

Section: Past Research Initiativesmentioning

confidence: 99%

“…The questionnaire was based on queries related to the healthcare information security exploitation issue. On the basis of the experts' opinion, the authors aligned every factor that is affecting a particular layer with the classical healthcare data handling model [24][25][26][27]. Figure 4 describes the different factors and their related layers.…”

Section: Various Factors: Affecting Healthcare Data Securitymentioning

confidence: 99%

“…Social Engineering: According to the classical definition of social engineering, it is a psychological or intelligence-based technique that is used to trick victims into mistakenly making security holes or extracting sensitive information from victims [27]. In the healthcare perspective social engineering is the strongest weapon against target.…”

Section: Various Factors: Affecting Healthcare Data Securitymentioning

confidence: 99%

See 1 more Smart Citation

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

et al. 2020

View full text Add to dashboard Cite

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

show abstract

“…However, it alerts the health facilities and its stakeholders on dangers derived from the use of these technologies [90]. This danger can derive from internal problems-e.g., the wrong design of the computer network or inefficient processes [22]-and external problems-e.g., cyber-attack by hackers [24]. These dangers are increasingly widespread and difficult to control all activities [91].…”

mentioning

confidence: 99%

Cyber Risk in Health Facilities: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

The current world challenges include issues such as infectious disease pandemics, environmental health risks, food safety, and crime prevention. Through this article, a special emphasis is given to one of the main challenges in the healthcare sector during the COVID-19 pandemic, the cyber risk. Since the beginning of the Covid-19 pandemic, the World Health Organization has detected a dramatic increase in the number of cyber-attacks. For instance, in Italy the COVID-19 emergency has heavily affected cybersecurity; from January to April 2020, the total of attacks, accidents, and violations of privacy to the detriment of companies and individuals has doubled. Using a systematic and rigorous approach, this paper aims to analyze the literature on the cyber risk in the healthcare sector to understand the real knowledge on this topic. The findings highlight the poor attention of the scientific community on this topic, except in the United States. The literature lacks research contributions to support cyber risk management in subject areas such as Business, Management and Accounting; Social Science; and Mathematics. This research outlines the need to empirically investigate the cyber risk, giving a practical solution to health facilities.

show abstract

Phishing in healthcare organisations: threats, mitigation and approaches

Cited by 35 publications

References 15 publications

SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems

SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their Ecosystems

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Cyber Risk in Health Facilities: A Systematic Literature Review

Contact Info

Product

Resources

About