Trends and best practices in health care cybersecurity insurance policy

Kabir, Umar Yusuf; Ezekekwu, Emmanuel; Bhuyan, Soumitra S.; Mahmood, Asos; Dobalian, Aram

doi:10.1002/jhrm.21414

Cited by 7 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…NHS Digital [60] Apply a self-assessment tool such as the NHS Data Security and Protection Toolkit Dameff et al [61] Embrace cybersecurity and a develop strong culture of cyber vigilance Rezaeibagha et al [54] Ensure business continuity through data backups, intrusion detection, and prevention systems Kim et al [22] Apply a systematic risk assessment of the impacts on health care business operations Kabir et al [62] Consider cybersecurity insurance in health care…”

Section: Ensure Business Continuitymentioning

confidence: 99%

See 1 more Smart Citation

Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review

He¹,

Aliyu²,

Evans³

et al. 2021

J Med Internet Res

View full text Add to dashboard Cite

Background COVID-19 has challenged the resilience of the health care information system, which has affected our ability to achieve the global goal of health and well-being. The pandemic has resulted in a number of recent cyberattacks on hospitals, pharmaceutical companies, the US Department of Health and Human Services, the World Health Organization and its partners, and others. Objective The aim of this review was to identify key cybersecurity challenges, solutions adapted by the health sector, and areas of improvement needed to counteract the recent increases in cyberattacks (eg, phishing campaigns and ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people introduced through changes to working practices in response to the COVID-19 pandemic. Methods A scoping review was conducted by searching two major scientific databases (PubMed and Scopus) using the search formula “(covid OR healthcare) AND cybersecurity.” Reports, news articles, and industry white papers were also included if they were related directly to previously published works, or if they were the only available sources at the time of writing. Only articles in English published in the last decade were included (ie, 2011-2020) in order to focus on current issues, challenges, and solutions. Results We identified 9 main challenges in cybersecurity, 11 key solutions that health care organizations adapted to address these challenges, and 4 key areas that need to be strengthened in terms of cybersecurity capacity in the health sector. We also found that the most prominent and significant methods of cyberattacks that occurred during the pandemic were related to phishing, ransomware, distributed denial-of-service attacks, and malware. Conclusions This scoping review identified the most impactful methods of cyberattacks that targeted the health sector during the COVID-19 pandemic, as well as the challenges in cybersecurity, solutions, and areas in need of improvement. We provided useful insights to the health sector on cybersecurity issues during the COVID-19 pandemic as well as other epidemics or pandemics that may materialize in the future.

show abstract

Section: Ensure Business Continuitymentioning

confidence: 99%

“…Kim et al [22] systematically assessed the impacts of cybersecurity threats on remote health care. Cybersecurity insurance in health care [62] should also be considered as a solution to ensure business continuity management, but it has not been widely adopted.…”

Section: Ensure Business Continuitymentioning

confidence: 99%

Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review

He¹,

Aliyu²,

Evans³

et al. 2021

J Med Internet Res

View full text Add to dashboard Cite

show abstract

“…Damages resulting from such breaches range from financial losses to compromised patient safety. Cybersecurity insurance has become an essential tool to help to mitigate financial liabilities resulting from breaches in many organizations (Kabir et al, 2020;Jalali, Russell, Razak & Gordon, 2019). Natsiavas et al, 2018;Ondiege et al, 2017;PMI, 2017) Quantitatively and qualitatively assess cyber risks (Abraham et al, 2019;Blanke & McGrady, 2016;Coronado & Wong, 2014;Kure et al, 2018;Kruse et al, 2017;PMI, 2017) Analyze the likelihood of cyber risks occurring (Abraham et al, 2019;Blanke & McGrady, 2016;Kure et al, 2018;PMI, 2017) Check the impact of cyber risks (Abraham et al, 2019;Blanke & McGrady, 2016;Kure et al, 2018;PMI, 2017) Classify cyber risks (Abraham et al, 2019;Coronado & Wong, 2014;Kure et al, 2018;PMI, 2017) Plan responses to cyber risks (Abraham et al, 2019;Blanke & McGrady, 2016;PMI, 2017) Monitor cyber risks (Abraham et al, 2019;Blanke & McGrady, 2016;Coronado & Wong, 2014;Kure et al, 2018;PMI, 2017) Manage risks and residual risks (Abraham et al, 2019;Blanke & McGrady, 2016;Coronado & Wong, 2014;Kure et al, 2018;Ondiege et al, 2017;PMI, 2017) Source: The authors.…”

Section: Healthcare Cybersecurity Risk Managementmentioning

confidence: 99%

“…This article contributes to the analysis of cybersecurity in the healthcare sector since this sector is one of the most vulnerable to cybercrime in the world. According to Kabir, Ezekekwu, Bhuyan, Mahmood and Dobalian (2020) "Healthcare organizations are a major target for cyberattacks" (p.1). Cybersecurity is an extremely arduous task, requiring a lot of effort, resources, and focus.…”

Section: Introductionmentioning

confidence: 99%

Risk management focusing on the best practices of data security systems for healthcare

et al. 2021

View full text Add to dashboard Cite

Objective of the study: Statistics shows a worrisome picture of challenges to be overcome by cybersecurity in the healthcare sector. Data evidence that the healthcare industry experiences four data breaches per week in the United States alone, making it the sector most often affected by digital security breaches. Thus, the current article aims to investigate risk management focusing on identifying requirements and best practices for healthcare data security systems.Methodology/approach: It is based on a systematic literature review. Studies on state-of-the-art data security systems were collected and interpreted through content analysis. Assertive keywords, source-selection criteria, interpretation of selected articles, and database analysis were used to form the investigated sample and to represent the broad applications of this study’s objective.Originality/Relevance: The current study contributes to define a set of minimum requirements and best practices that can be adopted to manage data security risks in the healthcare sector and medical devices.Main results: Results have pointed out that there is no fully effective way to prevent all violations by cybercriminals; however, cybersecurity must be part of management processes adopted by different organizations.Theoretical/methodological contributions: It is found that cybersecurity has a great importance for the healthcare sector, the information generated is rich in content and that cybersecurity is neglected in the sector, that is not able to deal with the reality of cyber threats in the industry 4.0 context.Social /management contributions: By the good risk management practices and the adoption of minimum security items, institutions can ensure that managers can prepare and respond efficiently to cyber risks.

show abstract

A thematic analysis of ransomware incidents among United States hospitals, 2016–2022

Munoz Cornejo,

Lee,

Russell

2024

Health Technol.

View full text Add to dashboard Cite

Purpose To characterize the patterns, vulnerabilities, and responses associated with ransomware incidents in U.S. hospitals. Methods The study employs qualitative thematic analysis of ransomware incidents in U.S. hospitals from 2016 to 2022. Data were collected from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) public portal, and 65 cases were analyzed using NVivo 14 software. Findings Seven major themes emerged: (1) scale of ransomware, with incidents impacting a large number of individuals through diverse methods such as phishing and exploiting server vulnerabilities; (2) extent of protected health information vulnerability, with incidents often compromising sensitive health data, treatment records, and personal identifiers; (3) response and notification protocols, where hospitals demonstrate systematic responses including mandatory notifications to HHS, the media, and affected individuals; (4) implementation of safeguards, where hospitals have implemented immediate and long-term security measures post-attack; (5) investigation and regulatory compliance, where each attack is internally investigated, or with third-parties, while OCR conducts compliance reviews to guide corrective actions; (6) third-party involvement, highlighting the significant role of business associates (BAs) in incidents; (7) victim support and services, where hospitals frequently provide credit monitoring and identity protection services. Conclusions The study reveals the increasing prevalence of ransomware attacks targeting hospitals, highlighting significant vulnerabilities and the critical need for enhanced security measures. The findings suggest areas for future research, including the effectiveness of security practices and the long-term impacts on affected individuals.

show abstract

Trends and best practices in health care cybersecurity insurance policy

Cited by 7 publications

References 10 publications

Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review

Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review

Risk management focusing on the best practices of data security systems for healthcare

A thematic analysis of ransomware incidents among United States hospitals, 2016–2022

Contact Info

Product

Resources

About