The Growing Cybersecurity Crisis in Healthcare: A Call to Action

Authors

DOI:

https://doi.org/10.54536/ajise.v3i3.3576

Keywords:

Cyber-Attack, Cybersecurity, Data Encryption, Protected Health Information (PHI)

Abstract

Electronic healthcare technology is pervasive throughout the globe, and it affords vast opportunities to enhance clinical outcomes, as well as for the transformation of models of care. Concerns are, however, growing, related to healthcare data and device security. Increased connectivity to legacy computer networks brought cybersecurity vulnerabilities for medical devices. Healthcare represents an attractive target for cybercrime because healthcare data is precious. This sector in present times is full of unique cybersecurity challenges, especially for susceptible kinds of patient information at stake. Second, many legacy systems will be prevalent—not adding more to that—with the changing face of cyber threats. Cybersecurity breaches have comprised stealing health information and focused ransomware attacks on hospitals; this could mean as vivid an attack as on implanted medical devices. This only points to the fact that ransomware attacks and other kinds of cyber-attacks against hospitals and other medical facilities are gaining ground; there is every reason to get alarmed and put in place stricter cybersecurity measures. An excellent healthcare cybersecurity strategy, therefore, has to consider access control, intrusion detection systems, encryption techniques, and periodic security testing. Data breaches and cyber-attacks are forcing any healthcare provider to invest in new state-of-the-art technologies related to keeping pace with trends regarding cybersecurity. The dangers that can be caused by cyber-attack include a considerable diminution in patient trust, potential health system collapse, human life threats, etc. On the whole, cybersecurity is strenuously linked with the question of patient safety.

Downloads

Download data is not yet available.

References

Ahmed, M. M., Maglaras, L., & Ferrag, M. A. (2020). Cyber threats in the healthcare sector and countermeasures. In Advances in business strategy and competitive advantage (pp. 109–124). https://doi.org/10.4018/978-1-7998-3648-3.ch007

Al-Qarni, E. A. (2023). Cybersecurity in healthcare: A review of recent attacks and mitigation strategies. International Journal of Advanced Computer Science and Applications, 14(5). https://doi.org/10.14569/ijacsa.2023.0140513

Antony, A., Thomas, S., Varghese, T., & Padman, V. (2023, December). Ransomware attacks on healthcare systems: Case studies and mitigation strategies. https://www.researchgate.net/publication/376514138_Ransomware_Attacks_on_Healthcare_Systems_Case_Studies_and_Mitigation_Strategies

Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M. V., Calcavecchia, F., Anderson, D., Burleson, W., Vogel, J. M., O’Leary, C., Eshaya-Chauvin, B., & Flahault, A. (2020). Cybersecurity of hospitals: Discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1). https://doi.org/10.1186/s12911-020-01161-7

Arghire, I. (2022, January 5). Broward Health data breach impacts 1.3 million people. SecurityWeek. https://www.securityweek.com/broward-health-data-breach-impacts-13-million-people/

Arghire, I. (2023, May 16). PharMerica discloses data breach impacting 5.8 million individuals. SecurityWeek. https://www.securityweek.com/pharmerica-discloses-data-breach-impacting-5-8-million-individuals/

Ataman, A. (2024, May 9). Cybersecurity in healthcare: 7 challenges & 10 best practices in ‘23. AIMultiple: High Tech Use Cases & Tools to Grow Your Business. https://research.aimultiple.com/cybersecurity-in-healthcare/

Aydın, M. A., Zaim, A. H., & Ceylan, K. G. (2009). A hybrid intrusion detection system design for computer network security. Computers & Electrical Engineering, 35(3), 517–526. https://doi.org/10.1016/j.compeleceng.2008.12.005

Bhosale, K. S., Nenova, M., & Iliev, G. (2021, September). A study of cyber attacks: In the healthcare sector. In 2021 Sixth Junior Conference on Lighting (Lighting) (pp. 1-6). IEEE. https://doi.org/10.1109/lighting49406.2021.9598947

Biswas, D. (2023, January 10). Cybersecurity best practices for healthcare you need to know. AppViewX. https://appviewx.com/blogs/cybersecurity-best-practices-for-healthcare-you-need-to-know/

Burns, A., & Johnson, M. E. (2015). Securing health information. IT Professional, 17(1), 23–29. https://doi.org/10.1109/mitp.2015.13

Cheng, L., Liu, F., & Yao, D. D. (2017, June 9). Enterprise data breach: Causes, challenges, prevention, and future directions. WIREs Data Mining and Knowledge Discovery, 7(5). https://doi.org/10.1002/widm.1211

CyberPeace Institute. (n.d.). Cyber attacks in times of conflict. CyberPeace Institute. https://cyberconflicts.cyberpeaceinstitute.org/

Davis, J. (2017, April 5). Ransomware attack on Texas pediatric provider exposes data of 55,000 patients. Healthcare IT News. https://www.healthcareitnews.com/news/ransomware-attack-texas-pediatric-provider-exposes-data-55000-patients

Davis, J. (2019, March 21). UCLA Health reaches $7.5M settlement over 2015 breach of 4.5M. HealthITSecurity. https://healthitsecurity.com/news/ucla-health-reaches-7.5m-settlement-over-2015-breach-of-4.5m

Davis, J. (2022, June 23). 10 biggest healthcare data breaches of 2021 impact over 22.6M patients. SC Media. https://www.scmagazine.com/feature/10-biggest-healthcare-data-breaches-of-2021-impact-over-22-6m-patients

Davis, J. (2023, May 15). Data of 5.82M PharMerica patients stolen, accessed during cyberattack. SC Media. https://www.scmagazine.com/news/5-82m-pharmerica-patients-stolen-accessed-cyberattack

Eddie, R. (2018, May 15). Cyber attack compromises patient information at Family Planning NSW. The New Daily. https://www.thenewdaily.com.au/news/state/nsw/2018/05/14/family-planning-nsw-cyber-attack

EuRepoC: European Repository of Cyber Incidents. (2024, April 22). EuRepoC. https://eurepoc.eu/

Fox, A. (2023, May 16). PharMerica announces health data breach, possibly largest of Q1 2023. Healthcare IT News. https://www.healthcareitnews.com/news/pharmerica-announces-health-data-breach-possibly-largest-q1-2023

Gatlan, S. (2020, May 13). Healthcare giant Magellan Health hit by ransomware attack. BleepingComputer. https://www.bleepingcomputer.com/news/security/healthcare-giant-magellan-health-hit-by-ransomware-attack/

Geer, D. (2021, December 7). Medical Informatics Engineering breach: The gift that keeps on giving. Medium. https://medium.com/the-aftermath-of-a-data-breach/medical-informatics-engineering-breach-the-gift-that-keeps-on-giving-9948231d2e95

Goud, N. (2018, May 14). Ransomware attack on Family Planning NSW. Cybersecurity Insiders. https://www.cybersecurity-insiders.com/ransomware-attack-on-family-planning-nsw/

Haleem, A., Javaid, M., Singh, R. P., & Suman, R. (2021). Telemedicine for healthcare: Capabilities, features, barriers, and applications. Sensors International, 2, 100117. https://doi.org/10.1016/j.sintl.2021.100117

Hutchinson, D. (2023, July 17). Henry Ford Health confirms data breach affecting 168,000 patients. WDIV. https://www.clickondetroit.com/news/local/2023/07/17/henry-ford-health-confirms-data-breach-affecting-168000-patients/

Ivanova, I. (2023, July 11). HCA Healthcare says hackers stole data on 11 million patients. CBS News. https://www.cbsnews.com/news/hca-healthcare-data-breach-hack-11-million-patients-affected/

Kale, B., Aworo, S., & Anyangwu, C. (2022). Cyber-attacks on digital infrastructures in healthcare: The secured approach. ResearchGate. https://www.researchgate.net/publication/366323639_Cyber-Attacks_on_Digital_Infrastructures_in_HealthCare_The_Secured_Approach

Lagasse, J. (2020, September 9). Personal information of 348,000 people potentially exposed in NorthShore data breach. Healthcare Finance News. https://www.healthcarefinancenews.com/news/personal-information-348000-people-potentially-exposed-northshore-data-breach

Landi, H. (2019, May 10). DOJ charges Chinese national, accomplice in landmark Anthem hack. Fierce Healthcare. https://www.fiercehealthcare.com/payer/doj-charges-chinese-national-accomplice-landmark-anthem-hack

Mahmood, G. S., Huang, D. J., & Jaleel, B. A. (2019). A secure cloud computing system by using encryption and access control model. Journal of Information Processing Systems, 15(3), 538–549. https://doi.org/10.3745/jips.03.0117

Mahmoud, R., & Al-Najjar, Y. (2024). Cybersecurity in healthcare industry. ResearchGate. https://www.researchgate.net/publication/378480107_CYBERSECURITY_IN_HEALTHCARE_INDUSTRY

Malecki, F. (2019). Best practices for preventing and recovering from a ransomware attack. Computer Fraud & Security, 2019(3), 8–10. https://doi.org/10.1016/s1361-3723(19)30028-4

Mangan, D. (2016, August 5). Huge data breach at health system leads to biggest ever settlement. CNBC. https://www.cnbc.com/2016/08/04/huge-data-breach-at-health-system-leads-to-biggest-ever-settlement.html

McCann, E. (2013, September 6). Advocate Health slapped with lawsuit after massive data breach. Healthcare IT News. https://www.healthcareitnews.com/news/AdvocateHealth-slapped-with-lawsuit-after-massive-data-breach

McGee, M. (2016, August 4). Advocate Health hit with record $5.5 million HIPAA penalty. CareersInfoSecurity. https://www.careersinfosecurity.com/advocate-health-hit-record-55-million-hipaa-penalty-a-9307

McGee, M. (2020, October 13). Health data breaches in 2020: Ransomware incidents dominate. DataBreachToday. https://www.databreachtoday.com/health-data-breaches-in-2020-ransomware-incidents-dominate-a-15170

McKeon, J. (2021, September 20). St. Joseph’s/Candler faces lawsuits in wake of ransomware attack. HealthITSecurity. https://healthitsecurity.com/news/st-josephs-candler-faces-lawsuits-in-wake-of-ransomware-attack

McKeon, J. (2022, January 4). PHI breach, data exfiltration at Broward Health impacts 1.3 million. HealthITSecurity. https://healthitsecurity.com/news/phi-breach-data-exfiltration-at-broward-health-impacts-1.3-million

McKeon, J. (2023, May 10). Healthcare data breach at Kansas hospital impacts 19K. HealthITSecurity. https://healthitsecurity.com/news/healthcare-data-breach-at-kansas-hospital-impacts-19k

Meadows, J. (2020, September 9). Ransomware attack exposes NorthShore, Northwestern patient data. Evanston, IL Patch. https://patch.com/illinois/evanston/ransomware-attack-exposes-northshore-northwestern-patient-data

Meisner, M. (2018). Financial consequences of cyber attacks leading to data breaches in healthcare sector. Copernican Journal of Finance & Accounting, 6(3), 63. https://doi.org/10.12775/cjfa.2017.017

Miliard, M. (2023, July 18). HCA Healthcare sued for recent data breach. Healthcare IT News. https://www.healthcareitnews.com/news/hca-healthcare-sued-recent-data-breach

Moffit, R., & Steffen, B. (2017, June). Health care data breaches: A changing landscape. Maryland Health Care Commission. https://mhcc.maryland.gov/mhcc/pages/hit/hit/documents/HIT_DataBreachesBrief_Brf_Rpt_090717.pdf

Mohammed, Z. A. (2021, November 9). Data breach recovery areas: An exploration of organization’s recovery strategies for surviving data breaches. Organizational Cybersecurity Journal. https://doi.org/10.1108/ocj-05-2021-0014

Moore, W., & Frye, S. (2019). Review of HIPAA, Part 1: History, protected health information, and privacy and security rules. Journal of Nuclear Medicine Technology, 47(4), 269–272. https://doi.org/10.2967/jnmt.119.227819

Murphy, D. (2020, September 16). Northern Light Health caught up in data breach. Press Herald. https://www.pressherald.com/2020/09/15/northern-light-health-informs-public-of-data-breach/

Nidiganti, V. (2024, March 25). Best practices for healthcare cybersecurity. Rely Services Inc. https://www.relyservices.com/blog/healthcare-cybersecurity-best-practices

Perlroth, N. (2014, August 19). Hack of Community Health Systems affects 4.5 million patients. Bits Blog. https://archive.nytimes.com/bits.blogs.nytimes.com/2014/08/18/hack-of-community-health-systems-affects-4-5-million-patients/

Powell, O. (2023, July 19). HCA Healthcare data breach impacts 11 million. Cybersecurity Hub. https://www.cshub.com/attacks/news/hca-healthcare-data-breach-impacts-11-million-patients

Ragan, S. (2014, August 18). Community Health Systems blames China for recent data breach. CSO Online. https://www.csoonline.com/article/548106/data-protection-community-health-systems-blames-china-for-recent-data-breach.html

Reddy, J., Elsayed, N., ElSayed, Z., & Ozer, M. (2023, February 22). A review on data breaches in healthcare security systems. International Journal of Computer Applications, 184(45), 1–7. https://doi.org/10.5120/ijca2023922333

Revenue Cycle Advisor. (2020, July 21). Florida Orthopaedic Institute reports breach affecting 640K individuals. HealthLeaders Media. https://www.healthleadersmedia.com/innovation/florida-orthopaedic-institute-reports-breach-affecting-640k-individuals

Roberts, P. (2015, July 31). 4.5 million doctors still in the dark after electronics records hack exposes data on 4 million. The Security Ledger With Paul F. Roberts. https://securityledger.com/2015/07/doctors-still-in-the-dark-after-electronics-records-hack-exposes-data-on-4-million/

Rosenfeld, S. (2021, February 14). Medical Informatics Engineering pays $100K for data breach of 3.5M patients. OncLive. https://www.chiefhealthcareexecutive.com/view/medical-informatics-engineering-pays-100k-for-data-breach-of-35m-patients

Schencker, L. (2020, September 9). NorthShore health system says personal information of 348,000 people potentially exposed in data breach. Chicago Tribune. https://www.chicagotribune.com/2020/09/08/northshore-health-system-says-personal-information-of-348000-people-potentially-exposed-in-data-breach/

Senbekov, M., Saliev, T., Bukeyeva, Z., Almabayeva, A., Zhanaliyeva, M., Aitenova, N., Toishibekov, Y., & Fakhradiyev, I. (2020). The recent progress and applications of digital technologies in healthcare: A review. International Journal of Telemedicine and Applications, 2020, 1–18. https://doi.org/10.1155/2020/8830200

Southwick, R. (2023, July 10). HCA Healthcare discloses data breach affecting as many as 11 million patients. OncLive. https://www.chiefhealthcareexecutive.com/view/hca-healthcare-discloses-data-breach-affecting-as-many-as-11-million-patients

Suleski, T., Ahmed, M., Yang, W., & Wang, E. (2023). A review of multi-factor authentication in the Internet of Healthcare Things. Digital Health, 9, 205520762311771. https://doi.org/10.1177/20552076231177144

Swasey, K. (2020, April). Insufficient healthcare cybersecurity invites ransomware attacks and sale of PHI on the dark web. https://www.usu.edu/cai/files/studentpaper-swasey.pdf

Sweny, G. (2020, September 14). Millions of individuals fall victim to cyberattacks on healthcare institutions. AgileBlue. https://agileblue.com/millions-of-individuals-fall-victim-to-cyberattacks-on-healthcare-institutions/

Syafrizal, M., Selamat, S. R., & Zakaria, N. A. (2022). Analysis of cybersecurity standard and framework components. International Journal of Communication Networks and Information Security, 12(3). https://doi.org/10.17762/ijcnis.v12i3.4817

Taylor, E. (2017, August 16). ABCD Pediatrics hit by ransomware attack affecting 55,000 patients. Defensorum. https://www.defensorum.com/abcd-pediatrics-hit-ransomware-attack-affecting-55000-patients/

Terhune, C. (2015, July 18). UCLA Health System data breach affects 4.5 million patients. Los Angeles Times. https://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html

The HIPAA Journal - news and articles about HIPAA. (n.d.). https://www.hipaajournal.com/

Tin, D., Hata, R., Granholm, F., Ciottone, R. G., Staynings, R., & Ciottone, G. R. (2023). Cyberthreats: A primer for healthcare professionals. The American Journal of Emergency Medicine, 68, 179–185. https://doi.org/10.1016/j.ajem.2023.04.001

Toulas, B. (2022, January 3). Broward Health discloses data breach affecting 1.3 million people. BleepingComputer. https://www.bleepingcomputer.com/news/security/broward-health-discloses-data-breach-affecting-13-million-people/

Toulas, B. (2023, May 15). Ransomware gang steals data of 5.8 million PharMerica patients. BleepingComputer. https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/

Toulas, B. (2023, May 29). MCNA Dental data breach impacts 8.9 million people after ransomware attack. BleepingComputer. https://www.bleepingcomputer.com/news/security/mcna-dental-data-breach-impacts-89-million-people-after-ransomware-attack/

Toulas, B. (2023, July 11). HCA confirms breach after hacker steals data of 11 million patients. BleepingComputer. https://www.bleepingcomputer.com/news/security/hca-confirms-breach-after-hacker-steals-data-of-11-million-patients/

Trinity Health’s response to the Blackbaud philanthropy database security incident. (2020, September 15). Trinity Health’s Response to the Blackbaud Philanthropy Database Security Incident. PR Newswire. https://www.prnewswire.com/news-releases/trinity-healths-response-to-the-blackbaud-philanthropy-database-security-incident-301130466.html

University of Maryland CISSM Cyber Attacks Database. (n.d.). Cyber attacks database. https://cissm.liquifiedapps.com/

U.S. Department of Health & Human Services - Office for Civil Rights. (n.d.). Breach portal. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Vinton, K. (2015, July 18). 4.5 million UCLA Health patients’ data compromised in cyber attack. Forbes. https://www.forbes.com/sites/katevinton/2015/07/17/4-5-million-ucla-health-patients-data-compromised-in-cyber-attack/?sh=4a5a1ae42bc6

Webber Insurance Services. (2024, August 29). List of data breaches and cyber attacks in Australia 2018-2024. https://www.webberinsurance.com.au/data-breaches-list

Walker, M. (2018, June 10). Terros Health data breach potentially impacts 1,600 patients. ABC15 Arizona in Phoenix (KNXV). https://www.abc15.com/news/region-phoenix-metro/central-phoenix/terros-health-data-breach-1600-patients-potentially-impacted

Yeng, P., Fauzi, M. A., Yang, B., Diekuu, J. B., Nimbe, P., Holik, F., ... & Sun, L. (2023, October). SecHealth: Enhancing EHR Security in digital health transformation. In Proceedings of the 8th International Conference on Sustainable Information Engineering and Technology (pp. 538-544). https://doi.org/10.1145/3626641.3627214

Young, K. (2021, November 1). Cyber case study: Anthem data breach. CoverLink Insurance - Ohio Insurance Agency. https://coverlink.com/case-study/anthem-data-breach/

Published

2024-10-31

How to Cite

Yusuf, M. K., Danladi, A. J., Shombot, E. S., Dusserre, G., Odey, V. A., Baba-Ahmed, N. B., Bestak, R., & Lawan, M. I. (2024). The Growing Cybersecurity Crisis in Healthcare: A Call to Action. American Journal of Innovation in Science and Engineering, 3(3), 55–68. https://doi.org/10.54536/ajise.v3i3.3576