The Growing Cybersecurity Crisis in Healthcare: A Call to Action
DOI:
https://doi.org/10.54536/ajise.v3i3.3576Keywords:
Cyber-Attack, Cybersecurity, Data Encryption, Protected Health Information (PHI)Abstract
Electronic healthcare technology is pervasive throughout the globe, and it affords vast opportunities to enhance clinical outcomes, as well as for the transformation of models of care. Concerns are, however, growing, related to healthcare data and device security. Increased connectivity to legacy computer networks brought cybersecurity vulnerabilities for medical devices. Healthcare represents an attractive target for cybercrime because healthcare data is precious. This sector in present times is full of unique cybersecurity challenges, especially for susceptible kinds of patient information at stake. Second, many legacy systems will be prevalent—not adding more to that—with the changing face of cyber threats. Cybersecurity breaches have comprised stealing health information and focused ransomware attacks on hospitals; this could mean as vivid an attack as on implanted medical devices. This only points to the fact that ransomware attacks and other kinds of cyber-attacks against hospitals and other medical facilities are gaining ground; there is every reason to get alarmed and put in place stricter cybersecurity measures. An excellent healthcare cybersecurity strategy, therefore, has to consider access control, intrusion detection systems, encryption techniques, and periodic security testing. Data breaches and cyber-attacks are forcing any healthcare provider to invest in new state-of-the-art technologies related to keeping pace with trends regarding cybersecurity. The dangers that can be caused by cyber-attack include a considerable diminution in patient trust, potential health system collapse, human life threats, etc. On the whole, cybersecurity is strenuously linked with the question of patient safety.
Downloads
References
Ahmed, M. M., Maglaras, L., & Ferrag, M. A. (2020). Cyber threats in the healthcare sector and countermeasures. In Advances in business strategy and competitive advantage (pp. 109–124). https://doi.org/10.4018/978-1-7998-3648-3.ch007
Al-Qarni, E. A. (2023). Cybersecurity in healthcare: A review of recent attacks and mitigation strategies. International Journal of Advanced Computer Science and Applications, 14(5). https://doi.org/10.14569/ijacsa.2023.0140513
Antony, A., Thomas, S., Varghese, T., & Padman, V. (2023, December). Ransomware attacks on healthcare systems: Case studies and mitigation strategies. https://www.researchgate.net/publication/376514138_Ransomware_Attacks_on_Healthcare_Systems_Case_Studies_and_Mitigation_Strategies
Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M. V., Calcavecchia, F., Anderson, D., Burleson, W., Vogel, J. M., O’Leary, C., Eshaya-Chauvin, B., & Flahault, A. (2020). Cybersecurity of hospitals: Discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1). https://doi.org/10.1186/s12911-020-01161-7
Arghire, I. (2022, January 5). Broward Health data breach impacts 1.3 million people. SecurityWeek. https://www.securityweek.com/broward-health-data-breach-impacts-13-million-people/
Arghire, I. (2023, May 16). PharMerica discloses data breach impacting 5.8 million individuals. SecurityWeek. https://www.securityweek.com/pharmerica-discloses-data-breach-impacting-5-8-million-individuals/
Ataman, A. (2024, May 9). Cybersecurity in healthcare: 7 challenges & 10 best practices in ‘23. AIMultiple: High Tech Use Cases & Tools to Grow Your Business. https://research.aimultiple.com/cybersecurity-in-healthcare/
Aydın, M. A., Zaim, A. H., & Ceylan, K. G. (2009). A hybrid intrusion detection system design for computer network security. Computers & Electrical Engineering, 35(3), 517–526. https://doi.org/10.1016/j.compeleceng.2008.12.005
Bhosale, K. S., Nenova, M., & Iliev, G. (2021, September). A study of cyber attacks: In the healthcare sector. In 2021 Sixth Junior Conference on Lighting (Lighting) (pp. 1-6). IEEE. https://doi.org/10.1109/lighting49406.2021.9598947
Biswas, D. (2023, January 10). Cybersecurity best practices for healthcare you need to know. AppViewX. https://appviewx.com/blogs/cybersecurity-best-practices-for-healthcare-you-need-to-know/
Burns, A., & Johnson, M. E. (2015). Securing health information. IT Professional, 17(1), 23–29. https://doi.org/10.1109/mitp.2015.13
Cheng, L., Liu, F., & Yao, D. D. (2017, June 9). Enterprise data breach: Causes, challenges, prevention, and future directions. WIREs Data Mining and Knowledge Discovery, 7(5). https://doi.org/10.1002/widm.1211
CyberPeace Institute. (n.d.). Cyber attacks in times of conflict. CyberPeace Institute. https://cyberconflicts.cyberpeaceinstitute.org/
Davis, J. (2017, April 5). Ransomware attack on Texas pediatric provider exposes data of 55,000 patients. Healthcare IT News. https://www.healthcareitnews.com/news/ransomware-attack-texas-pediatric-provider-exposes-data-55000-patients
Davis, J. (2019, March 21). UCLA Health reaches $7.5M settlement over 2015 breach of 4.5M. HealthITSecurity. https://healthitsecurity.com/news/ucla-health-reaches-7.5m-settlement-over-2015-breach-of-4.5m
Davis, J. (2022, June 23). 10 biggest healthcare data breaches of 2021 impact over 22.6M patients. SC Media. https://www.scmagazine.com/feature/10-biggest-healthcare-data-breaches-of-2021-impact-over-22-6m-patients
Davis, J. (2023, May 15). Data of 5.82M PharMerica patients stolen, accessed during cyberattack. SC Media. https://www.scmagazine.com/news/5-82m-pharmerica-patients-stolen-accessed-cyberattack
Eddie, R. (2018, May 15). Cyber attack compromises patient information at Family Planning NSW. The New Daily. https://www.thenewdaily.com.au/news/state/nsw/2018/05/14/family-planning-nsw-cyber-attack
EuRepoC: European Repository of Cyber Incidents. (2024, April 22). EuRepoC. https://eurepoc.eu/
Fox, A. (2023, May 16). PharMerica announces health data breach, possibly largest of Q1 2023. Healthcare IT News. https://www.healthcareitnews.com/news/pharmerica-announces-health-data-breach-possibly-largest-q1-2023
Gatlan, S. (2020, May 13). Healthcare giant Magellan Health hit by ransomware attack. BleepingComputer. https://www.bleepingcomputer.com/news/security/healthcare-giant-magellan-health-hit-by-ransomware-attack/
Geer, D. (2021, December 7). Medical Informatics Engineering breach: The gift that keeps on giving. Medium. https://medium.com/the-aftermath-of-a-data-breach/medical-informatics-engineering-breach-the-gift-that-keeps-on-giving-9948231d2e95
Goud, N. (2018, May 14). Ransomware attack on Family Planning NSW. Cybersecurity Insiders. https://www.cybersecurity-insiders.com/ransomware-attack-on-family-planning-nsw/
Haleem, A., Javaid, M., Singh, R. P., & Suman, R. (2021). Telemedicine for healthcare: Capabilities, features, barriers, and applications. Sensors International, 2, 100117. https://doi.org/10.1016/j.sintl.2021.100117
Hutchinson, D. (2023, July 17). Henry Ford Health confirms data breach affecting 168,000 patients. WDIV. https://www.clickondetroit.com/news/local/2023/07/17/henry-ford-health-confirms-data-breach-affecting-168000-patients/
Ivanova, I. (2023, July 11). HCA Healthcare says hackers stole data on 11 million patients. CBS News. https://www.cbsnews.com/news/hca-healthcare-data-breach-hack-11-million-patients-affected/
Kale, B., Aworo, S., & Anyangwu, C. (2022). Cyber-attacks on digital infrastructures in healthcare: The secured approach. ResearchGate. https://www.researchgate.net/publication/366323639_Cyber-Attacks_on_Digital_Infrastructures_in_HealthCare_The_Secured_Approach
Lagasse, J. (2020, September 9). Personal information of 348,000 people potentially exposed in NorthShore data breach. Healthcare Finance News. https://www.healthcarefinancenews.com/news/personal-information-348000-people-potentially-exposed-northshore-data-breach
Landi, H. (2019, May 10). DOJ charges Chinese national, accomplice in landmark Anthem hack. Fierce Healthcare. https://www.fiercehealthcare.com/payer/doj-charges-chinese-national-accomplice-landmark-anthem-hack
Mahmood, G. S., Huang, D. J., & Jaleel, B. A. (2019). A secure cloud computing system by using encryption and access control model. Journal of Information Processing Systems, 15(3), 538–549. https://doi.org/10.3745/jips.03.0117
Mahmoud, R., & Al-Najjar, Y. (2024). Cybersecurity in healthcare industry. ResearchGate. https://www.researchgate.net/publication/378480107_CYBERSECURITY_IN_HEALTHCARE_INDUSTRY
Malecki, F. (2019). Best practices for preventing and recovering from a ransomware attack. Computer Fraud & Security, 2019(3), 8–10. https://doi.org/10.1016/s1361-3723(19)30028-4
Mangan, D. (2016, August 5). Huge data breach at health system leads to biggest ever settlement. CNBC. https://www.cnbc.com/2016/08/04/huge-data-breach-at-health-system-leads-to-biggest-ever-settlement.html
McCann, E. (2013, September 6). Advocate Health slapped with lawsuit after massive data breach. Healthcare IT News. https://www.healthcareitnews.com/news/AdvocateHealth-slapped-with-lawsuit-after-massive-data-breach
McGee, M. (2016, August 4). Advocate Health hit with record $5.5 million HIPAA penalty. CareersInfoSecurity. https://www.careersinfosecurity.com/advocate-health-hit-record-55-million-hipaa-penalty-a-9307
McGee, M. (2020, October 13). Health data breaches in 2020: Ransomware incidents dominate. DataBreachToday. https://www.databreachtoday.com/health-data-breaches-in-2020-ransomware-incidents-dominate-a-15170
McKeon, J. (2021, September 20). St. Joseph’s/Candler faces lawsuits in wake of ransomware attack. HealthITSecurity. https://healthitsecurity.com/news/st-josephs-candler-faces-lawsuits-in-wake-of-ransomware-attack
McKeon, J. (2022, January 4). PHI breach, data exfiltration at Broward Health impacts 1.3 million. HealthITSecurity. https://healthitsecurity.com/news/phi-breach-data-exfiltration-at-broward-health-impacts-1.3-million
McKeon, J. (2023, May 10). Healthcare data breach at Kansas hospital impacts 19K. HealthITSecurity. https://healthitsecurity.com/news/healthcare-data-breach-at-kansas-hospital-impacts-19k
Meadows, J. (2020, September 9). Ransomware attack exposes NorthShore, Northwestern patient data. Evanston, IL Patch. https://patch.com/illinois/evanston/ransomware-attack-exposes-northshore-northwestern-patient-data
Meisner, M. (2018). Financial consequences of cyber attacks leading to data breaches in healthcare sector. Copernican Journal of Finance & Accounting, 6(3), 63. https://doi.org/10.12775/cjfa.2017.017
Miliard, M. (2023, July 18). HCA Healthcare sued for recent data breach. Healthcare IT News. https://www.healthcareitnews.com/news/hca-healthcare-sued-recent-data-breach
Moffit, R., & Steffen, B. (2017, June). Health care data breaches: A changing landscape. Maryland Health Care Commission. https://mhcc.maryland.gov/mhcc/pages/hit/hit/documents/HIT_DataBreachesBrief_Brf_Rpt_090717.pdf
Mohammed, Z. A. (2021, November 9). Data breach recovery areas: An exploration of organization’s recovery strategies for surviving data breaches. Organizational Cybersecurity Journal. https://doi.org/10.1108/ocj-05-2021-0014
Moore, W., & Frye, S. (2019). Review of HIPAA, Part 1: History, protected health information, and privacy and security rules. Journal of Nuclear Medicine Technology, 47(4), 269–272. https://doi.org/10.2967/jnmt.119.227819
Murphy, D. (2020, September 16). Northern Light Health caught up in data breach. Press Herald. https://www.pressherald.com/2020/09/15/northern-light-health-informs-public-of-data-breach/
Nidiganti, V. (2024, March 25). Best practices for healthcare cybersecurity. Rely Services Inc. https://www.relyservices.com/blog/healthcare-cybersecurity-best-practices
Perlroth, N. (2014, August 19). Hack of Community Health Systems affects 4.5 million patients. Bits Blog. https://archive.nytimes.com/bits.blogs.nytimes.com/2014/08/18/hack-of-community-health-systems-affects-4-5-million-patients/
Powell, O. (2023, July 19). HCA Healthcare data breach impacts 11 million. Cybersecurity Hub. https://www.cshub.com/attacks/news/hca-healthcare-data-breach-impacts-11-million-patients
Ragan, S. (2014, August 18). Community Health Systems blames China for recent data breach. CSO Online. https://www.csoonline.com/article/548106/data-protection-community-health-systems-blames-china-for-recent-data-breach.html
Reddy, J., Elsayed, N., ElSayed, Z., & Ozer, M. (2023, February 22). A review on data breaches in healthcare security systems. International Journal of Computer Applications, 184(45), 1–7. https://doi.org/10.5120/ijca2023922333
Revenue Cycle Advisor. (2020, July 21). Florida Orthopaedic Institute reports breach affecting 640K individuals. HealthLeaders Media. https://www.healthleadersmedia.com/innovation/florida-orthopaedic-institute-reports-breach-affecting-640k-individuals
Roberts, P. (2015, July 31). 4.5 million doctors still in the dark after electronics records hack exposes data on 4 million. The Security Ledger With Paul F. Roberts. https://securityledger.com/2015/07/doctors-still-in-the-dark-after-electronics-records-hack-exposes-data-on-4-million/
Rosenfeld, S. (2021, February 14). Medical Informatics Engineering pays $100K for data breach of 3.5M patients. OncLive. https://www.chiefhealthcareexecutive.com/view/medical-informatics-engineering-pays-100k-for-data-breach-of-35m-patients
Schencker, L. (2020, September 9). NorthShore health system says personal information of 348,000 people potentially exposed in data breach. Chicago Tribune. https://www.chicagotribune.com/2020/09/08/northshore-health-system-says-personal-information-of-348000-people-potentially-exposed-in-data-breach/
Senbekov, M., Saliev, T., Bukeyeva, Z., Almabayeva, A., Zhanaliyeva, M., Aitenova, N., Toishibekov, Y., & Fakhradiyev, I. (2020). The recent progress and applications of digital technologies in healthcare: A review. International Journal of Telemedicine and Applications, 2020, 1–18. https://doi.org/10.1155/2020/8830200
Southwick, R. (2023, July 10). HCA Healthcare discloses data breach affecting as many as 11 million patients. OncLive. https://www.chiefhealthcareexecutive.com/view/hca-healthcare-discloses-data-breach-affecting-as-many-as-11-million-patients
Suleski, T., Ahmed, M., Yang, W., & Wang, E. (2023). A review of multi-factor authentication in the Internet of Healthcare Things. Digital Health, 9, 205520762311771. https://doi.org/10.1177/20552076231177144
Swasey, K. (2020, April). Insufficient healthcare cybersecurity invites ransomware attacks and sale of PHI on the dark web. https://www.usu.edu/cai/files/studentpaper-swasey.pdf
Sweny, G. (2020, September 14). Millions of individuals fall victim to cyberattacks on healthcare institutions. AgileBlue. https://agileblue.com/millions-of-individuals-fall-victim-to-cyberattacks-on-healthcare-institutions/
Syafrizal, M., Selamat, S. R., & Zakaria, N. A. (2022). Analysis of cybersecurity standard and framework components. International Journal of Communication Networks and Information Security, 12(3). https://doi.org/10.17762/ijcnis.v12i3.4817
Taylor, E. (2017, August 16). ABCD Pediatrics hit by ransomware attack affecting 55,000 patients. Defensorum. https://www.defensorum.com/abcd-pediatrics-hit-ransomware-attack-affecting-55000-patients/
Terhune, C. (2015, July 18). UCLA Health System data breach affects 4.5 million patients. Los Angeles Times. https://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html
The HIPAA Journal - news and articles about HIPAA. (n.d.). https://www.hipaajournal.com/
Tin, D., Hata, R., Granholm, F., Ciottone, R. G., Staynings, R., & Ciottone, G. R. (2023). Cyberthreats: A primer for healthcare professionals. The American Journal of Emergency Medicine, 68, 179–185. https://doi.org/10.1016/j.ajem.2023.04.001
Toulas, B. (2022, January 3). Broward Health discloses data breach affecting 1.3 million people. BleepingComputer. https://www.bleepingcomputer.com/news/security/broward-health-discloses-data-breach-affecting-13-million-people/
Toulas, B. (2023, May 15). Ransomware gang steals data of 5.8 million PharMerica patients. BleepingComputer. https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/
Toulas, B. (2023, May 29). MCNA Dental data breach impacts 8.9 million people after ransomware attack. BleepingComputer. https://www.bleepingcomputer.com/news/security/mcna-dental-data-breach-impacts-89-million-people-after-ransomware-attack/
Toulas, B. (2023, July 11). HCA confirms breach after hacker steals data of 11 million patients. BleepingComputer. https://www.bleepingcomputer.com/news/security/hca-confirms-breach-after-hacker-steals-data-of-11-million-patients/
Trinity Health’s response to the Blackbaud philanthropy database security incident. (2020, September 15). Trinity Health’s Response to the Blackbaud Philanthropy Database Security Incident. PR Newswire. https://www.prnewswire.com/news-releases/trinity-healths-response-to-the-blackbaud-philanthropy-database-security-incident-301130466.html
University of Maryland CISSM Cyber Attacks Database. (n.d.). Cyber attacks database. https://cissm.liquifiedapps.com/
U.S. Department of Health & Human Services - Office for Civil Rights. (n.d.). Breach portal. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Vinton, K. (2015, July 18). 4.5 million UCLA Health patients’ data compromised in cyber attack. Forbes. https://www.forbes.com/sites/katevinton/2015/07/17/4-5-million-ucla-health-patients-data-compromised-in-cyber-attack/?sh=4a5a1ae42bc6
Webber Insurance Services. (2024, August 29). List of data breaches and cyber attacks in Australia 2018-2024. https://www.webberinsurance.com.au/data-breaches-list
Walker, M. (2018, June 10). Terros Health data breach potentially impacts 1,600 patients. ABC15 Arizona in Phoenix (KNXV). https://www.abc15.com/news/region-phoenix-metro/central-phoenix/terros-health-data-breach-1600-patients-potentially-impacted
Yeng, P., Fauzi, M. A., Yang, B., Diekuu, J. B., Nimbe, P., Holik, F., ... & Sun, L. (2023, October). SecHealth: Enhancing EHR Security in digital health transformation. In Proceedings of the 8th International Conference on Sustainable Information Engineering and Technology (pp. 538-544). https://doi.org/10.1145/3626641.3627214
Young, K. (2021, November 1). Cyber case study: Anthem data breach. CoverLink Insurance - Ohio Insurance Agency. https://coverlink.com/case-study/anthem-data-breach/
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Muritala Kolade Yusuf, Ayuba Job Danladi, Emmanuel Shombot, Gilles Dusserre, Victoria Abeyi Odey, Nasir Baba-Ahmed, Robert Bestak, Mohammed Isa Lawan
This work is licensed under a Creative Commons Attribution 4.0 International License.