Abstract
Healthcare is undergoing a digital transformation at several levels, which is beneficial in many ways including efficient medical data exchange and better treatment of patients among others. However, this transformation comes with a cost as digitalization often entails increased number of threats and attacks. Therefore, it should not come as a surprise that the number of security breaches over the past years has increased in the healthcare domain. As a matter of fact, the healthcare sector has become the prime target of many adversaries and hackers. The outbreak of Covid-19 spiked malicious actions targeting healthcare organizations by launching a series of phishing campaigns and ransomware attacks. Attacking also medical devices and their functionality integrity poses a serious threat as it puts human lives at risk. These cybersecurity incidents are reminders to the healthcare industry to closely reevaluate their current security posture and put forward security controls to fortify their defense against malicious actions. This chapter presents the most significant assets and threats for the healthcare domain as well as real-word cybersecurity incidents and subsequently provides a set of critical technical measures and mechanisms of top-priority that should be implemented by healthcare organizations. Complementary to technical solutions, this chapter outlines legislations and directives that are relevant to the healthcare domain and should be considered. Finally, this chapter identifies the need of information sharing and its benefits for healthcare including the better treatment of rare diseases. To this end, the blockchain technology is evaluated as a solution for information sharing and medical data exchange in a trustworthy and secure manner.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ashenden D, Lawrence D (2013) Can we sell security like soap? A new approach to behaviour change. In: Proceedings of the 2013 new security paradigms workshop, pp 87–94
Bassett G, Hylender D, Langlois P, Pinto A, Widup S (2020). Data breach investigations report
BECKER’S HEALTH IT (2017). https://www.beckershospitalreview.com/cybersecurity/uvm-health-cyberattack-losses-at-63m-and-counting-5-details.html. Accessed 30 Mar 2021
Brook C (2020) “What is cyber hygiene? A definition of cyber hygiene, benefits, best practices, and more. https://digitalguardian.com/blog/what-cyber-hygiene-definition-cyber-hygiene-benefits-best-practices-and-more. Accessed Mar 2021
Cain AA, Edwards ME, Still JD (2018) An exploratory study of cyber hygiene behaviors and knowledge. J Inform Secur Appl 42:36–45
CSO (2017) Know your enemy: understanding threat actors. Chief Security Officers by International Data Group. https://www.csoonline.com/article/3203804/know-your-enemy-understanding-threat-actors.html. Accessed 30 Mar 2021
Davis J (2018) Data of 43,000 patients breached after theft of unencrypted laptop. https://www.healthcareitnews.com/news/data-43000-patients-breached-after-theft-unencrypted-laptop. Accessed 30 Mar 2021
ENISA (2015) Security and resilience in eHealth. Security challenges and risks. December 2015
ENISA (2016a) Smart hospitals – security and resilience for smart health service and infrastructures, November 2016
ENISA (2016b) Review of Cyber Hygiene practices, December 2016
ENISA (2019) ICT security certification opportunities in the healthcare sector, January 2019
ENISA (2020) Procurement guidelines for cybersecurity in hospitals, Feburary 2020
FDA (2019) Cybersecurity vulnerabilities affecting medtronic implantable cardiac devices, programmers, and home monitors: FDA safety communication. https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-affecting-medtronic-implantable-cardiac-devices-programmers-and-home. Accessed on 30 Mar 2021
FIERCE Healthcare (2019). https://www.fiercehealthcare.com/tech/lingering-impacts-from-wannacry-40-healthcare-organizations-suffered-from-attack-past-6-months. Accessed 30 Mar 2021
Floyd T, Grieco M, Reid EF (2016) Mining hospital data breach records: cyber threats to us hospitals. In: 2016 IEEE conference on intelligence and security informatics (ISI). IEEE, pp 43–48
Google Threat Analysis Group (2020) Findings on COVID-19 and online security threats. https://blog.google/threat-analysis-group/findings-covid-19-and-online-security-threats/. Accessed 30 Mar 2021
Gordon WJ, Wright A, Glynn RJ, Kadakia J, Mazzone C, Leinbach E, Landman A (2019) Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system. J Am Med Inform Assoc 26(6):547–552
HIPAA Journal (2018) Phishing attack on legacy health results in exposure of 38,000 patients’ PHI. https://www.hipaajournal.com/phishing-attack-legacy-health/. Accessed 30 Mar 2021
IBM (2020) Cost of a data breach report 2020, https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/. Accessed 30 Mar 2021
Ivan D (2016) Moving toward a blockchain-based method for the secure storage of patient records. In: ONC/NIST use of Blockchain for healthcare and research workshop, Gaithersburg, MA, pp 1–11
Kim L (2017) Cybersecurity awareness: protecting data and patients. Nursing management 48(4):16–19
Koppel R, Smith SW, Blythe J, Kothari VH (2015) Workarounds to computer access in healthcare organizations: you want my password or a dead patient? ITCH 15(4):215–220
Kumar MS, Ben-Othman J, Srinivasagan KG (2018) An investigation on wannacry ransomware and its detection. In: 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE, pp 1–6
Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51
Logroscino G, Kurth T, Piccininni M (2020) The reconstructed cohort design: a method to study rare neurodegenerative diseases in population-based settings. Neuroepidemiology 54:114–122. https://doi.org/10.1159/000502863
Meneses AO, Quathem KV (2018) Portuguese hospital receives and contests 400,000 € fine for GDPR infringement. https://www.insideprivacy.com/data-privacy/portuguese-hospital-receives-and-contests-400000-e-fine-for-gdpr-infringement/. Accessed 30 Mar 2021
Mohammadi F, Panou A, Ntantogian C, Karapistoli E, Panaousis E, Xenakis C (2019) CUREX: seCUre and pRivate hEalth data eXchange. In: IEEE/WIC/ACM international conference on web intelligence-companion volume, pp 263–268
Mokaddem S, Wagener G, Dulaunoy A, Iklody A (2019) Taxonomy driven indicator scoring in MISP threat intelligence platforms. arXiv preprint arXiv:1902.03914
Muthuppalaniappan M, Stevenson K (2021) Healthcare cyber-attacks and the COVID-19 pandemic: an urgent threat to global health. Int J Qual Health Care 33(1)
Pfleeger SL, Sasse MA, Furnham A (2014) From weakest link to security hero: transforming staff security behavior. J Homel Secur Emerg Manag 11(4):489–510
Piccininni M, Rohmann JL, Logroscino G, Kurth T (2020) Blockchain-based innovations for population-based registries for rare neurodegenerative diseases. Front Blockchain:3
Radcliffe J (2011) Hacking medical devices for fun and insulin: breaking the human SCADA system. In: Black Hat Conference presentation slides, vol 2011.
Renaud K (2014) Clinical and information governance proposes; human fallibility disposes. Clin Govern Intern J
Renaud K, Goucher W (2012) Health service employees and information security policies: an uneasy partnership? Inf Manag Comput Secur
Rooney JPK, Brayne C, Tobin K, Logroscino G, Glymour MM, Hardiman O (2017) Benefits, pitfalls, and future design of population-based registers in neurodegenerative disease. Neurology 88:2321–2329. https://doi.org/10.1212/WNL.0000000000004038
Swivelsecure (2018). https://swivelsecure.com/solutions/healthcare/healthcare-is-the-biggest-target-for-cyberattacks/. Accessed 30 Mar 2021
The Threat Report (2019). https://thethreatreport.com/story-behind-the-ddos-attack-vs-boston-children-hospital/. Accessed 30 Mar 2021
Vishwanath A, Neo LS, Goh P, Lee S, Khader M, Ong G, Chin J (2020) Cyber hygiene: the concept, its measure, and its initial tests. Decis Support Syst 128:113160
Zheng G, Zhang G, Yang W, Valli C, Shankaran R, Orgun MA (2017) From WannaCry to WannaDie: security trade-offs and design for implantable medical devices. In: 2017 17th International Symposium on Communications and Information Technologies (ISCIT). IEEE, pp 1–5
Acknowledgments
This article has been supported by the European Commission under the H2020 Programme, through funding of the “CUREX: seCUre and pRivate hEalth data eXchange” project (G.A. id: 826404).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this entry
Cite this entry
Ntantogian, C., Laoudias, C., Honrubia, A.J.D., Veroni, E., Xenakis, C. (2021). Cybersecurity Threats in the Healthcare Domain and Technical Solutions. In: Vlamos, P., Kotsireas, I.S., Tarnanas, I. (eds) Handbook of Computational Neurodegeneration. Springer, Cham. https://doi.org/10.1007/978-3-319-75479-6_38-1
Download citation
DOI: https://doi.org/10.1007/978-3-319-75479-6_38-1
Received:
Accepted:
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75479-6
Online ISBN: 978-3-319-75479-6
eBook Packages: Springer Reference Biomedicine and Life SciencesReference Module Biomedical and Life Sciences