Abstract
Healthcare sector faces numerous cyber-physical threats that affect citizens’ lives and habits, increase their fears, and influence hospital services provision, as it was also experienced for example during the ransomware campaigns WannaCry and Petya. During such incidents but also in general for the security of healthcare infrastructures, several internal and external stakeholders are involved, having different needs and requirements, trying to cooperate, respond, and recover from the crisis. Although the crisis management process is well analyzed in literature, there is a need to understand and explain the process in the area of healthcare, as well as the stakeholders involved in this. This chapter presents a detailed approach of the crisis management involved stakeholders and processes in healthcare sector. Through a case study conducted in a Greek hospital, these different stakeholders are identified and described; and crisis management processes are further elaborated. Finally, the aforementioned findings and the conclusions that are drawn are linked with SAFECARE project (H2020-GA787005), during the framework of which this research was conducted, which project aims to provide solutions that will improve physical and cybersecurity in a seamless and cost-effective way, in healthcare infrastructures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
World Health Organization. (2019). Health systems. [Online]. [Cited: 09 01, 2019]. http://www.euro.who.int/en/health-topics/Health-systems/pages/health-systems.
ENISA. (2016). Securing hospitals: A research study and blueprint. Independent Security Evaluators. [Online]. https://www.securityevaluators.com/wp-content/uploads/2017/07/securing_hospitals.pdf.
Sulleyman, A. (2017). NHS cyber attack: Why stolen medical information is so much more valuable than financial data. The Independent. [Online]. https://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-medical-data-records-stolen-why-so-valuable-to-sell-financial-a7733171.html.
KPMG. (2015). Health care and cyber security: Increasing threats require increased capabilities. [Online]. https://assets.kpmg/content/dam/kpmg/pdf/2015/09/cyber-health-care-survey-kpmg-2015.pdf.
HIPAA. (2018). Healthcare data breach statistics. HIPAA Journal. [Online]. https://www.hipaajournal.com/healthcare-data-breach-statistics/.
Brad, E. (2018). 4 dead in Mercy Hospital shooting after gunman goes on rampage. CBS Chicago. [Online]. https://chicago.cbslocal.com/2018/11/19/mercy-hospital-gunman-officer-killed/.
Adelafa, L. (2018). Healthcare experiences twice the number of cyber attacks as other industries. [Online]. https://www.csoonline.com/article/3260191/healthcare-experiences-twice-the-number-of-cyber-attacks-as-other-industries.html.
British Standard Institute (BSI). (2014). BS11200: Crisis Management – guidance and good practice. s.l.: BSI.
Deloitte. (2016). Cyber crisis management: Readiness, response, and recovery. Deloitte. [Online]. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=16&cad=rja&uact=8&ved=2ahUKEwij0amRn_3lAhXISxUIHeu5AWAQFjAPegQICRAC&url=https%3A%2F%2Fwww2.deloitte.com%2Fcontent%2Fdam%2FDeloitte%2Fde%2FDocuments%2Frisk%2FDeloitte-Cyber-crisis-management-Rea.
EU. (2008). Council Directive 2008/114/EC. [Online]. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_2008.345.01.0075.01.ENG.
EU. (2016). The Directive on security of network and information systems (NIS Directive). [Online]. https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive.
EU. (2013). Decision No 1082/2013/EU of the European Parliament and of the Council of 22 October 2013 on serious cross-border threats to health and repealing Decision No 2119/98/EC. [Online]. https://ec.europa.eu/health/sites/health/files/preparedness_response.
EU. (2017). Cybersecurity Act. [Online]. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2017:0477:FIN.
EU. (2016). Regulation (EU) 2016/679 of the European Parliament and of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). [Online]. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN.
EU. (2017). Regulation (EU) 2017/746. [Online]. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0746.
EU. (2017). Regulation (EU) 2017/745. [Online]. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745.
ENISA. (2016). Good practice guide on vulnerability disclosure. From challenges to recommendations. [Online]. https://www.enisa.europa.eu/publications/vulnerability-disclosure.
Mikušová, M., & Horváthová, P. (2019). Prepared for a crisis? Basic elements of crisis management in an organisation. Economic Research-Ekonomska Istraživanja, 32(1), 1844–1868.
Hellenic National Defence General Staff. (2019). Hellenic National Defence General Staff. [Online]. http://www.geetha.mil.gr/en/hndgs-en/history-en.html.
NIS. (2019). NIS. [Online]. http://www.nis.gr/portal/page/portal/NIS/.
ENISA. (2019). Greek National Cyber Security Strategy. [Online]. https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive-map/strategies/national-cyber-security-strategy-greece/view.
Data Protection Authority. (2019). Data protection authority. [Online]. https://www.dpa.gr/portal/page?_pageid=33,40911&_dad=portal&_schema=PORTAL.
Gika, D. (2017). Operational readiness plan at hospital unit level for Natural and Technological Hazards. [Online]. https://pergamos.lib.uoa.gr/uoa/dl/frontend/file/lib/default/data/1332514/theFile/1332519.
Acknowledgments
The work presented in this chapter has been conducted in the framework of SAFECARE project, which has received funding from the European Union’s H2020 research and innovation program under grant agreement no. 787002.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gkotsis, I. et al. (2021). Stakeholders Involved in Hospitals’ Crisis Management Processes. In: Akhgar, B., Kavallieros, D., Sdongos, E. (eds) Technology Development for Security Practitioners. Security Informatics and Law Enforcement. Springer, Cham. https://doi.org/10.1007/978-3-030-69460-9_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-69460-9_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-69459-3
Online ISBN: 978-3-030-69460-9
eBook Packages: EngineeringEngineering (R0)