Skip to main content
SpringerLink
Log in

Cybersecurity and the Evolutions of Healthcare: Challenges and Threats Behind Its Evolution

  • Chapter
  • First Online:
m_Health Current and Future Applications

Part of the book series: EAI/Springer Innovations in Communication and Computing ((EAISICC))

Abstract

Healthcare is among the fields that adopted ICT very early to improve physicians’ work. The digital transformation in healthcare started already some years ago, with the computerization of hospitals. Todays’ healthcare is at the forefront again, as one of the most attacked and profitable areas of exploitation for cybercriminals and cyberterrorists. The overabundance of valuable information, its nature of critical infrastructure and its mobile services, are at the centre of cybercriminals attentions. Besides, patients and physicians, both went through a massive digital transformation; nowadays, healthcare operators and users are highly digitalized and mobile. This evolution influences how, respectively, healthcare operators and patients offer and consume services. The present chapter starts from a presentation of how the modern workforces changed their working paradigms and then introduces the concepts of Hospital 2.0 and patient ecosystem. The chapter also explores the cyberterrorism and cybercrime, present and future threats landscapes, including the mobile health example.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    A. VV [1].

  2. 2.

    Gartner [2].

  3. 3.

    For a definition of usability, see Nielsen [3].

  4. 4.

    Canina and Bellavitis [4].

  5. 5.

    Talk to my shirt blog [5].

  6. 6.

    Crunchwear [6].

  7. 7.

    Control Your Mobile Phone or Tablet Directly from Your Brain [7].

  8. 8.

    Context-Aware Computing: Context-Awareness [8].

  9. 9.

    For additional information, see the concept of data context-aware security [9].

  10. 10.

    Mayer et al. [10].

  11. 11.

    In this context, we do not differentiate trust and confidence. Trust differs from confidence because it requires a previous engagement on a person’s part, recognizing and accepting that risk exists. This is exactly the type of distinction that exists in the cyberattacks because every user knows that the risk of being hacked exists, but often does not recognize it correctly because of his confidence.

  12. 12.

    D2.1 The role of Social Engineering in the evolution of attacks [11].

  13. 13.

    World Health Organization [12].

  14. 14.

    eHealth Task Force [13].

  15. 15.

    http://www.thepreciousproject.eu/.

  16. 16.

    Connected technologies will accelerate security threats to healthcare industry [14].

  17. 17.

    Cybersecurity and resilience for Smart Hospitals [15].

  18. 18.

    It is important to distinguish between the Services and the Ecosystems. ‘Ecosystem’ means a network of integrated services that can interact with each other to offer the user a unique and seamless vision. Centering the vision of health services around the patient naturally leads to seamless servicing (the data are elaborated and accessed through different channels—e.g. mobile—without disruption or differences) and to a stronger control of personal data (which may be accessed through a unified ID).

  19. 19.

    Healthcare Sector Report [16].

  20. 20.

    Bowman [17].

  21. 21.

    Frumento et al. [18].

  22. 22.

    The type of Deny-of-Service that are life-threatening is not only those that touch the diagnostic systems but also in general, those that slow down operators: for example, not having access to electronic health records obliges physicians to momentarily change their way of working, slowing down their service.

  23. 23.

    FBI Malware warning issued over CryptoWall Ransomware [19].

  24. 24.

    Why cybercriminals target healthcare data [20].

  25. 25.

    The Need for Increased Investment in Medical Device Security [21].

  26. 26.

    Healthcare Breach Report 2017 [22].

  27. 27.

    HL7 Data Interfaces in Medical Environments [23].

  28. 28.

    Chesla [24].

  29. 29.

    Vaas [25].

  30. 30.

    Security [26].

  31. 31.

    Hospitals in UK National Health Service knocked offline by massive ransomware attack [27].

  32. 32.

    H2020 [28].

  33. 33.

    AA. VV [29].

  34. 34.

    Cybercrime as a business: The digital underground economy [30].

  35. 35.

    Samani and Paget [31].

  36. 36.

    Kurt et al. [32].

  37. 37.

    See https://www.bromium.com/free-report-complex-cybercrime-economy/.

  38. 38.

    Refer to FBI Criminal Complaint AO 91 (Rev. 11/11), https://www.justice.gov/opa/press-release/file/1092091/download.

  39. 39.

    Higgins [33].

  40. 40.

    Ariu et al. [34].

  41. 41.

    Ibid. See Footnote 12.

  42. 42.

    Ibid. See Footnote 17.

  43. 43.

    How modern email phishing attacks have Organizations on the hook [35].

  44. 44.

    The Human Factor [36].

  45. 45.

    2017 Data Breach Investigations Report 10th Edition [37].

  46. 46.

    As an example, see: Frumento [38].

  47. 47.

    One recent opportunistic attack that hardly hit the healthcare world was WannaCry. Its incidence was higher than other sectors due to the high number of unpatched machines in hospitals. See for example Mullen [39].

  48. 48.

    Defray—New Ransomware Targeting Education and Healthcare Verticals [40].

  49. 49.

    The unlocked backdoor to healthcare data [41].

  50. 50.

    Damage Control: The Cost of Security Breaches [42].

  51. 51.

    Hiltzik and Times [43].

  52. 52.

    Anatomy of a healthcare data breach [44].

  53. 53.

    Koroneos [45].

  54. 54.

    Barney [46].

  55. 55.

    A possible definition of Digital Shadow is: ‘A digital shadow, a subset of a digital footprint, consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary. As well as damaging the brand, a digital shadow can leave your organization vulnerable to corporate espionage and competitive intelligence. Worse still, criminals and hostile groups can exploit a digital shadow to find your organization’s vulnerabilities and launch targeted cyberattacks against them’, see ‘Cyber Situational awareness’, Digital Shadows, 2015. [Online]. Available: http://bit.ly/2wyLMhk.

  56. 56.

    Cook [47].

  57. 57.

    Federation of European Risk Management Associations (FERMA), ‘Response to the European Commission consultation on the public–private partnership on cybersecurity and possible accompanying measures’, FERMA, 2016 [48].

  58. 58.

    Ossola [49].

  59. 59.

    Peachey [50].

  60. 60.

    Sjouwerman [51].

  61. 61.

    See Frumento [52].

  62. 62.

    Alton [53].

  63. 63.

    Newman [54].

  64. 64.

    E.g. Mearian [55].

  65. 65.

    As an example, U.K. Hospitals Hit in Widespread Ransomware Attack [56] and Bisson [57].

  66. 66.

    As an example, Carpenter [58].

  67. 67.

    Technically speaking, the humans are the so-called kill switch of an attack, meaning that without ‘breaking’ of the human layer of security the attack would not spread into the organization.

  68. 68.

    See: https://thehackernews.com/2018/04/healthcare-cyber-attacks.html.

  69. 69.

    Ibid. See Footnote 12.

  70. 70.

    Social Engineering 2.0 is the evolution of Social Engineering and its transformation from a limited threat to a crucial threat for the computer security.

  71. 71.

    Nadeau [59].

  72. 72.

    Korolov [60].

  73. 73.

    Allen [61].

  74. 74.

    Healthcare security $65 billion market [62].

  75. 75.

    For a complete and recent overview look the ‘Report on improving cybersecurity in the healthcare industry’ published by the Healthcare Industry Cybersecurity Task Force, Available: https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf.

  76. 76.

    For example see MUSES 7th FWP EU Project (Multiplatform Usable Endpoint Security)–, www.muses-project.de.

  77. 77.

    NIST published guidance around risks and best practices associated with accessing EHRs via mobile devices in NIST Special Publication 1800-1e DRAFT.

  78. 78.

    Catalano [63].

  79. 79.

    More than 75 percent of U.S. Adults express concern about security of healthcare data, reveals University of Phoenix survey [64].

  80. 80.

    Small healthcare facilities unprepared for a data breach [65].

  81. 81.

    See for example the HCISPP (Healthcare Information Security and Privacy Practitioner) [65].

  82. 82.

    Immersion effect: ‘a generic telemedicine application should create the user‘s immersion effect that means the physician should only think of his diagnosis without worrying about particular informatics operations that could divert his attention’. Source: Committee on Evaluating Clinical Applications in Medicine. Telemedicine: A guide to assessing Telecommunications in Health Care. Marilyn J Field Editor, Division of Health Care Services.

  83. 83.

    The unlocked backdoor to healthcare data [41].

  84. 84.

    Security risks of networked medical devices [66].

  85. 85.

    Dawson and Omar [67].

  86. 86.

    Harrison and White [68].

  87. 87.

    Veerasamy et al. [69].

  88. 88.

    Several countries created specific departments exclusively dedicated to combat cyberterrorism (e.g. the Cyberterrorism Defense Analysis Center-CDAC—within the US Department of Defense Cyber Command-USCYBERCOM). For a discussion on the state of cyberterrorism refer to the project www.cyberroad-project.eu especially the deliverables from D6.1 to D6.6.

  89. 89.

    Knudson [70].

  90. 90.

    https://www.theregister.co.uk/2018/01/16/us_hospital_ransomware_bitcoin/.

  91. 91.

    G. V. P. Company [71].

  92. 92.

    Peachey [72].

  93. 93.

    For example, look the text of the call SU-TDS-02-2018 for project proposals, available at https://goo.gl/xPVKLV.

  94. 94.

    See https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-world-eco-forum.pdf.

  95. 95.

    See https://www.dogana-project.eu/index.php/social-engineering-blog/11-social-engineering/30-employees-are-the-weakest-link-part-i.

  96. 96.

    Harries and Yellowlees [73].

  97. 97.

    ISE [74].

  98. 98.

    Franken [75].

  99. 99.

    Healthcare industry: Attacks outpacing investments in personnel, education and resources [76].

  100. 100.

    Cook and Wall [77].

  101. 101.

    For the same discussion, we do not differentiate trust and confidence. Trust differs from confidence because it requires a previous engagement on a person’s part, recognizing and accepting that risk exists. This is exactly the type of distinction that exists in the cyberattacks because every user knows that the risk of being hacked exists, but often does not recognize it correctly because of his confidence.

  102. 102.

    Hadnagy [78].

  103. 103.

    Gilbert-Lurie [79].

  104. 104.

    Chang [80].

  105. 105.

    Dachis [81].

  106. 106.

    The Human Factor 2018 [82].

  107. 107.

    Frumento et al. [83].

  108. 108.

    Clayton et al. [84].

  109. 109.

    Harley et al. [85].

  110. 110.

    See Is cybersecurity awareness a waste of time? [86] and Qin and Burgoon [87].

  111. 111.

    Kirlappos and Sasse [88].

  112. 112.

    Sjouwerman [89].

  113. 113.

    Ibid. Reference in Footnote 106.

  114. 114.

    www.hemeneut.eu.

  115. 115.

    Kerber and Jessop [90].

  116. 116.

    Riddle et al. [91].

  117. 117.

    Langner [92].

  118. 118.

    Crowdturfing is a combination of ‘crowdsourcing’, meaning recruiting large numbers of people to contribute a small effort each towards a big task (like labelling photos), and ‘astroturfing,’ meaning false grassroots support (in the form of bogus reviews or comments, for example. Automated crowdturfing attacks involves many AI-operated profiles, whose intention is to damage the reputation of a brand or person.

  119. 119.

    Nakamura [93].

  120. 120.

    Bounfour [94].

References

  1. A. VV: The Future of Identity Personal Information space. The Future of Identities in a Networked World, 1st ed. http://mcaf.ee/l209yu: Giesecke & Devrient (2013)

  2. Gartner: 10 critical IT trends for the next five years, http://www.networkworld.com/news/2012/102212-gartner-trends-263594.html

  3. Nielsen, J.: Usability 101: Introduction to Usability. Available online https://www.nngroup.com/articles/usability-101-introduction-to-usability/

  4. Canina, M., Bellavitis, A.D.: IndossaMe: il design e le tecnologie indossabili. FrancoAngeli, Milano (2010). (in Italian)

    Google Scholar 

  5. Talk to my shirt blog, http://www.talk2myshirt.com/blog/

  6. Crunchwear, http://www.crunchwear.com/

  7. “Control Your Mobile Phone or Tablet Directly from Your Brain”, NextNature.net, http://www.nextnature.net/2013/05/control-your-tablet-directly-from-your-brain/

  8. “Context-Aware Computing: Context-Awareness, Context-Aware User Interfaces, and Implicit Interaction”, http://www.interaction-design.org/encyclopedia/context-aware_computing.html

  9. https://www.gartner.com/it-glossary/context-aware-security

  10. Mayer, R.C., Davis, J.H., Schoorman, F.D.: An Integrative model of organizational trust. Acad Manag Rev 20(3), 709–734 (1995)

    Article  Google Scholar 

  11. D2.1 The role of Social Engineering in the evolution of attacks. DOGANA Project (GA. 653618) (2016). Available https://www.dogana-project.eu/images/PDF_Files/D2.1-The-role-of-SE-in-the-evolution-of-attacks.pdf [Online]

  12. World Health Organization.: Active Ageing: A Policy Framework. Geneva (2002)

    Google Scholar 

  13. eHealth Health Task Force. Redesigning Health in Europe for 2020. European Union 2012

    Google Scholar 

  14. Connected technologies will accelerate security threats to health care industry. Help Net Security (2017). Available https://www.helpnetsecurity.com/2017/11/09/security-threats-healthcare-industry/ [Online]

  15. Cyber security and resilience for Smart Hospitals (2016). Available https://www.enisa.europa.eu/publications/cyber-security-and-resilience-for-smart-hospitals [Online]

  16. “Health Care Sector Report. Cyber security for the health care sector”, ECSO, WG3 I Sectoral Demand, March 2018

    Google Scholar 

  17. Bowman, C.M.: A primer on the GDPR: what you need to know. Privacy Law Blog (2015). Available http://privacylaw.proskauer.com/2015/12/articles/european-union/a-primer-on-the-gdpr-what-you-need-to-know/ [Online]

  18. Frumento, E., Freschi F., et al.: Yet Another Cybersecurity Roadmapping Methodology, FCCT 2015, The First International Workshop on Future Scenarios for Cyber Crime and Cyber Terrorism, http://ieeexplore.ieee.org/document/7299984/

  19. FBI Malware warning issued over CryptoWall Ransomware, in Health care Data Security, HIPAA J. (2015). Available http://www.hipaajournal.com/fbi-malware-warning-issued-over-cryptowall-ransomware-7095/ [Online]

  20. Why cybercriminals target health care data, in Help Net Security (2016). Available: https://www.helpnetsecurity.com/2016/01/28/why-cybercriminals-target-healthcare-data/ [Online]

  21. The need for increased investment in medical device security, in State of Security (2017). Available: https://www.tripwire.com/state-of-security/featured/need-increased-investment-medical-device-security/ [Online]

  22. “Health care Breach Report 2017”, Bitglass

    Google Scholar 

  23. HL7 Data Interfaces in Medical Environments: The State of Security (2017). Available: https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/ [Online]

  24. Chesla, A.: Why advanced attack campaigns like security silos (2016). Available http://www.securityweek.com/why-advanced-attack-campaigns-security-silos [Online]

  25. Vaas, L.: Hospitals vulnerable to cyber-attacks on just about everything. In: Naked Security (2016). Available: https://nakedsecurity.sophos.com/2016/02/26/hospitals-vulnerable-to-cyber-attacks-on-just-about-everything/ [Online]

  26. Security, H.N.: Why cybercriminals target health care data. In: Don’t miss, Help Net Security (2016). Available: https://www.helpnetsecurity.com/2016/01/28/why-cybercriminals-target-healthcare-data/ [Online]

  27. Hospitals in UK National Health Service knocked offline by massive ransomware attack (2017). Available: http://www.healthcareitnews.com/news/updated-hospitals-uk-national-health-service-knocked-offline-massive-ransomware-attack [Online]

  28. H2020, Work Programme 2018–2020: (2017). Available http://ec.europa.eu/research/participants/data/ref/h2020/wp/2018-2020/main/h2020-wp1820-intro_en.pdf [Online]

  29. AA. VV.: Combatting cybercrime and cyberterrorism challenges, trends and priorities. In: Akhgar, B., Brewster, B. (eds.) Advanced Sciences and Technologies for Security Applications, 1st edn. Springer (2016). Available: http://link.springer.com/book/10.1007/978-3-319-38930-1 [Online]

  30. “Cybercrime as a business: The digital underground economy”, Europol, https://www.europol.europa.eu/newsroom/news/cybercrime-business-digital-underground-economy

  31. Samani, R., Paget, F.: Cybercrime Exposed—Cybercrime as a Service. McAfee (2014)

    Google Scholar 

  32. Kurt, T., et al.: Framing dependencies introduced by underground commoditization. In: Workshop on the Economics of Information Security. Available: https://cseweb.ucsd.edu/~savage/papers/WEIS15.pdf [Online]

  33. Higgins, K.J.: No, The Mafia Doesn’t Own Cybercrime: Study (2018)

    Google Scholar 

  34. Ariu, D., Frumento, E., Fumera, G.: Social engineering 2.0: a foundational work: Invited Paper. In: Proceedings of the computing frontiers conference—CF’17, pp. 319–325 (2017)

    Google Scholar 

  35. How Modern Email Phishing Attacks Have Organisations on the Hook. IronScales (2017). Available http://bit.ly/2wyv1TJ [Online]

  36. The Human Factor. ProofPoint (2016). Available http://bit.ly/2wypeO3 [Online]

  37. 2017 Data Breach Investigations Report 10th Edition, Verizon (2017). Available http://vz.to/2wyod8C [Online]

  38. Frumento, E.: CopyPhish: a recent case of a successful contextualized phishing attack which resulted in stealing the entire IP of a SME and damaged also their reputation. DOGANA Project (2017). Available http://bit.ly/2wyjF2b [Online]

  39. Mullen, M.: Ransomware: Attack hits 150 countries, Europol says world is in ‘disaster recovery mode’. CNNMoney (2017). Available http://money.cnn.com/2017/05/14/technology/ransomware-attack-threat-escalating/index.html?iid=EL [Online]

  40. Defray—New Ransomware Targeting Education and Health care Verticals. Proofpoint.com (2017). Available https://www.proofpoint.com/us/threat-insight/post/defray-new-ransomware-targeting-education-and-healthcare-verticals [Online]

  41. The Unlocked Backdoor to Health Care Data, Help Net Security (2016). Available: http://www.net-security.org/secworld.php?id=17062 [Online]

  42. Damage Control: The Cost of Security Breaches. Kaspersky Labs (IT Security Risks Special Report Series) (2015). Available http://media.kaspersky.com/pdf/it-risks-survey-report-cost-of-security-breaches.pdf [Online]

  43. Hiltzik, M., Times, L.A.: Anthem is warning consumers about its huge data breach. Here’s a translation. Los Angeles Times, LA Times (2015). Available http://www.latimes.com/business/hiltzik/la-fi-mh-anthem-is-warning-consumers-20150306-column.html [Online]

  44. Anatomy of a health care data breach. Prevention and remediation strategies. ClearDATA (2015). Available http://net-security.tradepub.com/free/w_clec01/prgm.cgi?a=1 [Online]

  45. Koroneos, G.L.: Enterprise Tech Spotlight: Wearable Security, Phishing Targets, Health Care Data Breaches. Verizon (2015). Available http://news.verizonenterprise.com/2015/06/wearable-security-phishing-healthcare-networkfleet/ [Online]

  46. Barney, B.: Health Care: Recognize Social Engineering Techniques. Security Metrics Blog (2015). Available http://blog.securitymetrics.com/2015/08/healthcare-social-engineering.html [Online]

  47. Cook, C.: The rise of multifaceted social engineering attacks. Social-Engineer.Com (2015). Available https://www.social-engineer.com/rise-multifaceted-social-engineering-attacks/ [Online]

  48. Federation of European Risk Management Associations (FERMA), “Response to the European Commission consultation on the public-private partnership on cybersecurity and possible accompanying measures”, FERMA, 2016

    Google Scholar 

  49. Ossola, A.: Hacked medical devices may be the biggest cyber security threat in 2016. Popular Science (2015). Available: http://www.popsci.com/hackers-could-soon-hold-your-life-ransom-by-hijacking-your-medical-devices [Online]

  50. Peachey, P.: Cybercrime: first online murder will happen by end of year, warns US firm. The Independent - News (2014). Available http://www.independent.co.uk/life-style/gadgets-and-tech/news/first-online-murder-will-happen-by-end-of-year-warns-us-firm-9774955.html [Online]

  51. Sjouwerman, S.: Health care Industry Needs Prescription For Next Wave of Ransomware Threats. Blog.knowbe4.com (2017). Available https://blog.knowbe4.com/healthcare-industry-needs-prescription-for-next-wave-of-ransomware-threats [Online]

  52. Frumento, E.: Which could be the consequences of a social engineering attack? http://www.dogana-project.eu/index.php/social-engineering-blog/11-social-engineering/9-which-could-be-the-consequences-of-a-social-engineering-attack

  53. Alton, L.: Medical technology is advancing, but how secure is it? (2017) IT Pro Portal. Available at https://www.itproportal.com/features/medical-technology-is-advancing-but-how-secure-is-it/ [Online]

  54. Newman, L.: Medical Devices Are the Next Security Nightmare. WIRED (2017). Available at https://www.wired.com/2017/03/medical-devices-next-security-nightmare/ [Online]

  55. Mearian, L.: Many hospitals transmit your health records unencrypted. Computerworld (2017). Available: https://www.computerworld.com/article/3110506/healthcare-it/many-hospitals-transmit-your-health-records-unencrypted.html [Online]

  56. U.K. Hospitals Hit in Widespread Ransomware Attack. Krebs on Security (2018)

    Google Scholar 

  57. Bisson, D.: WannaCryptor Ransomware Strikes NHS Hospitals, Telefonica, and Others. The State of Security (2018)

    Google Scholar 

  58. Carpenter, P.: Chief Strategy Officer at Knowbe4 reported: “Until we harden our people and our systems sufficiently, ransomware will continue to prove successful and gain more momentum. The vector they will continue to use is the human that will click on something or download something”

    Google Scholar 

  59. Nadeau, M.: 5 biggest health care security threats for 2018 (2018). CSO Online [Online]

    Google Scholar 

  60. Korolov, M.: 10 companies that can help you fight phishing. CSO Online (2018)

    Google Scholar 

  61. Allen, A.: Billions to install, now billions to protect. Politico (2015). Available http://www.politico.com/story/2015/06/health-care-spending-billions-to-protect-the-records-it-spent-billions-to-install-118432 [Online]

  62. “Healthcare security $65 billion market”, https://cybersecurityventures.com/healthcare-cybersecurity-report-2017/

  63. Catalano, A.: Maintaining security during your health care merger or acquisition. Help Net Security (2016). Available http://www.net-security.org/article.php?id=2356 [Online]

  64. More than 75 percent of U.S. Adults express concern about security of health care data, reveals university of phoenix survey. University of Phoenix (2015). Available http://www.phoenix.edu/news/releases/2015/10/us-adults-concerned-about-security-of-health-care-data.html [Online]

  65. Small health care facilities unprepared for a data breach. Help Net Security (2016). Available http://www.net-security.org/secworld.php?id=17516 [Online]

  66. Security risks of networked medical devices. Help Net Security (2016). Available http://www.net-security.org/secworld.php?id=18105 [Online]

  67. Dawson, M., Omar, M.: New threats and countermeasures in digital crime and cyber terrorism, 1st edn. IGI Global (2015)

    Google Scholar 

  68. Harrison, K., White, G.: A Taxonomy of Cyber Events Affecting Communities (2011). Available https://www.computer.org/csdl/proceedings/hicss/2011/4282/00/04-06-01.pdf [Online]

  69. Veerasamy, N., Grobler, M., Von Solms, B.: Building an Ontology for Cyberterrorism (2012). Available http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.456.4088&rep=rep1&type=pdf [Online]

  70. Knudson, J.: Health care information: the new terrorist target. For The Record 25(6), p. 10 (2013). Available http://www.fortherecordmag.com/archives/0413p10.shtml [Online]

  71. G.V.P. Company: Health care information: The new terrorist target. Available: http://www.fortherecordmag.com/archives/0413p10.shtml [Online]

  72. Peachey, P.: Cybercrime: first online murder will happen by end of year, warns US firm. The Independent - News, Independent (2014). Available http://www.independent.co.uk/life-style/gadgets-and-tech/news/first-online-murder-will-happen-by-end-of-year-warns-us-firm-9774955.html [Online]

  73. Harries, D., Yellowlees, P.M.: Cyberterrorism: is the U.S. Health care system safe? Telemedicine e-Health 19(1), 61–66 (2013)

    Article  Google Scholar 

  74. ISE, “Hacking Hospitals”, https://www.securityevaluators.com/hospitalhack/

  75. Franken, H.: Increasing co-operation against cyberterrorism and other large- scale attacks on the Internet. Committee Culture Sci Educ Media 2015. Available http://www.assembly.coe.int/nw/xml/XRef/X2H-Xref-ViewPDF.asp?FileID=21806&lang=en [Online]

  76. Health care industry: Attacks outpacing investments in personnel, education and resources. Help Net Security (2018) [Online]

    Google Scholar 

  77. Cook, J., Wall, T.: New work attitude measures of trust, organizational commitment and personal need non-fulfilment. J. Occup. Psychol. 53(1), 39–52 (1980)

    Article  Google Scholar 

  78. Hadnagy, C.: Unmasking the social engineer: the human element of security, P. K. F, Ed. Wiley, United States (2014)

    Google Scholar 

  79. Gilbert-Lurie, M.: Are you in a codependent relationship with your phone? Science says the struggle is definitely real. Bustle [Online]

    Google Scholar 

  80. Chang, L.: FOMO is a real thing, and it’s adversely affecting teens on social media. Social Media, Digital Trends (2015)

    Google Scholar 

  81. Dachis, A.: How to plant ideas in someone’s mind. LifeHacker (2014)

    Google Scholar 

  82. The Human Factor 2018. Proofpoint (2018)

    Google Scholar 

  83. Frumento, E., Lucchiari, C., Valori, A., Pravettoni, G.: Cognitive approach for social engineering. DeepSec (2010)

    Google Scholar 

  84. Clayton, R.B., Leshner, G., Almond, A.: The extended iSelf: the impact of iPhone separation on Cognition, emotion, and physiology. J Comput Mediated Commun 20(2), 119–135 (2015)

    Article  Google Scholar 

  85. Harley, D., Willems, E., Harley, J.: Teach your children well. ICT Security and the Young Generation. In: Proceedings of virus bulletin conference (2005)

    Google Scholar 

  86. Is cybersecurity awareness a waste of time? New Zealand Reseller News (2018)

    Google Scholar 

  87. Qin T., Burgoon, J.K.: An investigation of Heuristics of human judgment in detecting deception and potential implications in countering social engineering. IEEE Intelligence and Security Informatics (2007)

    Google Scholar 

  88. Kirlappos, I., Sasse, M.A.: Security education against phishing: a modest proposal for a major rethink. IEEE Sec Priv Mag 10(2), 24–32 (2012)

    Article  Google Scholar 

  89. Sjouwerman, S.: KnowBe4 reveals industries most at risk of phishing attacks. Blog Knowbe4 (2018)

    Google Scholar 

  90. Kerber, R., Jessop, S.: Asset managers urged to make cyber risk top priority. Available at http://www.insurancejournal.com/news/national/2015/09/01/380095.htm (2015)

  91. Riddle, B., Nyman, S., Rees, J.: Estimating the costs of a data breach: an exercise at the new Hampshire state cancer registry (2011)

    Google Scholar 

  92. Langner, R.: To kill a centrifuge. A technical analysis of what Stuxnet’s creators tried to achieve the Langner group. Langner (2013)

    Google Scholar 

  93. Nakamura, L.: A trillion dollars a year in intangible investment and the new economy. In: J.R.M. Hand, B. Lev (eds) Intangible Assets. Oxford University Pres, Oxford (2003)

    Google Scholar 

  94. Bounfour, A.: The Management of Intangibles: The Organisation’s Most Valuable Assets. Routledge, United Kingdom (2003)

    Google Scholar 

Download references

Acknowledgements

The research leading to these results was partially funded by the European Union’s Horizon 2020 Research and Innovation programme as the DOGANA project (aDvanced sOcial enGineering And vulNerability Assessment) , under grant agreement No. 653618 and the HERMENEUT project (Enterprises intangible Risk Management via Economic models based on simulation of modern cyberattacks), under grant agreement No. 740322.

Author information

Authors and Affiliations

  1. Cefriel Scarl, Politecnico di Milano, Viale Sarca, 226, 20126, Milan, Italy

    Enrico Frumento

Authors
  1. Enrico Frumento
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Enrico Frumento .

Editor information

Editors and Affiliations

  1. Politecnico di Milano, Milan, Italy

    Giuseppe Andreoni

  2. Politecnico di Milano, Milan, Italy

    Paolo Perego

  3. Cefriel Scarl, Politecnico di Milano, Milan, Italy

    Enrico Frumento

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Frumento, E. (2019). Cybersecurity and the Evolutions of Healthcare: Challenges and Threats Behind Its Evolution. In: Andreoni, G., Perego, P., Frumento, E. (eds) m_Health Current and Future Applications. EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-030-02182-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02182-5_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02181-8

  • Online ISBN: 978-3-030-02182-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation