Cyber security measures for healthcare services

1. Introduction and origin of the research problem

Information technology has played a vital role in the provision of healthcare services. With the advanced technology that is readily available today, health services can now be performed faster and more efficiently. Besides, technology application in healthcare services provision has increased patient`s information quality while new options of diagnosing and treatment have been discovered through the application and use of new devices in the medical field. However, in the absence of proper defensive measures, these devices and systems are much susceptible to cyber-attacks. In the recent past, cyber-attacks have become more complex and sophisticated implying that the success of cyber-attacks attempts has also increased [1]. Some of the possible scenarios include those in which health records are altered, deleted or stolen [2]. Cyber-attacks at health facilities include hacking into patient`s electronic file and changing their medicine prescription to a dosage that is lethal [3]. Also, information systems in a hospital may be disabled, or communication networks may be denied access to some service [4]. Medical devices and systems may be implemented while infected with viruses or hacking may take place causing them to run amok or shut down. [5] reports that hacking of implantable devices such as insulin pumps and pacemakers has already been experienced. However, in most cases, cyber-attacks against healthcare services are mainly focused on health data. According to [5], between 2010 and 2012 about 94% of healthcare organisations in America experienced at least one information and data breach. It was also noted that more than half of the data breaches made the health organisations incur a cost of over $ 500 000 [6].

Based on this, the proposed research will be of great importance as it will focus on ways through which the possibility of cyber-attacks on healthcare services can be minimised by use of cyber security measures. As networks and information systems in the provision of healthcare services increasingly become critical for operations, the risk that results from cyber-attacks also increases in number and impact. Therefore, healthcare service providers should make efforts to be aware of the threats that they are vulnerable to as well as the target cyber assets for these attacks. This is an essential step towards protecting themselves against possible cyber security risks. After all, the available funds for cyber security in healthcare service providers such as hospitals are limited implying that a resource efficient way of mitigating the related risks is fundamental. Therefore, hospitals and other healthcare service providers should have a clear understanding of their environments threat landscape and most importantly be aware of the measures they can implement to ensure the security of their data and information in healthcare service delivery. This leads to the purpose of this work which is to provide a critical analysis of the available security measures for healthcare services. Thus, this research will develop a model to for the healthcare service providers and investigations on how various security measures can contribute to the improvement of cyber security in the context of healthcare services.

Research question

The research question driving this research is stated as What cyber security measures can be used for the safety of healthcare services? To clearly address the main research question, a number of sub research questions will be formulated:

1. What are the known cyber security risks associated with the delivery of healthcare services?

2. How can healthcare service providers identify their critical cyber assets, any cyber security threats and vulnerabilities?

3. To what extent can various cyber security measures help to ensure the security of both data and information regarding Healthcare services?

2. Literature survey

To gain insight into the status of recent research at both national and international levels in relation to the research problem, the work will include a systematic literature review. A majority of the early cyber-attacks and operations aimed at disrupting information were mainly executed for the perpetrator’s own challenge or amusement. There was the spreading of simple computer viruses, defacing of websites or servers were taken down in efforts to just challenge other cyber professionals [7]. For instance, in 1986, “Brain,” one of the first computer viruses was written by two Pakistan brothers who were in the software business and needed to track piracy. However, unfortunately, the virus spread within and outside Pakistan hence introducing the internet`s dark side to the world. As stated by [8], with the exponential growth of the internet, new internet-based business models were developed, and the number of business processes conducted using the Internet increased significantly. The use of information systems became more common in organisations which led to more and more storage of data. Gradually, the networks and systems of organisations became more and more connected to the internet giving hackers and threat actors the opportunity to carry out attacks on these systems. Over the years, the trends have shifted towards the cloud, the internet of things (IoT) and big data [9]. [10] note that cyber-attacks have undergone evolution, just as technological possibilities have increasingly developed over time.

A significant body of literature exists in relation to the impact that IT investment has on the improvement of quality especially in reducing medical errors [11]. As argued by [11] another research stream focuses on the introduction of technology that offers patients the opportunity to control their health records directly. According to [12], modern healthcare systems can be considered as large systems that have been networked to manage patient data with the access of many users to the health data and information for various contextual purposes both within and across organisational boundaries. Despite the security threats that have resulted from advancement in technology in the healthcare service provision, [13] argue that significant progress has been made to curb these threats including the creation of privacy-aware healthcare applications. However, based on their research, [14] concluded that despite the technological progress that has been experienced in the recent past regarding medical information access control, operationalisation remains to be a big challenge. In most cases, healthcare service providers are said to adopt the “Break the Glass” policy due to the complex nature of their data accessibility as a result of various purposes. The “Break the Glass” policy facilitates the effective and timely provision of healthcare services.

In summary, as demonstrated in this literature review section, a significant research body has been developed in relation to the security risks and threats that come with the use of advanced technology in the provision of healthcare services. However, research on the security measures that can be put in place to mitigate these cyber security challenges is still in its infancy. Therefore, this study serves to bridge this knowledge gap by conducting an analysis of the range of cyber security measures that healthcare providers can utilise in efforts to protect their critical medical data and information.

3. Objectives and scope/Limitations of the present Investigation

Research objectives

To reiterate, this research is aimed at providing a critical analysis of the available security measures for healthcare services. Further, the study will try to answer the central question; What cyber security measures can be used for the safety of healthcare services? Also, as earlier stated, there are a number of sub-questions that will need to be answered to respond to the study's main question adequately. These questions are

1. What are the known cyber security risks associated with the delivery of healthcare services?

2. How can healthcare service providers identify their significant cyber assets, any cyber security threats and vulnerabilities?

3. To what extent can various cyber security measures help to ensure the security of both data and information regarding Healthcare services?

Study limitations

The main limitation of this investigation is the fact that the population of interest is broad and undefined resulting in the use of a data collection method that is non-probability so as to allow the distribution of the invitations to participate in the survey. Another limitation of this study is the use of self-reported usage as a dependent variable creating room for an element of bias in which a respondent may answer the usage measures in a manner that makes their usage to appear higher compared to what could be measured through experimentation or observation.

Research Hypothesis

A full range of appropriate cybersecurity measures exists in relation to measures for healthcare services.

Looking for further insights on Unraveling Cyber Threats: A Deep Dive into the WannaCry Attack on the NHS? Click here.

References

1. A. a. T. Coronado, "Healthcare cybersecurity risk management: Keys to an effective plan," Biomedical Instrumentation & Technology, vol. 48, no. 1, pp. 26-30, 2014.
2. R. a. P. P. Garrie, "Mhealth regulation, legislation and cybersecurity," In mHealth, vol. 1, no. 4, pp. 45-63, 2014.
3. S. a. E. M. Blanke, "When it comes to security patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist," Journal of helathcare risk management, vol. 36, no. 1, pp. 14-24, 2016.
4. E. Perakslis, "Cybersecurity in helathcare," The new england journal of medicine, vol. 371, no. 5, p. 395, 2014.
5. R. S. S. J. B. V. K. Koppel, "Workarounds to computer access in helathcare organizations: You want my password or a dead patient?," ITCH, vol. 25, no. 3, pp. 73-85, 2015.
6. D. K. F. C. G. a. A. R. Kolz, "Security for mobile and cloud fronters in helathcare," Communications of the ACM, vol. 58, no. 8, pp. 21-23, 2015.
7. S. Murphy, "Is cybersecurity possible in healthcare?," National cybersecurity Institute Journal, vol. 1, no. 3, pp. 49-63, 2015.
8. P. A. a. A. W. Williams, "Cybersecurity vulnerability in medical devices: a complex environment and multifaceted problem," Medical devices, vol. 8, no. 202, p. 305, 2015.
9. P. H. England, "Health Protection Report: Weekly Report," Infection report, vol. 10, no. 22, p. 27, 2016.
10. H. K. Yamposkiy, "A language for describing attacks on cyber-security systems," International journal of critical iunfrustructure protection, vol. 8, no. 3, pp. 40-52, 2015.
11. Watkins, "The impact of Cyber-attacks on the private sector," Briefing paper, Association for international Affair, vol. 2, no. 7, p. 12, 2014.
12. Walter, "Cyber attacks on US companies," Heritage Foundation issue brief, vol. 9, no. 3, p. 4289, 2014.
13. Langer, "Cyber-security issues in helathcareinformation technology," Journal of Digital imaging, vol. 8, no. 5, pp. 1-9, 2016.
14. W. C. B. Kacem, "Security Analyis of ADS-B," Networks in STIDS, vol. 23, no. 9, pp. 40-47, 2014.