1
|
Cervera García A, Goussens A. [Cybersecurity and use of ICT in the health sector]. Aten Primaria 2024; 56:102854. [PMID: 38219392 PMCID: PMC10823061 DOI: 10.1016/j.aprim.2023.102854] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/01/2023] [Revised: 12/11/2023] [Accepted: 12/12/2023] [Indexed: 01/16/2024] Open
Abstract
Cybercrime in the health sector is a growing threat in the digital age. With computerization of medical records and telemedicine on the rise, cyberattacks can have devastating consequences. Leaking sensitive data or hijacking systems can compromise patient's privacy and jeopardize healthcare. To counter this threat, robust cybersecurity measures are required as a protective measure. This article aims to expose the main dangers and threats faced by ICT, as well as present cybersecurity with its bioethical implications and, finally, the ideal scheme for it in the health sector in order to create a safer and more efficient environment. This article aims to address these issues and provide a comprehensive view of how cybersecurity and ICT can coexist safely and effectively in the healthcare field.
Collapse
Affiliation(s)
- Alejandro Cervera García
- L'Equip d'Atenció Primària de Figueres (EAP Figueres), Institut Català de la Salut, Girona, España
| | - Alyson Goussens
- L'Equip d'Atenció Primària de Figueres (EAP Figueres), Institut Català de la Salut, Girona, España.
| |
Collapse
|
2
|
Zhan Y, Ahmad SF, Irshad M, Al-Razgan M, Awwad EM, Ali YA, Ahmad Ayassrah AYB. Investigating the role of Cybersecurity's perceived threats in the adoption of health information systems. Heliyon 2024; 10:e22947. [PMID: 38148811 PMCID: PMC10750060 DOI: 10.1016/j.heliyon.2023.e22947] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/05/2023] [Revised: 11/14/2023] [Accepted: 11/22/2023] [Indexed: 12/28/2023] Open
Abstract
Information technology is one of the most rapidly growing technologies globally. Over the last decade, its usage in healthcare has been remarkable. Over the last decade, its usage in healthcare has been remarkable. The study examines the impact of various factors as barriers to adopting the information system in healthcare. These factors are categorized into three major types: external attacks, which include phishing attacks and ransomware; employee factors, including lack of skills and the issue of information misuse; and technological factors, including complexity and vulnerability. The findings show that external attacks and technological factors are the main barriers to adopting information systems, while employee factors have no significant impact on the adoption of information systems in the healthcare industry of Pakistan. The study provides implications for healthcare policy makers, professionals and organziations regarding the successful adoption of health information system.
Collapse
Affiliation(s)
- Yiyu Zhan
- Civil Engineering College, Putian University, Putian, 351100, China
| | - Sayed Fayaz Ahmad
- Department of Engineering Management, Institute of Business Management, Karachi, Pakistan
| | - Muhammad Irshad
- Department of Management Sciences, University of Gwadar, Pakistan
| | - Muna Al-Razgan
- Department of Software Engineering, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia
| | - Emad Marous Awwad
- Electrical Engineering Department, College of Engineering, King Saud University, Riyadh, Saudi Arabia
| | - Yasser A. Ali
- Department of Information System, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia
| | | |
Collapse
|
3
|
Tarka M, Blankstein M, Schottel P. The crippling effects of a cyberattack at an academic level 1 trauma center: An orthopedic perspective. Injury 2023; 54:1095-1101. [PMID: 36801172 DOI: 10.1016/j.injury.2023.02.022] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Received: 01/02/2023] [Revised: 02/07/2023] [Accepted: 02/08/2023] [Indexed: 02/23/2023]
Abstract
INTRODUCTION Malicious cyberattacks are increasing in frequency and severity with healthcare institutions spending an average of over 10 million dollars to resolve the consequences of healthcare data breaches. This cost does not include the effect of a downtime event should a healthcare system electronic medical record (EMR) lose functionality. An Academic Level 1 trauma center suffered a cyberattack resulting in a total EMR downtime of 25 days. Orthopedic operative time was used as a surrogate for OR functionality during the event and a framework with specific examples is presented to promote rapid adaptation during downtime events. METHODS Operative time losses were identified by calculating a running average of weekday total in room operative time during a total downtime event secondary to a cyberattack. This data was compared to week-of-the-year matched data from the year prior and the year after the attack. A framework for creating adaptations to a total downtime event was created by repeatedly interviewing different provider groups and identifying how they adjusted care to the challenges faced. RESULTS Total weekday in room operative time during the attack decreased by 53.4% ± 12.2% and 53.2% ± 14.9% when comparing the matched period one year prior and one year after, respectively. Immediate challenges to patient care were identified by small groups of highly motivated individuals, with self-assigned agile teams formed. These teams sequenced system processes, identified failure points, and created real-time solutions. A frequently updated EMR backup mirror and hospital disaster insurance were crucial for mitigating the impact of the cyberattack. CONCLUSIONS Cyberattacks are expensive and their downstream effects, including downtime events, can be crippling. Agile team formation, process sequencing, and understanding EMR backup times are tactics used to combat the challenges of a prolonged total downtime event. LEVEL OF EVIDENCE Level III retrospective cohort.
Collapse
|
4
|
Keshavarzi M, Ghaffary HR. An ontology-driven framework for knowledge representation of digital extortion attacks. Comput Human Behav 2023; 139:107520. [PMID: 36268220 PMCID: PMC9557090 DOI: 10.1016/j.chb.2022.107520] [Citation(s) in RCA: 1] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/06/2022] [Revised: 10/02/2022] [Accepted: 10/07/2022] [Indexed: 11/22/2022]
Abstract
With the COVID-19 pandemic and the growing influence of the Internet in critical sectors of industry and society, cyberattacks have not only not declined, but have risen sharply. In the meantime, ransomware is at the forefront of the most devastating threats that have launched the lucrative illegal business. Due to the proliferation and variety of ransomware forays, there is a need for a new theory of categories. The intricacy and multiplicity of components involved in digital extortions entails the construction of a knowledge representation system that is able to organize large volumes of information from heterogeneous sources in a formal structured format and infer new knowledge from it. This paper suggests and develops a dedicated ontology of digital blackmails, called Rantology, with a particular focus on ransomware assaults. The logic coded in this ontology allows to assess the maliciousness of programs based on various factors, including called API functions and their behaviors. The proposed framework can be used to facilitate interoperability between cybersecurity experts and knowledge-based systems, and identify sensitive points for surveillance. The evaluation results based on several criteria confirm the adequacy of the suggested ontology in terms of clarity, modularity, consistency, coverage and inheritance richness.
Collapse
|
5
|
Haner M, Sloan MM, Graham A, Pickett JT, Cullen FT. Ransomware and the Robin Hood effect?: Experimental evidence on Americans' willingness to support cyber-extortion. J Exp Criminol 2022; 19:1-28. [PMID: 35729977 PMCID: PMC9190457 DOI: 10.1007/s11292-022-09515-z] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Accepted: 05/05/2022] [Indexed: 06/15/2023]
Abstract
Objectives Ransomware attacks have become a critical security threat worldwide. However, existing research on ransomware has largely ignored public opinion. This initial study identifies patterns in the American public's support for the use of ransomware, specifically when it is framed to provide benefits to others (i.e., in-group members). Drawing on the Robin Hood decision-making literature and Moral Foundations Theory, we offer theoretical predictions regarding ransomware support. Methods In a survey of 1013 Americans, we embedded a split-ballot experiment in which respondents were randomly assigned to indicate their level of support or opposition to one of two sets of six ransomware scenarios. We manipulated the nationality, authority level, and political affiliation of the actors. Results We find that people are more supportive of ransomware use when the actors are from their own in-group, and the outcomes benefit their in-group members. Also, the more strongly participants endorsed the moral foundations of authority and harm/care, the more supportive they were of the use of ransomware that may benefit others from their in-group. Conclusions These findings suggest political actors may be able to generate public support for morally questionable actions by emphasizing in-group benefits and the Robin Hood nature of an attack (e.g., outcome-based morality).
Collapse
|
6
|
Stowman AM, Cacciatore LS, Cortright V, McConnell J, Wilburn C, Bryant B, Frisch N, Kalof AN. Anatomy of a Cyberattack. Am J Clin Pathol 2022; 157:814-822. [PMID: 35188562 DOI: 10.1093/ajcp/aqab162] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/13/2021] [Accepted: 09/21/2021] [Indexed: 11/12/2022] Open
Abstract
OBJECTIVES Our institution was subject to a multi-institutional, systemwide cyberattack that led to a complete shutdown of multiple major patient care, operational, and communication systems for more than 25 days. The electronic health record computer system was taken offline, as was the hospital email and authentication systems, internet access, and the laboratory information system. The impact on the hospital and patient care was substantial, and our laboratories were crippled. METHODS Our laboratory endured challenges in communication because of the loss of connectivity and difficulties in laboratory management, and we recognized a need to restructure leadership to maintain operations during the crisis. As an academic institution, residents and trainees were also significantly affected by the disaster. RESULTS We developed an incident command team (ICT), alternative methods of communication, and innovative management strategies to remain operational. Trainees were incorporated into the disaster-relief efforts, with negative impacts on resident education. CONCLUSIONS This paper focuses on the challenges in communication and lab management as well as the need for an alternative leadership structure during the crisis. We also highlight the unique experience of our trainees during this prolonged downtime, underscoring the importance of incorporating resident trainees into the daily ICT's administrative activities as an invaluable lab management experience.
Collapse
Affiliation(s)
- Anne M Stowman
- Department of Pathology and Laboratory Medicine, University of Vermont Medical Center, Burlington , VT, USA
| | - Lori S Cacciatore
- University of Vermont Medical Center Jeffords Institute for Quality, Burlington , VT, USA
| | - Valerie Cortright
- Department of Pathology and Laboratory Medicine, University of Vermont Medical Center, Burlington , VT, USA
| | - John McConnell
- Department of Pathology and Laboratory Medicine, University of Vermont Medical Center, Burlington , VT, USA
- University of Vermont Medical Center Information Technology, Burlington , VT, USA
| | - Clayton Wilburn
- Department of Pathology and Laboratory Medicine, University of Vermont Medical Center, Burlington , VT, USA
| | - Bronwyn Bryant
- Department of Pathology and Laboratory Medicine, University of Vermont Medical Center, Burlington , VT, USA
| | - Nora Frisch
- Department of Pathology and Laboratory Medicine, University of Vermont Medical Center, Burlington , VT, USA
| | - Alexandra N Kalof
- Department of Pathology and Laboratory Medicine, University of Vermont Medical Center, Burlington , VT, USA
| |
Collapse
|
7
|
Beaman C, Barkworth A, Akande TD, Hakak S, Khan MK. Ransomware: Recent advances, analysis, challenges and future research directions. Comput Secur 2021; 111:102490. [PMID: 34602684 PMCID: PMC8463105 DOI: 10.1016/j.cose.2021.102490] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/08/2021] [Revised: 08/15/2021] [Accepted: 09/21/2021] [Indexed: 10/31/2022]
Abstract
The COVID-19 pandemic has witnessed a huge surge in the number of ransomware attacks. Different institutions such as healthcare, financial, and government have been targeted. There can be numerous reasons for such a sudden rise in attacks, but it appears working remotely in home-based environments (which is less secure compared to traditional institutional networks) could be one of the reasons. Cybercriminals are constantly exploring different approaches like social engineering attacks, such as phishing attacks, to spread ransomware. Hence, in this paper, we explored recent advances in ransomware prevention and detection and highlighted future research challenges and directions. We also carried out an analysis of a few popular ransomware samples and developed our own experimental ransomware, AESthetic, that was able to evade detection against eight popular antivirus programs.
Collapse
Affiliation(s)
- Craig Beaman
- Canadian Institute for Cybersecurity, Faculty of Computer Science, University of New Brunswick, Canada
| | - Ashley Barkworth
- Canadian Institute for Cybersecurity, Faculty of Computer Science, University of New Brunswick, Canada
| | - Toluwalope David Akande
- Canadian Institute for Cybersecurity, Faculty of Computer Science, University of New Brunswick, Canada
| | - Saqib Hakak
- Canadian Institute for Cybersecurity, Faculty of Computer Science, University of New Brunswick, Canada
| | - Muhammad Khurram Khan
- Center of Excellence in Information Assurance, College of Computer and Information Sciences, King Saud University, Riyadh 11653, Saudi Arabia
| |
Collapse
|
8
|
Chen PH, Bodak R, Gandhi NS. Ransomware Recovery and Imaging Operations: Lessons Learned and Planning Considerations. J Digit Imaging 2021; 34:731-740. [PMID: 34159418 PMCID: PMC8218969 DOI: 10.1007/s10278-021-00466-x] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/29/2020] [Revised: 05/05/2021] [Accepted: 05/17/2021] [Indexed: 12/04/2022] Open
Abstract
In this era, almost all healthcare workflows are digital and rely on robust institutional networks; a ransomware attack in a healthcare system can have catastrophic patient care consequences. The usual downtime processes in an institution might not address the breadth of this disruption and timelines for recovery. This article shares our lessons learned from ransomware recovery. From this experience, a four-phase recovery planning framework has been developed. The primary focus is on acute patient care, incident communication, and emergency imaging operations in the initial phase. In the next phase, continued digital asset unavailability necessitates a transition to long-term analog workflows. In the infrastructure recovery and reconciliation phases, each taking weeks or months, the emphasis is on rebuilding a ransomware-free environment and reconciling the data accrued during extended downtime. In preparation for future events, we have initiated a continuous readiness process. A response task force has been formed to guide physicians, technologists, nurses, and informatics units on recovery workflows appropriate for extended downtime and keeping these procedures updated. Incident command structure has been discussed for communications and resource allocation during a ransomware attack, possibly in the context of a multi-incident scenario such as that involving concurrent staffing shortage amidst a pandemic. Finally, we discuss considerations for tabletop simulation, which may be valuable to the planning process.
Collapse
Affiliation(s)
- Po-Hao Chen
- Department of Diagnostic Radiology, Imaging Institute, Cleveland Clinic, 9500 Euclid Avenue, Cleveland, OH, USA. .,Section of Imaging Informatics, Imaging Institute, Cleveland Clinic, 9500 Euclid Avenue, Cleveland, OH, USA. .,Information Technology Division, Cleveland Clinic, 9500 Euclid Avenue, Cleveland, OH, USA.
| | - Robert Bodak
- Section of Imaging Informatics, Imaging Institute, Cleveland Clinic, 9500 Euclid Avenue, Cleveland, OH, USA
| | - Namita S Gandhi
- Department of Diagnostic Radiology, Imaging Institute, Cleveland Clinic, 9500 Euclid Avenue, Cleveland, OH, USA.,Information Technology Division, Cleveland Clinic, 9500 Euclid Avenue, Cleveland, OH, USA
| |
Collapse
|
9
|
Aurangzeb S, Rais RNB, Aleem M, Islam MA, Iqbal MA. On the classification of Microsoft-Windows ransomware using hardware profile. PeerJ Comput Sci 2021; 7:e361. [PMID: 33817011 PMCID: PMC7959641 DOI: 10.7717/peerj-cs.361] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/21/2020] [Accepted: 12/28/2020] [Indexed: 06/12/2023]
Abstract
Due to the expeditious inclination of online services usage, the incidents of ransomware proliferation being reported are on the rise. Ransomware is a more hazardous threat than other malware as the victim of ransomware cannot regain access to the hijacked device until some form of compensation is paid. In the literature, several dynamic analysis techniques have been employed for the detection of malware including ransomware; however, to the best of our knowledge, hardware execution profile for ransomware analysis has not been investigated for this purpose, as of today. In this study, we show that the true execution picture obtained via a hardware execution profile is beneficial to identify the obfuscated ransomware too. We evaluate the features obtained from hardware performance counters to classify malicious applications into ransomware and non-ransomware categories using several machine learning algorithms such as Random Forest, Decision Tree, Gradient Boosting, and Extreme Gradient Boosting. The employed data set comprises 80 ransomware and 80 non-ransomware applications, which are collected using the VirusShare platform. The results revealed that extracted hardware features play a substantial part in the identification and detection of ransomware with F-measure score of 0.97 achieved by Random Forest and Extreme Gradient Boosting.
Collapse
Affiliation(s)
- Sana Aurangzeb
- Department of Computer Science, National University of Modern Languages, Islamabad, Islamabad, ICT, Pakistan
| | - Rao Naveed Bin Rais
- College of Engineering and Information Technology, Ajman University, Ajman, United Arab Emirates
| | - Muhammad Aleem
- Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Islamabad, ICT, Pakistan
| | - Muhammad Arshad Islam
- Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Islamabad, ICT, Pakistan
| | - Muhammad Azhar Iqbal
- School of Information Science and Technology (SIST), Southwest Jiaotong University, Chengdu, China
| |
Collapse
|
10
|
Zhao JY, Kessler EG, Yu J, Jalal K, Cooper CA, Brewer JJ, Schwaitzberg SD, Guo WA. Impact of Trauma Hospital Ransomware Attack on Surgical Residency Training. J Surg Res 2018; 232:389-397. [PMID: 30463746 DOI: 10.1016/j.jss.2018.06.072] [Citation(s) in RCA: 6] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/24/2018] [Revised: 06/01/2018] [Accepted: 06/20/2018] [Indexed: 10/28/2022]
Abstract
BACKGROUND A recent ransomware attack led to the shutdown of the electronic health information system (HIS) at our trauma center for 2 mo. We investigated its impact on residency training during the downtime. MATERIAL AND METHODS General and orthopedic surgical residents who rotated at the hospital were invited to participate in a survey regarding their patient care and residency training experiences during the downtime. Attending surgeons from both the specialties were invited to participate in a semistructured interview regarding their attitude toward residency training during the downtime. RESULTS Twenty-nine residents responded to the survey with a response rate of 78.4%. Residents acknowledged significant increases in face-to-face communication and decreases in use of online educational resources during the downtime (P < 0.01). Residents were significantly stressed by the dearth of online resources (P < 0.0001) and by paper-based orders and outpatient clinic (P < 0.05). A multivariate analysis demonstrated an inverse relationship between postgraduate year and stress from paper orders (P = 0.003). Attending surgeon's interviews revealed that they recognized residents' unpreparedness and strove harder to teach more effectively. CONCLUSIONS Our study demonstrated that an unexpected shutdown of the hospital HIS imposed significant stress upon surgical residents providing trauma patient care and made attending surgeons take greater efforts to be more effective teachers. Residents who are digital natives lack adaptability to handle a paper-based workflow. With cyber security threats increasing in health care, preparedness should be included in the graduate medical education curriculum.
Collapse
Affiliation(s)
- Jane Y Zhao
- Department of Surgery, Jacobs School of Medicine and Biomedical Sciences, University at Buffalo, State University of New York, Buffalo, New York; Department of Biomedical Informatics, Jacobs School of Medicine and Biomedical Sciences, University at Buffalo, State University of New York, Buffalo, New York
| | - Evan G Kessler
- Department of Surgery, Jacobs School of Medicine and Biomedical Sciences, University at Buffalo, State University of New York, Buffalo, New York; Department of Epidemiology and Environmental Health, School of Public Health and Health Professions, University at Buffalo, State University of New York, Buffalo, New York
| | - Jihnhee Yu
- Department of Biostatistics, School of Public Health and Health Professions, University at Buffalo, State University of New York, Buffalo, New York
| | - Kabir Jalal
- Department of Biostatistics, School of Public Health and Health Professions, University at Buffalo, State University of New York, Buffalo, New York
| | - Clairice A Cooper
- Department of Surgery, Jacobs School of Medicine and Biomedical Sciences, University at Buffalo, State University of New York, Buffalo, New York
| | - Jeffrey J Brewer
- Department of Surgery, Jacobs School of Medicine and Biomedical Sciences, University at Buffalo, State University of New York, Buffalo, New York
| | - Steven D Schwaitzberg
- Department of Surgery, Jacobs School of Medicine and Biomedical Sciences, University at Buffalo, State University of New York, Buffalo, New York; Department of Biomedical Informatics, Jacobs School of Medicine and Biomedical Sciences, University at Buffalo, State University of New York, Buffalo, New York
| | - Weidun Alan Guo
- Department of Surgery, Jacobs School of Medicine and Biomedical Sciences, University at Buffalo, State University of New York, Buffalo, New York.
| |
Collapse
|