Cybersecurity in Healthcare: Protecting Critical Infrastructure Against Evolving Threats |
||
 |
 |
|
| © 2024 by IJCTT Journal | ||
| Volume-72 Issue-11 |
||
| Year of Publication : 2024 | ||
| Authors : Yash Patel | ||
| DOI : 10.14445/22312803/IJCTT-V72I11P104 | ||
How to Cite?
Yash Patel, "Cybersecurity in Healthcare: Protecting Critical Infrastructure Against Evolving Threats," International Journal of Computer Trends and Technology, vol. 72, no. 11, pp. 23-30, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I11P104
Abstract
This research paper addresses the healthcare sector's cybersecurity challenges and explores strategies for protecting critical infrastructure against evolving cyber threats. Healthcare organizations increasingly rely on interconnected medical devices, IT systems, and patient data, making them prime targets for cyberattacks. The study draws on existing literature and presents a comprehensive framework for identifying and mitigating risks to healthcare infrastructure. Topics include security vulnerabilities, IT challenges, risk assessments, and threat mitigation strategies. The findings emphasize the need for robust cybersecurity frameworks to safeguard healthcare systems, reduce vulnerabilities, and improve resilience. Recommendations focus on enhanced risk management, IT governance, and proactive cybersecurity policies in healthcare.
Keywords
Critical Infrastructure Security, Healthcare Sector, Risk Management Framework, Healthcare Threats.
Reference
[1] Elahe Ahmadizadeh et al., “Reviewing the Status and Experience of Outsourcing Policy in Healthcare: A Review Study,” Quarterly Journal of Management Strategies in Health System, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[2] A. Alvarenga, and G. Tanev, “A Cybersecurity Risk Assessment Framework that Integrates Value-Sensitive Design,” Technology Innovation Management Review, vol. 7, no. 4, pp. 32-43, 2017.
[Google Scholar]
[3] Ahmed Arafa, Haytham A. Sheerah, and Shada Alsalamah, “Emerging Digital Technologies in Healthcare with a Spotlight on Cybersecurity: A Narrative Review,” Information, vol. 14, no. 12, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Omar Ayaad et al., “Outsourcing Services in the Healthcare Sector: Balancing Risks and Benefits,” British Journal of Healthcare Management, vol. 28, no. 3, pp. 96-103, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Kousik Barik et al., “Data Analytics, Digital Transformation, and Cybersecurity Perspectives in Healthcare,” Secure and Resilient Digital Transformation of Healthcare, pp. 71-89, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Abdullah Baz et al., “Security Risk Assessment Framework for the Healthcare Industry 5.0,” Sustainability, vol. 15, no. 23, pp. 1-27, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Leonard L. Berry et al., “The High Stakes of Outsourcing in Health Care,” Mayo Clinic Proceedings, vol. 96, no. 11, pp. 2879-2890, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Baber Majid Bhatti, Sameera Mubarak, and Sev Nagalingam, “Information Security Risk Management in IT Outsourcing – A Quarter Century Systematic Literature Review,” Journal of Global Information Technology Management, vol. 24, no. 4, pp. 259-298, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Annette Burks, “Strategies Used in Healthcare Organizations to Protect Information against Security Breaches: A Case Study,” ProQuest Dissertations & Theses Global, 2024.
[Google Scholar] [Publisher Link]
[10] Christopher B. Califf, Saonee Sarker, and Suprateek Sarker, “The Bright and Dark Sides of Technostress: A Mixed-Methods Study Involving Healthcare IT,” MIS Quarterly, vol. 44, no. 2, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[11] CISA, CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector, 2023. [Online]. Available: https://www.cisa.gov/news-events/news/cisa-releases-key-risk-and-vulnerability-findings-healthcare-and-public-health-sector
[12] CISA, A Guide to Critical Infrastructure Security and Resilience, 2019. [Online]. Available: https://www.cisa.gov/topics/critical infrastructure-security-and-resilience
[13] Congressional Research Service, Critical Infrastructure Security and Resilience: Countering Russian and Other Nation-State Cyber Threats, 2023. [Online]. Available: https://crsreports.congress.gov/product/pdf/IF/IF12061/2
[14] Maureen Van Devender, and Jeffrey Todd McDonald, “A Quantitative Risk Assessment Framework for the Cybersecurity of Networked Medical Devices,” International Conference on Cyber Warfare and Security, vol. 18, no. 1, pp. 402-411, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[15] A. Shaji George, T. Baskar, and P. Balaji Srikaanth, “Cyber Threats to Critical Infrastructure: Assessing Vulnerabilities across Key Sectors,” Partners Universal International Innovation Journal, vol. 2, no. 1, pp. 51-75, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Jaime Govea, Walter Gaibor-Naranjo, and William Villegas-Ch, “Transforming Cybersecurity into Critical Energy Infrastructure: A Study on the Effectiveness of Artificial Intelligence,” Systems, vol. 12, no. 5, pp. 1-26, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Payam Hanafizadeh, and Ahad Zareravasan, “A Systematic Literature Review on IT Outsourcing Decisions and Future Research Directions,” Journal of Global Information Management, vol. 28, no. 2, pp. 160-201, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Harvard Business Review, Preventing the Next Big Cyberattack on U.S. Health Care, 2024. [Online]. Available: https://hbr.org/2024/05/preventing-the-next-big-cyberattack-on-u-s-health-care
[19] Ying He et al., “Health Care Cybersecurity Challenges and Solutions under the Climate of COVID-19: Scoping Review,” Journal of Medical Internet Research, vol. 23, no. 4, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Sebastian Hermes et al., “The Digital Transformation of the Healthcare Industry: Exploring the Rise of Emerging Platform Ecosystems and their Influence on the Role of Patients,” Business Research, vol. 13, no. 3, pp. 1033-1069, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Senerath Mudalige Don Alexis Chinthaka Jayatilake, and Gamage Upeksha Ganegoda, “Involvement of Machine Learning Tools in Healthcare Decision Making,” Journal of Healthcare Engineering, vol. 2021, no. 1, pp. 1-20, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Zihad Hasan Joy et al., “Advanced Cybersecurity Protocols for Securing Data Management Systems in Industrial and Healthcare Environments,” Global Mainstream Journal, vol. 3, no. 4, pp. 25-38, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[23] En-Naaoui et al., “Risk Management in Moroccan Healthcare Organizations: An Overview,” Turkish Journal of Computer and Mathematics Education, vol. 12, no. 5, pp. 930-936, 2021.
[Google Scholar] [Publisher Link]
[24] Mohsen Khosravi et al., “Challenges and Solutions in the Outsourcing Process of Healthcare Units: A Thematic Analysis of a Scoping Review,” Authorea Preprints, pp. 1-13, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Juhee Kwon, and M. Eric Johnson, “Healthcare Security Strategies for Regulatory Compliance and Data Security,” 46th Hawaii International Conference on System Sciences, Wailea, HI, USA, pp. 3972-3981, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Nadica Hrgarek Lechner, “An Overview of Cybersecurity Regulations and Standards for Medical Device Software,” Proceedings of the Central European Conference on Information and Intelligent Systems, pp. 237-249, 2017.
[Google Scholar]
[27] Martti Lehto et al., “Cyber Security in Healthcare Systems,” Cyber Security: Critical Infrastructure Protection, pp. 183-215, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[28] Kaspar Rosager Ludvigsen, “The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and Solutions,” Law, Technology and Humans, vol. 5, no. 1, pp. 59-77, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[29] Eva Maia et al., “Security Challenges for the Critical Infrastructures of the Healthcare Sector,” Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures, 2000.
[Google Scholar] [Publisher Link]
[30] Brian Mazanec, Protecting Critical Infrastructure from Cyberattacks: Examining, 2023. [Online]. Available: https://www.hhs.gov/about/agencies/asl/testimony/2023/05/2023/protecting-critical-infrastructure-from-cyberattacks.html
[31] Bryan C. McConomy, and Dennis E. Leber, “Cybersecurity in Healthcare,” Clinical Informatics Study Guide, pp. 241-253, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[32] Carlos M. Mejía-Granda et al., “Security Vulnerabilities in Healthcare: An Analysis of Medical Devices and Software,” Medical & Biological Engineering & Computing, vol. 62, no. 1, pp. 257-273, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[33] Annika Merrilees, Kurt Erickson, and Ansley Franco St. Louis, St. Louis Airport, Hospitals Hit by Global IT Outage, St. Louis Post Dispatch, 2024. [Online]. Available: https://www.phelpscountyfocus.com/article_ccd55dd1-51fb-53f1-a78b-9d7d7611a485.html
[34] Derek Mohammed, “US Healthcare Industry: Cybersecurity Regulatory and Compliance Issues,” Journal of Research in Business, Economics and Management, vol. 9, no. 5, pp. 1771-1776, 2017.
[Google Scholar] [Publisher Link]
[35] National Security Memorandum on Critical Infrastructure Security and Resilience, Washington: Federal Information & News Dispatch, LLC. Retrieved from ProQuest Central, 2024. [Online]. Available: https://www.whitehouse.gov/briefing-room/presidential actions/2024/04/30/national-security-memorandum-on-critical-infrastructure-security-and-resilience/
[36] Akm Iqtidar Newaz et al., “A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses,” ACM Transactions on Computing for Healthcare, vol. 2, no. 3, pp. 1-44, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[37] Kate O'Flaherty, CrowdStrike Windows Outage - What happened and what to do Next, Forbes, 2024. [Online]. Available: https://www.forbes.com/sites/kateoflahertyuk/2024/07/19/crowdstrike-windows-outage-what-happened-and-what-to-do-next/
[38] Armando Papa et al., “E-Health and Wellbeing Monitoring using Smart Healthcare Devices: An Empirical Investigation,” Technological Forecasting and Social Change, vol. 153, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[39] Andreas Puder, Jacqueline Henle, and Eric Sax, “Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry,” Healthcare, vol. 11, no. 6, pp. 1-28, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[40] Sandeep Reddy, “Generative AI in Healthcare: An Implementation Science Informed Translational Path on Application, Integration and Governance,” Implementation Science, vol. 19, pp. 1-15, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[41] Hugo Riggs et al., “Impact, Vulnerabilities, and Mitigation Strategies for Cyber-Secure Critical Infrastructure,” Sensors, vol. 23, no. 8, pp. 1-26, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[42] Ramiz Salama, Chadi Altrjman, and Fadi Al-Turjman, “Healthcare Cybersecurity Challenges: A Look at Current and Future Trends,” Computational Intelligence and Blockchain in Complex Systems, pp. 97-111, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[43] Mekhla Sarkar, Tsong-Hai Lee, and Prasan Kumar Sahoo, “Smart Healthcare: Exploring the Internet of Medical Things with Ambient Intelligence,” Electronics, vol. 13, no. 12, pp. 1-46, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[44] Swapna Siddamsetti, and Rajasekaran Subramanian, “Comparative Study of Cyber Security Risk Assessment Frameworks,” NeuroQuantology, vol. 21, no. 6, pp. 2015-2024, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[45] William J. Triplett, “Cybersecurity Vulnerabilities in Healthcare: A Threat to Patient Security,” Cybersecurity and Innovative Technology Journal, vol. 2, no. 1, pp. 15-25, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[46] U.S. Department of Health and Human Services, Healthcare Sector Cybersecurity Framework Implementation Guide 1, 2023. [Online]. Available: https://aspr.hhs.gov/cip/hph-cybersecurity-framework-implementation-guide/Documents/HPH-Sector-CSF-Implementation Guide-508.pdf
[47] Aaron J. Wells, “Cyber-Security Incidents and Organizational Policies in Healthcare,” Doctoral Dissertation, ProQuest Dissertations & Theses Global, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[48] Patricia A.H. Williams, and Andrew J. Woodward, “Cybersecurity Vulnerabilities in Medical Devices: A Complex Environment and Multifaceted Problem,” Medical Devices: Evidence and Research, vol. 8, pp. 305-316, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[49] Ahmed Yazid, “Cybersecurity and Privacy Issues in the Internet of Medical Things (IoMT),” Eigenpub Review of Science and Technology, vol. 7, no. 1, pp. 1-21, 2023.
[Google Scholar] [Publisher Link]
[50] Yagmur Yigit et al., “Critical Infrastructure Protection: Generative AI, Challenges, and Opportunities,” arXiv preprint arXiv:2405.04874, pp. 1-14, 2024.
[CrossRef] [Google Scholar] [Publisher Link]