Cybersecurity and Innovative Technology Journal

Healthcare information systems hold significant importance; hence, their cybersecurity is crucial. Exposed networks make it easy for cybercriminals to launch cyberattacks and access healthcare data. Thus, concerns regarding cybersecurity and its link to healthcare privacy, confidential data, and medical devices are growing. Therefore, cybersecurity vulnerabilities in healthcare and patient security are significant issues. Healthcare information systems comprise correlated networks and play a vital role in treating and saving patients. However, advanced circulated ransomware attacks on hospitals prevent access to electronic health records for providing appropriate patient care, thus forcing doctors to turn to other facilities. These cyberattacks can leak patient data, and regaining control of information systems and patient data is highly expensive, thus resulting in extensive monetary losses. Cyberattacks aimed toward electronic medical records, information technology systems, and medical devices have corrupted the best systems across clinics and small offices with physicians, as well as merged health systems. There is an urgency to address cybersecurity vulnerabilities in healthcare; however, opinions differ regarding suitable measures for safeguarding patient data and ensuring infrastructural security. We aimed to reconcile these diverging hypotheses and provide an understanding of the current landscape and directions for further improvements by reviewing several studies on healthcare cybersecurity. We also interviewed healthcare professionals, cybersecurity experts, and administrators and distributed a survey questionnaire to healthcare organizations to gather quantitative data on existing cybersecurity measures and vulnerabilities. Our analyses show that healthcare organizations are vulnerable to a variety of threats, cyberattacks disrupt the health sector, cybersecurity vulnerabilities impact patient security, and implementations of cybersecurity measures are inconsistent across organizations. Owing to the sophisticated nature of cyberattacks, the healthcare industry must prioritize cybersecurity and provide the funding required to develop critical systems for safeguarding patients and their data. The study's findings underscore the need for standardized cybersecurity practices in healthcare to address inconsistencies in measures across organizations. Adequate and ongoing investment in cybersecurity infrastructure is imperative to counter increasingly sophisticated cyberattacks. Additionally, protecting patient data and maintaining trust within the healthcare sector are ethical imperatives that should guide industry actions. By embracing these implications, the healthcare industry can enhance patient security, financial stability, and ethical integrity.

Abraham, C., Chatterjee, D., & Sims, R. R. (2019). Muddling through cybersecurity: Insights from the U.S. healthcare industry. Business Horizons, 62(4), 539–548. doi:10.1016/j.bushor.2019.03.010.

Alghamdi, A. (2022). Cybersecurity threats to healthcare sectors during COVID-19 2nd International Conference on Computing and Information Technology (ICCIT) (pp. 87–92). IEEE Publications. doi:10.1109/ICCIT52419.2022.9711659.

Angafor, G. N., Yevseyeva, I., & He, Y. (2020). Bridging the cyber security skills gap: Using tabletop exercises to solve the CSSG crisis. In M. Ma, B. Fletcher & S. Göbel (Eds.), Serious games (pp. 117–131). Springer International Publishing. doi:10.1007/978-3-030-61814-8_10.

Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M. V., Calcavecchia, F., Anderson, D., . . . Flahault, A. (2020). Cybersecurity of hospitals: Discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1), 146. doi:10.1186/s12911-020-01161-7.

Beavers, J., & Pournouri, S. (2019). Recent cyber attacks and vulnerabilities in medical devices and healthcare institutions. In H. Jahankhani, S. Kendzierskyj & A. Jamal (Eds.), Blockchain and clinical trial: Securing patient data (pp. 249–267). Springer International Publishing. doi:10.1007/978-3-030-11289-9_11.

Bhosale, K. S., Nenova, M., & Iliev, G. (2021) Sixth Junior Conference on Lighting (Lighting). A study of cyber attacks. In the healthcare sector, 2021, 1–6.

Blanke, S. J., & McGrady, E. (2016). When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist. Journal of Healthcare Risk Management, 36(1), 14–24. doi:10.1002/jhrm.21230.

Camgöz Akdağ, H., & Menekşe, A. (2023). Cybersecurity Framework prioritization for healthcare organizations using a novel interval-valued Pythagorean fuzzy CRITIC. In C. Kahraman & E. Haktanır (Eds.), Intelligent systems in digital transformation: Theory and applications (pp. 241–266). Springer International Publishing. doi:10.1007/978-3-031-16598-6_11.

Coronado, A. J., & Wong, T. L. (2014). Healthcare cybersecurity risk management: Keys to an effective plan. Biomedical Instrumentation and Technology, Suppl, 26–30. doi:10.2345/0899-8205-48.s1.26.

Hoffman, S. A. E. (2020). Cybersecurity threats in healthcare organizations: Exposing vulnerabilities in the healthcare information infrastructure. World Libraries, 24.

Javaid, M., Haleem, A., Singh, R. P., & Suman, R. (2023). Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends. Cyber Security and Applications, 1, 100016. doi:10.1016/j.csa.2023.100016.

Lehto, M. (2022). Cyber-attacks against critical infrastructure. In M. Lehto & P. Neittaanmäki (Eds.), Cyber security: Critical infrastructure protection (pp. 3–42). Springer International Publishing. doi:10.1007/978-3-030-91293-2_1.

Martin, G., Martin, P., Hankin, C., Darzi, A., & Kinross, J. (2017). Cybersecurity and healthcare: How safe are we? BMJ, 358, j3179. doi:10.1136/bmj.j3179.

Mishra, A., Alzoubi, Y. I., Gill, A. Q., & Anwar, M. J. (2022). Cybersecurity enterprises policies: A comparative study. Sensors, 22(2), 538. doi:10.3390/s22020538.

Smagulov, S., & Smagulova, V. (2019). Challenges of digital transformation in healthcare. Intellect arch, 8, 12–32.

Smith, C. (2018). Cybersecurity implications in an interconnected healthcare system. Frontiers of Health Services Management, 35(1), 37–40. doi:10.1097/HAP.0000000000000039.

Spanakis, E. G., Bonomi, S., Sfakianakis, S., Santucci, G., Lenti, S., Sorella, M., . . . Magalini, S. (2020). Cyber-attacks and threats for healthcare–a multi-layer thread analysis. Annual International Conference of the IEEE Engineering in Medicine and Biology Society. IEEE Engineering in Medicine and Biology Society. Annual International Conference. Annual International Conference of the IEEE Engineering in Medicine and Biology Society. Annual International Conference 42nd Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC). IEEE Publications, 2020, 5705–5708. doi:10.1109/EMBC44109.2020.9176698.

Sunil Lekshmi, A. (2022), Growing concern on healthcare cyberattacks and need for cybersecurity.

Thomas, S., & Ngalamou, L. (2022). The impact of cybersecurity on healthcare. In K. Arai (Ed.), Proceedings of the future technologies conference (pp. 680–689). Springer International Publishing. doi:10.1007/978-3-030-89880-9_50.

Triplett, W. (2022b). Ransomware attacks on the healthcare industry. Journal of Business, Technology and Leadership, 4(1), 1–13. doi:10.54845/btljournal.v4i1.31.

Triplett, W. J. Addressing cybersecurity leadership challenges in organizations. Capitol technology university ProQuest dissertations publishing. (2022a):30522018.

Triplett, W. J. (2022c). Addressing human factors in cybersecurity leadership. Journal of Cybersecurity and Privacy, 2(3), 573–586. doi:10.3390/jcp2030029.

Wasserman, L., & Wasserman, Y. (2022). Hospital cybersecurity risks and gaps: Review (for the non-cyber professional). Frontiers in Digital Health, 4, 862221. doi:10.3389/fdgth.2022.862221.