1. Introduction and Background to the Research Problem
To comprehend the cybersecurity issues in healthcare, the fast evolution of the technological world is to be acknowledged. Recent years have seen a surge in interest in the field of cybersecurity within the healthcare sector. When a ransomware virus ensnares a patient’s medical information and key medical devices, the ability to deliver proper care to the patient will be limited. PHI and other sensitive information are at risk when hackers break into computer systems that hold electronic health records or other kinds of computers. To put it another way, hackers may not only steal patients’ private medical information, but they can also intentionally or mistakenly alter the data, which might have serious consequences for the patient’s health and outcomes. Threats related to cybersecurity in the healthcare sector can compromise the functioning of medical equipment as well as the information technology networks of hospitals. As a result, it is of the utmost importance for healthcare institutions to take active measures to reduce the cybersecurity threats posed by data breaches, ransomware, app misconfiguration, etc. In this assignment, the significance of cybersecurity for healthcare as well as the repercussions that result from breaches in security has been thoroughly discussed.
2. Justification and significance of the research problem
Medical technologies have the potential to save lives, extend people’s lives, and improve the quality of their lives. There is a diverse selection of technology that can be utilized, including systems that can keep “electronic health records (EHRs)” as well as systems that can monitor health and administer medications. Individuals can now use their mobile apps to cooperate on their health concerns and to coordinate their care, thanks to the development of telemedicine/telehealth and the medical Internet of Things. As technology develops, it is becoming increasingly necessary for medical equipment to be able to communicate with one another. A significant number of these establishments, the majority of which were formerly autonomous, are now integrated into a broader healthcare system. The average patient bed in a hospital in the United States is currently equipped with 10–15 connected gadgets. Connectivity has a variety of positive effects, but it also introduces new vulnerabilities in terms of cybersecurity. The purpose of cybersecurity is to safeguard computer networks and the data that they contain from being accessed inappropriately or interrupted, whether this is done on purpose or by accident (Coventry & Branley, 2018). As a result of the growing worries regarding the level of cybersecurity within the healthcare business, there has already been a breach in both the confidentiality and integrity of patient’s medical information. Of course, the availability of digital copies of medical records did not allay fears regarding invasions of personal privacy.
E-health service utilization has also risen, which is one reason why this has increased even more and at a faster rate. As a result of the disclosure of such confidential information, many problems might develop, including damage to the reputation of the brand, strained relationships between patients and physicians, and other problems. Because of all of these factors, the results of this study are significant not just to the researchers who conducted it but also to the students who will be studying it in the future.
3. Learning needs of students
One of the most essential components of the healthcare industry is cybersecurity. This is because it safeguards sensitive patient information along with important healthcare data and insights. The major goal of efforts made to improve cybersecurity is to eliminate the possibility of any sort of data being lost or corrupted. This includes personal information, sensitive data, information that can be “personally identifiable (PII)”, “protected health information (PHI)”, intellectual property, data, and information systems that are used by both the government and industry (Riggi, 2022). To stay compliant with these cybersecurity problems, it is vital to have the proper cybersecurity training as well as continue to expand one’s expertise. For students to keep up with current events, it is incumbent upon them to broaden their understanding of the subjects already listed. As a direct result of the continual development and advancement of technology, cybercriminals now make use of very sophisticated technological instruments. It is vital to increase one’s level of knowledge in addition to enrolling in intense training programs to effectively respond to such incidents and prevent them from happening in the first place.
4. SMART Objectives
| Specific | To develop knowledge regarding the causes of Cybersecurity issues in a healthcare setting |
| Measurable | It can be measured by analyzing previous research papers and existing literature related to the causes of such issues. In addition, this goal can be measured by assessing students’ knowledge regarding this matter |
| Attainable | This goal can be achieved by analyzing the current scenario of healthcare settings and by understanding different ways of cyber attacks |
| Reason | This would help Students understand the significance of such issues in the current scenario and also assist them in taking effective steps |
| Timeline | 1 month |
| Specific | To develop knowledge regarding the impacts of Cybersecurity issues in healthcare setting and the ways these issues can be resolved |
| Measurable | It can be measured by analyzing previous research papers and existing literature related to the causes of such issues. In addition, this goal can be measured by assessing students’ knowledge regarding this matter. Also, interviewing people from different organizations can help them in gathering information |
| Attainable | This goal can be achieved by analyzing the current scenario of healthcare settings and by understanding the importance of maintaining ethics in the healthcare sector |
| Reason | This would help Students understand the significance of such issues in the current scenario and also assist them in taking effective steps |
| Timeline | 3 month |
5. Literature Review
Coventry & Branley (2018) state that there is already widespread use of electronic healthcare technology all across the globe, which presents a tremendous opportunity to enhance clinical outcomes and revolutionize the way care is delivered. On the other hand, there are growing worries over the safety of the information and equipment used in healthcare. The increased connectedness of medical equipment to pre-existing computer networks has made them more susceptible to newly discovered cybersecurity flaws. Two primary factors contribute to the attractiveness of the healthcare industry as a target for cybercriminals: first, it is a vast supply of valuable data, and second, its defenses are inadequate. In the end, cybersecurity is essential to maintaining patient safety, even though it has traditionally received little attention. There are new laws and regulations in place to make changes easier to implement. Because of this, cybersecurity must become an essential component of patient safety. As part of a comprehensive solution, alterations are necessary to human behavior as well as technological and procedural practices.
A significant amount of all assaults may be attributed to certain dangers, such as ransomware, unsecured databases, app misconfigurations, insider threats, etc. Chernyshev et al., (2018) say, in the healthcare industry, around 23 percent of businesses pay a ransom to regain their stolen data. Ransomware-using cybercriminals often target two distinct vulnerabilities in virtual private networks (VPNs) to acquire access to the servers of healthcare organizations. Attacks that employ DDoS may also be used by hackers to take control of hospital information systems in other places. Attacks known as “distributed denial of service” are directed against operating systems or devices that are outdated and vulnerable. They try to make a device or network resource useless by seizing control of it and causing disruptions to the services that are being provided by the host device.
Figure 1: Data Breach Threats by Percentage of Reported Cases
(Source: Safety Detectives Cybersecurity Team, 2021)
Between the years 2005 and 2019, a total of about 43.38% of all health data was lost or stolen due to a data breach. Hacking is regarded as one of the forms of data breaches that do the most damage and have the most significant effect on healthcare payers and providers. Patients’ personal information has become more vulnerable as the number of cybersecurity breaches in healthcare institutions has risen. Few studies have comprehensively addressed cybersecurity vulnerabilities in healthcare, despite this concern and the added danger presented to patients’ safety and operational and financial challenges to healthcare organizations.
Figure 2: The Most Impactful Types of Data Breaches as Reported by Healthcare Companies
(Source: Safety Detectives Cybersecurity Team, 2021)
The significant growth in the number of cybersecurity breaches that have occurred in healthcare companies has increased the likelihood that patients’ private information will be disclosed. As per Bhuyan et al., (2020) even though this threat exists, as well as the additional danger that incidents of this nature pose to the safety of patients, as well as operational and financial threats to healthcare organizations, very few studies have systematically examined the cybersecurity threats that exist in the healthcare industry. The Office for Civil Rights (OCR) of the Department of Health and Human Services was informed about 365 data breaches involving 500 or more healthcare records in 2018. Because of these breaches, a total of 13,236,569 healthcare data were made public in 2018, which is more than double the number of records that were made public in 2017. According to the OCR’s data breach statistics (Fig. 2), there has been a clear increase trend in the number of data breaches over the previous nine years, with 2018 seeing more data breaches recorded than any other year since records first began being released.
Figure 3: Number of Data Breaches from 2009-2018
(Source: Grassi, 2019)
Threats related to cybersecurity have just recently emerged as a concern for healthcare professionals, but their importance cannot be overstated. As per Almulihi et al., (2022) late in the year 2020 and early in 2021, the state of cybersecurity threats continued to deteriorate. Not only have cybercriminals recognized the holes in the security of today’s healthcare systems, but patients have as well. The COVID-19 pandemic is also a primary contributor to the rise in the number of cyberattacks. The strains of a worldwide epidemic are keeping medical professionals very busy. The reaction to COVID-19 is now receiving a significant number of resources, which is diverting focus away from cybersecurity. As a direct consequence of this, several cyberattacks have been directed at the healthcare industry.
Figure 4: Individuals affected by Healthcare Data Breaches (2009-2020)
(Source: Safety Detectives Cybersecurity Team, 2021)
According to Al-Muhtadi et al., (2017), applications for social media platforms accessible through mobile devices have brought about a revolutionary shift in the way information is shared. However, with the introduction of such applications on a scale never before seen, the privacy of the information is put at risk to a greater degree if breach mitigation is not well implemented. Because healthcare apps are now being built for mobile devices so that they may also benefit from the power of social media, issues around cybersecurity and privacy for such sensitive applications have become more important. The design of a typical mobile healthcare application is discussed in this article. Within this architecture, individualized degrees of privacy protection are specified for each user who uses the system. After that, it goes into detail on the many ways in which communication across a social network in a multi-cloud environment may be made safer and more private, particularly for applications related to healthcare.
6. Methodology
6.1 Data source and collection
Both primary and secondary data collection approaches will be conducted in this study to analyze the cyber security and data breach issues in healthcare organizations. Researchers in the field of health services research use semi-structured, in-depth interviews with participants as their primary way of gathering qualitative data. The best way to acquire and evaluate data was via an interview using a direct questionnaire based on already available reports (Xu et al., 2020). Using this method, the researcher may collect open-ended data, study participants’ thoughts and feelings on a specific topic, and delve into personal and sensitive subjects. Instead of relying on a single method to obtain secondary data, researchers must instead collect information from a variety of trustworthy and reputable sources. It is also possible for a researcher to gather data anonymously. It is possible to use other approaches, but their dependability and results would be much lower than those obtained via interviews and thematic analysis.
6.2 Sampling
To carry out the specific research study, the method of sampling known as purposive sampling will be chosen as the one to use after a thorough assessment and analysis of each distinct sampling approach. In this investigation, a procedure that is merely semi-structured will be used to conduct the interviews with four managers from various healthcare organizations. Purposive sampling is a common method in qualitative research for finding and selecting the instances that contain the most useful data and thereby making the most efficient use of the available resources. For this study, Moser & Korstjens (2018) used a method called “purposeful sampling” to choose individuals with certain characteristics who would be more suited to assist with the research. A purposefully diverse cross-section of demographics is included by design in all of the investigations that are conducted at random.
6.3 Data Analysis
The primary qualitative interview will be chosen as the method of data collection since it would help this specific research study reach a satisfactory conclusion (Palanisamy & Thirunavukarasu, 2019). The interview procedure, which is one of the core data-gathering techniques, has already been characterized as providing a larger chance to connect with the organization’s pre-existing health managers. Thematic analysis will be done on the secondary qualitative data in this case. Throughout this approach, several subjects that are important to the study task are developed. In the case of thematic analysis, the researchers will concentrate a substantial level of weight on the process of topic generation. Thematic analysis is a useful method for qualitative research. A flexible and robust data analysis approach, as opposed to simple data analysis, may help obtain insights into complex occurrences.
6.4 Ethical Consideration
Ethics and standards must be observed while doing any study. As a result, both secondary and primary research need to adhere to certain ethical standards. To obtain participant permission, they have been given all relevant information about their participation in the study and its main aims. The researchers have not published any medical information on the individuals included in this study, which has been based on their participation in the study. According to the Data Protection Act, the personal information a company has on its employees is protected. References and acknowledgments have been made professionally. After completing the study project, all of the data was wiped clean. Furthermore, the researchers were believed to have utilized and altered no data for their benefit.
6.5 Time Plan
Figure 5: Time Plan
7. Conclusion
To sum up, the field of healthcare places an extreme premium on the conversation around cybersecurity. The potential cybersecurity threats posed by connected devices continue to rise in tandem with the expanding connection and integration possibilities offered by such devices. Management of cybersecurity risks is a significant obligation, and all members of the healthcare community should continue to keep this topic in mind as we work on the process of protecting the facilities to guarantee the highest possible standard of care for patients. The healthcare team must be provided with frequent updates on the strategic cyber risk profile of your firm, as well as information on whether or not suitable steps are being dynamically implemented to minimize the ever-changing cyber risk. Instilling a culture of cybersecurity that is focused on the protection of patients is, as a last line of defense, the most critical. Because of this, healthcare companies can capitalize on their established culture of providing excellent patient care to instill a complementing culture of cybersecurity. The organization’s capacity to reduce cyber risk to patients and the institution as a whole will be greatly influenced by its employees’ perceptions of themselves as proactive defenders of patients and their data.
References
Al-Muhtadi, J., Shahzad, B., Saleem, K., Jameel, W., & Orgun, M. A. (2017). Cybersecurity and privacy issues for socially integrated mobile healthcare applications operating in a multi-cloud environment. Health Informatics Journal, 25(2), 315–329. https://doi.org/10.1177/1460458217706184
Almulihi, A. H., Alassery, F., Khan, A. I., Shukla, S., Gupta, B. K., & Kumar, R. (2022). Analyzing the Implications of Healthcare Data Breaches through Computational Technique. Intelligent Automation and Soft Computing, 1763–1779. https://pesquisa.bvsalud.org/global-literature-on-novel-coronavirus-2019-ncov/resource/pt/covidwho-1579252
Bhuyan, S. S., Kabir, U. Y., Escareno, J. M., Ector, K., Palakodeti, S., Wyant, D., Kumar, S., Levy, M., Kedia, S., Dasgupta, D., & Dobalian, A. (2020). Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations. Journal of Medical Systems, 44(5). https://doi.org/10.1007/s10916-019-1507-y
Chernyshev, M., Zeadally, S., & Baig, Z. (2018). Healthcare Data Breaches: Implications for Digital Forensic Readiness. Journal of Medical Systems, 43(1). https://doi.org/10.1007/s10916-018-1123-2
Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 113, 48–52. https://doi.org/10.1016/j.maturitas.2018.04.008
Grassi, J. (2019, May 15). Cyber-Attacks Affect All Healthcare Organizations – Large and Small. Logically. https://www.logically.com/blog/cyber-attacks-affect-all-healthcare-organizations-large-and-small
Makridis, C., & Dean, B. (2018). Measuring the economic effects of data breaches on firm outcomes: Challenges and opportunities. Journal of Economic and Social Measurement, 43(1-2), 59–83. https://doi.org/10.3233/jem-180450
Moser, A., & Korstjens, I. (2018). Series: Practical Guidance to Qualitative Research. Part 3: Sampling, Data Collection, and Analysis. European Journal of General Practice, 24(1), 9–18. https://doi.org/10.1080/13814788.2017.1375091
Palanisamy, V., & Thirunavukarasu, R. (2019). Implications of big data analytics in developing healthcare frameworks – A review. Journal of King Saud University – Computer and Information Sciences, 31(4), 415–425. https://doi.org/10.1016/j.jksuci.2017.12.007
Riggi, J. (2022). The importance of cybersecurity in protecting patient safety | Cybersecurity | Center | AHA. Www.aha.org. https://www.aha.org/center/cybersecurity-and-risk-advisory-services/importance-cybersecurity-protecting-patient-safety
SafetyDetectives Cybersecurity Team. (2021, May 20). Healthcare Cybersecurity: The Biggest Stats & Trends in 2021. SafetyDetectives. https://www.safetydetectives.com/blog/healthcare-cybersecurity-statistics/
Xu, K., Li, Y., Liu, C., Liu, X., Hao, X., Gao, J., & Maropoulos, P. G. (2020). Advanced Data Collection and Analysis in Data-Driven Manufacturing Process. Chinese Journal of Mechanical Engineering, 33(1). https://doi.org/10.1186/s10033-020-00459-x
