Professional Documents
Culture Documents
Dich
Dich
1 Introduction
Healthcare sectors are embracing information and communication technologies at a rapid
pace.There have been significant efforts in integrating technological innovations such as
electronic health record (EHRs), mobile health (mHealth), cloud computing and Internet of
Things (IoT) into healthcare practices to diagnose, treat and rehabilitate patients [1]. These
technological innovations have been rapidly transforming healthcare industry into a more
patient-focused and economically sustainable service. By enabling healthcare providers timely
access to accurate patient data when needed from anywhere, these technologies have enabled
primary care providers to make fast and accurate decisions as well as provide good medical
outcomes to patients [2]. Furthermore, bymaking patientmedical histories easily and quickly
accessible, digitization has enabled healthcare professionals to quickly diagnose potential
health issues. Moreover, these technologies offer healthcare providers the right level of
actionable information at the point of care, thus greatly improving patient experiences.
Technological innovation in healthcare sectors has also established a platform for easily
and quickly sharing health data across a variety of stakeholders (e.g. patients, doctors,
insurance companies, government agencies, research institutes and other healthcare providers)
[2]. Furthermore, they empowered patients to have real-time access to their clinical information
online. This has enabled patients to engage in their care while increasing their understanding of
their health and improving their ability to look after themselves. The adoption of technological
innovations has benefited healthcare providers and patients tremendously through improving
healthcare delivery and management, convenience, as well as making them economically
sustainable [3].
Although there is ample evidence that digitization of healthcare workflow can enhance
the quality of care and decrease the cost of care, technological innovation of healthcare
systems brings with it potential privacy and security risks [4]. This is because health data
contains extremely sensitive patient information and thus their collection, usage and storage
raise serious patient privacy and data security issues. Healthcare data is exceedingly attractive
to cybercriminals who have been working overtime to get their hands on it [2]. Recent high-
profile cybersecurity incidents across the world in healthcare industry show that the sector is
exceedingly coming under constant cyberattacks. These trends are expected to escalate in
frequency and magnitude for the foreseeable future. The escalation of cyberattacks in health
care could lead to serious safety concerns of the patients, eroding patient confidence and
business reputation, productivity and financial losses. For example, the annual cost to
healthcare sector due to data breaches is estimated to be about $6.2 billion and is expected to
increase with adoption of new technologies by the healthcare industry [5].
With the recent health data breach incidents, cybersecurity has become a strategic issue
for healthcare organizations. Therefore, the concerns of cybersecurity and privacy are taking a
centre stage in modern digital healthcare system [4,6]. As health care is a critical infrastructure,
guaranteeing adequate protection of the patient privacy and data security is a critical factor in
realizing the benefits of the technological innovations in healthcare environment. Thus, the
benefits that the technological innovations offer to healthcare organizations should be matched
by the same measure of devotion and commitment to ensure the patient privacy and security of
the digitized healthcare systems.
The principal aim of this chapter is to give an overview of the current cybersecurity
trends in the healthcare domain. Specifically, the aim is to provide insight into the current
cybersecurity landscape with emphases on cybersecurity threats and vulnerabilities to patient
privacy and data security in healthcare settings. The important contribution is to provide an in-
depth understanding of the potential security and privacy risks facing healthcare providers and
vulnerabilities, as well as contemporary threats and the most effective countermeasures to
ensure safe and secure operation of the healthcare systems. We will discuss how the speed
and complexity of healthcare digitization complicate addressing patient privacy and data
security challenges. The different types of assets likely to be targeted will be reviewed as well
as the profile of the potential threat agents and their objectives. Advances in technologies and
management issues to ensure the patient privacy and data security are highlighted. Also,
regulations and acts that decree the standards for dealing with health information will be
discussed.
Health data is the lifeblood of any healthcare provider. Therefore, health data collection
is the single most important function of healthcare systems. There are a variety of ways in which
the health data is collected from the patients. The conventional face-to-face approach during the
normal course of business is still the prevailing approach. In this approach a healthcare
professional (e.g. physicians and nurses) prompts patients for information and documents it.
Also, a wide variety of technologies both within the hospital settings and outside hospitals such
as patient homes are used to collect data. For example, wearables (e.g. smart watches and
fitness trackers) are commonly used to gather patient-generated physiological health data such
as temperature and heart rhythm. Financial and other data are also collected either in a
traditional manner or online. Cloud computing is increasingly used as the main platform for
personal health record (PHR) [7]. Cloud computing offers on-demand access to computational
and storage resources from almost anywhere and when needed.
With digitization process, the EHRs have been replacing the conventional paperbased
health record. EHRs have numerous advantages including the reduction of medical errors,
reliable prescription and quick access to records, fast data transfer and data sharing in
unprecedented scale. They enable clinicians and nurses to be able to view patient records
simultaneously from different locations, which is not possible with paper-based records. They
also decrease the number of lost records and permit a complete set of backup records in a cost-
effective manner.
EHRs contain a wealth of highly regulated, mission-critical information. They are the
lifeblood of every healthcare sector. They have also become cybercriminals’ primary target for
stealing at any cost. This is because, according to Ponemon Institute [8], EHRs are on average
valued at $50 on the black market as they can be used to commit identity theft and other
insurance frauds. Therefore, EHRs must be securely managed and used to reap the benefits
(e.g. cost-effectiveness, high efficiency and performance demands) of the EHR.
The common devices used in accessing healthcare records include the standard
workstation in offices and a wide variety of small handheld devices such as smartphones,
tablets such as iPads and other mobile devices. Workstations are good for static situations such
as at the nursing workspace. However, the workflow within the hospital environment is dynamic
as the clinicians, nurses and patients continually move around the hospital. With its capability to
enable mobility of the clinicians and access to the patient information wherever he/she is
providing care or reviewing information to provide care, mobile devices have become part and
parcel of healthcare digital system infrastructure. In addition to making patient care more
efficient, it has enhanced healthcare professionals’ workflow. As the number of healthcare
providers using mobile devices for patient care keeps increasing, huge investment in the
development of mobile EHR is currently underway.