Running head: ANNOTATED BIBLIOGRAPHY 1

Annotated Bibliography

Joella Crosby

Capella University
ANNOTATED BIBLIOGRAPHY 2

Information Summary

The purpose of this annotation bibliography is to examine and provide a clear and concise

summary of relevant scholarly literature with regard to the security and privacy challenges

present in healthcare information systems. In particular, this paper explores literature related to

the cybersecurity risks that healthcare information systems are exposed to as a result of the use of

Bring Your Own Devices (BYOD). The examination of the literature has shed light on several

key takeaways. First, security and privacy issues in information systems has been a concern that

is as old as the advent of such systems, and the increased adoption of healthcare information

technologies in recent years has exposed the healthcare system to these security challenges.

Second, the security challenges in information systems, and healthcare information systems for

that matter, is an area that has been widely researched and numerous solutions advanced.

Third, the increased need for enhanced connectivity and more efficient information

exchange within the healthcare system has led to the rapid adoption and utilization of the

cyberspace. Fourth, BYOD is an emerging information technology trend that has is continuously

being embraced by many hospitals and healthcare organizations due to the appeal of value that it

brings - users can conveniently access organizational systems and networks and the organization

does not have to spend anything on purchasing the devices. Fifth, security and privacy challenges

related to cybersecurity has also been moderately explored. But, BYOD devices have added a

new dimension to these security and privacy challenges further threatening sensitive patient

information. However, there is little to no research on the exposure of BYOD to cybersecurity

and how healthcare managers may protect their systems and networks from cyberattacks while

using BYOD. There is an urgent need, therefore, to explore this area to ensure sensitive patient

information is secure and the real benefits of using BYOD have been adequately harnessed.
ANNOTATED BIBLIOGRAPHY 3

Annotated Bibliography

Al-Ameen, M., Liu, J., & Kwak, K. (2013). Security and Privacy Issues in Wireless Sensor

Networks for Healthcare Applications. Journal of Medical Systems, 36(1). 93-101. Doi:

10.1007/s10916-010-9449-4

The purpose of this paper was to examine the various security and privacy issues

that are present in healthcare wireless sensor networks. The authors noted that within the

healthcare system, there has been a meteoritic rise in the utilization of wireless sensor

networks with numerous applications already developed and in use. It was further noted

that the wireless nature of most devices and applications has lead to heightened security

and privacy concerns. The paper describes in detail and evaluates the security and privacy

problems in these networks and provide possible measures that can be used to curtail

such security challenges and issues.

Al-Ayubi, S. U., Pelletier, A., Sunthara, G., Gujral, N., Mittal, V., & Bourgeois, F. C. (2016). A

mobile app development guideline for hospital settings: Maximizing the use of and

minimizing the security risks of “bring your own devices” policies. Journal of Medical

Internet Research mHealth and uHealth, 4(2), 50-61.

http://doi.org/10.2196/mhealth.4424

The purpose of this study was to investigate the use of mobile applications within

the hospital environment and provide guidelines for mobile app development in

healthcare settings to ensure that the security risks of BYOD devices have been

minimized. To improve patient care and work processes, numerous hospitals are today

working on introducing mobile applications. However, the authors note that it will be

hugely costly and inconvenient for the hospitals to purchase mobile devices for their staff
ANNOTATED BIBLIOGRAPHY 4

only for use within the healthcare environment. That is why allowing the healthcare

professionals to bring their own devices at work is a more appealing alternative.

However, considering the security risks posed by BYOD devices, it is important that the

mobile apps are developed with clear guidelines that will facilitate security enhancements

in BYOD.

Al-Janabi, S., Al-Shourbaji, I., Shojofar, M., & Shamshirband, S. (2017). Survey of main

challenges (security and privacy) in wireless body area networks for healthcare

applications. Egyptian Informatics Journal, 18(2). 113-122.

https://doi.org/10.1016/j.eij.2016.11.001

This study examined the various challenges facing wireless body area networks in

healthcare with particular attention of the security and privacy concerns. Wireless body

area networks are a mushrooming technology trend in healthcare that uses wearable

devices to facilitate the monitoring and collection of patients’ health record data. Once

such sensitive data is collected, it is important that the system has high security and

privacy measures to protect these data while being utilized by healthcare professionals.

The authors of this study examine these networks at length and provide concrete and

state-of-the-art measures that can be employed to ensure that the privacy and security of

the data has been protected.

Ayatollahi, H., & Shagerdi, G. (2017). Information Security Risk Assessment in Hospitals. The

Open Medical Informatics Journal, 11, 37–43.

http://doi.org/10.2174/1874431101711010037

The study assesses the various risks that affect the information security of

healthcare information systems. The authors noted that although there have been
ANNOTATED BIBLIOGRAPHY 5

numerous efforts by researchers to categorize information security risks, there are still

many more unknown risks within the hospital environment that might seriously threaten

the security of patient information. To be able to take quick corrective actions, it is

critical that the underlying causes of these security risks are effectively identified,

understood, and controlled.

Bhartiya, S., & Mehrota, D. (2013). Threats and challenges to security of electronic health

records. In K. Singh, & A.K. Awasthi (Eds.), Quality, Reliability, Security and

Robustness in Heterogeneous Networks: 9th International Conference, Revised Selected

Papers (pp. 543-559). Amsterdam; Boston, MA: Springer.

Healthcare has always been an issue that is both complex and sensitive. Over the

past decade, huge strides have been taken to enhance the quality of services and care

delivery within the healthcare system through rapid integration of information

technologies. This has led to the automation of healthcare activities, and electronic health

records form an integral part of this integration. However, despite the numerous benefits

that such health information systems have brought, they have also been accompanied by

numerous challenges chief among them the issue of data security. This book chapter

comprehensively studies and identifies the various security threats to hospital health

information systems. In addition, these security threats are categorized, rated, and real-

time scenarios for each examined. The chapter concludes by providing recommendations

to address these security threats.

Bromwich, M., & Bromwich, R. (2016). Privacy risks when using mobile devices in health

care. Canadian Medical Association Journal, 188(12), 855-856.

http://doi.org/10.1503/cmaj.160026
ANNOTATED BIBLIOGRAPHY 6

The purpose of this study was to examine the various privacy risks associated

with the use of mobile devices in healthcare. The authors pointed out that mobile devices

are increasingly being used within the healthcare environment to provide healthcare

professionals with new ways to conduct professional communications, efficient

specialists’ consultations, and expedites support to information and decision support.

However, the use of these devices within the healthcare setting has also brought

numerous risks including insecure data storage and privacy breaches. The study therefore

tries to create an awareness of these privacy risks associated with the use of mobile

devices within hospitals.

Cavett, A. L. (2016). Using security risk analysis: Is the bring your own device policy becoming

a liability risk within healthcare. Purdue University Open Access Theses, 757,

https://docs.lib.purdue.edu/open_access_theses/757

By using computer simulation, the study conducted a security risk analysis to

determine whether BYOD has become the new frontier for security and privacy concerns

within the healthcare environment. In addition to the primary objective of determining

the liability risk of BYOD within hospitals, the study also sought to establish how the

security risks prevalent in such personal devices compares with the security risk

emanating from wired desktop computers. Although it was determined that BYOD

devices have a lower security risk that wired desktop computers, the security risk was

still substantial enough and so effective measures should be taken to address such

challenges.
ANNOTATED BIBLIOGRAPHY 7

Chen, H., Li, J., Hoang, T., & Lou, X. (2013). Security challenges of BYOD: a security

education, training and awareness perspective. Thesis Dissertations: Melbourne, The

University of Melbourne Library. http://hdl.handle.net/11343/33347

The purpose of this study was to explore the various security challenges that users

and organizations expose themselves to as a result of the utilization of Bring Your Own

Devices (BYOD) at work. After the identification of the BYOD security risks and

challenges, the paper goes on further to examine current literature on the awareness,

training, and education approaches and frameworks that can be used to motivate users to

commit to relevant policies and best practices of BYOD. The paper established that one

of the most significant factors in addressing BYOD security threats is user accountability.

As a result, it is essential that organizations utilizing BYOD focus on well-defined

awareness, education, and training programs.

Ernest, E. O., Sunday, A. I., & Oyindolapo, K. (2015). Electronic health record systems and

cybersecurity challenges. International Conference on National development issues:

Information and Communication Technology Track. 98-105.

http://eprints.covenantuniversity.edu.ng/5326/1/Paper%2054.pdf

The purpose of this study was to explore the cyber security challenges inherent to

electronic health record systems. Information flow in the digital cyberspace is

commonplace in today’s world. Health information systems help preserve patient safety

and care through more efficient information exchange. However, such exchange of

information within the cyberspace, albeit providing numerous benefits to care delivery

and patient outcomes, exposes sensitive patient information to identity theft and severe

privacy violations. The research therefore examines cybersecurity issues in the medical
ANNOTATED BIBLIOGRAPHY 8

field today and measures that can be implemented to secure patient information within

the healthcare field.

Garba, A. B., Amarego, J., Murray, D., & Kenworthy, W. (2015). Review of the Information

Security and Privacy Challenges in Bring Your Own Device (BYOD) Environments.

Journal of Information privacy and Security, 11(1). 38-54.

https://doi.org/10.1080/15536548.2015.1010985

The purpose of this study was to analyze the security and privacy challenges that

accrue from the utilization of bring your own devices at work. The authors noted that the

rapid development in information and communication technologies coupled with an

equally rapid adoption of information technologies has led to the emergence of evolving

trends such as BYOD. In attempts to improve productivity and efficiency, BYOD devices

have been used to rapidly transform organizational activities and operations. However,

there exists many security and privacy challenges in BYOD environments that should be

examined and understood.

Kumar, P., & Lee, H.-J. (2012). Security issues in healthcare applications using wireless medical

sensor networks: A survey. Sensors, 12(1), 55-91. http://doi.org/10.3390/s120100055

This study comprehensively explores the various security issues that accompany

the use of healthcare applications that utilizes wireless medical sensor networks. The

researchers conducted an extensive survey of some of the most popular healthcare

projects and highlights their security in the process. The use of healthcare applications is

seen as a promising avenue to enhance patient monitoring and communication thereby

enhancing the quality of care as well as patient outcomes. Through the use of healthcare

applications for remote monitoring, healthcare professionals are able to collect sensitive
ANNOTATED BIBLIOGRAPHY 9

data that helps foster better care. However, the sensitive nature of such information

means that security considerations are mandatory to ensure data privacy. Therefore, the

study identified the various security risks, requirements, and mechanisms for such

applications and provides security solutions to problems currently being faced.

Kruse, C. S., Fredrick, B., Jacobson, T., & Monticone, K. (2016). Cybersecurity in healthcare: A

systematic review of modern threats and trends. Technology and Healthcare, 25(2). 1-10.

DOI 10.3233/THC-161263

The purpose of this systematic review study was to highlight emerging

cybersecurity trends and explore probable solutions through an extensive query of

academic literature. The researchers stated that the primary reason why majority of

healthcare information systems are vulnerable to modern threats and trends is due to

failure of health organizations to stay abreast of such threats. The authors concluded that

cybersecurity is a real threat for healthcare systems since the healthcare sector has

consistently lagged behind other industries when it comes to securing vital information.

Guidelines on how to enhance the security and privacy of patient information from cyber-

criminals are outlined.

Lunar, R., Rhine, E., Myhra, M., Sullivan, R., & Kruse, C. S. (2016). Cyber threats to health

information systems: A systematic review. Technology and Healthcare Journal, 24(1). 1-

9. DOI: 10.3233/THC-151102

The purpose of this qualitative systematic review was to examine the cyberthreats

that health information systems face. Recent legislations have empowered healthcare

providers and organizations to embrace and adopt health information systems that fosters

effective exchange of information. However, the use of such integrated health

ANNOTATED BIBLIOGRAPHY 10

information systems has created a ready pool of critical patient information increasing the

risk of cybercrime. Both external and internal security issues including cyberterrorism

and identity theft are extensively discussed.

Mehraeen, E., Ghazisaeedi, M., Farzi, J., & Mirshekari, S. (2017). Security challenges in

healthcare cloud-computing: A systematic review. Global Journal of Health Science,

9(3). 157-166. http://doi:10.5539/gjhs. v9n3p157

The purpose of this study was to determine the security challenges that are present

in healthcare cloud computing through a systematic review of articles published between

the year 2000 and 2015. Healthcare data represents very sensitive information that should

never be allowed to land at the hands of unauthorized persons if the security and privacy

of the patients are to be protected. However, even in progressed technologies that are

used to store healthcare data like cloud computing, cyber gaps remain an important

vulnerability. Successful cyberattacks can have devastating effects and pose adverse

impacts on the privacy and security of the patients. It is therefore important that

healthcare professionals possess an effective understanding of the various security threats

facing healthcare cloud computing and how to properly address them. The study

therefore investigates and outlines the various security challenges in cloud computing and

proposes countermeasures such as access controls, authorization, and authentication.

Octavia, T., Yanti, T., & Prabowo, H. (2016). Security and privacy challenge in Bring Your Own

Device environment: A Systematic Literature Review. International Conference on

Information Management and Technology, 194-199. DOI:

10.1109/ICIMTech.2016.7930328
ANNOTATED BIBLIOGRAPHY 11

One of the rapidly growing phenomenon that information technology specialists

have had to deal with is Bring Your Own Devices to Work (BYOD). The increase in the

diversity of tools and platforms where organizational data has to be kept means that it is

almost inevitable for employees today to use their cellular phones, smartphones, personal

computers, tablets, and other personal devices at work. However, for organizations to

reap the full benefits of the utilization of BYOD devices in healthcare, it is important that

all privacy and security issues that are associated with the use of such devices are

accurately identified and effectively addressed. The purpose of this study was therefore to

examine the security and privacy issues involved in BYOD use and provide

recommendations for addressing these challenges.

Olalere, M., Mahmod, R., & Abdullah, A. (2015). A review of bring your own devices on

security issues. SAGE Open Journals, 5(2). 1-11.

https://doi.org/10.1177/2158244015580372

This study reviews security issues related to Bring Your Own Devices (BYOD) in

healthcare. The proliferation of mobile devices coupled with the mushrooming of cloud-

based applications has increased mobile computing within the healthcare environment.

The increased reliance on mobile computing means that workers today bring their own

mobile devices at work and use them to facilitate organizational activities and functions.

However, the policy of allowing BYOD devices at the workplace has exposed healthcare

organizations to possible security threats. The study provided an appropriate theoretical

foundation for BYOD by examining the various tenets of BYOD in healthcare. Security

is the most significant threat facing the use of these devices.

ANNOTATED BIBLIOGRAPHY 12

Perakslis, D. E. (2014). Cybersecurity in Healthcare. The New England Journal of Medicine,

371(2014). 395-398. DOI: 10.1056/NEJMp1404358

Many healthcare institutions have been victims of cyberattacks. Cyber-criminals

mainly target infrastructure, data, money, and devices. The threat of cyberattacks is real

and present in healthcare and has devastating effects including the loss of critical and

sensitive patient information. Therefore, the purpose of this study was to highlight the

various cybersecurity issues in healthcare so as to create an awareness son how patients,

institutions, and providers can be protected. Health information technologies have

significantly improved the healthcare industry but unless the security and privacy issues

are affectively addressed, the safe delivery of such benefits could be short-lived.

Sansurooh, K., & Williams, A. H. P. (2014). BYOD in ehealth: Herding Cats and Stable Doors,

Or A Catastrophe Waiting to Happen? Australian eHelath Information and Security

Conference, 24(3). 28-34. DOI10.4225/75/5798284331b46

In the recent past, there has been a widespread use of BYOD devices in the work

environment including hospitals where users are permitted to access organizational

networks, resources, and applications. The utilization of personal devices at the work

environment brings about great appeal and value due to the ease of use as well as the

ability to access a variety of work-related and personal applications. However, with

lurking cyber criminals who are seriously targeting healthcare information for identity

theft and other malicious drives, the use of BYOD devices within the healthcare

environment has created additional vulnerabilities that could put patient sensitive

information at serious risks. This study extensively analyzed the issue of cyber security in
ANNOTATED BIBLIOGRAPHY 13

healthcare as related to Bring Your Own Devices at work in order to provide a better

understanding of the challenge.

Vorakulpipat, C., Sirapaisan, S., Rattanalerdnosorn, E., & Savangskuk, V. (2017). A Policy-

Based Framework for Preserving Confidentiality in BYOD Environments: A Review of

Information Security Perspectives. Security and Communication networks, 7(4). 1-11.

https://doi.org/10.1155/2017/2057260

It is true that many organizations today allow their employees to bring personal

devices at work and use such personal devices to access organizational systems and

networks. This is the phenomenon known as Bring Your Own Devices (BYOD).

However, majority of these organizations have also overlooked the potential privacy and

security threats to data that such devices bring. The purpose of this review is therefor to

consider a probable framework that can facilitate the preservation of privacy and

confidentiality within BYOD environments.

Williams, P. A., & Woodward, A. J. (2015). Cybersecurity vulnerabilities in medical devices: a

complex environment and multifaceted problem. Medical Devices (Auckland, N.Z.), 8,

305–316. http://doi.org/10.2147/MDER.S50048

The purpose of this study was to investigate the numerous cybersecurity

vulnerabilities in medical devices. The researchers pointed out that increased connectivity

of healthcare computer networks in the recent past has increasingly exposed medical

devices to cybersecurity, something that they were previously used to. It is therefore

important for stakeholders within the healthcare environment to ensure that effective

measures have been pit in place to address the new challenge of cybersecurity and protect

sensitive patient information from falling into the wrong hands. This study reviewed the
ANNOTATED BIBLIOGRAPHY 14

complex issues and factors at play within this insecure environment, identifies the various

cyber vulnerabilities to medical devices, and highlights proactive and coordinated

approaches that can be used to address the challenge.