Professional Documents
Culture Documents
Christopher Manaois
HCIN 559
With technology continually evolving in healthcare, home healthcare and monitoring are
being used more and more because of the increased capabilities of medical devices and
equipment. Such capabilities include the ability to connect to devices and equipment through
networks that enable providers to connect and monitor them remotely. Remote monitoring
provides convenience and comfort to both patients and providers. It can be easier for providers to
keep an eye on patients by conserving more manpower and resources from travel. At the same
time, patients and families are also able to stay in their home environments, which can increase
morale. These advances, however, hold significant cybersecurity risks and are included as one of
the Emergency Care Research Institute’s (ERCI) top 10 patient safety concerns (ECRI, 2020).
The medical devices connected to a network can be hijacked or interrupted, which can affect its
performance, and consequently affecting the patient’s care. For instance, a network can be
invaded and access to encrypted data can be restricted until a fee (ransom) is paid. Fairly recently
Hollywood Presbyterian Medical Center suffered a ransomware attack and payed $17,000 to
regain access to their medical files (Kruse et al., 2017). These attacks are real threats that can
Because medical institutions increasingly use medical devices that are connected to
networks to provide care to patients, it is vital to identify and address cybersecurity threats.
These threats could potentially leave institutions compromised and put patients in great danger.
This is especially important for patients who are under home healthcare since there is no in-
house technician available to physically assist patients and family members if these attacks do
happen. The purpose of this paper is to explore the real threats of cybersecurity in home
BLOCKCHAIN CYBERSECURITY 3
healthcare settings and propose a possible solution to address or mitigate the problem to ensure
safety of patients.
Healthcare has developed enabling providers efficient ways to remotely treat and monitor
patients, especially those with chronic diseases. These remote capabilities keep focus on patient
monitoring even outside of the clinical setting. But these efficiencies give cyber-criminals
opportunities to exploit and carry out attacks. Some motivations for attacks include financial or
political gain, or to further expose an organization’s vulnerabilities (Coventry & Branley, 2018).
Home health medical devices are no less vulnerable. This paper will analyze articles identifying
hazards and potential solutions to improve home healthcare delivery. Such solutions include,
institutional funding and system updates, personnel and institutional practices, the use of
blockchain technology and the recommendation of virtual private network (VPN) and
Medical devices utilized to monitor and treat patients can be exposed to cybercriminals.
It was suggested that insufficient funding for cybersecurity causes problems for institutions since
most efforts are centered on integration rather than software updates and system security
(Coventry & Branley, 2018). Organizational workflow changes are needed to manage
cybersecurity threats. Measures like regular system backups, software updates keep security
patches in place (Coventry & Branley, 2018). Buying into systems and processes that enable and
support secure data transferring also protects an organization (Coventry & Branley, 2018).
Continuous training and education for user recognition, avoidance and reporting of
phishing attacks is vital (Wright et al., 2016). By providing everyday users the information on
flagging and acting against security threats, a line of defense is put into place. A two-factor
authentication is the most important step in security risk reduction (Wright et al., 2016). These
extra steps provide substantial security benefits. In addition to workspace personnel and user
compliance, new emerging technology can also be utilized to defend the integrity of
With Smart Home ecosystems widely developing, home healthcare is enabled and
supported. Smart Home is having information technology (IT) capabilities at home that meet
user demands essentially improving comfort, security, entertainment and convenience (Safavi et
al., 2018). Security is a key concern in Smart Home ecosystems because information can be
infiltrated by outsiders (Safavi et al., 2018). It was suggested that blockchain technology be used
to ensure privacy and security, which includes smart healthcare protection. Blockchain
technology appeals to health data because of its capabilities on sharing, distributing and
encrypting information (Agbo et al., 2019). Safavi et al. (2018) suggests blockchain technology
can improve audit logging, give patients more access to their personal health records (PHR),
improve health IT application deployment, and provide abilities to connect databases. Having
user or provider distributed keys can safeguard transmission and transactions with blockchain
technology. In addition, manufacturers can also provide default capabilities that ensure security
for its customers. This will make it hard for criminals to access devices right off the market.
Finally, it was noted that approximately 500 million Americans have internet capable
devices like smartphones, tablets and other internet connected devices (McGee, 2016). It was
added that wireless networks are the source of the greatest security risk because attackers can
BLOCKCHAIN CYBERSECURITY 5
gain access to personal data and even manipulate medical care appliances to pose physical safety
risks to patients (McGee, 2016). McGee (2016) recommends homes utilizing virtual private
network (VPN) to decrease vulnerability from cyber-attacks. A VPN provides users privacy by
creating a private network from a public internet connection (Symanovich, 2020). VPNs provide
tunnels enabling users to connect to the internet without leaving information for hackers to grab.
Some things VPNs are able to hide browsing histories, IP addresses and locations and devices
connected to that network (Symanovich, 2020). In addition to VPNs, McGee (2016) suggests
that manufacturers of medical appliances and devices with connecting capabilities require to
install security compliant firmware. Cyber-attackers are able to access and compromise medical
devices though its firmware without the user’s knowledge. By letting the manufacturers produce
equipment that is security compliant to begin with, patients and medical institutions will be less
vulnerable to attacks.
Healthcare is only one field that reaps the benefits of the conveniences provided by
technology. It enables providers to monitor patients who are in locations other than the hospital
or clinical setting. These benefits come with vulnerabilities to attacks that can cause
organizational and individual (patient) harm. In order to prevent and mitigate these hazards, it
was pointed out that organizations need to invest in cybersecurity measures as well as implement
production levels. At a user level, individuals can perform safe and secure practices allowing
defense against threats. Users can also utilize VPNs to increase network safety. Second,
healthcare organizations need to invest more to protect data- including additional training or
buying into additional cybersecurity measures. Lastly, manufacturers can also do their part by
ensuring security compliance of their medical devices to protect their customers from potential
BLOCKCHAIN CYBERSECURITY 6
invasion and attacks. These solutions can help healthcare organizations protect patients from
Solution Description
For this paper, I believe blockchain technology is the best solution that will help mitigate
technology has been greatly appealing to the healthcare industry due to its capabilities of sharing,
encrypting and distributing data. Blockchain technology was proposed by Satoshi Nakamoto
with the idea to provide protection against data failure and exposure with a decentralized
and are able to work together (Hathaliya et al., 2019). In this case, the collaborators can be
doctors, patients, caregivers, etc. There is a digital agreement by the providers, patients and
caregivers that controls information that is added and also protects data from being tampered
with (Hathaliya et al., 2019). Blockchains have key features as displayed in Table 1 below.
Table 1
The immutable nature of the blockchain makes it pertinent to healthcare systems since
one cannot delete or modify information easily. There is, however, the issue of security and
scalability especially for longer blockchains since there is a significant amount of latency when
new information is added and propagated. Srivastava et al. (2018) talks about a system in which
blockchains. The 5 entities defined in the system are the patient, the healthcare provider, the
The smart devices are utilized by the patient, family or caregivers which transmit raw
medical data through networks or a smart phone. The system also collects health data from the
patient in which patients are the owners of their personal data where they can restrict or grant
access from any third party. Healthcare providers are responsible for administering tests and
treatments for patients where they are able to access previous medical data after gaining access
directly from the patient (Srivastava et al., 2018). The GHOSTDAG protocol network uses two
blockchain based protocols. A private blockchain where patient health data is processed using
smart contracts; and a public blockchain to send alerts to the smart devices and healthcare
facilities to receive the alerts (Srivastava et al., 2018). Lastly, the insurance company are able to
request data from users including health data from devices and past medical treatment to provide
Blockchain technology is the best solution to reduce risks for cyberattacks in home
healthcare because data within the network is very difficult to tamper with. By having a
blockchain, only authorized users are able to enter or modify data. This serves as a line of
defense against cyberattacks. To address the security and privacy issue, using GHOSTDAG
blockchain-based smart contracts can further protect patient data from intruders. The
BLOCKCHAIN CYBERSECURITY 8
GHOSTDAG protocol increases propagation speed of new blocks which makes the blockchain
With the use of blockchain technology for medical devices for remote patient monitoring,
the patients can have control over what information is shared to providers and insurance
companies to receive the best care possible. Health data transmission will be faster and more
secure where patients and families can receive alerts when abnormal readings are taken.
Healthcare providers can receive alerts and safely access necessary patient data in order to
deliver the best treatment for the patient, even while monitoring the patient remotely. Healthcare
organizations are also able to confidently transmit and receive pertinent patient data with
blockchain technology. This will make healthcare data is more secure from attacks and intrusion
that can cause both physical and financial harm to both patients and the healthcare organization.
BLOCKCHAIN CYBERSECURITY 9
-
Failing to see notification
VIII. Receiving of
-
Device failure to provide notification
Notification for new Medical
-
Network error resulting in
Information available
notification failure
Failure Mode and Effects Analysis Table
6 Hazard Score 4 3 4
7 Action (Eliminate, Control Control Control
Control, or Accept)
8 Description of Action - Password reset -Incident - Training on
link reporting proper use
- Providing -Immediate - Setting an
copies of login suspension of automatic log
credentials stolen off after an
- Providing credentials idle period
additional -Immediate - Adding
authorized credential initials after
users reset documenting
availability to ensure
consistency
Process Step #2
4 Severity 7 5 6
5 Probability Frequent Occasional Occasional
6 Hazard Score 12 6 6
7 Action (Eliminate, Eliminate Control Control
Control, or Accept)
8 Description of Action - Training - CDSS to - Regular
sessions for confirm maintenance
users data entry checks
- 24/7 assistance - CDSS to - CDSS to
hotline flag remind of
- Provide abnormal maintenance
handouts for readings checks
common terms - Immediate - Routine swap
for medical alerts to out of
condition dangerous equipment to
parameters ensure
entered optimum
function
Process Step #3
4 Severity 3 4 4
5 Probability Frequent Occasional Occasional
6 Hazard Score 4 6 6
7 Action (Eliminate, Control Control Control
Control, or Accept)
8 Description of Action - Automatic -Automatic - Alert sent to
logout after logout after network if
idle time idle time device
- Training for -Smart device disconnects
authorized sleep after - Contingency
users idle time for
- Smart device -Notification emergency
sleep after idle if network
time malfunction connection
is detected on - Routine tests
device on network
integrity
Process Step #6
Quality Measurement
In order to maintain the integrity of security in home health settings, measures can be
taken from both end user and administrative standpoints. First, end user security is very critical
since this can be an access point for cybercriminals to enter the network. New user training as
well as routine supplemental training should be part of the security maintenance of the healthcare
organization. This goes for both clinical and non-clinical users (like family members connecting
to the network). This security quality measure can be documented by random phishing attempts
administered and monitored by the healthcare organization’s administrative team. The number of
successful mock-phishing attempts can be documented to reinforce the need for more training
and increased security measures. If the phishing attempt is successful, the user can be prompted
to complete a refresher training course in order to mitigate real breaches in the future.
involved in monitoring the activity of the data and blockchain of the network. Signs of intrusion
attempts should be closely watched since this would be visible by authorized personnel. This
BLOCKCHAIN CYBERSECURITY 18
data could be collected to also identify weak points of the network such as end users, Bluetooth
connectivity, internet or WIFI connections, etc. Daily reports should be collected and based on
the urgency can be addressed accordingly. Less urgent cases can be complied to address during
weekly or bi-weekly meetings to secure holes or leaks in the network. The software can be then
regularly updated based on findings to maintain security since cybercriminals use tactics that
continually evolve.
The integrity of the home health networks should be protected to the best of the
healthcare organization’s ability to protect both their patients and the organization itself. In order
to do so, end user and the networks blockchain technology should be closely monitored by
authorized cybersecurity staff to mitigate and prevent unwanted attacks by criminals wanting to
Conclusion
With technology advancing, healthcare capabilities have increased where patients and
providers do not necessarily have to be in the same area to monitor and render treatment. Patients
can remotely receive care which in turn provides a familiar environment that also helps with
morale. Healthcare providers also free up more resources from in person care which can
potentially increase reach and focus on patients who require more medical attention. However,
being connected remotely also poses some threats to the healthcare organization, specifically in
cybersecurity. If not addressed accordingly, cybercriminals can tap into the network and cause
harm to the organization and the patients. Blockchain technology is a great solution to mitigate
Only authorized users including patients, providers, allowed insurance providers and network
BLOCKCHAIN CYBERSECURITY 19
administrators are able to gain access and input information, while data activities are kept track
of.
Much of the harm prevention can be performed though user training which is a primary
means to secure the network from unauthorized access. As covered in the Failure Mode and
Effect Analysis, the technology can also be incorporated into the electronic health records to flag
and send out CDSS notifications for abnormal events that occur. Regular software updates are
also essential to keep up with cybercriminals’ evolving tactics to maintain the network’s
integrity.
Through blockchain technology, healthcare data will become more secure. At the same
time, data transmission will be faster providing both physical and financial safeguards to the
healthcare organization and patients. It is encouraged that healthcare organizations who employ
remote monitoring and home health adapt this effective technology in order to protect patients
References
Agbo, C. C., Mahmoud, Q. H., & Eklund, J. M. (2019, June). Blockchain technology in
healthcare: a systematic review. In Healthcare (Vol. 7, No. 2, p. 56). Multidisciplinary
Digital Publishing Institute. Retrieved from https://doi.org/10.1016/j.csbj.2018.06.003
Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: a narrative review of trends,
threats and ways forward. Maturitas, 113, 48-52. Retrieved from
https://doi.org/10.1016/j.maturitas.2018.04.008
Emergency Care Research Institute. (n.d.). Top 10 Health Technology Hazards for 2020.
Retrieved from https://assets.ecri.org/PDF/White-Papers-and-Reports/ECRI-Top-10-
Technology-Hazards-2020-v2.pdf
Hathaliya, J., Sharma, P., Tanwar, S., & Gupta, R. (2019, December). Blockchain-based remote
patient monitoring in healthcare 4.0. In 2019 IEEE 9th International Conference on
Advanced Computing (IACC) (pp. 87-91). IEEE. Retrieved from
https://ieeexplore.ieee.org/abstract/document/8971593?casa_token=tH_-
ukERr7cAAAAA:oY2qC8UX5j28jIX-Le-fE2nvnAp-
7EEwQ1CjA1IutR4s2r0A0l8y9BiM6LEPCXOJAKjGOp2vMg
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in
healthcare: A systematic review of modern threats and trends. Technology and Health
Care, 25(1), 1-10. https://doi.org/10.3233/THC-161263
McGee, T. M. (2016). Evaluating the cyber security in the internet of things: Smart home
vulnerabilities. Retrieved from https://digitalcommons.usmalibrary.org/faculty_etd/6
Safavi, S., Meer, A. M., Melanie, E. K. J., & Shukur, Z. (2018, November). Cyber Vulnerabilities
on Smart Healthcare, Review and Solutions. In 2018 Cyber Resilience Conference (CRC)
(pp. 1-5). IEEE. Retrieved from https://doi.org/10.1109/CR.2018.8626826
Srivastava, G., Dwivedi, A. D., & Singh, R. (2018). Automated remote patient monitoring: data
sharing and privacy using blockchain. arXiv preprint arXiv:1811.03417. Retrieved from
https://arxiv.org/abs/1811.03417
Wright, A., Aaron, S., & Bates, D. W. (2016). The big phish cyberattacks against US healthcare
systems. Retrieved from https://link.springer.com/article/10.1007/s11606-016-3741-z