Professional Documents
Culture Documents
ABSTRACT The healthcare industry has experienced significant growth driven by the integration of modern
technology. Its main focus is to provide high-quality services through efficient utilization of information and
communication technology. However, this progress has made the healthcare sector more susceptible to cyber
threats due to the abundance of sensitive information, including patients' personal and medical data.
Consequently, cyber-attacks have resulted in substantial losses in this sector, necessitating proactive
measures.
As healthcare advances with modern technology, it faces increasing challenges such as
Ransomware, Phishing, data breaches, and DDoS attacks. These technological advancements have opened
up opportunities for extortion, kidnapping, and blackmail by exploiting this valuable information for
fraudulent activities. To mitigate losses and effectively address these challenges, the healthcare sector must
continue embracing current technology while reinforcing its cybersecurity measures.
One widely adopted security measure in the healthcare sector is Internet of Things (IoT) security.
IoT technology not only enhances productivity and efficiency within the healthcare system but also
establishes connections with third-party entities. However, critical devices like MRI and X-ray equipment,
essential to the system, can expose highly valuable patient and hospital data to cyber risks. These risks can
be mitigated effectively by addressing vulnerabilities in the IoT architecture.
IoT technology is complex, encompassing vital functions related to sensitive information, including
data and information storage, as well as financial transactions. It serves as a conduit for transmitting crucial
data and information. Technologies such as Software-Defined Networking (SDN), IoT, and Blockchain play
crucial roles in securing the healthcare sector against emerging cyber threats. Understanding these
technologies and implementing strategic countermeasures are pivotal in safeguarding the healthcare sector
against cyber threats that have evolved by 2022 due to modern technological advancements. This emphasizes
the need for adaptability and continuous enhancement of security measures in the healthcare industry. [1]
healthcare sector becomes an attractive target for cyber this era, health-related information technology came at a
threats due to the substantial volume of services offered considerable cost, with the presence of large-scale
and the extensive data held. Hence, it is imperative to computers. It was in the year 1980 when desktop
exercise caution and prioritize cybersecurity measures computers were introduced, marking a pivotal moment in
within this industry, as the main issue stems from the the integration of computers within the healthcare domain.
healthcare sector's historical neglect of cyber protection. Subsequently, the utilization of computers in daily
[2] operations increased rapidly, shaping a new landscape for
efficient healthcare management. [4]
II. RESEARCH STATEMENT
Dragon Systems began to be utilized in 1982. As the late
The primary goal of this review paper is to outline the 1980s approached, there was a notable surge in the
cyber threats and breaches prevalent in the healthcare utilization of this software. Its applications extended to
industry. It aims to present solutions to address the billing, managing hospital and patient records, and
challenges arising in healthcare due to the integration of organizing doctor's schedules. Computers were employed
modern technologies, emphasizing effective strategies to to document patient admissions, registrations, and other
combat them. Specifically, it delves into the utilization of pertinent details. However, a significant drawback was the
IoT and SDN technologies within the healthcare sector. inadequate communication methods in place. Around the
Furthermore, the concluding section of the review paper mid-1980s, the Institute of Medicine (IOM) began to
discusses recent advancements in information and emphasize the promising outcomes of electronic records.
communication technology. [3] This emphasis culminated in a publication in 1991, where
they highlighted issues concerning safety, noncompliance
III. LITERATURE REVIEW with standards, and the substantial costs associated with
purchasing and installing computer systems. In the 1980s,
As society progresses into the era of modern technology, the Major Patient Index (MPI) was introduced, followed
healthcare has evolved alongside it. The adoption of by the establishment of the Health Services Information
contemporary technological tools and approaches has Exchange (HIE), tailored for 38 health systems and 100
gained widespread popularity, enabling more effective hospitals. The pivotal creation of the World Wide Web
service provision than in the past. However, this (WWW) occurred in 1990. [5]
advancement in technology has also introduced new and
intricate cyber risks and threats that were not previously Communication of information initially commenced via
encountered. [3] web browsers. ICD coding commenced in 1994. Health
information technology headquarters were established in
A. History & evolution 2011, and lists of RECs were also present during this
period. By 2015, electronic health records became legally
Enhancing this field is crucial for both patients and the recognized, with 87% of hospitals utilizing modern
overall healthcare sector. It is essential for economic technology. During this era, the primary focus was on
growth within a country as well. The healthcare industry is enhancing service accuracy and safeguarding quality while
continuously progressing, incorporating advanced reducing costs. The integration of technology in the
technologies such as EHR, IOT, and SDN. Health healthcare sector led to the emergence of various
information management was initially recognized in 1920, cybersecurity challenges, impacting the privacy of
encompassing comprehensive data on employees, patients, patients, employees, and the entire service organization.
and institutions. Standardization of American medical [5]
records commenced in 1928, marking a significant
milestone in information utilization and dissemination
through written media. The integration of computers in
healthcare occurred during the 1960s-1970s, allowing for
the display of a patient's health history and enabling
informed decisions about their well-being. Medicare,
Medicaid was introduced in 1965. [4]
increase, while European countries observed a 36% rise in On the March 2019, the attack on American Medical
ransomware attacks. Overall, cyber-attacks on healthcare Collection Agency involved 26.1 million people.
witnessed a worrisome growth of 45% across the globe.
[10] On the November 2020, the attack on Brazil Ministry of
Health involved 16+ Million people.
Analyzing the geographical distribution of these cyber-
attacks, the South East Asia region accounted for 11% of The attack that took place in Advocate Medical Group
such attacks within the healthcare sector. South Europe between July and November 2015 involving 4 million
saw 17% of cyber-attacks, Liberia observed 23%, and Asia people. [13]
reported 37%. The South Asia region also experienced a
significant 37% share of these attacks. North America and
Eastern Europe saw 37% and 67%, respectively. Latin B. Impact of Healthcare Cyber-attack [14]
America faced a concerning 112% increase, East America
saw a staggering 137% rise, and Central Europe
experienced an alarming 145% surge in cyber-attacks. Financial
Remarkably, the highest incidence was documented in Because of these security breaches within a service
Central America at an alarming 145%, whereas the lowest organization, there exists a financial burden to restore
was recorded in South East Asia at 11%. stability to the organization and its infrastructure. This
encompasses losses stemming from fraudulent activities or
extortion. Moreover, this financial impact extends to
compensating affected patients or individuals. Investing in
financial resources is necessary to fortify cybersecurity
and mitigate such risks. [15]
Corporate
A medical facility that has built a strong rapport with both
its patients and staff is jeopardizing its reputation.
Consequently, the trust from patients and employees is
dwindling, potentially leading to financial distress as
patients may seek healthcare elsewhere, risking the
institution's financial stability. [15]
Personal damage
Figure 4 : Increase in Healthcare Cyber-attacks by region. Financial harm to oneself is exacerbated by activities such
[11] as extortion, further exacerbating the distress experienced
by individuals. Additionally, this situation significantly
impacts the mental well-being of those involved, leading
to increased stress levels. [15]
a) Facilitation of medical record processing Numerous technology-driven tools are present in this
sector, encompassing EHR systems, X-ray devices,
Historically, all information was meticulously crafted from various electronic devices, training support systems, and
written records, presenting numerous challenges. Some of clinical judgment devices. Effectively countering potential
these challenges included significant financial attacks requires a robust cybersecurity infrastructure.
investments, extensive time commitments, a considerable Additionally, a significant portion of these tools in
workforce, and potential issues like document theft. [17] healthcare institutions are connected to the internet,
including elevators, electric heating systems, and remote
Contemporary technological tools are extensively utilized monitoring equipment, all of which necessitate adequate
for gathering patient data. In contrast to the methods reliant safety measures.
on paper and physical documents prevalent in the 1970s
and 1980s, hospitals now efficiently employ computers for By implementing comprehensive cybersecurity measures,
their operations. Extensive patient information, an organization can not only successfully mitigate cyber
encompassing medical history, diagnoses, alterations in risks but also proactively work towards preventing adverse
health status, dates of birth and death, is securely stored incidents. This approach helps in streamlining operations,
within databases. This allows for easy retrieval of vital data eliminating bottlenecks, and ultimately enhancing overall
from hospitals or designated service providers as needed. efficiency. [20]
[17]
b) Phishing
• Getting Backups.
• Training and imparting knowledge.
• Use after content filtering.
• Avoid clicking on unsafe email.
a) Authentication
AUTHOR PROFILE