Hospitals’ Cybersecurity Culture during the COVID-19 Crisis

Georgiadou, Anna; Michalitsi-Psarrou, Ariadni; Gioulekas, Fotios; Stamatiadis, Evangelos; Tzikas, Athanasios; Gounaris, Konstantinos; Doukas, Georgios; Ntanos, Christos; Ribeiro, Luís L.; Askounis, Dimitris

doi:10.3390/healthcare9101335

Cited by 13 publications

(9 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Medical organizations face a battle in protecting their systems and digital equipment against a variety of cyber threats [41]- [43]. Because of this, the authors mention that blockchain technology preserves the security and privacy of data against cyber-attacks, this technology is based on a blockchain [44]- [51] this technology comprises several nodes which hide confidential information of the organization and prevents them from being disclosed to malicious nodes [52]- [56] advanced encryption and has a rapid response plan for such incidents [57]- [59], he blockchain alerts to any possible cyber-attack by preventing hackers from altering the stored information [60]- [65]. On the other hand, the authors recommend the ontology tool that is equipped with rules, classifying security threats and automatically recommending controls that can be applied in the face of a threat [66], [67].…”

Section: What Technologies Are Immersed In the Healthcare Sector To A...mentioning

confidence: 99%

Cybersecurity in health sector: a systematic review of the literature

Herrera¹,

Valcárcel²,

Díaz-Reátegui³

et al. 2023

IJEECS

View full text Add to dashboard Cite

Currently, health centers are being affected by various cyberattacks putting at risk the confidential information of their patients and the organization because they do not have a plan or tools to help them mitigate these cyberattacks, which is important to know what measures to take to protect the privacy of personal data. The present work was carried out under a systematic literature review, which aims to show the importance of cybersecurity in the health sector knowing which tools are the most used and efficient to prevent a cyberattack. A systematic review of 301 articles was carried out, 79 of which are aligned with the objective set, fulfilling the inclusion and exclusion criteria. The search for information was carried out in the Scopus and Dimensions databases. The analysis carried out has resulted in good information that was compiled for the development of this topic, being favorable thanks to the different research of different authors.

show abstract

Section: What Technologies Are Immersed In the Healthcare Sector To A...mentioning

confidence: 99%

Cybersecurity in health sector: a systematic review of the literature

Herrera¹,

Valcárcel²,

Díaz-Reátegui³

et al. 2023

IJEECS

View full text Add to dashboard Cite

show abstract

“…Not all hospitals are willing to do this, and few research exercises take place ‘in the wild’ which limits their effectiveness. Other attempts to investigate phishing susceptibility within hospitals have used alternative means of measurement such as a phishing questionnaire 2 Whilst research projects offer more control over the demographics of participants and control over experimental conditions which facilitates statistical comparisons of participants by demographic and/or experimental conditions, they are not a reliable measure of behaviour ‘in the wild’.…”

Section: Discussion and Lessons Learntmentioning

confidence: 99%

“…The COVID-19 pandemic saw an increase in phishing attacks in general 1 and targeted at the healthcare sector specifically. 2 Phishing is a form of deception in which the attacker sends a fraudulent message designed to trick a human target into revealing sensitive information or to enable malicious software such as ransomware to infiltrate the target's infrastructure. Phishing is typically carried out through email, 3 , 4 though less common forms exist through SMS (Smishing) or Voice calls (Vishing).…”

Section: Introductionmentioning

confidence: 99%

Phishing simulation exercise in a large hospital: A case study

et al. 2022

View full text Add to dashboard Cite

Background Phishing is a major threat to the data and infrastructure of healthcare organizations and many cyberattacks utilize this socially engineered pathway. Phishing simulation is used to identify weaknesses and risks in the human defences of organizations. There are many factors influencing the difficulty of detecting a phishing email including fatigue and the nature of the deceptive message. Method A major Italian Hospital with over 6000 healthcare staff performed a phishing simulation as part of its annual training and risk assessment. Three campaigns were launched at approx. 4-month intervals, to compare staff reaction to a general phishing email and a customized one. Results The results show that customization of phishing emails makes them much more likely to be acted on. In the first campaign, 64% of staff did not open the general phish, significantly more than the 38% that did not open the custom phish. A significant difference was also found for the click rate, with significantly more staff clicking on the custom phish. However, the campaigns could not be run as intended, due to issues raised within the organization. Conclusions Phishing simulation is useful but not without its limitations. It requires contextual knowledge, skill and experience to ensure that it is effective. The exercise raised many issues within the Hospital. Successful, ethical phishing simulations require coordination across the organization, precise timing and lack of staff awareness. This can be complex to coordinate. Misleading messages containing false threats or promises can cause a backlash from staff and unions. The effectiveness of the message is dependent on the personalization of the message to current, local events. The lessons learned can be useful for other hospitals.

show abstract

“…However, the wide-ranging pre-existing levels of awareness amongst public users of connected places use a one-size-fits-all approach for the explanation of security and privacy issues, which is challenging. For example, many members of the public have a good understanding of network and data security processes but with low awareness of threats [26], or the information being shared by their devices in a connected place [8,18].…”

Section: Public Perceptions Influencing Public Security Behaviorsmentioning

confidence: 99%

“…Taher et al [28] suggest students' privacy concerns in 'smart campus buildings' are influenced by their experiences and knowledge in other computing contexts, and that similar consent controls would be desirable. Other authors commented on the influence of the personal experience of cyberattack in cyberspace, as opposed to in a (a) cyber-physical environment (connected place [28]); (b) demographic differences (age, gender [18,29]); and (c) pre-existing awareness of cybersecurity vulnerabilities and controls [26]. However, none of these findings are comprehensively investigated enough to draw any applicable conclusions from.…”

Section: Public Perceptions Influencing Public Security Behaviorsmentioning

confidence: 99%

How Do Public Perceptions Affect the Security of Connected Places? A Systematic Literature Review

Dutkowska-Zuk,

Bourne,

et al. 2024

Information

View full text Add to dashboard Cite

This systematic literature review explores the scholarly debate around public perceptions and behaviors in the context of cybersecurity in connected places. It reveals that, while many articles highlight the importance of public perceptions and behaviors during a cyberattack, there is no unified consensus on how to influence them in order to minimize the attack’s impact and expedite recovery. Public perceptions can affect the success and sustainability of connected places; however, exactly how and to what extent remains unknown. We argue that more research is needed on the mechanisms to assess the influence of public perceptions and associated behaviors on threats to security in connected places. Furthermore, there is a need to investigate the models and tools currently being deployed by connected place design and management to understand and influence public perceptions and behaviors. Lastly, we identify the requirements to investigate the complex relationship between the public and connected place managers, define all stakeholders clearly, and explore the patterns between specific connected place cybersecurity incidents and the methods used to transform public perceptions.

show abstract

Hospitals’ Cybersecurity Culture during the COVID-19 Crisis

Cited by 13 publications

References 27 publications

Cybersecurity in health sector: a systematic review of the literature

Cybersecurity in health sector: a systematic review of the literature

Phishing simulation exercise in a large hospital: A case study

How Do Public Perceptions Affect the Security of Connected Places? A Systematic Literature Review

Contact Info

Product

Resources

About