Proactive Role of Clinical Engineering in the Adoption of ISO/IEC 80001-1 within Healthcare Delivery Organization

Alwi, Rudolf; Prowse, Paul; Gaamangwe, Tidimogo

doi:10.1109/embc44109.2020.9175347

Cited by 4 publications

(9 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The articles reporting on the training and awareness of cybersecurity among healthcare stakeholders are presented in the literature with equal distribution of relevance as highlighted in Figure 3 for RQ4 [ 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 , 16 , 17 ]. From the percentage results presented in Figure 3 for RQ5, it appears that there is a critical lack of national audits within the healthcare industry, which reports on the cyber resilience [ 8 , 9 , 10 , 22 , 31 , 50 , 51 , 52 ]. Among the total number of articles selected for this survey, 91.43% articles (64) are selected from peer-reviewed, high-impact journals, while only 8.57% articles (6) are selected from reputed conferences as presented in Figure 4 .…”

Section: Resultsmentioning

confidence: 99%

“…While the popular opinion states that such data breaches should be attributed to external hackers, the research in [ 54 ] notes that most breaches are the result of employee carelessness and/or failure to comply with information security policies and procedures. Following the number of cyber incidents, there is increasing awareness about the need to protect patient data and electronic health records against external and internal attacks as noted in [ 51 ]. The authors promote the role of international standards such as ISO/IEC 80001-1, which provides a framework to bring together actors in cyber defence to enable enhanced clinical care delivery.…”

Section: Resultsmentioning

confidence: 99%

“…The observation further extends the study to include not only being limited among the interactions between networks of online devices, but to identify how humans interact and are influenced by these devices. The governance of such interactions is critical to be standardised across healthcare organisations to promote interoperability and regulatory compliance [ 51 ]. In the context of organisational strategies adopted to counteract cyberattacks, it is recommended that healthcare organisations create a specialised cyber security workforce framework [ 48 ].…”

Section: Resultsmentioning

confidence: 99%

“…Complementing the organisational cybersecurity measures, several articles also reported on the national strategies being adopted [ 8 , 9 , 10 , 22 , 31 , 50 , 51 , 52 ]. National case studies reported from the U.S. dominate the literature, with supplemental studies reported from Canada (1), Denmark (1), Romania (2) and the U.K. (4).…”

Section: Resultsmentioning

confidence: 99%

“…While several organisations and researchers have identified the need for delivering cybersecurity training to healthcare professionals, there is no consensus within the community about the mode of delivery, the curriculum of the training programme and training assessment criteria. Following the classification of healthcare as a critical infrastructure, articles related to data governance, regulatory compliance for technical standards, such as ISO/IEC 80001-1 [ 51 ], have not been effectively translated into formalising methodologies for strengthening human factors. The evidence reported in the literature review presents organisational effort in developing cyber resilience strategy, while the concerted effort across organisations and within the healthcare industry is still lacking.…”

Section: Discussionmentioning

confidence: 99%

See 4 more Smart Citations

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Nifakos

Chandramouli

Nikolaou

et al. 2021

Sensors

126

View full text Add to dashboard Cite

Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

See 3 more Smart Citations

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Nifakos

Chandramouli

Nikolaou

et al. 2021

Sensors

126

View full text Add to dashboard Cite

show abstract

Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach

2023

View full text Add to dashboard Cite

Networks like those of healthcare infrastructure have been a primary target of cyberattacks for over a decade. From just a single cyberattack, a healthcare facility would expect to see millions of dollars in losses from legal fines, business interruption, and loss of revenue. As more medical devices become interconnected, more cyber vulnerabilities emerge, resulting in more potential exploitation that may disrupt patient care and give rise to catastrophic financial losses. In this paper, we propose a structural model of an aggregate loss distribution across multiple cyberattacks on a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient‐monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. Our framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. To our knowledge, there exist no other models of an aggregate loss distribution for cyber risk in this setting. We contextualize the problem in the probabilistic graph‐theoretical framework using a percolation model and combinatorial techniques to compute the mean and variance of the loss distribution for a mixed random network with associated random costs that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. By characterizing this distribution, we allow for the further utility of pricing cyber risk.

show abstract

IT risk management for medical devices in hospital IT networks: a catalogue of measures and indicators

Richter

Ammenwerth

2023

BMJ Health Care Inform

View full text Add to dashboard Cite

Objectives Connecting medical devices to hospital IT networks can create threats that must be covered by IT risk management. In practice, implementing such risk management is not trivial because the IEC 80001-1, as the existing state-of-the-art, do not describe sufficiently concrete implementation measures or evaluation indicators. The aim of the present work was to develop and evaluate a catalogue of measures and indicators to help hospitals implement and evaluate risk management in accordance with IEC 80001-1. Methods We conducted a Delphi study with 22 experts. In the first round, we performed interviews to identify implementation measures and evaluation indicators using qualitative content analysis. In the second round, a quantitative experts’ survey confirmed the results of the first survey round and identified relationships between the measures and indicators. Based on these results, we then developed a catalogue containing the identified measures and indicators. Finally, we performed a case study to verify the practicability of this catalogue. Results We developed and verified a catalogue of 49 measures and 18 indicators to help hospitals implement and evaluate risk management following IEC 80001-1. The case study confirmed the practicability of the catalogue. Discussion Compared with IEC 80001-1, our catalogue goes into further detail to offer hospitals a stepwise implementation and evaluation approach. However, the catalogue must be tested in further case studies and evaluated in terms of generalisation. Conclusions The catalogue will enable hospitals to overcome recent difficulties in implementing and evaluating IT risk management for medical devices according to IEC 80001-1.

show abstract

Proactive Role of Clinical Engineering in the Adoption of ISO/IEC 80001-1 within Healthcare Delivery Organization

Cited by 4 publications

References 11 publications

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach

IT risk management for medical devices in hospital IT networks: a catalogue of measures and indicators

Contact Info

Product

Resources

About