Advanced search
Publication Cover
Informatics for Health and Social Care Volume 48, 2023 - Issue 1
Submit an article Journal homepage
835
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Information security and privacy in hospitals: a literature mapping and review of research gaps

Steve Ahouanmenoua Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, BelgiumCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-7260-7982View further author information
ORCID Icon,
Amy Van Looya Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, BelgiumORCID Iconhttps://orcid.org/0000-0002-7992-1528View further author information
ORCID Icon &
Geert Poelsa Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, Belgium;b FlandersMake@UGent – core lab, CVAMO, Ghent, BelgiumORCID Iconhttps://orcid.org/0000-0001-9247-6150View further author information
ORCID Icon
Pages 30-46 | Published online: 17 Mar 2022

References

  • Burns AJ, Johnson ME, Honeyman P. A brief chronology of medical device security. Commun ACM. 2016;59(10):66–72. doi:10.1145/2890488.
  • Aarestrup FM, Albeyatti A, Armitage WJ, Auffray C, Augello L, Balling R, Benhabiles N, Bertolini G, Bjaalie JG, Black M, et al. Towards a European health research and innovation cloud (HRIC). Genome Med. 2020;12(1). doi:10.1186/s13073-020-0713-z.
  • Appari A, Johnson ME. Information security and privacy in healthcare: current state of research. International Journal of Internet and Enterprise Management. 2010;6(4):279. doi:10.1504/IJIEM.2010.035624.
  • Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A. Security and privacy in electronic health records: a systematic literature review. J Biomed Inform. 2013;46(3):541–62. doi:10.1016/j.jbi.2012.12.003.
  • Naconha AE. A cybersecurity model for the health sector: a case study of hospitals in Nairobi, Kenya. 2021;4(1):6. http://erepo.usiu.ac.ke/11732/6742
  • Jalali MS, Kaiser JP. Cybersecurity in hospitals: a systematic, organizational perspective. J Med Internet Res. 2018;20(5):e10059. doi:10.2196/10059.
  • Argaw ST, Troncoso-Pastoriza JR, Lacey D, Florin MV, Calcavecchia F, Anderson D, Burleson W, Vogel JM, O’Leary C, Eshaya-Chauvin B, et al. Cybersecurity of hospitals: discussing the challenges and working towards mitigating the risks. BMC Med Inform Decis Mak. 2020;20(1):1–10. doi:10.1186/s12911-020-01161-7.
  • Muthuppalaniappan M, Stevenson K. Healthcare cyber-attacks and the COVID-19 pandemic: an urgent threat to global health. International Journal for Quality in Health Care. 2021;33(1). doi:10.1093/intqhc/mzaa117.
  • Keele S (2007). Guidelines for performing systematic literature reviews in software engineering. In Technical report, Ver. 2.3 EBSE Technical Report. EBSE.
  • Finch J. Hospitals: definition and classification. In: Speller’s law relating to hospitals. Springer US; 1994. p. 1–17. doi:10.1007/978-1-4899-7122-7_1.
  • Galinec D, Možnik D, Guberina B. Cybersecurity and cyber defence: national level strategic approach. Automatika. 2017;58(3):273–86. doi:10.1080/00051144.2017.1407022.
  • Guiora AN. What is cybersecurity? In: Cybersecurity. Routledge; 2017. p. 15–34. doi:10.1201/9781315370231-2.
  • Kosseff J. Defining cybersecurity law. Iowa Law Rev. 2018.
  • Masrom M, Rahimly A. Overview of data security issues in hospital information systems. Pacific Asia Journal of the Association for Information Systems. 2015;7(4):51–66. doi:10.17705/1pais.07404.
  • Anderson JM. Why we need a new definition of information security. Computers and Security. 2003. doi:10.1016/S0167-4048(03)00407-3.
  • Dinev T, Xu H, Smith JH, Hart P. Information privacy and correlates: an empirical attempt to bridge and distinguish privacy-related concepts. Eur J Inf Syst. 2013;22(3):295–316. doi:10.1057/ejis.2012.23.
  • Bélanger F, Crossler RE. Privacy in the digital age: a review of information privacy research in information systems. In: MIS Quarterly. Management Information Systems; 2011. doi:10.2307/41409971.
  • Correia LS, Correia RC, Rodrigues PP. Illegitimate HIS access by healthcare professionals: scenarios, use cases and audit trail-based detection model. Procedia Comput Sci. 2019;164:629–36. doi:10.1016/j.procs.2019.12.229.
  • Crutzen R, Ygram Peters G-J, Mondschein C. Why and how we should care about the general data protection regulation. Psychol Health. 2019;34(11):1347–57. doi:10.1080/08870446.2019.1606222.
  • Shabani M, Borry P. Rules for processing genetic data for research purposes in view of the new EU general data protection regulation. EUROPEAN JOURNAL OF HUMAN GENETICS. 2018;26(2):149–56. doi:10.1038/s41431-017-0045-7.
  • Sipior JC, Ward BT (2001). Cyberliability: is the chief privacy officer the solution? Ecis, 177–87 ST-Cyberliability: Is the Chief Privacy. 20010103.pdf
  • NIST. NIST special publication 800-53: security and privacy controls for federal information systems and organizations. NIST SP-800-53 Ar4. 2013. 10.6028/NIST.SP.800-53Ar4
  • ISO. (2013). ISO/IEC 27001:2013. Information Technology — Security Techniques — Information Security Management Systems — Requirements.
  • Brenner J (2007). ISO 27001: risk management and compliance. Risk Management.
  • Disterer G. ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security. 2013;4(2):92–100. doi:10.4236/jis.2013.42011.
  • Bumpus W (2013). NIST cloud computing standards roadmap. NIST Cloud Computing Standards.
  • Calder A. NIST cybersecurity framework. In: NIST cybersecurity framework. IT Governance Publishing; 2018. doi:10.2307/j.ctv4cbhfx.
  • NIST. 2018. Framework for improving critical infrastructure cybersecurity [v1.1 Draft]. National Institute of Standards and Technology.
  • Okoli C. A guide to conducting a standalone systematic literature review. Communications of the Association for Information Systems. 2015. doi:10.17705/1cais.03743.
  • Kitchenham BA (2012). Systematic review in software engineering. Proceedings of the 2nd International Workshop on Evidential Assessment of Software Technologies - EAST ’12, 1. 10.1145/2372233.2372235
  • Boell SK, Cecez-Kecmanovic D. On being “systematic” in literature reviews in IS. J Inf Technol. 2015:30. doi:10.1057/jit.2014.26.
  • Siddaway A. What is a systematic literature review and how do I do one? University of Stirling; 2014.
  • Kitchenham B, Pearl brereton O, Budgen D, Turner M, Bailey J, Linkman S. Systematic literature reviews in software engineering - A systematic literature review. Information and Software Technology. 2009:51. doi:10.1016/j.infsof.2008.09.009.
  • Aceto G, Persico V, Pescapé A. Industry 4.0 and health: internet of things, big data, and cloud computing for healthcare 4.0. Journal of Industrial Information Integration. 2020;18:100129. doi:10.1016/j.jii.2020.100129.
  • Burns AJ, Young J, Roberts T, Courtney J, Ellis TS. Exploring the role of contextual integrity in electronic medical record (EMR) system workaround decisions: an information security and privacy perspective. AIS Transactions on Human-Computer Interaction. 2015;7(3):142–65. doi:10.17705/1thci.00070.
  • Sari PK, Handayani PW, Hidayanto AN. Security value issues on ehealth implementation in Indonesia. IOP Conf Ser: Mater Sci Eng. 2020;879(1):012040. doi:10.1088/1757-899X/879/1/012040.
  • Ahmed Y, Naqvi S, Josephs M (2019). Cybersecurity metrics for enhanced protection of healthcare it systems. 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), 2019-May, 1–9. 10.1109/ISMICT.2019.8744003
  • Stergiou CL, Psannis KE, Gupta BB. InFeMo: flexible big data management through a federated cloud system. ACM Transactions on Internet Technology. 2022;22(2):1–22. doi:10.1145/3426972.
  • Plageras AP, Stergiou C, Kokkonis G, Psannis KE, Ishibashi Y, Kim B-G, Gupta BB (2017). Efficient large-scale medical data (ehealth big data) analytics in internet of things. 2017 IEEE 19th Conference on Business Informatics (CBI), 2, 21–27. 10.1109/CBI.2017.3
  • Said AR, Abdullah H, Uli J, Mohamed ZA. Relationship between organizational characteristics and information security knowledge management implementation. Procedia - Social and Behavioral Sciences. 2014;123:433–43. doi:10.1016/j.sbspro.2014.01.1442.
  • Shi S, He D, Li L, Kumar N, Khan MK, Choo -K-KR. Applications of blockchain in ensuring the security and privacy of electronic health record systems: a survey. Computers & Security. 2020;97:101966. doi:10.1016/j.cose.2020.101966.
  • Abu-elezz I, Hassan A, Nazeemudeen A, Househ M, Abd-alrazaq A. The benefits and threats of blockchain technology in healthcare: a scoping review. Int J Med Inform. 2020;142:104246. doi:10.1016/j.ijmedinf.2020.104246.
  • Hathaliya JJ, Tanwar S. An exhaustive survey on security and privacy issues in healthcare 4.0. Comput Commun. 2020;153:311–35. doi:10.1016/j.comcom.2020.02.018.
  • Stergiou CL, Psannis KE, Gupta BB. IoT-based big data secure management in the fog over a 6G wireless network. IEEE Internet of Things Journal. 2021;8(7):5164–71. doi:10.1109/JIOT.2020.3033131.
  • Anderson S, Williams T. Cybersecurity and medical devices: are the ISO/IEC 80001-2-2 technical controls up to the challenge? Computer Standards & Interfaces. 2018;56:134–43. doi:10.1016/j.csi.2017.10.001.
  • Zubaydi F, Saleh A, Aloul F, Sagahyroon A (2015). Security of mobile health (mHealth) systems. 2015 IEEE 15th International Conference on Bioinformatics and Bioengineering (BIBE), 1–5. 10.1109/BIBE.2015.7367689
  • Keshta I, Odeh A. Security and privacy of electronic health records: concerns and challenges. Egyptian Informatics Journal. 2020. doi:10.1016/j.eij.2020.07.003.
  • Sunyaev A, Dehling T, Taylor PL, Mandl KD. Availability and quality of mobile health app privacy policies. J Am Med Inform. 2014 Assoc., 22, pp. e28–e33. (2014). Policies, Availability and quality of mobile health app privacy. J. Am. Med. Inform.doi:10.1136/amiajnl-2013-002605.
  • Grundy Q, Chiu K, Held F, Continella A, Bero L, H R. Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis. BMJ. 2019. doi:10.1136/bmj.l920.
  • Alexander GL, Georgiou A, Doughty K, Hornblow A, Livingstone A, Dougherty M, Jacobs S, Fisk MJ. Advancing health information technology roadmaps in long term care. Int J Med Inform. 2020;136:104088. doi:10.1016/j.ijmedinf.2020.104088.
  • Alraja MN, Farooque MMJ, Khashab B. The effect of security, privacy, familiarity, and trust on users’ attitudes toward the use of the iot-based healthcare: the mediation role of risk perception. IEEE Access. 2019;7:111341–54. doi:10.1109/ACCESS.2019.2904006.
  • Athinaiou M, Mouratidis H, Fotis T, Pavlidis M. A conceptual redesign of a modelling language for cyber resiliency of healthcare systems. In: Katsikas S, editor. Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in Bioinformatics): vol. 11980 LNCS. Springer;2020. p. 140–58. doi:10.1007/978-3-030-42048-2_10.
  • Attaran M. Blockchain technology in healthcare: challenges and opportunities. International Journal of Healthcare Management. 2020:1–14. doi:10.1080/20479700.2020.1843887.
  • Barad M. Linking cyber security improvement actions in healthcare systems to their strategic improvement needs. Procedia Manufacturing. 2019;39:279–86. doi:10.1016/j.promfg.2020.01.335.
  • Bellekens X, Hamilton A, Seeam P, Nieradzinska K, Franssen Q, Seeam A (2016). Pervasive eHealth services a security and privacy risk awareness survey. 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA), 1–4. 10.1109/CyberSA.2016.7503293
  • Chacko A, Hayajneh T. Security and privacy issues with IoT in healthcare. EAI Endorsed Transactions on Pervasive Health and Technology. 2018:155079. doi:10.4108/eai.13-7-2018.155079.
  • Chenthara S, Ahmed K, Wang H, Whittaker F. Security and privacy-preserving challenges of e-health solutions in cloud computing. IEEE Access. 2019;7:74361–82. doi:10.1109/ACCESS.2019.2919982.
  • Chenthara S, Ahmed K, Wang H, Whittaker F, Chen Z, Huang X. Healthchain: a novel framework on privacy preservation of electronic health records using blockchain technology. PLOS ONE. 2020;15(12):e0243043. doi:10.1371/journal.pone.0243043.
  • Chowdhury N, Gkioulos V. Cyber security training for critical infrastructure protection: a literature review. Computer Science Review. 2021;40:100361. doi:10.1016/j.cosrev.2021.100361.
  • Crozier-Shaw G, Hughes AJ, Cashman J, Synnott K. Instant messaging apps and data protection: combining to improve hip fracture care? Ir J Med Sci. 2021:1971. doi:10.1007/s11845-021-02612-4.
  • Felkai P, Lengyel I. Kéretlen e-mailek az orvos postafiókjában: ezek veszélyei az egészségnevelésre, a betegtájékoztatásra és a tudományos munkára. Orv Hetil. 2019;160(43):1706–10. doi:10.1556/650.2019.31531.
  • Finocchiaro G. Protection of privacy and cyber risk in healthcare. Pharmaceuticals Policy and Law. 2018;19(3–4):121–23. doi:10.3233/PPL-180462.
  • Ghafir I, Saleem J, Hammoudeh M, Faour H, Prenosil V, Jaf S, Jabbar S, Baker T. Security threats to critical infrastructure: the human factor. J Supercomput. 2018;74(10):4986–5002. doi:10.1007/s11227-018-2337-2.
  • Habib MA, Faisal CMN, Sarwar S, Latif MA, Aadil F, Ahmad M, Ashraf R, Maqsood M. Privacy-based medical data protection against internal security threats in heterogeneous internet of medical things. Intl J Distrib. Sens. Netw. 2019; 15(9):155014771987565. https://doi.org/10.1177/1550147719875653
  • Hajder M, Kolbusz J, Hajder P, Nycz M, Liput M. Data security platform model in networked medical IT systems based on statistical classifiers and ANN. Procedia Comput Sci. 2020;176:3682–91. doi:10.1016/j.procs.2020.09.018.
  • Hassija V, Chamola V, Bajpai BC, Naren, Zeadally S. Security issues in implantable medical devices: fact or fiction? Sustainable Cities and Society. 2021;66:102552. doi:10.1016/j.scs.2020.102552.
  • Husák M, Neshenko N, Pour MS, Bou-Harb E, Čeleda P (2018). Assessing internet-wide cyber situational awareness of critical sectors. Proceedings of the 13th International Conference on Availability, Reliability and Security, 1–6. 10.1145/3230833.3230837
  • Ihanus J, Kokkonen T (2020). Modelling medical devices with honeypots. In Y BSK.
  • Galinina O, Andreev S, editors. lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics): vol. 12525 LNCS. Springer Science and Business Media Deutschland GmbH. p. 295–306. doi:10.1007/978-3-030-65726-0_26.
  • Ioane J, Knibbs C, Tudor K. The challenge of security and accessibility: critical perspectives on the rapid move to online therapies in the age of COVID‐19. Psychotherapy and Politics International. 2021;19(1). doi:10.1002/ppi.1581.
  • Kaplan B. Revisiting health information technology ethical, legal, and social issues and evaluation: telehealth/telemedicine and COVID-19. Int J Med Inform. 2020;143:104239. doi:10.1016/j.ijmedinf.2020.104239.
  • Kim H, Kim S-W, Park E, Kim JH, Chang H. The role of fifth-generation mobile technology in prehospital emergency care: an opportunity to support paramedics. Health Policy and Technology. 2020;9(1):109–14. doi:10.1016/j.hlpt.2020.01.002.
  • Kim Y-W, Cho N, Jang H-J. Trends in research on the security of medical information in Korea: focused on information privacy security in hospitals. Healthc Inform Res. 2018;24(1):61. doi:10.4258/hir.2018.24.1.61.
  • Kintzlinger M, Nissim N. Keep an eye on your personal belongings! the security of personal medical devices and their ecosystems. J Biomed Inform. 2019;95:103233. doi:10.1016/j.jbi.2019.103233.
  • Kolanska K, Chabbert-Buffet N, Daraï E, Antoine J-M. Artificial intelligence in medicine: a matter of joy or concern? Journal of Gynecology Obstetrics and Human Reproduction. 2021;50(1):101962. doi:10.1016/j.jogoh.2020.101962.
  • Langer SG. Cyber-security issues in healthcare information technology. J Digit Imaging. 2017;30(1):117–25. doi:10.1007/s10278-016-9913-x.
  • Martin G, Kinross J, Hankin C. Effective cybersecurity is fundamental to patient safety. BMJ. 2017;357:j2375. doi:10.1136/bmj.j2375.
  • Marvel LM, Brown S, Neamtiu I, Harang R, Harman D, Henz B (2015). A framework to evaluate cyber agility. MILCOM 2015 - 2015 IEEE Military Communications Conference, 2015-Dec,31–36. 10.1109/MILCOM.2015.7357414
  • Mulligan E. Protecting patient confidentiality in hospitals. Australian Health Review. 1998;21(3):67. doi:10.1071/AH980067.
  • Nair MM, Tyagi AK, Goyal R. Medical cyber physical systems and its issues. Procedia Comput Sci. 2019;165:647–55. doi:10.1016/j.procs.2020.01.059.
  • Owens B. How hospitals can protect themselves from cyber attack. Can Med Assoc J. 2020;192(4):E101–E102. doi:10.1503/cmaj.1095841.
  • Palanisamy R, Norman AA, Kiah MLM. Compliance with bring your own device security policies in organizations: a systematic literature review. Computers & Security. 2020;98:101998. doi:10.1016/j.cose.2020.101998.
  • Pavlík L, Chytilová E, Zimmermannová J. Security aspects of healthcare organization from the perspective of digitization of facility management. WSEAS TRANSACTIONS ON BUSINESS AND ECONOMICS. 2021;18:360–66. doi:10.37394/23207.2021.18.36.
  • Pool J, Akhlaghpour S, Fatehi F. Towards a contextual theory of mobile health data protection (MHDP): a realist perspective. Int J Med Inform. 2020;141:104229. doi:10.1016/j.ijmedinf.2020.104229.
  • Rajamäki J, Pirinen R. (2017). Towards the cyber security paradigm of ehealth: resilience and design aspects. In N. K (Ed.), AIP Conference Proceedings (Vol. 1836, p. 020029). American Institute of Physics Inc. https://doi.org/10.1063/1.4981969
  • Ramadan RA, Aboshosha BW, Alshudukhi JS, Alzahrani AJ, El-Sayed A, Dessouky MM, Arif M. Cybersecurity and countermeasures at the time of pandemic. Journal of Advanced Transportation. 2021;2021:1–19. doi:10.1155/2021/6627264.
  • Razaque A, Amsaad F, Jaro Khan M, Hariri S, Chen S, Siting C, Ji X. Survey: cybersecurity vulnerabilities, attacks and solutions in the medical domain. IEEE Access. 2019;7:168774–97. doi:10.1109/ACCESS.2019.2950849.
  • Reshmi TR. Information security breaches due to ransomware attacks - a systematic literature review. International Journal of Information Management Data Insights. 2021;1(2):100013. doi:10.1016/j.jjimei.2021.100013.
  • Sajedi H, Rahbar Yaghobi S. Information hiding methods for E-Healthcare. Smart Health. 2020;15:100104. doi:10.1016/j.smhl.2019.100104.
  • Sardi A, Rizzi A, Sorano E, Guerrieri A. Cyber risk in health facilities: a systematic literature review. Sustainability. 2020;12(17):7002. doi:10.3390/su12177002.
  • Seifert D, Reza H. A security analysis of cyber-physical systems architecture for healthcare. Computers. 2016;5(4):27. doi:10.3390/computers5040027.
  • Sun P. Security and privacy protection in cloud computing: discussions and challenges. Journal of Network and Computer Applications. 2020;160:102642. doi:10.1016/j.jnca.2020.102642.
  • Thapa C, Camtepe S. Precision health data: requirements, challenges and existing techniques for data security and privacy. Comput Biol Med. 2021;129:104130. doi:10.1016/j.compbiomed.2020.104130.
  • Tomar R. Analysis against DDOS flooding attacks in healthcare system using artificial neural network. Int J of Advanced Trends in Computer Science and Engineering. 2019;8(1.5):405–10. doi:10.30534/ijatcse/2019/6481.52019.
  • Tse ZTH, Xu S, Fung IC-H, Wood BJ. Cyber-attack risk low for medical devices. Science. 2015;347(6228):1323–24. doi:10.1126/science.347.6228.1323-b.
  • Venkatasubramanian KK, Nabar S, Gupta SKS, Poovendran R. Cyber physical security solutions for pervasive health monitoring systems. In: User-driven healthcare. Vol. 1. IGI Global; 2013. p. 447–65. doi:10.4018/978-1-4666-2770-3.ch022.
  • Walker-Roberts S, Hammoudeh M, Dehghantanha A. A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access. 2018;6:25167–77. doi:10.1109/ACCESS.2018.2817560.
  • Wurmb T, Kippnich M, Schwarzmann G, Mehlhase J, Valotis A, Firnkes T, Braungardt J, Ertl G. Vollausfall der Informationstechnologie im Krankenhaus. Der Unfallchirurg. 2020;123(6):443–52. doi:10.1007/s00113-020-00797-4.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.