Advanced search
Publication Cover
Intelligence and National Security Volume 35, 2020 - Issue 4: Health Security Intelligence
Submit an article Journal homepage
17,791
Views
29
CrossRef citations to date
0
Altmetric
Article

Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation

K. L. OffnerCorrespondence[email protected]
View further author information
,
E. SitnikovaORCID Iconhttps://orcid.org/0000-0001-7392-0383View further author information
ORCID Icon,
K. JoinerView further author information
&
C. R. MacIntyreORCID Iconhttps://orcid.org/0000-0002-3060-0555View further author information
ORCID Icon
Pages 556-585 | Published online: 22 Apr 2020

Bibliography

  • ABC News. (February 22, 2019). Accessed July 26, 2019. https://www.abc.net.au/news/2019-02-22/melbourne-heart-hack-cyber-criminals-my-health-record-risks/10834482/
  • ABC News. (July 24, 2018) https://www.abc.net.au/news/2018-07-24/digital-health-agency-changes-my-health-record-app-contracts/10026644/
  • ABC News. (May 30, 2019) https://www.abc.net.au/news/2019-05-30/victorian-hospitals-vulnerable-attack-auditor-general-hack-finds/11162352
  • Abd-alrazaqa, A., B. M. Bewicka, T. Farraghera, and P. Gardner. “Factors that Affect the Use of Electronic Personal Health Records among Patients: A Systematic Review.” International Journal of Medical Informatics 126 (2019): 164–175. doi:10.1016/j.ijmedinf.2019.03.014.
  • Abouzakhar, N. S., A. Jones, and O. Angelopoulou. “Internet of Things Security: A Review of Risks and Threats to Healthcare Sector. Joint 10th IEEE International Conference on Internet of Things, iThings 2017, 13th IEEE International Conference on Green Computing and Communications, GreenCom 2017.” 10th IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2017 and the 3rd IEEE International Conference on Smart Data, Smart Data. June 21, 2017 - June 23, 2017, Exeter UK.
  • Abrar, H., S. J. Hussain, J. Chaudhry, K. Saleem, M. A. Orgun, J. Al-Muhtadi, and C. Valli. “Risk Analysis of Cloud Sourcing in Healthcare and Public Health Industry.” IEEE Access 6 (2018): 9140–9150.
  • ACHSM university course accreditation guidelines. 2017. https://www.achsm.org.au/Portals/15/documents/education/university-accreditation/ACHSM-university-accreditation-guidelines.pdf
  • ADHA. “About the DH Cyber Security Centre, ADHA.” https://www.digitalhealth.gov.au/about-the-agency/digital-health-cyber-security-centre/about
  • Ahanger, T. A., and A. Aljumah. “Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms.” IEEE Access 7 (2019): 11020–11028. doi:10.1109/ACCESS.2018.2876939.
  • Akinsanya, O., M. Papadaki, and L. Sun. “Current Cybersecurity Maturity Models: How Effective in Healthcare Cloud?” Online Proceedings of the 5th Collaborative European Research Conference (CERC) March 29-30, 2019. http://ceur-ws.org/Vol-2348/
  • Almohri, H., L. Cheng, D. Yao, and H. Alemzadeh. “On Threat Modeling and Mitigation of Medical Cyber-Physical Systems.” 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE). DOI 10.1109/CHASE.2017.84
  • Al-Muhtadi, J., B. Shahzad, K. Saleem, W. Jameel, and M. A. Orgun. “Cybersecurity and Privacy Issues for Socially Integrated Mobile Healthcare Applications Operating in a Multi-cloud Environment.” Health Informatics Journal 25, no. 2 (2019): 315–329. doi:10.1177/1460458217706184.
  • Alonso, S. G., J. Arambarri, M. Lopez-Coronado, and I. de la Torre Diez. “Proposing New Blockchain Challenges in eHealth.” Journal of Medical Systems 43, no. 64 (2019). doi:10.1007/s10916-019-1195-7.
  • Andriole, K. P. “Security of Electronic Medical Information and Patient Privacy: What You Need to Know.” Journal American College of Radiology 11, no. 12 (2014): 1212–1216. doi:10.1016/j.jacr.2014.09.011.
  • Angraal, S., H. M. Krumholz, and W. L. Schulz. “Blockchain Technology: Applications in Health Care.” Circulatory & Cardiovasc Qual Outcomes 10 (2017): e003800. doi:10.1161/CIRCOUTCOMES.117.003800.
  • Argaw, S. T., N. E. Bempong, B. Eshaya-Chauvin, and A. Flahault. The State of Research on Cyberattacks against Hospitals and Available Best Practice Recommendations: A Scoping Review. BMC Medical Informatics and Decision Making 19, 10 (2019). https://doi.org/10.1186/s12911-018-0724-5.
  • Arnold, B. B., and W. Bonython. 2019. “No, It’s Not OK for the Government to Use Your Prescription Details to Recruit You for a Study”. The Conversation, July 31
  • Asghar, H. J., and K. Dali. Averaging Attacks on Bounded Perturbation Algorithms. Australia: Macquarie University, 2019. February.
  • Australian Cyber Security Centre (ACSC). 2018. “Joint Report on Publicly Available Hacking Tools. Australian Government Signals Directorate.” https://www.cyber.gov.au/sites/default/files/2019-03/u5-joint-product-acsc-release-final.pdf
  • Australian Digital Health Agency. “National Health Security and Access Framework – NESAF V.4.” Australian Government. Accessed August 18, 2019. https://www.digitalhealth.gov.au/implementation-resources/ehealth-foundations/EP-1544-2014.
  • Australian Digital Health Agency (ADHA). “Annual Report 2017–18.” Australian Government.
  • Australian Government. 2018. “My Health Records (National Application) Amendment (Extension of Opt-out Period No. 2) Rules 2018.” Federal Register of Legislation, November 14.
  • Australian Privacy Act. 1988. https://www.legislation.gov.au/Details/C2019C00241
  • Baillie, C., J. A. Bowden, and J. H. Meyer. “Threshold Capabilities: Threshold Concepts and Knowledge Capability Linked through Variation Theory.” Higher Education 65, no. 2 (2012): 227–246. doi:10.1007/s10734-012-9540-5.
  • Baranchuk, A., M. M. Refaat, K. K. Patton, M. K. Chung, K. Krishnan, V. Kutyifa, G. Upadhyay, J. D. Fisher, and D. R. Lakkireddy. “Cybersecurity for Cardiac Implantable Electronic Devices: What Should You Know?” Journal of the American College of Cardiology (JACC) 71, no. 11 (2018): 1284–1288. doi:10.1016/j.jacc.2018.01.023.
  • BDO USA Healthcare. 2019. “Brace for the Breach - Cyberthreat Insights.” https://www.bdo.com/getattachment/630056fa-52ef-48e8-a25c-8e9fcff168a6/attachment.aspx?HC_Cyber-Threats_Insight_2-19_WEB.pdf
  • Beeksow, J. 2015. “Reducing Security Risk Using Data Loss Prevention Technology.” Healthcare Financial Management, November, p.108–111.
  • Blanke, S. J., and E. McGrady. “When It Comes to Securing Patient Health Information from Breaches, Your Best Medicine Is A Dose of Prevention: A Cybersecurity Risk Assessment Checklist.” Journal of Healthcare Risk Management 36, no. 1 (2016): 14–24. doi:10.1002/jhrm.21230.
  • Blythe, J. M., and L. Coventry. “Costly but Effective: Comparing the Factors that Influence Employee Anti-malware Behaviours.” Computers in Human Behavior 87 (2018): 87–97. doi:10.1016/j.chb.2018.05.023.
  • Boddy, A., W. Hurst, M. Mackay, and A. El Rhalibi. “A Study into Data Analysis and Visualisation to Increase the CyberResilience of Healthcare Infrastructures.” Online Proceedings of the Institute of Managers and Leaders (IML) Conference ‘International Conference on Internet of Things and Machine Learning’ October 17-18, 2017. http://iml-conference.org
  • Boddy, A., W. Hurst, M. Mackay, A. El Rhalibi, T. R. Baker, and C. A. C. Montañez. “An Investigation into Healthcare-data Patterns.” Future Internet 11, no. 2 (2019): p1–23. doi:10.3390/fi11020030.
  • Burke, W., T. Oseni, A. Jolfaei, and I. Gondal. “Cybersecurity Indexes for eHealth.” Proceedings - Australasian Computer Science Week Multiconference, ACSW January 29-31, 2019: 2019. doi:10.1145/3290688.3290721.
  • Camara, C., P. Peris-Lopez, and J. E. Tapiador. “Security and Privacy Issues in Implantable Medical Devices: A Comprehensive Survey.” Journal of Biomedical Informatics 55 (2015): 272–289. doi:10.1016/j.jbi.2015.04.007.
  • Canaway, R., D. I. R. Boyle, J. E. Manski‐Nankervis, J. Bell, J. S. Hocking, K. Clarke, M. Clark, J. Gunn, and J. Emery. “Gathering Data for Decisions: Best Practice Use of Primary Care Electronic Records for Research.” Medical Journal of Australia 210 (2019): S12–S16. doi:10.5694/mja2.50026.
  • Carlton, M. 2016. Development of A Cybersecurity Skills Index: A Scenarios-Based Hands on Measure of Non-IT Professionals Cybersecurity Skills. Doctoral dissertation. Nova Southeastern University. NSU Works, College of Engineering and Computing. (979). https://nsuworks.nova.edu/gscis_etd/979
  • Carter, A. B. “Considerations for Genomic Data Privacy and Security When Working in the Cloud.” The Journal of Molecular Diagnostics 21, no. 4 (2019): 542–552. doi:10.1016/j.jmoldx.2018.07.009.
  • Chan, W. S. Y., and A. Y. M. Leung. “Use of Social Network Sites for Communication among Health Professionals: Systematic Review.” Journal Medical Internet Research 20, no. 3 (2018): e117. doi:10.2196/jmir.8382.
  • Chaudhry, J., M. Crowley, P. Roberts, C. Valli, and J. Haass. “POStCODE Middleware for Post-market Surveillance of Medical Devices for Cyber Security in Medical and Healthcare Sector in Australia.” Conference: 2018 12th International Symposium on Medical Information and Communication Technology (ISMICT). Sydney, NSW, Australia.
  • Chen, Y., S. Ding, Z. Xu, H. Zheng, and S. Yang. “Blockchain-Based Medical Records Secure Storage and Medical Service Framework.” Journal Medical Systems 43, no. 5 (2019). doi:10.1007/s10916-018-1121-4.
  • Cilliers, L. “Wearable Devices in Healthcare: Privacy and Information Security Issues.” Health Information Management Journal ( Online Access 2019): 1–7. https://doi.org/10.1177/1833358319851684.
  • Connory, M. 2019 “Annual Report.” State of Cyber Security. Security in Depth. https://securityindepth.com.au/
  • Coventry, L., and D. Branley. “Cybersecurity in Healthcare: A Narrative Review of Trends, Threats and Ways Forward.” Maturitas 113 (2018): 48–52. doi:10.1016/j.maturitas.2018.04.008.
  • Dameff, C. J., J. A. Selzer, J. Fisher, J. P. Killeen, and J. L. Tully. “Clinical Cybersecurity Training Through Novel High-Fidelity Simulations.” Journal of Emergency Medicine 56, no.2 ( 0736-4679 2019): 233–238. doi:10.1016/j.jemermed.2018.10.029.
  • Department of Health. Framework to guide the secondary use of My Health Record system data. 2018. “Australian Government.” May. https://www1.health.gov.au/internet/main/publishing.nsf/Content/F98C37D22E65A79BCA2582820006F1CF/$File/MHR_2nd_Use_Framework_2018_ACC_AW3.pdf
  • Department of Industry. “NSW Cyber Security Industry Development Strategy 2018.” NSW Government.
  • Dogaru, D. I., and I. Dumitrache. “Cyber Security in Healthcare Networks.” Conference Proceedings of the 6th IEEE International Conference on E-Health and Bioengineering - EHB 2017, June 22-24. 978-1-5386-0358-1/17/
  • Dubovitskaya, A., Z. Xu, S. Ryu, M. Schumacher, and F. Wang. “Secure and Trustable Electronic Medical Records Sharing Using Blockchain.” Proceedings - Annual Symposium proceedings. AMIA Symposium. 2017, p.650–659. New York, United States.
  • Esposito, C., A. De Santis, G. Tortora, H. Chang, and -K.-K. R. Choo. “Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy?” IEEE Cloud Computing 5, Jan/Feb (2018): 31–37. doi:10.1109/MCC.2018.011791712.
  • Farrell, P. 2017. “Medicare Machine – Patient Details of Any Australian for Sale on Darknet”. The Guardian, July 04. https://www.theguardian.com/australia-news/2017/jul/04/the-medicare-machine-patient-details-of-any-australian-for-sale-on-darknet/
  • Farringer, D. “Cybersecurity Report Identifies Unique Challenges to Tackling Cybersecurity in Health Care.” J. Health & Life Sci. L 11, no. 1 (2017): 117.
  • Fernandez-Aleman, J. L., A. Sanchez-Henarejos, A. Toval, A. B. Sanchez-Garcia, I. Hernandez-Hernandez, and L. Fernandez-Luque. Analysis of health professional security behaviors in a real clinical setting: An empirical study.   International Journal of Medical Informatics. 84 (2015): 454–467.
  • Firdaus, A., N. B. Anuar, M. F. A. Razak, I. A. B. Hashem, S. Bachok, and A. K. Sangaiah. “Root Exploit Detection and Features Optimization: Mobile Device and Blockchain Based Medical Data Management.” Journal of Medical Systems 42 (2018): 112. doi:10.1007/s10916-018-0966-x.
  • Flaumenhaft, Y., and O. Ben-Assuli. “Personal Health Records, Global Policy and Regulation Review.” Health Policy 122, no. 8 (2018): 815–826. doi:10.1016/j.healthpol.2018.05.002.
  • Food and Drug Administration (FDA). https://www.fda.gov/medical-devices
  • Forcepoint Whitepaper. 2018. “Life Support: Eliminating Data Breaches in the Healthcare Sector.” https://www.forcepoint.com//whitepapers/
  • Gardiyawasam Pussewalage, H. S., and V. A. Oleshchuk. “Privacy Preserving Mechanisms for Enforcing Security and Privacy Requirements in E-health Solutions.” International Journal of Information Management 36 (2016): 1161–1173. doi:10.1016/j.ijinfomgt.2016.07.006.
  • Garetty, K., I. McLoughlin, A. Dalley, R. Wilson, and P. Yue. “National Electronic Health Record Systems as Wicked Projects the Australian Experience.” Information Polity 21 (2016): 367–381. doi:10.3233/IP-160389.
  • Gaynor, M., G. Omer, and J. S. Turner. “Teaching EHRs Security with Simulation for Non-technical Healthcare Managers.” Journal of Healthcare Protection Management 32, no. 1 (2016): 84–97.
  • General Data Protection Rule. 2018. https://gdpr-info.eu/
  • Global Digital Health Partnership. 2018. “Securing Digital Health.” https://www.gdhp.org/media-hub/news_feed/gdhp-reports
  • Gordon, W. J., A. Fairhall, and A. Landman. “Threats to Information Security — Public Health Implications.” The New England Journal of Medicine 377, no. 8 (2017): 707–709. doi:10.1056/NEJMp1707212.
  • Gordon, W. J., A. Wright, R. J. Glynn, J. Kadakia, C. Mazzone, E. Leinbach, and A. Landman. “Evaluation of a Mandatory Phishing Training Program for High-risk Employees at a US Healthcare System.” Journal of the American Medical Informatics Association 26, no. 6 (2019): 547–552. doi:10.1093/jamia/ocz005.
  • Grundy, Q., L. Parker, M. Raven, D. Gillies, B. Mintzes, J. Jureidini, and L. Bero. Finding Peace of Mind: Navigating the Marketplace of Mental Health Apps. Sydney: Australian Communications Consumer Action Network, 2017.
  • “Health Informatics Society Australia.” Healthcare-Cybersecurity-Report, June-2018.
  • HIPAA Omnibus Rule. 2013. “Summary.” http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php
  • HIPAA Privacy Rule 1996.
  • Holdsworth, J., W. B. Glisson, and K. K. Choo. “Medical Device Vulnerability Mitigation Effort Gap Analysis Taxonomy.” Smart Health 12 (2017): 82–98. doi:10.1016/j.smhl.2017.12.001.
  • Houston, C., and A. Colangelo. 2019. “Crime Syndicate Hacks 15,000 Medical Files at Cabrini Hospital Demands Ransom”. The Age, February 22. Accessed July 30, 2019. https://www.theage.com.au/national/victoria/crime-syndicate-hacks-15-000-medical-files-at-cabrini-hospital-demands-ransom-20190220-p50z3c.html
  • Huckvale, K., J. T. Prieto, M. Tilney, P.-J. Benghozi, and J. Car. “Unaddressed Privacy Risks in Accredited Health and Wellness Apps: A Cross-sectional Systematic Assessment.” BMC Medicine (2015) 13:214. doi:10.1186/s12916-015-0444-y.
  • Information and Privacy Commission NSW. https://www.ipc.nsw.gov.au/data-breach-guidance
  • Information and Privacy Commission NSW. Accessed July 27, 2019. https://www.ipc.nsw.gov.au/privacy/voluntary-data-breach-notification/
  • Institute for Critical Infrastructure Technology (ICIT). 2016. Industry Brief: Hacking Healthcare. https://icitech.org/wp-content/uploads/2016/01/ICIT-Brief-Hacking-Healthcare-IT-in-2016.pdf
  • IT News. 2015. “Hack linked to attack on US insurer Anthem.” June 22. https://www.itnews.com.au/news/opm-hack-linked-to-attack-on-us-insurer-anthem-405514
  • Jalali, M. S., and J. P. Kaiser. “Cybersecurity in Hospitals: A Systematic, Organizational Perspective.” J Med Internet Res 20, no. 5, May (2018): e10059. doi:10.2196/10059.
  • Jalali, M. S., M. Siegel, and S. Madnick. “Decision-making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment.” Journal of Strategic Information Systems 28 (2019): 66–82. doi:10.1016/j.jsis.2018.09.003.
  • Jayaratne, M., D. Nallaperuma, D. De Silva, D. Alahakoon, B. Devitt, K. E. Webster, and N. Chilamkurti. “A Data Integration Platform for Patient-centered E-healthcare and Clinical Decision Support.” Future Generation Computer Systems 92 (2019): 996–1008. doi:10.1016/j.future.2018.07.061.
  • Kamel Boulos, M., D. Giustini, and S. Wheeler. “Instagram and WhatsApp in Health and Healthcare: An Overview.” Future Internet 8, no. 37 (2016): 37. doi:10.3390/fi8030037.
  • Khan, S. I., and A. S. L. Hoque. “Digital Health Data: A Comprehensive Review of Privacy and Security Risks and Some Recommendations.” Computer Science Journal of Moldova 24, no. 71 (2016): 2.
  • King, Z. M., D. S. Henshel, L. Flora, M. G. Cains, B. Hoffman, Blaine, and C. Sample. “Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment.” Frontiers in Psychology 9, no. 39 (2018): p1–19.
  • Klas-CHIME. 2019. “Whitepaper: How Aligned are Provider Organizations with the Health Industry Cybersecurity Practices (HICP) Guidelines?” KLAS Research and College of Healthcare Information Management Executives (CHIME). www.klasresearch.com/reports
  • Kruse, C. S., B. Frederick, T. Jacobson, and D. K. Monticone. “Cybersecurity in Healthcare: A Systematic Review of Modern Threats and Trends.” Technology and Health Care 25 (2017): 1–10. doi:10.3233/THC-161263.
  • Kruse, C. S., B. Smith, H. Vanderlinden, and A. Nealand. “Security Techniques for the Electronic Health Records.” J Med Syst 41 (2017): 127. doi:10.1007/s10916-017-0778-4.
  • Lee, J. K., S. Y. Moon, and J. H. Park. “CloudRPS: A Cloud Analysis Based Enhanced Ransomware Prevention System.” The Journal of Supercomputing 73, no. 7 (2016): 3065–3084. doi:10.1007/s11227-016-1825-5.
  • MacIntyre, C. R., T. E. Engells, M. Scotch, D. J. Heslop, A. B. Gumel, G. Poste, X. Chen, et al. “Converging and Emerging Threats to Health Security.” Environment and System Decisions 38, no. 2 (2018): 198–207. doi:10.1007/s10669-017-9667-0.
  • Magnus, R. 2019. “Public Report of the Committee of Inquiry (COI) into the Cyber Attack on SingHealth.” January 10. https://www.mci.gov.sg/coireport
  • Martin, G., P. Martin, C. Hankin, A. Darzi, and J. Kinross. “Cybersecurity and Healthcare: How Safe are We?” BMJ (Online) 358 (2017): j3179. doi:10.1136/bmj.3179.
  • McSweeney, K. “Motivating Cybersecurity Compliance in Critical Infrastructure Industries: A Grounded Theory Study.” Dissertation Abstracts International Section A: Humanities and Social Sciences, 79. Dissertation Thesis. Capella University, January 2018
  • Mendelson, D. “The European Union General Data Protection Regulation (Eu 2016/679) and the Australian My Health Record Scheme – A Comparative Study of Consent to Data Processing Provisions.” Journal of Law and Medicine 26 (2018): 23–38.
  • Mense, A., A. Steger, M. Sulek, D. Jukic-Sunaric, and A. Meszaros. “Analyzing Privacy Risks of mHealth Applications.” Studies in Health Technology & Informatics 221 (2016): 41–45.
  • Minion, L. “MHR Security Concerns Persist - ADHA Issues Amended Contracts for Third Party Apps”. Healthcare IT News. Accessed July 26 2019. https://www.healthcareit.com.au/article/my-health-record-security-concerns-persist-adha-issues-amended-contracts-third-party-apps
  • Minion, L. 2018. “Leaked ADHA Document Gives inside Look at My Health Record Challenges”. Healthcare IT News, August. https://www.healthcareit.com.au/article/exclusive-leaked-adha-document-gives-inside-look-my-health-record-challenges
  • Morris, C., R. E. Scott, and M. Mars. “Security and Other Ethical Concerns of Instant Messaging in Healthcare.” Studies in Health Technology & Informatics 254 (2018): 77–85. doi:10.3233/978-1-61499-914-0-77.
  • My Health Record Statistics. 2019, July 28. Accessed August 12, 2019. www.myhealthrecord.gov.au
  • My Health Records Act 2012, No. 63. https://www.legislation.gov.au/Details/C2017C00313
  • National Audit Office Report. Investigation: WannaCry Cyber Attack and the NHS. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf (2017).
  • National Institute of Standards and Technology (NIST) Framework. https://www.nist.gov/cyberframework
  • Natsiavas, P., J. Rasmussen, M. Voss-Knude, K. Votis, L. Coppolino, P. Campegiani, I. Cano, et al. “Comprehensive User Requirements Engineering Methodology for Secure and Interoperable Health Data Exchange.” BMC Medical Informatics & Decision Making 18, no. 85 (2018). doi:10.1186/s12911-018-0664-0.
  • Nippon Telegraph and Telephone (NTT) Security. 2019. “Global Threat Intelligence Report.” https://www.nttsecurity.com/landing-pages/2019-gtir
  • NSW Dept of Industry. 2018. “NSW-cyber-security-industry-development-strategy.”
  • O’Dowd, and A. O’Dowd. “NHS Patient Data Security Is to Be Tightened after Cyberattack.” BMJ 358 (2017): j3412. doi:10.1136/bmj.j3412.
  • O’Sullivan, D. M., E. O’Sullivan, M. O’Connor, D. Lyons, and J. McManus. “WhatsApp Doc?” BMJ Innovations 3 (2017): 238–239. doi:10.1136/bmjinnov-2017-000239.
  • Office of the Australian Information Commissioner. My Health Record Privacy. (July 19, 2019). https://www.oaic.gov.au/privacy/other-legislation/my-health-record/
  • Ogunlana, S. O. “Countering Expansion and Organization of Terrorism in Cyberspace.” Dissertation Abstracts International: Section B: The Sciences and Engineering 80 (2019): 3-B(E).
  • Papoutsi, C., J. E. Reed, C. Marston, R. Lewis, A. Majeed, and D. Bell. “Patient and Public Views about the Security and Privacy of Electronic Health Records (Ehrs) in the UK: Results from a Mixed Methods Study.” BMC Medical Informatics & Decision Making 15, no. 86 (2015). doi:10.1186/s12911-015-0202-2.
  • Park, Y. R., E. Lee, W. Na, S. Park, Y. Lee, and J.-H. Lee. “Is Blockchain Technology Suitable for Managing Personal Health Records? Mixed-Methods Study to Test Feasibility.” Journal Med Internet Research 21, no. 2 (2019): e12533. doi:10.2196/12533.
  • Parker, L., V. Halter, T. Karliychuk, and Q. Grundy. “How Private Is Your Mental Health App Data? an Empirical Study of Mental Health App Privacy Policies and Practices.” International Journal of Law & Psychiatry 64 (2019): 198–204. doi:10.1016/j.ijlp.2019.04.002.
  • Perakslis, E., and R. M. Califf. “Employ Cybersecurity Techniques against the Threat of Medical Misinformation.” JAMA. 322: 207. Published online June 14, 2019. https://jamanetwork.com/
  • Phillips, M., E. S. Dove, and B. M. Knoppers. “Criminal Prohibition of Wrongful Re-Identification: Legal Solution or Minefield for Big-Data?” Bioethical Inquiry 14 (2017): 527–539. doi:10.1007/s11673-017-9806-9.
  • PHIPA http://www.health.gov.on.ca/english/providers/project/priv_legislation/phipa_pipeda_qa.html
  • Pinskier, N. “Royal Australian College of General Practitioners; Cited by Whigham, N.” https://www.news.com.au/technology/online/hacking/health-sector-tops-the-list-as-australians-hit-by-300-data-breaches-since-february/news-story/5e95c47694418ad072bf34d872e22124
  • PIPEDA http://www.health.gov.on.ca/english/providers/project/priv_legislation/phipa_pipeda_qa.html
  • Ponemon Institute. Cost of a Data Breach Report. 2019. IBM Security. https://www.ibm.com/security/data-breach/2019
  • Pratt, M. “How Cyberattacks Can Impact Physicians.” Medical Economics 93, no. 12 (June, 2016): 43–47.
  • Privacy Amendment (Notifiable Data Breaches) Act 2017, No. 12. https://www.legislation.gov.au/Details/C2017A00012
  • Pullin, D. W. “Cybersecurity: Positive Changes through Processes and Team Culture.” Frontiers of Health Services Management 35, no. 1 (2018): 3–12. doi:10.1097/HAP.0000000000000038.
  • Raber, I., C. P. McCarthy, and R. W. Yeh. “Health Insurance and Mobile Health Devices: Opportunities and Concerns.” Journal of the American Medical Association 321, no. 18 (2019): 1767–1768. doi:10.1001/jama.2019.3353.
  • Raisaro, J. L., P. J. McLaren, J. Fellay, M. Cavassini, C. Klersy, and J.-P. Hubaux. “Are Privacy-enhancing Technologies for Genomic Data Ready for the Clinic? A Survey of Medical Experts of the Swiss HIV Cohort Study.” Journal of Biomedical Informatics 79 (2018): 1–6. doi:10.1016/j.jbi.2017.12.013.
  • Rajamäki, J., J. Nevmerzhitskaya, and C. Virág. “Cybersecurity Education and Training in Hospitals: Proactive Resilience Educational Framework (Prosilience EF).” Proceedings - IEEE Global Engineering Education Conference (EDUCON), 17-20 April 2018, p.2042–2046. doi:10.1109/EDUCON.2018.8363488
  • Raths, D. “What to Do if a Breach Happens to You.” Behavioral Healthcare V0l.36, no. 2 (2016): 45–46.
  • Reagin, M. J., and M. V. Gentry. “Enterprise Cybersecurity: Building a Successful Defense Program.” American College of Healthcare Executives Journal 35, no. 1 (2018): 13–22.
  • Rocher, L., . L., J. M. Hendrickx, and Y. de Montjoye. “Estimating the Success of Re-identifications in Incomplete Datasets Using Generative Models.” Nature Communications 10, no. 1 (2019). doi:10.1038/s41467-019-10933-3.
  • Ropp, R., and B. Quammen. “Protecting Health Data in a Troubling Time. Understand Who and What You’re up Against.” Health Management Technology 36, no. 7 (2015): 14–15.
  • Rosenfeld, L., J. Torous, and I. V. Vahia. “Data Security and Privacy in Apps for Dementia: An Analysis of Existing Privacy Policies.” American Journal Geriatric Psychiatry 25, no. 8 (2017): 873–877. doi:10.1016/j.jagp.2017.04.009.
  • Rubenfire, A. “The Nightmare Scenario: Dialing Devices to Deadly.” Modern Healthcare 47 (2017): 4.
  • Rumbold, J. M. M., and B. Pierscionek. “The Effect of the General Data Protection Regulation on Medical Research.” Journal of Medical Internet Research 19, no. 2 (2017): e47. doi:10.2196/jmir.7108.
  • Safavi, S., A. M. Meer, E. K. J. Melanie, and Z. Shakur. “Cyber Vulnerabilities on Smart Healthcare, Review and Solutions.” Online Proceedings Cyber Resilience Conference (CRC). 2018 November 15- 18. doi:10.1109/CR.2018.8626826
  • Sahi, A., D. Lai, and Y. Li. “Security and Privacy Preserving Approaches in the eHealth Clouds with Disaster Recovery Plan.” Computers in Biology and Medicine 78 (2016): 1–8. doi:10.1016/j.compbiomed.2016.09.003.
  • Sajid, A., and H. Abbas. “Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges.” Journal of Medical Systems 40, no. 155 (2016). doi:10.1007/s10916-016-0509-2.
  • Saleem, K., K. Zeb, A. Derhab, H. Abbas, J. Al-Muhtadi, M. A. Orgun, and Gawanmeh. “Survey on Cybersecurity Issues in Wireless Mesh Networks Based eHealthcare.” Proceedings - 18th IEEE International Conference on e-Health Networking, Applications and Services, Healthcom, September 14-16, 2016. DOI: 10.1109/HealthCom.2016.7749423
  • Schwartz, S., A. Ross, S. Carmody, P. Chase, S. C. Coley, J. Connolly, C. Petrozzino, and M. Zuk. “The Evolving State of Medical Device Cybersecurity.” Biomedical Instrumentation and Technology 52, no. 2 (2018): 103–110. doi:10.2345/0899-8205-52.2.103.
  • Scott, R. E. “WhatsApp in Clinical Practice: A Literature Review.” Studies in Health Technology and Informatics 231 (2016): p 82–90. http://ovidsp.ovid.com/ovidweb.cgi?T=JS&CSC=Y&NEWS=N&PAGE=fulltext&D=emexa&AN=621263287.
  • Sedlack, D. J. “Understanding Cyber Security Perceptions Related to Information Risk in a Healthcare Setting.” Conference Proceedings: Cyber Security Strategy in Healthcare. Twenty-second Americas Conference on Information Systems, San Diego, California, USA, 2016.
  • Shah, R. “Protecting Australian Critical National Infrastructure in an Era of IT and OT Convergence.” Policy Brief Report No. 18/2019.
  • Shenoy, A., and J. M. Appel. “Safeguarding Confidentiality in Electronic Health Records.” Cambridge Quarterly of Healthcare Ethics 26, no. 2 (2017): 337–341. doi:10.1017/S0963180116000931.
  • Sher, M. L., P. C. Talley, C.-W. Yang, and K.-M. Kuo. “Compliance with Electronic Medical Records Privacy Policy: An Empirical Investigation of Hospital Information Technology Staff.” INQUIRY: The Journal of Health Care Organization, Provision, and Financing 54 (2017): 1–12.
  • Siddique, M., M. A. Mirza, M. Ahmad, J. Chaudhry, and R. Islam. “A Survey of Big Data Security Solutions in Healthcare.” 14th International EAI Conference on Security and Privacy in Communication Networks, (SecureComm) August 8-10, 2018. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, 255, p.391–406. Doi: 10.1007/978-3-030-01704-0_21
  • Sittig, D. F., and H. Singh. “A Socio-technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks.” Appl Clin Inform 7 (2016): 624–632. doi:10.4338/ACI-2016-04-SOA-0064.
  • Small, S., D. Peddie, C. Ackerley, C. M. Hohl, and E. Balka. “Patient Perceptions about Data Sharing & Privacy: Insights from Action.” In Context Sensitive Health Informatics: Redesigning Healthcare Work, C. Nøhr, C.E. Kuziemsky, Z.S.-Y. Wong  edited by. 2017, p.109–116. IOS Press: Amsterdam, Netherlands.
  • Smigielski, R. “Hardening Infusion Pump Communication Software for Medical Device Cybersecurity.” Biomedical Instrumentation & Technology (2017): 46–50. https://search.proquest.com/docview/1967813395?accountid=12763.
  • Smith, F. L. “Malware and Disease: Lessons from Cyber Intelligence for Public Health Surveillance.” Health Security 14, no. 5 (2016): 305–314. doi:10.1089/hs.2015.0077.
  • Spence, N., N. Niharika Bhardwaj, D. P. Paul III, and A. Coustasse. “Ransomware in Healthcare Facilities: A Harbinger of the Future?” Perspectives in Health Information Management, Summer (2018): 1–22.
  • Stahl, B. C., N. F. Doherty, M. Shaw, and H. Janicke. “Critical Theory as an Approach to the Ethics of Information Security.” Science and Engineering Ethics 20, no. 3 (2014): 675–699. doi:10.1007/s11948-013-9496-6.
  • Stern, G. “A Life Cycle Approach to Medical Device Cybersecurity.” Biomedical Instrumentation and Technology 52, no. 6 (2018): 464–466. doi:10.2345/0899-8205-52.6.464.
  • Taylor, M. “An SOS on Cybersecurity: To Protect Patient Data, Hospitals Beef up Risk Management Programs. Hello, Chief Security Officers and ‘White Hat Hackers’.” Hospitals & Health Networks 89, no. 2 (2015): 36–38.
  • Terry, K. “HIPAA BREACH. Secure Data & Prevent Fines.” Medical Economics 92, no. 14 (2015): 26–32.
  • Thakkar, V., and K. Gordon. “Privacy and Policy Implications for Big Data and Health Information Technology for Patients: A Historical and Legal Analysis.” Studies in Health Technology & Informatics 257 (2019): 413–417. doi:10.3233/978-1-61499-951-5-413.
  • Thamilarasu, G., and C. Lakin. “A Security Framework for Mobile Health Applications. Proceedings −5th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW)”. 2017, p.221–226. DOI 10.1109/W-FiCloud.2017.35
  • UK Data Protection Act 2018 ico.org.uk. 2018-07-20
  • Upendra, P., P. Prasad, G. Jones, and H. Fortune. “Operationalizing Medical Device Cybersecurity at a Tertiary Care Medical Center.” Biomedical Instrumentation & Technology 49, no. 4 (2019): 251–258. doi:10.2345/0899-8205-49.4.251.
  • “Verizon 2019 Data Breach Investigations Report.” Verizon Enterprise Solutions. https://enterprise.verizon.com/resources/reports/dbir/
  • The Victorian Auditor General, Andrew Greaves. https://www.theguardian.com/australia-news/2019/may/29/victorias-patient-data-vulnerable-to-cyber-attacks-says-audit/.
  • Victorian Auditor General’s Office. 2019. “Independent Assurance Report to Parliament 2018–19.” May 23.
  • Walker-Roberts, S., M. Hammoudeh, and A. Dehghantanha. “A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure, 2018.” IEEE Access. doi:10.1109/ACCESS.2018.2817560i.
  • Wang, S., R. Gao, and Y. Zhang. “Searchable and Revocable Multi-data Owner Attribute-based Encryption Scheme with Hidden Policy in Cloud Storage.” PLoS ONE [Electronic Resource] 13, no.11 ( pone 2018): 0206126. doi:10.1371/journal.
  • Wang, X., and Z. Zhang. “Data Division Scheme Based on Homomorphic Encryption in WSNs for Health Care Wireless Sensor Networks.” Journal of Medical Systems 39, no. 12 (2015): 1–7. doi:10.1007/s10916-015-0340-1.
  • Wickham, M. H. “Exploring Data Breaches and Means to Mitigate Future Occurrences in Healthcare Institutions: A Content Analysis.” Dissertation Northcentral University, San Diego, School of Business and Technology Management, April 2019.
  • Wilson, K., and L. Khansa. “Migrating to Electronic Health Record Systems: A Comparative Study between the United States and the United Kingdom.” Health Policy 122, no. 11 (2018): 1232–1239. doi:10.1016/j.healthpol.2018.08.013.
  • Wirth, A. “Cyberinsights. Hardly Ever a Dull Moment: The Ongoing Cyberthreats of 2017.” Biomedical Instrumentation & Technology 51, no. 5 (2017): 431–443. doi:10.2345/0899-8205-51.5.431.
  • Wirth, A. “Cyberinsights. The Times They are a-Changin’: Part One.” Biomedical Instrumentation & Technology 52, no. 2 (2018): 148–152.
  • Woodruff, T. 2018. “Fixing My Health Record Will Take More than Hunt’s Promises”. Crikey INQ, August 02. https://www.crikey.com.au/2018/08/02/fixing-my-health-record-will-take-more-than-hunts-promises/
  • Wright, A., S. Aaron, and D. W. Bates. “The Big Phish: Cyberattacks Against U.S. Healthcare Systems.” Journal of General Internal Medicine 31, no. 10 (2016): 1115–1118. doi:10.1007/s11606-016-3741-z.
  • Yaraghi, N. I., and R. A. Gopal. “The Role of HIPAA Omnibus Rules in Reducing the Frequency of Medical Data Breaches: Insights from an Empirical Study.” Milbank Quarterly 96 (2018): 144–166. doi:10.1111/1468-0009.12314.
  • Yasnoff, W. A. “Breach Risk Magnitude: A Quantitative Measure of Database Security.” AMIA 2016 Annual Symposium Proceedings/AMIA Symposium, 2017, (2016): p. 1258–1263.
  • Zafar, H. “Cybersecurity: Role of Behavioral Training in Healthcare.” Proceedings - 22nd Americas Conference on Information Systems: Surfing the IT Innovation Wave, AMCIS 2016, August 11-14. San Diego, California, USA.
  • Zaidan, B. B., A. Haiqi, A. A. Zaidan, M. Abdulnabi, M. L. Kiah, and H. Muzamel. “A Security Framework for Nationwide Health Information Exchange Based on Telehealth Strategy.” Journal of Medical Systems 39 (2015): 5. doi:10.1007/s10916-015-0235-1.
  • Zeb, K., K. Saleem, J. Al Muhtadi, and C. Theummeler. “U-prove Based Security Framework for Mobile Device Authentication in eHealth Networks.” 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom). DOI: 10.1109/HealthCom.2016.7749518
  • Zhang, R., R. Xue, and L. Liu. “Searchable Encryption for Healthcare Clouds: A Survey.” IEEE Transactions on Services Computing 11, no. 6 (2018): 978–996. doi:10.1109/TSC.2017.2762296.
  • Zheng, G., G. Zhang, W. Yang, C. Valli, R. Shankaran, and M. A. OrguA. “From WannaCry to WannaDie: Security Trade-offs and Design for Implantable Medical Devices.” Proceedings - 17th International Symposium on Communications and Information Technologies (ISCIT), September 25-27, 2017. DOI: 10.1109/ISCIT.2017.8261228
  • Zhou, L., V. Varadharajan, and K. Gopinath. “A Secure Role-Based Cloud Storage System for Encrypted Patient-Centric Health Records.” Computer Society Journal 59, no. 11 (2016): 1159–1611.
  • Zhou, W., Y. Jia, A. Peng, Y. Zhang, and P. Liu. “The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges yet to Be Solved.” IEEE Internet of Things Journal 6, no. 2 (2019): 1606–1616. doi:10.1109/JIOT.2018.2847733.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.