Institute of Global Health, Faculty of Medicine, University of Geneva, Campus Biotech, Chemin des Mines 9, 1202, Geneva, Switzerland.
BMC Med Inform Decis Mak. 2019 Jan 11;19(1):10. doi: 10.1186/s12911-018-0724-5.
The health sector has quickly become a target for cyberattacks. Hospitals are especially sensitive to these sorts of attacks as any disruption in operations or even disclosure of patient personal information can have far-reaching consequences. The objective of this study was to map the available literature on cyberattacks on hospitals and to identify the different domains of research, while extracting the recommendations and guidelines put forth in the literature.
Four databases (PubMed, Web of Science, ProQuest, and Scopus) were searched using standardized and adapted search syntax in order to identify relevant manuscripts published between 1997 and 2017. These were screened by two reviewers and included or excluded based on inclusion and exclusion criteria. Data from articles were then extracted and analyzed.
The search identified 818 records of which 97 were included. Of the 97, 32% were published in 2017 while around 40% of the articles were published prior to the last three years. Six domains of research emerged through the analysis, which are included here: context and trends in cybersecurity (27.8%), connected medical devices and equipment (29.9%), hospital information systems (14.4%), raising awareness and lessons learned (6.2%), information security methodology (15.4%), and specific types of attacks (6.2%).
There is a generally growing interest in the research field, but the available literature remains limited in number. There are important aspects of cybersecurity (e.g. cloud storage and access management) as well as specific medical fields that rely on various medical devices that have been neglected. Recommendations are available, but comprehensive guidelines and standardized best practice measures are still necessary.
卫生部门已迅速成为网络攻击的目标。医院对这类攻击特别敏感,因为任何运营中断,甚至是患者个人信息的泄露都可能产生深远的影响。本研究的目的是绘制针对医院的网络攻击的相关文献,并确定不同的研究领域,同时提取文献中提出的建议和指南。
使用标准化和适应的搜索语法,在四个数据库(PubMed、Web of Science、ProQuest 和 Scopus)中进行搜索,以确定在 1997 年至 2017 年期间发表的相关文献。由两名评审员对这些文献进行筛选,并根据纳入和排除标准纳入或排除。然后提取和分析文章的数据。
搜索共确定了 818 条记录,其中 97 条被纳入。在这 97 篇文章中,32%发表于 2017 年,而大约 40%的文章发表于过去三年之前。通过分析得出了六个研究领域,包括:网络安全的背景和趋势(27.8%)、联网医疗设备和仪器(29.9%)、医院信息系统(14.4%)、提高意识和经验教训(6.2%)、信息安全方法(15.4%)和特定类型的攻击(6.2%)。
研究领域的兴趣普遍在增加,但现有文献的数量仍然有限。网络安全的一些重要方面(如云存储和访问管理)以及依赖各种医疗设备的特定医疗领域被忽视了。现已有建议,但全面的指南和标准化的最佳实践措施仍有必要。
