School of Computer Science, University of Nottingham, Nottingham, United Kingdom.
School of Computer Science and Informatics, De Montfort University, Leicester, United Kingdom.
J Med Internet Res. 2021 Apr 20;23(4):e21747. doi: 10.2196/21747.
COVID-19 has challenged the resilience of the health care information system, which has affected our ability to achieve the global goal of health and well-being. The pandemic has resulted in a number of recent cyberattacks on hospitals, pharmaceutical companies, the US Department of Health and Human Services, the World Health Organization and its partners, and others.
The aim of this review was to identify key cybersecurity challenges, solutions adapted by the health sector, and areas of improvement needed to counteract the recent increases in cyberattacks (eg, phishing campaigns and ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people introduced through changes to working practices in response to the COVID-19 pandemic.
A scoping review was conducted by searching two major scientific databases (PubMed and Scopus) using the search formula "(covid OR healthcare) AND cybersecurity." Reports, news articles, and industry white papers were also included if they were related directly to previously published works, or if they were the only available sources at the time of writing. Only articles in English published in the last decade were included (ie, 2011-2020) in order to focus on current issues, challenges, and solutions.
We identified 9 main challenges in cybersecurity, 11 key solutions that health care organizations adapted to address these challenges, and 4 key areas that need to be strengthened in terms of cybersecurity capacity in the health sector. We also found that the most prominent and significant methods of cyberattacks that occurred during the pandemic were related to phishing, ransomware, distributed denial-of-service attacks, and malware.
This scoping review identified the most impactful methods of cyberattacks that targeted the health sector during the COVID-19 pandemic, as well as the challenges in cybersecurity, solutions, and areas in need of improvement. We provided useful insights to the health sector on cybersecurity issues during the COVID-19 pandemic as well as other epidemics or pandemics that may materialize in the future.
COVID-19 对医疗保健信息系统的弹性提出了挑战,这影响了我们实现全球健康和福祉目标的能力。大流行导致最近针对医院、制药公司、美国卫生与公众服务部、世界卫生组织及其合作伙伴以及其他机构的多次网络攻击。
本综述旨在确定关键的网络安全挑战、卫生部门采用的解决方案以及需要改进的领域,以应对最近网络攻击的增加(例如,网络钓鱼活动和勒索软件攻击),攻击者利用这些攻击来利用技术和人员的漏洞,这些漏洞是通过应对 COVID-19 大流行而改变工作实践引入的。
通过使用搜索公式“(covid 或 healthcare)AND cybersecurity”在两个主要科学数据库(PubMed 和 Scopus)中进行了范围界定审查。如果报告、新闻文章和行业白皮书与之前发表的作品直接相关,或者在撰写时是唯一可用的来源,则也将其包括在内。仅包括以英文发表的过去十年内的文章(即 2011-2020 年),以便重点关注当前的问题、挑战和解决方案。
我们确定了网络安全的 9 个主要挑战、医疗保健组织为解决这些挑战而采用的 11 个关键解决方案,以及医疗保健部门网络安全能力需要加强的 4 个关键领域。我们还发现,大流行期间发生的最突出和最重要的网络攻击方法与网络钓鱼、勒索软件、分布式拒绝服务攻击和恶意软件有关。
本范围界定综述确定了针对 COVID-19 大流行期间医疗保健部门的最具影响力的网络攻击方法,以及网络安全、解决方案和需要改进的领域面临的挑战。我们为医疗保健部门提供了在 COVID-19 大流行期间以及未来可能出现的其他流行病或大流行期间网络安全问题的有用见解。
