Wasserman Liat, Wasserman Yair
Independent Researcher, Philadelphia, PA, United States.
Independent Researcher, Boston, MA, United States.
Front Digit Health. 2022 Aug 11;4:862221. doi: 10.3389/fdgth.2022.862221. eCollection 2022.
Healthcare is facing a growing threat of cyberattacks. Myriad data sources illustrate the same trends that healthcare is one of the industries with the highest risk of cyber infiltration and is seeing a surge in security incidents within just a few years. The circumstances thus begged the question: are US hospitals prepared for the risks that accompany clinical medicine in cyberspace?
The study aimed to identify the major topics and concerns present in today's hospital cybersecurity field, intended for non-cyber professionals working in hospital settings.
structured literature searches of the National Institutes of Health's and Tel Aviv University's databases, 35 journal articles were identified to form the core of the study. Databases were chosen for accessibility and academic rigor. Eighty-seven additional sources were examined to supplement the findings.
The review revealed a basic landscape of hospital cybersecurity, including primary reasons hospitals are frequent targets, top attack methods, and consequences hospitals face following attacks. Cyber technologies common in healthcare and their risks were examined, including medical devices, telemedicine software, and electronic data. By infiltrating any of these components of clinical care, attackers can access mounds of information and manipulate, steal, ransom, or otherwise compromise the records, or can use the access to catapult themselves to deeper parts of a hospital's network. Issues that can increase healthcare cyber risks, like interoperability and constant accessibility, were also identified. Finally, strategies that hospitals tend to employ to combat these risks, including technical, financial, and regulatory, were explored and found to be weak. There exist serious vulnerabilities within hospitals' technologies that many hospitals presently fail to address. The COVID-19 pandemic was used to further illustrate this issue.
Comparison of the risks, strategies, and gaps revealed that many US hospitals are unprepared for cyberattacks. Efforts are largely misdirected, with external-often governmental-efforts negligible. Policy changes, e.g., training employees in cyber protocols, adding advanced technical protections, and collaborating with several experts, are necessary. Overall, hospitals must recognize that, in cyber incidents, the real victims are the patients. They are at risk physically and digitally when medical devices or treatments are compromised.
医疗保健行业正面临日益严重的网络攻击威胁。大量数据来源表明了相同的趋势,即医疗保健是网络渗透风险最高的行业之一,并且在短短几年内安全事件激增。因此,情况引发了一个问题:美国医院是否为网络空间中临床医学所伴随的风险做好了准备?
该研究旨在确定当今医院网络安全领域存在的主要主题和问题,面向在医院环境中工作的非网络专业人员。
对美国国立卫生研究院和特拉维夫大学的数据库进行结构化文献检索,确定了35篇期刊文章作为研究的核心。选择这些数据库是为了便于访问和保证学术严谨性。另外还审查了87个来源以补充研究结果。
该综述揭示了医院网络安全的基本概况,包括医院成为频繁目标的主要原因、顶级攻击方法以及医院在遭受攻击后面临的后果。研究了医疗保健领域常见的网络技术及其风险,包括医疗设备、远程医疗软件和电子数据。通过渗透临床护理的任何这些组件,攻击者可以获取大量信息并操纵、窃取、索要赎金或以其他方式损害记录,或者利用访问权限深入医院网络的更深处。还确定了可能增加医疗保健网络风险的问题,如互操作性和持续可访问性。最后,探讨了医院倾向于采用的应对这些风险的策略,包括技术、财务和监管方面的策略,发现这些策略很薄弱。医院技术中存在严重漏洞,许多医院目前未能解决。以新冠疫情为例进一步说明了这个问题。
对风险、策略和差距的比较表明,许多美国医院对网络攻击没有做好准备。努力方向大多有误,外部(通常是政府)的努力微不足道。政策变革是必要的,例如对员工进行网络协议培训、增加先进的技术保护措施以及与多位专家合作。总体而言,医院必须认识到,在网络事件中,真正的受害者是患者。当医疗设备或治疗受到损害时,他们在身体和数字方面都面临风险。
