Cyber security issues affecting the electronic health records:
A case study of UK hospitals
Contents
CHAPTER 1: INTRODUCTION
In the digital era, the dependency on technology in the health sector has rapidly increased, which has led to the exposure of health data to cyber threats. This chapter introduces the impacts that cyberattacks have on patient and National Health Service hospital data. In expanding to technology that can be implemented to secure information in health facilities, this chapter introduces and addresses the study's background, problem statement, objectives, significance, breadth of the terms, the definition of used terms, and the section summary.
1.1 Background of the study
The health sector advancing its technologies would be significant in saving and enhancing lives and has the potential to enlarge. Technologies can be classified in different ranges from those that deliver medication and health monitoring, technology providing storage space for electronic health records (EHRs), other technology implanted within the human body, to remotely delivering care technologies (Tavares et al., 2017). Furthermore, in the internet era, patients' use of mobile devices continues to increase. These devices can be interconnected with telehealth into the IoT(Internet of Things) for coordinated disease care participation.
As medical care devices evolve daily, so does their interconnectedness. Although traditionally, technology is still being used, most healthcare centers have interlinked it with today's hospital network. Connecting health records to the hospital network has benefits such as remote monitoring, hospital system error reduction, automation, and efficiency. These benefits are changing patient treatments in hospitals. Further, interconnected health records outside the hospital environment give health professionals the advantage to monitor and regulate patients' records. For example, in the case of implanted devices, medical officers can control and adjust the devices without the patient visiting hospitals. Additionally, EHRs can boost patient care by ensuring their health record information is broadly accessible.
However, integrating system health records has introduced new cyber threat vulnerabilities. Therefore, the cybersecurity department is responsible for protecting computer networks and health records from malicious disruption or penetration. Kruse et al. (2017) concern on cybersecurity in healthcare is lack of sufficiency, which has brought a lack of confidentiality and data security (Solans Fernández et al., 2017) in the health record.
Prior to electronic health records, hospitals' data exposure has been the main concern of cybersecurity. However, the current linking of health records to hospital networks provides numerous possible gateways to reach records, such as remotely accessing records, accessing data unnoticed, accessing full information of patient health records, and other potential access. Although unauthorized access to health records could have resulted in revealing hundreds or thousands of patient health records, now that health records are electronic and accessible in different health networks, cyberattacks or breach to these networks could impact millions of people. For instance, Ghafur et al. (2019) revealed the WannaCry ransomware in May 2017, that encrypted data and files stored in hospitals network of 150 nations in 230,000 computer devices. This attack on the hospital network led to a weakening of the NHS in England, and major hospital systems were obstructed, blocking the staff member from retrieving data connected to patients (Ghafur et al., 2019). Therefore, Electronic Health Records are being exploited by cybercriminals. Furthermore, Kim Cohen (2021) revealed that health records breach is inside the health Centre facilities. To further demonstrate, celebrities' health record is the most targeted information by cyber attackers.
Conversely, linking health records electronically provides multiple cyber vulnerabilities that cyber criminals exploit. In the current world of fast advancing technology, hospitals and clinics are the most reported targets of cyber-attacks (Coventry & Branley, 2018). Attack breaches can arise from insider threats, malware, and hacking. Williams & Woodward (2015) define hacking as unlawful access to a hospital network to gain health records or cause disruption. Malware is any program developed to infiltrate devices without owners' consent, including ransomware and threats such as viruses (Aslan & Samet, 2020). While any issue created by staff, either by mistake or deliberate such as password misuse, losing personal computers or devices, responding to phishing, or erroneously setting security, is referred to as insider threats (Liu et al., 2018).
Further, the high rise of cyber-attack in the healthcare sector has drawn attention to cybersecurity. Therefore, with the discussion above on electronic health records and threats facing the technology, the research plans to implement a technology to secure or reduce cyber-attacks to access patient data and analyze factors that contribute to cyber-attacks and impact on patient NHS hospital data. Finally, the study validated the current established electronic health record model to mitigate these cyber-attacks.
1.2 Problem Statement
Electronic health records have developed among healthcare information technology (HIT), switching how the health industry operates. According to Kruse et al. (2018), electronic health records (EHR) are digital health forms of a patient data record, including personal information and treatment plans. Further, EHRs have improved health efficiency and improved positive patient visitation for check-ups (Kruse et al., 2018). As the technology advances and the use of electronic health records in hospitals continues to grow, the system attracts more cybercrimes. According to Monteith et al. (2021), cybercrime is a crime committed utilizing digital equipment like computers and the internet. The convergence of computers and communication in the IT business brings wonderful advancements. Numerous aspects of daily life have already been altered due to their presence. The day-to-day operations of healthcare facilities and a wide range of other businesses are mainly dependent on information technology. Significant advances in information technology have provided significant advantages to health.
Advance in technology has led to hospital adapting current electronic health record digital forms, which contribute to increased cyber security cases in healthcare. However, the high level of capability is accompanied by high levels of vulnerability. Criminals may now conduct crimes from their offices due to advances in hospital technology. The number of UK hospitals trying to adapt to the EHR and embrace the new technology increase daily. This has made cybercriminals bypass the hospitals network and access patients' information at ease.
According to the findings of this study, there is an issue with the ability to access patient data through the interlinked hospital's network remotely. According to Coventry & Branley (2018), traditionally, health care systems were not expected to be targeted by cybercriminals. Therefore, there were no precautions taken since it was not thought essential. Furthermore, at that time, no healthcare organization could offer cyber security, including today. As a result, healthcare networks lack robust firewalls that protect electronic health data from access by unauthorized parties. Further, linking medical records with the hospital network makes it easier to attack the network and access millions of information remotely.
In addition, the types of illegal conduct that may be committed using or against information systems are many. Some of them aren't new in content but rather the format they're presented. Others are whole new sorts of illegality. Increasingly, national governments are taking notice of the threat posed by digital crimes. Unfortunately, most nations throughout the globe have rules against this kind of crime that are unlikely to be enforced. To defend themselves against individuals who would steal, refuse access to, or destroy critical information, hospitals and the government must depend primarily on technological safeguards. On the other hand, the issue offers several remedies that have been examined in this research to lessen these difficulties.
Furthermore, there has been an issue with hospitals supporting cybersecurity departments, even though other institutions are investing their resources to secure their systems from cyberattacks. According to Sutton et al. (2020), hospitals aren't investing enough time and money to maintain their software and procedures up to date and safe. In addition, the shortage of cybersecurity expertise within the industry is exacerbated by a lack of technology and high costs for cybersecurity experts.
1.3 Objectives
The main focus of this study was to come up with an advanced electronic health record model for NHS hospitals in the UK
1.3.1 Specific Objectives
· To detect the developing cyber dangers and vulnerabilities in the health centers, in UK hospitals
· To showcase a technique that can be applied to safeguard patient data in UK hospitals' present electronic health records systems.
· To verify the current cyber risks' effect on patient and NHS hospital data.
1.4 Importance of the Study
The main goal of this study is to distinguish the patient data security, the nature, and characteristics of cyberattacks on the NHS hospital data in the United Kingdom. The study targeted assessing the present electronic health records system vulnerabilities that affect patient data and NHS hospital data in the United Kingdom. Also, the study focused on technology that can be implemented to secure patient data in the electronic health record. The study's use of technology aims to improve medical records and patient data storage on the present EHR by safeguarding it. This research was all done in an attempt to combat cybercrime in the healthcare setting. As a result, the study helps advance the field of academia. In spite of the ever-increasing expansion and dependence on healthcare systems and cyber security incidents, research concentrating on the same problem has not been adequately performed. Enhances the understanding of information security and identifies areas of knowledge gap for future study.
The study will implement more enhanced EHR using advanced technology regarding cyber security in the health sector, allowing managers of the security department and other stakeholders such as patients to know how best to deal with cyber security in healthcare.
1.5 Scope of the Study
Dr. Than Sein, WHO director SEARO's of evidence and information policy, conducted research on the health sector, which he describes as including "Community services, dispensaries and clinics, health facilities and maternity and nursing homes, health insurance, healthcare marketing, medicines, healthcare technology, health administration and much more." (Sein, 2000). Due to the vastness of the healthcare industry, this study can only look at facilities in the United Kingdom. The information acquired from the secondary data was utilized to determine the escalating cyber-attacks and vulnerabilities in the sector. As a result, secondary data is used in a mixed-methods study that includes qualitative and quantitative components. April 2022 was the month in which this study was conducted.
1.6 Definition of Terms
Breach - incidents of unauthorized access to computer data, applications, networks, or devices resulting from health records exposure (Gioulekas et al., 2022).
Cyber-attack - any attack on computer information systems, computer networks, infrastructures, or personal computer devices
Ransomware - Using encryption to hold a victim's data hostage is a sort of malware. As a result, files, databases, and applications containing critical data are no longer accessible to users and organizations.
Electronic Health Records (EHR) - health digital forms of the patient data record, including personal information and treatment plans (Kruse et al., 2018).
NHS - The National Health Service (NHS) is referred to as the NHS. There are government-funded health care services available to everyone in the country.
Cybersecurity - Cybersecurity is defending electronic systems and data from cyberattacks.
Cybercrime is a crime committed utilizing digital equipment like computers and the internet (Monteith et al., 2021).
1.7 Chapter Summary
The introduction section discusses the research
overview on cybercrime and background study of EHR. It also highlights the
research objective that the research aims to acquire and its importance. This
chapter further discusses how data is gathered in the research scope section.
References
Aslan, O., & Samet, R. (2020). A Comprehensive Review on Malware Detection Approaches. IEEE Access, 8, 6249-6271. https://doi.org/10.1109/access.2019.2963724
Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 113, 48-52. https://doi.org/10.1016/j.maturitas.2018.04.008
Ghafur, S., Grass, E., Jennings, N., & Darzi, A. (2019). The challenges of cybersecurity in health care: the UK National Health Service as a case study. The Lancet Digital Health, 1(1), e10-e12. https://doi.org/10.1016/s2589-7500(19)30005-6
Gioulekas, F., Stamatiadis, E., Tzikas, A., Gounaris, K., Georgiadou, A., & Michalitsi-Psarrou, A. et al. (2022). A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures. Healthcare, 10(2), 327. https://doi.org/10.3390/healthcare10020327
Kim Cohen, J. (2021). First half of 2021 marks record high for healthcare data breaches. Modern Healthcare. Retrieved 11 April 2022, from https://www.modernhealthcare.com/cybersecurity/first-half-2021-marks-record-high-healthcare-data-breaches.
Kruse, C., Frederick, B., Jacobson, T., & Monticone, D. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology And Health Care, 25(1), 1-10. https://doi.org/10.3233/thc-161263
Kruse, C., Stein, A., Thomas, H., & Kaur, H. (2018). The use of Electronic Health Records to Support Population Health: A Systematic Review of the Literature. Journal Of Medical Systems, 42(11). https://doi.org/10.1007/s10916-018-1075-6
Liu, L., De Vel, O., Han, Q., Zhang, J., & Xiang, Y. (2018). Detecting and Preventing Cyber Insider Threats: A Survey. IEEE Communications Surveys &Amp; Tutorials, 20(2), 1397-1417. https://doi.org/10.1109/comst.2018.2800740
Monteith, S., Bauer, M., Alda, M., Geddes, J., Whybrow, P., & Glenn, T. (2021). Increasing Cybercrime Since the Pandemic: Concerns for Psychiatry. Current Psychiatry Reports, 23(4). https://doi.org/10.1007/s11920-021-01228-w
Solans Fernández, Ò., Gallego Pérez, C., García-Cuyàs, F., Abdón Giménez, N., Berruezo Gallego, M., & Garcia Font, A. et al. (2017). Shared Medical Record, Personal Health Folder and Health and Social Integrated Care in Catalonia: ICT Services for Integrated Care. Tele-Health, 49-64. https://doi.org/10.1007/978-3-319-28661-7_4
Sein, D. (2000). HEALTH SECTOR REFORM Issues and Opportunities [Ebook] (pp. 1-3). WHO REGIONAL OFFICE FOR SOUTH-EAST ASIA. Retrieved 18 February 2022, from https://apps.who.int
Sutton, R., Pincock, D., Baumgart, D., Sadowski, D., Fedorak, R., & Kroeker, K. (2020). An overview of clinical decision support systems: benefits, risks, and strategies for success. Npj Digital Medicine, 3(1). https://doi.org/10.1038/s41746-020-0221-y
Tavares, J., Goulão, A., & Oliveira, T. (2017). Electronic Health Record Portals adoption: Empirical model based on UTAUT2. Informatics For Health And Social Care, 43(2), 109-125. https://doi.org/10.1080/17538157.2017.1363759
Williams, P., & Woodward, A. (2015). Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Medical Devices: Evidence And Research, 305. https://doi.org/10.2147/mder.s50048
Comments
Post a Comment