A narrative review of trends, threats and ways forwa

Cybersecurity in healthcare: A narrative review of trends, threats and ways
forward
Lynne Coventry⁎
, Dawn Branley
Northumbria University, Newcastle upon Tyne, UK
ARTICLE INFO
Keywords:
Cybersecurity
Medical devices
Electronic health record
ABSTRACT
Electronic healthcare technology is prevalent around the world and creates huge potential to improve clinical
outcomes and transform care delivery. However, there are increasing concerns relating to the security of
healthcare data and devices. Increased connectivity to existing computer networks has exposed medical devices
to new cybersecurity vulnerabilities. Healthcare is an attractive target for cybercrime for two fundamental
reasons: it is a rich source of valuable data and its defences are weak. Cybersecurity breaches include stealing
health information and ransomware attacks on hospitals, and could include attacks on implanted medical devices. Breaches can reduce patient trust, cripple health systems and threaten human life. Ultimately, cybersecurity is critical to patient safety, yet has historically been lax. New legislation and regulations are in place to
facilitate change. This requires cybersecurity to become an integral part of patient safety. Changes are required
to human behaviour, technology and processes as part of a holistic solution.
1. Introduction
Healthcare technologies have the potential to extend, save and enhance lives. Technologies range from those providing storage of electronic health records (EHRs); devices that monitor health and deliver
medication (including general purpose devices and wearables, and
technology embedded within the human body); to telemedicine technology delivering care remotely – even across countries. Patients increasingly use their own mobile applications, which can now be integrated with telemedicine/telehealth into the medical Internet of
Things [1] for collaborative disease management and care coordination.
As healthcare devices continue to evolve, so does their interconnectivity. Whilst traditionally standalone, many are now integrated
into the hospital network. There are currently 10–15 connected devices
per bed in US hospitals [2]. Interconnection has many benefits—e.g.,
efficiency, error reduction, automation and remote monitoring. These
benefits are transforming the treatment of both acute and chronic longterm conditions. Interconnected technology outside of the clinical environment allow health professionals to monitor and adjust implanted
devices without the need for a hospital visit or invasive procedures.
EHRs can improve patient care by making health information more
broadly available [3]. Unfortunately, interconnection introduces new
cybersecurity vulnerabilities. Cybersecurity is concerned with safeguarding computer networks and the information they contain from
penetration and accidental or malicious disruption. There are growing
concerns that cybersecurity within healthcare is not sufficient and this
has already resulted in a lack of medical information confidentiality [4]
and integrity of data [5,6].
Of course, privacy breaches were a concern prior to the emergence
of digital health records. However, the interconnectivity of today’s records provides multiple potential gateways to access; the ability to
access remotely (whereas historically paper records would have been
safeguarded within hospitals and only accessible via physical breaches);
the ability for data theft to go unnoticed; and access to a more complete
health record providing a more valuable resource for potential attacks
(whereas previously health records may have been split between many
different hospital(s)/departments). Historically, misplaced paper records or a stolen laptop may have exposed hundreds or thousands of
patients to a potential date breach, now that this information is electronic and available on numerous networks, a privacy breach has the
potential to affect millions of people [7]. To illustrate further, celebrity
health records have always been a target for breaches [8]. However
prior to the emergence of electronic records, these breaches were limited to hospital staff who could gain access to the physical paperwork.
Now celebrity health records can be potentially remotely accessed—increasing the potential for breaches. That said, electronic records
also have a key privacy benefit over paper records—the ability to track
staff access (a recent report suggests that over half of healthcare breaches come from inside the organisation [8]). Whereas previously it
https://doi.org/10.1016/j.maturitas.2018.04.008
Received 2 March 2018; Received in revised form 16 April 2018; Accepted 18 April 2018
⁎ Corresponding author at: 153 Northumberland Building, Northumbria University, Newcastle upon Tyne, NE1 8ST, UK.
E-mail address: [email protected] (L. Coventry).
Maturitas 113 (2018) 48–52
0378-5122/ © 2018 Elsevier B.V. All rights reserved.
T
could be difficult to detect who had a ‘sneak peek’ at paper medical
records, it is often easier to track who has accessed electronic records.
Although there are ways around this for more sophisticated/external
attackers.
As illustrated by breaches reported in the media, cybersecurity
vulnerabilities are being exploited. Healthcare is currently one of the
most targeted sectors. Reports highlight the growth of attacks and the
rise in medical identity theft—with millions of medical records stolen
globally [9–12]. Breaches can arise from hacking, malware and insider
threats. Hacking is defined as unauthorised access to a computer system
to gain information or cause disruption [13]. Malware (“malicious
software”) refers to programs designed to infiltrate computers without
users’ consent and includes threats such as viruses and ransomware.
While insider threats are issues created by the mistakes or deliberate
actions of staff (e.g., responding to phishing emails—a social engineering attack to extract login credentials or to launch a malware
attack, erroneous security settings, misuse of passwords, losing laptops
and sending unencrypted emails).
The aim of this narrative review is to explore the following questions:
1. Why is healthcare vulnerable?
2. Why is healthcare targeted?
3. What threats and consequences is healthcare currently experiencing?
4. What is the role of legislation and standards?
5. How can the healthcare sector move forward?
2. Method
2.1. Data sources and search strategy
The PubMed database was searched for full text, English language,
peer-reviewed articles from April 2012 to April 2018. The keywords
used were cybersecurity and healthcare. This returned 2475 hits. Since
cybersecurity is constantly changing; this was changed to 2014–2018
which reduced the return to 1249 articles. The bibliographies of key
texts were then used to source further articles.
Article titles and abstracts were screened by the principal researcher. Articles were retained where there was evidence of cybersecurity issues, clear implications for healthcare settings, organisational
practice, individual practice or health technology development. Also
included were systematic reviews regarding the education and behaviour of healthcare workers. Security research papers exploring future
technological solutions were excluded as were articles relating to
medical research. Key themes were agreed by consensus between the
two researchers to limit bias.
3. Findings
The review of the literature revealed the following information relating to the research questions:
3.1. Why is healthcare vulnerable?
Traditionally people believed that no one would be motivated to
attack healthcare systems and protective measures were not deemed
necessary. No healthcare organisation exists to provide cybersecurity.
Emphasis has traditionally—and understandably—been focused upon
patient care. There are several issues that complicate healthcare cybersecurity and have increased vulnerability over time:
• Increasingly connected technology to provide efficient ways to care
for patients, particularly with chronic conditions [14]. This provides
multiple ways of connecting to medical devices [15]. Devices are
often easily accessible which increases the likelihood that attackers
will find them. A single device could provide a potential entry point
to larger hospital networks, bypassing the firewalls. There also tends
to be a time lag between an attack occurring and detection of the
breach, helping to further increase vulnerability.
• More focus on keeping patients healthy leading to more continuous
patient monitoring outside the clinical environment [14,16]. More
devices being used in the wider healthcare setting increases vulnerability to breaches.
• Mobile consumer devices (e.g., smartphones) being widely adopted;
making it difficult to protect health data from risks posed by general
purpose devices [14].
Alongside this growth of new technologies, many healthcare organisations are still using legacy systems in other areas, for example
Window XP has not been supported since 2014 [17] allowing hackers
and malware to easily avoid detection—for instance, the recent Wannacry attack [18]. The propriety nature of medical device software
means that healthcare IT teams may not be able to access the internal
software in medical devices, so they depend on manufacturers to build
and maintain security in those devices (which has been lacking).
Lack of funding for cybersecurity is also problematic, while organisations are spending funding to become more integrated; they are not
spending enough time and money to keep software updated and systems secure. This is aggravated by a lack of cybersecurity expertise
within the sector resulting from a general lack of technology and the
prohibitive expense of cybersecurity personnel [14,19].
In summary, a rapid move to electronic health records and interconnected devices, alongside historic and continual lack of investment
in cybersecurity and a failure to understand the security workaround
behaviours of health staff has left the health sector vulnerable to attack.
3.2. Why is healthcare targeted?
While healthcare has vulnerabilities to exploit, attackers must be
motivated to carry out attacks. Motivation includes the potential for
financial and political gain and potentially to take lives in a form of
cyberwarfare. The strongest of these motivations is financial gain.
Healthcare data is substantially more valuable than any other data. The
value for a full set of medical credentials can be over $1000 [20]. Stolen
medical identities can be used to obtain health services and prescription
medication by assuming someone’s identity or insurance credentials.
Uses extend to sophisticated fraud perpetrated by organized crime.
Fraudsters have earned billions in the last few years by filing fraudulent
claims and dispensing drugs to sell on the dark web [21–23]. Sometimes there is even sufficient information in medical records to open
bank accounts, secure loans or obtain passports [24].
Data held within health organisations also has political value. For
example, the World Anti-Doping Agency was attacked and the records
of prominent athletes made public [25]. NHS websites are accessed by
millions of citizens, making them a prime site for publishing propaganda, e.g., NHS websites were hacked by cyberterrorists and images of
Syrian civil war were uploaded [26].
Over the past decade we have seen numerous headlines warning of
the potential for medical devices to be used as part of a futuristic cyberwar campaign. Nation state actors could disrupt healthcare in a
foreign country by denying access or targeting individuals through their
medical devices, or by collecting sensitive data.
Those with cybersecurity skills enjoy the challenge of finding and
exposing security vulnerabilities in networks and medical devices. For
example, in 2016 an individual scanning for security vulnerabilities was
able to access a file containing data of people who had registered with
the Australian Blood Donor service [27].
In summary, healthcare is targeted due to the potential for financial
or political gain, or to expose vulnerabilities by cybercriminals, hacktivists and political activists.

Get Professional Assignment Help Cheaply

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Why Choose Our Academic Writing Service?

• Plagiarism free papers
• Timely delivery
• Any deadline
• Skilled, Experienced Native English Writers
• Subject-relevant academic writer
• Adherence to paper instructions
• Ability to tackle bulk assignments
• Reasonable prices
• 24/7 Customer Support
• Get superb grades consistently

Online Academic Help With Different Subjects

Literature

Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.

Finance

Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.

Computer science

Computer science is a tough subject. Fortunately, our computer science experts are up to the match. No need to stress and have sleepless nights. Our academic writers will tackle all your computer science assignments and deliver them on time. Let us handle all your python, java, ruby, JavaScript, php , C+ assignments!

Psychology

While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.

Engineering

Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.

Nursing

In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.

Sociology

Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.

Business

We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!

Statistics

We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.

Law

Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.

What discipline/subjects do you deal in?

We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.

Are your writers competent enough to handle my paper?

Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.

What if I don’t like the paper?

There is a very low likelihood that you won’t like the paper.

Reasons being:

• When assigning your order, we match the paper’s discipline with the writer’s field/specialization. Since all our writers are graduates, we match the paper’s subject with the field the writer studied. For instance, if it’s a nursing paper, only a nursing graduate and writer will handle it. Furthermore, all our writers have academic writing experience and top-notch research skills.
• We have a quality assurance that reviews the paper before it gets to you. As such, we ensure that you get a paper that meets the required standard and will most definitely make the grade.

In the event that you don’t like your paper:

• The writer will revise the paper up to your pleasing. You have unlimited revisions. You simply need to highlight what specifically you don’t like about the paper, and the writer will make the amendments. The paper will be revised until you are satisfied. Revisions are free of charge
• We will have a different writer write the paper from scratch.
• Last resort, if the above does not work, we will refund your money.

Will the professor find out I didn’t write the paper myself?

Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.

What if the paper is plagiarized?

We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.

When will I get my paper?

You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.

Will anyone find out that I used your services?

We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.

How our Assignment Help Service Works

1. Place an order

You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.

2. Pay for the order

Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.

3. Track the progress

You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.

4. Download the paper

The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.

GET A PERFECT SCORE!!!