Abstract
Background
The loss of human lives from cyberattacks in health care is no longer a probabilistic quantification but a reality that has begun. In addition, the threat scope is also expanding to involve a threat of national security, among others, resulting in surging data breaches within the health care sector. For that matter, there have been provisions of various legislation, regulations, and information security governance tools such as policies, standards, and directives toward enhancing health care information security–conscious care behavior among users. Meanwhile, in a research scenario, there are no comprehensive required security practices to serve as a yardstick in assessing security practices in health care. Moreover, an analysis of the holistic view of the requirements that need more concentration of management, end users, or both has not been comprehensively developed. Thus, there is a possibility that security practice research will leave out vital requirements.
Objective
The objective of this study was to systematically identify, assess, and analyze the state-of-the-art information security requirements in health care. These requirements can be used to develop a framework to serve as a yardstick for measuring the future real security practices of health care staff.
Methods
A scoping review was, as a result, adopted to identify, assess, and analyze the information security requirement sources within health care in Norway, Indonesia, and Ghana.
Results
Of 188 security and privacy requirement sources that were initially identified, 130 (69.1%) were fully read by the authors. Subsequently, of these 188 requirement documents, 82 (43.6%) fully met the inclusion criteria and were accessed and analyzed. In total, 253 security and privacy requirements were identified in this work. The findings were then used to develop a framework to serve as a benchmark for modeling and analyzing health care security practices.
Conclusions
On the basis of these findings, a framework for modeling, analyzing, and developing effective security countermeasures, including incentivization measures, was developed. Following this framework, research results of health care security practices would be more reliable and effective than relying on incomprehensive security requirements.
Subject
Health Informatics,Human Factors and Ergonomics
Reference115 articles.
1. WidupS2019 Verizon Data Breach Investigations Report20192022-03-22https://www.nist.gov/system/files/documents/2019/10/16/1-2-dbir-widup.pdf
2. DevisJThe 10 biggest healthcare data breaches of 2019, so farxtelligent Healthcare Media20192022-03-22https://healthitsecurity.com/news/the-10-biggest-healthcare-data-breaches-of-2019-so-far
3. Attacks on health care in the context of COVID-19World Health Organization202007302022-03-22https://www.who.int/news-room/feature-stories/detail/attacks-on-health-care-in-the-context-of-covid-19
4. Brno University Hospital ransomware attack (2020)Cyber Law Toolkit202003132022-03-22https://cyberlaw.ccdcoe.org/w/index.php?title=BrnoUniversityHospitalransomwareattack(2020)&oldid=2290
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献