Assessing resilience of hospitals to cyberattack-Reference-Cited by-同舟云学术

Assessing resilience of hospitals to cyberattack

Published:2021-01 Issue: Volume:7 Page:205520762110593
ISSN:2055-2076
Container-title:DIGITAL HEALTH
language:en
Short-container-title:DIGITAL HEALTH

Author:

Ghayoomi Hadi¹^ORCID,Laskey Kathryn²^ORCID,Miller-Hooks Elise¹,Hooks Charles³,Tariverdi Mersedeh⁴

Affiliation:

1. Department of Civil, Environmental and Infrastructure Engineering, George Mason University, Fairfax, VA, USA

2. Department of Systems Engineering and Operations Research, George Mason University, Fairfax, VA, USA

3. Writing as an individual, Senior Director, Information Technology at Suburban Hospital

4. The World Bank Group

Abstract

Objective This paper investigates the impact on emergency hospital services from initiation through recovery of a ransomware attack affecting the emergency department, intensive care unit and supporting laboratory services. Recovery strategies of paying ransom to the attackers with follow-on restoration and in-house full system restoration from backup are compared. Methods A multi-unit, patient-based and resource-constrained discrete-event simulation model of a typical U.S. urban tertiary hospital is adapted to model the attack, its impacts, and tested recovery strategies. The model is used to quantify the hospital's resilience to cyberattack. Insights were gleaned from systematically designed numerical experiments. Results While paying the ransom was found to result in some short-term gains assuming the perpetrators actually provide the decryption key as promised, in the longer term, the results of this study suggest that paying the ransom does not pay off. Rather, paying the ransom, when considered at the end of the event when services are fully restored, precluded significantly more patients from receiving critically needed care. Also noted was a lag in recovery for the intensive care unit as compared with the emergency department. Such a lag must be considered in preparedness plans. Conclusion Vulnerability to cyberattacks is a major challenge to the healthcare system. This paper provides a methodology for assessing the resilience of a hospital to cyberattacks and analyzing the effects of different response strategies. The model showed that paying the ransom resulted in short-term gains but did not pay off in the longer term.

Funder

World Bank Group

Virginia Research Investment Fund

Publisher

SAGE Publications

Subject

Health Information Management,Computer Science Applications,Health Informatics,Health Policy

Link

http://journals.sagepub.com/doi/pdf/10.1177/20552076211059366

Reference49 articles.

1. Frost & Sullivan. Internet of Medical Things, Forecast to 2021 [Internet]. Frost & Sullivan; 2017 Jun [cited 2021 Jun 1]. Report No.: K1AB-01-00-00–00. Available from: https://store.frostcom/internet-of-medical-things-forecast-to-2021.html.

2. Safety Detectives Cybersecurity Team. Healthcare Cybersecurity: The Biggest Stats & Trends in 2021 [Internet]. The SafetyDetectives research lab; 2021 [cited 2021 Jun 3]. Available from: https://www.safetydetectives.com/blog/healthcare-cybersecurity-statistics/.

3. Fuentes Rosario M. Cybercrime and Other Threats Faced by the Healthcare Industry [Internet]. Trend Micro Incorporated; [cited 2021 Aug 2]. Available from: https://documents.trendmicro.com/assets/wp/wp-cybercrime-and-other-threats-faced-by-the-healthcare-industry.pdf.

4. Black Book Market Research LLC. Healthcare Data Breaches Costs Industry $4 Billion by Year's End, 2020 Will Be Worse Reports New Black Book Survey [Internet]. Cision distribution by PR Newswire. 2019 [cited 2021 Jul 20]. Available from: https://www.prnewswire.com/news-releases/healthcare-data-breaches-costs-industry-4-billion-by-years-end-2020-will-be-worse-reports-new-black-book-survey-300950388.html.

Cited by 13 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Emerging Cyber Risks & Threats in Healthcare Systems: A Case Study in Resilient Cybersecurity Solutions;2024 13th Mediterranean Conference on Embedded Computing (MECO);2024-06-11

2. Integrating human infrastructure in post-disaster critical lifeline restoration scheduling;International Journal of Disaster Risk Reduction;2024-06

3. Comparative Study on Online Security Awareness and Behavior Among Healthcare Professionals in Croatia;2024 47th MIPRO ICT and Electronics Convention (MIPRO);2024-05-20

4. The impacts of multiple privacy regulations and national security infrastructure on health information exchange: a study of hospitals across Europe;Digital Policy, Regulation and Governance;2024-03-12

5. Defining Cybersecurity in Healthcare;Progress in IS;2024