End-Point Information Security in the Healthcare Industry: A Critical Review


  • Arif Uzzaman
  • . .






End-Point, Information Security, Healthcare Industry


The ability of the healthcare industry to keep abreast with the evolving trends in endpoint information security depends on combinations of measures. In the current literature, some of these measures include the development of analytics capable of spotting intruders on time, embracing quick reactions to potential or detected intrusions, and the decision to employ robust system defenses. In this paper, the main aim was to review the current literature regarding the subject of endpoint information security, with critical insights gained from the case of the healthcare industry. Findings suggest that the healthcare industry forms one of the most attractive arenas for security attackers. Some of the healthcare organizations that have been victims of recent security attacks include the Californian Hollywood Presbyterian Medical Center that experienced a data breach in February 2016 and MedStar Health Inc. (in the same month). In the following month, San Diego’s Alvaro Hospital Medical Center was also targeted for cyber attack. Hence, some algorithms have been proposed to counter these attacks; including the use of SOA-based EHRs, the implementation of the RBAC model, the use of k-anonymity, k-unlinkability, and the SQL searching mechanisms that target the patients’ encrypted data. Also, some strategies have been proposed as best practices in endpoint information security. These strategies include the management of identity lifecycles, the establishment of risk-aware cultures, the management of third-party security compliance, and securing healthcare firms’ devices in terms of design. Overall, it is evident that the complexity of endpoint information security in the healthcare industry (due to the evolution of applications such as virtualization and cloud computing) implies that the ability to survive from future security attacks will depend on the firms’ ability to keep abreast with industry demands.



[1] AHC Media LLC. Hackers target hospitals with “ransomwareâ€. Ed Legal Lett. 2016; 27(4): 1-4.

[2] Luna R, Rhine E, Myhra M, Sullivan R, Kruse CS, Cyber threats to health information systems: A systematic review. Technol Health Care 2016; 24(1), 1-9.

[3] AHC Media LLC. Ransomware attacks are on the rise, and hackers are getting better. Ed Legal Lett. 2016; 1(4): 1-4

[4] Wu F, Eagles S, Cybersecurity for medical device manufacturers: Ensuring safety and functionality. Biomed Instrum Technol. 2016; 50(1): 23-33

[5] Rowe K, Healthcare IT transformation: how has ransomware shifted the landscape of healthcare data security? Healthc Inform. 2016; 33(3): 44-45

[6] Blanke SJ, McGrady E, When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: a cybersecurity risk assessment checklist. J Healthc Risk Manag. 2016; 36(1): 14-24

[7] Hagland M. With the ransomware crisis, the landscape of data security shifts in healthcare. Healthc Inform. 2016; 33(3): 41-47

[8] American Health Information Management Association. Healthcare increasingly targeted by ransomware attacks. J AHIMA. 2016; 87(5): 12

[9] Streger M, Ransomware: a ticking bomb for public safety. News Network 2016; 12

[10] American Association of Critical-Care Nurses. Ransomware poses major threat to hospitals. AACN Bold Voices 2016; 8(6): 14
[11] Van Alstin CM, Ransomware: It’s as scary as it sounds. But with security best practices, you can fight back. Health Manag Technol. 2016; 37(4): 26-27

[12] Goedert J, Security: the ransomware nightmare. Health Data Management 2016; 24(3): 10

[13] Conn J, Ransomware scare: Will hospitals pay for protection? Modern Healthcare 2016; 46(15): 8

[14] Tuttle H, Ransomware Attacks Pose Growing Threat. Risk Management 2016; 63(4): 4

[15] Valach AP, What to Do After a Ransomware Attack. Risk Management 2016; 63(5): 12

[16] Koppel R, Smith S, Blythe J, Kothari V, Workarounds to computer access in healthcare organizations: you want my password or a dead patient? Stud Health Technol Inform. 2015; 208: 215-220

[17] Page A, Kocabas O, Soyata T, Aktas M, Couderc JP, Cloud-based privacy-preserving remote ECG monitoring and surveillance. Annals of Noninvasive Electrocardiology 2015; 20(4): 328-37

[18] Rios B, Cybersecurity expert: medical devices have ‘a long way to go’. Biomed Instrum Technol. 2015; 49(3): 197-200

[19] Welch SS, Five things providers need to know about cybersecurity. Journal of the Medical Association of Georgia 2015; 104(1): 40-42

[20] McDermott IE, Ransomeware: Tales from the cryptolocker. Internet Express 2015; 35-37

[21] McGuire CF, TIM Lecture Series-The Expanding Cybersecurity Threat. Technology Innovation Management Review 2015; 5(3): 56

[22] Coronado AJ, Wong TL, Healthcare cybersecurity risk management: keys to an effective plan. Biomed Instrum Technol. 2014; 26-30
[23] Loughlin S, Fu K, Gee T, Gieras I, Hoyme K, Rajagopalan SR, et al. A roundtable discussion: safeguarding information and resources against emerging cybersecurity threats. Biomed Instrum Technol. 2014; 8-17
[24] Bangs G, New Ransomware and Cyber extortion Schemes Hold Businesses Hostage. Risk Management. 2014; 61(8): 30

[25] Fu K, Blum J, Controlling for cybersecurity risks of medical device software. Commun ACM. 2013; 56(10): 35-37

Available from: 10.1145/2508701.

[26] Luo X, Liao Q, Awareness education as the key to ransomware prevention. Information Systems Security 2007; 16(4): 195-202

[27] Roberts J, The necessity of information security in the vulnerable pharmaceutical
industry. Journal of Information Security 2014; 5, 147-153

[28] Appari A, Johnson ME, Information security and privacy in healthcare: Current state of research. International Journal of Internet and Enterprise Management 2010; 6, 279-314

[29] Arora S, Yttri J, Nilsen W, Privacy and security in mobile health mHealth research. Alcohol Research: Current Reviews 2014; 36(1), 143-150

[30] Claunch D, McMillan M, Determining the right level for your IT security investment. Healthcare Financial Management 2013; 67(5), 100-103

[31] Cucoranu IC, Parwani AV, West AJ et al. Privacy and security of patient data in the pathology laboratory. Journal of Pathology Informatics 2013; 4, 23-39

[32] Hedström K, Karlsson F, Kolkowska E, Social action theory for understanding information security non-compliance in hospitals: The importance of user rationale. Information Management & Computer Security 2013; 21, 266-287

[33] Perakslis ED, Cybersecurity in health care. The New England Journal of Medicine 2014; 371, 395–397

[34] Roberts J, The necessity of information security in the vulnerable pharmaceutical industry. Journal of Information Security 2014; 5, 147-153

[35] Wikina SB, What caused the breach? an examination of use of information technology and health data breaches. Perspect. Health Inf. Mana. 2014; 1-16

[36] Liu V, Musen MA, Chou T, Data breaches of protected health information in the United States. J. Am. Med. Assoc. 2015; 313(14): 1471-1473

[37] Lemke J, Storage and security of personal health information. OOHNA J. 2013; 32(1): 25-26

[38] Chen YY, Lu JC, Jan JK, A secure EHR system based on hybrid clouds. J. Med. Syst. 2012; 36(5): 3375-3384

View Full Article:

How to Cite

Uzzaman, A., & ., . (2018). End-Point Information Security in the Healthcare Industry: A Critical Review. International Journal of Engineering & Technology, 7(4.36), 338–349. https://doi.org/10.14419/ijet.v7i4.36.23799
Received 2018-12-12
Accepted 2018-12-12
Published 2018-12-09