End-Point Information Security in the Healthcare Industry: A Critical Review
Keywords:End-Point, Information Security, Healthcare Industry
The ability of the healthcare industry to keep abreast with the evolving trends in endpoint information security depends on combinations of measures. In the current literature, some of these measures include the development of analytics capable of spotting intruders on time, embracing quick reactions to potential or detected intrusions, and the decision to employ robust system defenses. In this paper, the main aim was to review the current literature regarding the subject of endpoint information security, with critical insights gained from the case of the healthcare industry. Findings suggest that the healthcare industry forms one of the most attractive arenas for security attackers. Some of the healthcare organizations that have been victims of recent security attacks include the Californian Hollywood Presbyterian Medical Center that experienced a data breach in February 2016 and MedStar Health Inc. (in the same month). In the following month, San Diegoâ€™s Alvaro Hospital Medical Center was also targeted for cyber attack. Hence, some algorithms have been proposed to counter these attacks; including the use of SOA-based EHRs, the implementation of the RBAC model, the use of k-anonymity, k-unlinkability, and the SQL searching mechanisms that target the patientsâ€™ encrypted data. Also, some strategies have been proposed as best practices in endpoint information security. These strategies include the management of identity lifecycles, the establishment of risk-aware cultures, the management of third-party security compliance, and securing healthcare firmsâ€™ devices in terms of design. Overall, it is evident that the complexity of endpoint information security in the healthcare industry (due to the evolution of applications such as virtualization and cloud computing) implies that the ability to survive from future security attacks will depend on the firmsâ€™ ability to keep abreast with industry demands.
 AHC Media LLC. Hackers target hospitals with â€œransomwareâ€. Ed Legal Lett. 2016; 27(4): 1-4.
 Luna R, Rhine E, Myhra M, Sullivan R, Kruse CS, Cyber threats to health information systems: A systematic review. Technol Health Care 2016; 24(1), 1-9.
 AHC Media LLC. Ransomware attacks are on the rise, and hackers are getting better. Ed Legal Lett. 2016; 1(4): 1-4
 Wu F, Eagles S, Cybersecurity for medical device manufacturers: Ensuring safety and functionality. Biomed Instrum Technol. 2016; 50(1): 23-33
 Rowe K, Healthcare IT transformation: how has ransomware shifted the landscape of healthcare data security? Healthc Inform. 2016; 33(3): 44-45
 Blanke SJ, McGrady E, When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: a cybersecurity risk assessment checklist. J Healthc Risk Manag. 2016; 36(1): 14-24
 Hagland M. With the ransomware crisis, the landscape of data security shifts in healthcare. Healthc Inform. 2016; 33(3): 41-47
 American Health Information Management Association. Healthcare increasingly targeted by ransomware attacks. J AHIMA. 2016; 87(5): 12
 Streger M, Ransomware: a ticking bomb for public safety. News Network 2016; 12
 American Association of Critical-Care Nurses. Ransomware poses major threat to hospitals. AACN Bold Voices 2016; 8(6): 14
 Van Alstin CM, Ransomware: Itâ€™s as scary as it sounds. But with security best practices, you can fight back. Health Manag Technol. 2016; 37(4): 26-27
 Goedert J, Security: the ransomware nightmare. Health Data Management 2016; 24(3): 10
 Conn J, Ransomware scare: Will hospitals pay for protection? Modern Healthcare 2016; 46(15): 8
 Tuttle H, Ransomware Attacks Pose Growing Threat. Risk Management 2016; 63(4): 4
 Valach AP, What to Do After a Ransomware Attack. Risk Management 2016; 63(5): 12
 Koppel R, Smith S, Blythe J, Kothari V, Workarounds to computer access in healthcare organizations: you want my password or a dead patient? Stud Health Technol Inform. 2015; 208: 215-220
 Page A, Kocabas O, Soyata T, Aktas M, Couderc JP, Cloud-based privacy-preserving remote ECG monitoring and surveillance. Annals of Noninvasive Electrocardiology 2015; 20(4): 328-37
 Rios B, Cybersecurity expert: medical devices have â€˜a long way to goâ€™. Biomed Instrum Technol. 2015; 49(3): 197-200
 Welch SS, Five things providers need to know about cybersecurity. Journal of the Medical Association of Georgia 2015; 104(1): 40-42
 McDermott IE, Ransomeware: Tales from the cryptolocker. Internet Express 2015; 35-37
 McGuire CF, TIM Lecture Series-The Expanding Cybersecurity Threat. Technology Innovation Management Review 2015; 5(3): 56
 Coronado AJ, Wong TL, Healthcare cybersecurity risk management: keys to an effective plan. Biomed Instrum Technol. 2014; 26-30
 Loughlin S, Fu K, Gee T, Gieras I, Hoyme K, Rajagopalan SR, et al. A roundtable discussion: safeguarding information and resources against emerging cybersecurity threats. Biomed Instrum Technol. 2014; 8-17
 Bangs G, New Ransomware and Cyber extortion Schemes Hold Businesses Hostage. Risk Management. 2014; 61(8): 30
 Fu K, Blum J, Controlling for cybersecurity risks of medical device software. Commun ACM. 2013; 56(10): 35-37
Available from: 10.1145/2508701.
 Luo X, Liao Q, Awareness education as the key to ransomware prevention. Information Systems Security 2007; 16(4): 195-202
 Roberts J, The necessity of information security in the vulnerable pharmaceutical
industry. Journal of Information Security 2014; 5, 147-153
 Appari A, Johnson ME, Information security and privacy in healthcare: Current state of research. International Journal of Internet and Enterprise Management 2010; 6, 279-314
 Arora S, Yttri J, Nilsen W, Privacy and security in mobile health mHealth research. Alcohol Research: Current Reviews 2014; 36(1), 143-150
 Claunch D, McMillan M, Determining the right level for your IT security investment. Healthcare Financial Management 2013; 67(5), 100-103
 Cucoranu IC, Parwani AV, West AJ et al. Privacy and security of patient data in the pathology laboratory. Journal of Pathology Informatics 2013; 4, 23-39
 HedstrÃ¶m K, Karlsson F, Kolkowska E, Social action theory for understanding information security non-compliance in hospitals: The importance of user rationale. Information Management & Computer Security 2013; 21, 266-287
 Perakslis ED, Cybersecurity in health care. The New England Journal of Medicine 2014; 371, 395â€“397
 Roberts J, The necessity of information security in the vulnerable pharmaceutical industry. Journal of Information Security 2014; 5, 147-153
 Wikina SB, What caused the breach? an examination of use of information technology and health data breaches. Perspect. Health Inf. Mana. 2014; 1-16
 Liu V, Musen MA, Chou T, Data breaches of protected health information in the United States. J. Am. Med. Assoc. 2015; 313(14): 1471-1473
 Lemke J, Storage and security of personal health information. OOHNA J. 2013; 32(1): 25-26
 Chen YY, Lu JC, Jan JK, A secure EHR system based on hybrid clouds. J. Med. Syst. 2012; 36(5): 3375-3384
View Full Article:
How to Cite
LicenseAuthors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under aÂ Creative Commons Attribution Licensethat allows others to share the work with an acknowledgement of the work''s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal''s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (SeeÂ The Effect of Open Access).