Cyber threats to health information systems: A systematic review

Technology and Health Care

Volumn 24, Issue 1, 2016, Pages 1-9

  Luna, Raul ^a   Rhine, Emily ^a   Myhra, Matthew ^a   Sullivan, Ross ^a   Kruse, Clemens Scott ^a  

^a TEXAS STATE UNIVERSITY   (United States)

Author keywords

cyber security; cyber terrorism; Cyber threats; cybercrime; external threats; internal threats

Indexed keywords

CINAHL; CRIME; CYBER THREAT; DATA BASE; FUTUROLOGY; HEALTH CARE INDUSTRY; HEALTH CARE SYSTEM; HUMAN; MEDICAL INFORMATION SYSTEM; MEDLINE; PRIORITY JOURNAL; REVIEW; SCIENCEDIRECT; SYSTEMATIC REVIEW; TERRORISM; THREAT; COMPUTER SECURITY; ELECTRONIC HEALTH RECORD; IDENTITY THEFT; PREVENTION AND CONTROL; STANDARDS; UNITED STATES;

COMPUTER SECURITY; ELECTRONIC HEALTH RECORDS; HEALTH INFORMATION SYSTEMS; HUMANS; IDENTITY THEFT; TERRORISM; UNITED STATES;

EID: 84957884477     PISSN: 09287329     EISSN: None     Source Type: Journal    
DOI: 10.3233/THC-151102     Document Type: Review

References (24)

1. Hillestad R, Bigelow J, Bower A, Girosi F, Meill R, Scoville R., Taylor R. Can electronic medical record systems transform health care? Potential health benefits, savings, and costs. Health Affairs, 2005;24(5): 1103-1117.
2. Health Insurance Portability and Accountability Act (HIPPA). 45 CFR 164.530(c). (1996).
3. Health Information Technology for Economic and Clinical Health Act (HITECH). 42 U.S.C. 201. (2009).
4. U.S. Department of Health and Human Services [homepage on the Internet]. Breach Notification Rule. 45 CFR 164.400-414. Washington, D.C.: [updated 2010; cited 2015 Aug 23]. Available from: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule.
5. Kierkegaard P. Medical data breaches: Notification delayed is notification denied. Computer Law and Security Review. 2012; 28(2): 163-183. Available from: doi:10.1016/j.clsr.2012.01.003
6. Koehler W. Cybersquatting gives the Web a bad name. Searcher. 2008; 16(8): 12.
7. Vieraitis L, Copes H, Powell Z, Pike, A. A little information goes a long way: Expertise and identity theft. Aggression and Violent Behavior. 2015; 20. Available from: doi:10.1016/j.avb.2014.12.008.
8. Smith RG. Responding to organised crime through intervention in recruitment pathways. Trends & Issues in Crime & Criminal Justice. 2014; 473: 1-9.
9. Malekzadeh M, Ghani AA, Subramaniam S. A new security model to prevent denial-of-service attacks and violation of availability in wireless networks. International Journal of Communication Systems. 2012; 25(7): 903-925. Available from: doi:10.1002/dac.1296.
10. Harries D, Yellowlees P. Cyberterrorism: Is the U.S. Healthcare System Safe? Telemedicine and E-Health. 2013; 19(1): 61-66. doi:10.1089/tmj.2012.0022.
11. Menon A, Jiang X, Kim J, Vaidya J, Ohno-Machado L. Detecting inappropriate access to electronic health records using collaborative filtering. Mach Learn. 2013; 95(1): 87-101. Available from: doi:10.1007/s10994-013-5376-1.
12. Jaganathan V, Cherurveettil P, Muthu Sivashanmugam P. Using a Prediction Model to Manage Cyber Security Threats. The Scientific World Journal. 2015; 703713. Available from: doi:10.1155/2015/703713.
13. Agaku IT, Adisa AO, Ayo-Yusuf OA, Connolly GN. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. Journal of The American Medical Informatics Association 2014. Journal of the American Medical Informatics Association. 21(2): 374-378. Available from: doi:10.1136/amiajnl-2013-002079.
14. Kwon J, & Johnson ME. (2013). Security practices and regulatory compliance in the healthcare industry. Journal of the American Medical Informatics Association. 2013; 20(1): 44-51. Available from: doi:10.1136/amiajnl-2012-000906.
15. Williams PA. In a trusting environment, everyone is responsible for information security. Information Security Technical Report. 2008; 13(4): 207-215. Available from: doi:10.1016/j.istr.2008.10.009.
16. Bai X, Gopal R, Nunez M, Zhdanov D. A decision methodology for managing operational efficiency and information disclosure risk in healthcare processes. Decision Support Systems. 2014; 57: 406-416. Available from: doi:10.1016/j.dss.2012.10.046.
17. Bansal G, Zahedi F, Gefen D. The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decision Support Systems. 2014; 49: 138-150. Available from: doi:10.1016/j.dss.2010.01.010.
18. Khansa L, Cook DF, James T, Bruyaka O. Impact of HIPAA provisions on the stock market value of healthcare institutions, and information security and other information technology firms. Computers & Security. 2012; 31: 750-770. Available from: doi:10.1016/j.cose.2012.06.007.
19. Moore, T. The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection. 2010; 3: 103-117. Available from: doi:10.1016/j.ijcip.2010.10.002.
20. Gold S. Feature: Healthcare biometrics-defending patients and their data. Biometric Technology Today. 2010; (7): 109-11. Available from: doi:10.1016/S0969-4765(10)70145-4.
21. Katina PF, Ariel Pinto C, Bradley JM, Hester PT. Interdependency-induced risk with applications to healthcare. International Journal of Critical Infrastructure Protection. 2014; (7): 12-26. Available from: doi:10.1016/j.ijcip.2014.01.005.
22. SANS Institute. Health Care Cyberthreat Report 2014:2-41. [updated 2014, cited 2015 Aug 20]. Available from http://pages.norse-corp.com/rs/norse/images/Norse-SANS-Healthcare-Cyberthreat-Report2014.pdf.
23. Legal Information Institute [homepage on the Internet]. Available from: http://www.webcitation.org/6ai9asM04.
24. EMC, 2013. Cybercrime and the Healthcare Industry. [cited 2015 Aug 20]. Available from: http://www.emc.com/colla teral/white-papers/h12105-cybercrime-healthcare-industry-rsa-wp.pdf.