Research Article
BibTex RIS Cite

HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS

Year 2018, Volume: 4 Issue: 2, 150 - 167, 31.08.2018

Abstract

Cyber security has become one of the top priorities for healthcare systems, due to the fact that the healthcare information security and personal privacy are major concerns for patients, healthcare providers and governments. The information that is incrementally available in the health records has a much longer shelf life and is a fertile and invaluable source for identity theft. The stagnant social security numbers cannot be easily canceled and medical and prescription records are permanent in the systems. Furthermore, healthcare information has a higher value than credit card information in the underground market in the dark web. There is a huge market for health insurance fraud and abuse, which may be more profitable than selling the records honestly in the forums. There are common but seriously increasing threats, which can be exploit healthcare information, is becoming compromised or stolen outright, when patient health records are being digitized. The abuses of health data such as DNA information is the most critical since it can be used for possible targeted biological weapons or certain targeted artificial diseases. The aim of this study is to provide a framework for future research by identifying concept of security and cyber threats in the healthcare systems.

References

  • Abbas A., Khan US., (2014), A Review on the State-of-the-Art Privacy-Preserving Approaches in the e-Health Clouds, IEEE Journal of Biomedical and Health Informatics, Vol. 18, No. 4, July
  • Adam David, (2004), https://www.theguardian.com/science/2004/oct/28/thisweekssciencequestions.weaponstechnology, last accesed on 25.06.2018
  • Bioterror, (2012), https://sites.google.com/site/bioterrorbible/BIO-WEAPONS/RACE-SPECIFIC-BIO-WEAPONS, last accesed on 10.05.2018
  • Cert, (2017), https://www.certtr.com/Iletisim.aspx, (Access Date: 28/05/2017).
  • Cryptome, (2013), https://cryptome.org/2013/09/infosecurity-cert.pdf, (Access Date: 28/05/2017).
  • EC, (2018), http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf, last accesed on 35.03.2018
  • Efe, A, (2015), COBIT-5 Framework As A Model For The Regional Development Agencies. International Journal of Ebusiness And Egovernment Studies, 33-43.
  • Efe, A. (2016), Unearthing and Enhancing Intelligence and Wisdom Within the COBIT 5 Governance of Information Model. ISACA Journal.
  • Efe, A. (2017), A Model Proposal for Organizational Prudence and Wisdom within Governance of Business and Enterprise IT. ISACA Journal.
  • ENISA, (2017), http://old.cimt.dk/wp-content/uploads/2017/04/Dimitra-Liveri-ENISA-Cybersecurity-in-hospitals.pdf last accesed on 15.05.2018
  • Eom J., Lee DH., Lee K., (2016) Patient-Controlled Attribute-Based Encryption for Secure, J Med Syst 40: 253, DOI 10.1007/s10916-016-0621-3
  • Faysela M.A., (2015) Evaluation of a Cyber Security System for Hospital Network, MEDINFO 2015: eHealth-enabled Health, I.N. Sarkar et al. (Eds.), IMIA and IOS Press, doi:10.3233/978-1-61499-564-7-915
  • Gope P., Ruhul Amin R., (2016), A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data, J Med Syst 40: 242, DOI 10.1007/s10916-016-0620-4
  • HHS, (2018), https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html, last accesed on 11.04.2018 HIMMS, (2017),
  • http://www.himss.org/sites/himssorg/files/081516_CybersecurityCheckup.pdf, (Access Date: 29/04/2017).
  • HIMSS, (2016), Cybersecurity Survey, Sponsored by FairWarning, www.himss.org
  • ICIT, (2016), http://icitech.org/wp-content/uploads/2016/01/ICIT-Brief-Hacking-Healthcare-IT-in-2016.pdf, last accesed on 10.05.2018
  • Infoesec, (2017), What Is The HCISPP? Healthcare Information Security & Privacy Practitioner http://resources.infosecinstitute.com/category/certifications-training/cissp/cissp-concentrations/hcispp/, last accesed on 17.06.2018
  • INFOSEC, (2015), http://resources.infosecinstitute.com/hackers-selling-healthcare-data-in-the-black-market/#gref, last accesed on 15.05.2018
  • ISACA, (2018), http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT-Focus-The-Failed-VASA-COBIT-5-Governance-and-the-Seven-Enablers-Part-3_nlt_Eng_1014.pdf, last accesed on 15.05.2018
  • Kruse SC., Frederick B., Jacobson T., Monticone DK., (2017), Cybersecurity in healthcare A systematic, Technology and Health Care 25 1–10, DOI 10.3233/THC-161263
  • Lopes P., Silva L.B., Oliveira J.L. 2015, Challenges and Opportunities for Exploring Patient-Level Data, Hindawi Publishing Corporation, BioMed Research International, Volume, Article ID 150435, pp:11, http://dx.doi.org/10.1155/2015/150435 Mayra R. F., (2017),
  • https://www.trendmicro.com/content/dam/trendmicro/en/security-intelligence/research/reports/wp-cybercrime-&-other-threats-faced-by-the-healthcare-industry.pdf, last accesed on 15.06.2018
  • McAfee, (2016), Threats Report,https://www.mcafee.com/au/resources/reports/rp-quarterly-threats-sep-2016.pdf (September 2016), ss. 49 (Access Date: 29/04/2017).
  • Mohammed EA., Slack JC., Naugler CT., (2016), Generating unique IDs from patient identification data using security models, Journal of Pathology Informatics, 7: 55, DOI 10.4103/2153-3539.197203
  • Ponemon, (2016), Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, Research Report Sponsored by ID Experts Independently conducted by Ponemon Institute LLC
  • Rau HH., Wu YS., Chu CM., Wang FC., Hsu MH., Chang CW., Chen KH., Lee YL., Kao S., Chiu YL., Wen HC., Fuad A., Hsu CY., Hung-Wen Chiu WH., (2017), Importance-Performance Analysis of Personal Health Records in Taiwan: A Web-Based Survey, Journal of Medical Internet Research, vol. 19, iss. 4, e131, p.1
  • RG, (2016), http://www.resmigazete.gov.tr/eskiler/2016/10/20161020-1.htm, last accesed on 15.05.2018
  • Saglik, (2017), https://bilgiguvenligi.saglik.gov.tr/ , (Access Date: 28/05/2017).
  • Saglik, (2018), http://sbsgm.saglik.gov.tr/TR,15220/kisisel-saglik-verileri-komisyonunun-teskili-ve-calisma-usul-ve-esaslari-hakkindaki-yonerge.html, last accesed on 15.05.2018
  • SANS, (2016) State of ICS Security Survey, https://www.sans.org/reading-room/whitepapers/analyst/2016-state-ics-security-survey-37067, (Access Date: 29/04/2017).
  • Veracode, (2018), https://info.veracode.com/whitepaper-state-of-web-and-mobile-application-security-in-healthcare.html, last accesed on 15.06.2018
  • Zeadally S., Isaac JT., Baig Z., (2016), Security Attacks and Solutions in Electronic Health (E-health) Systems, J Med Syst 40: 263, DOI 10.1007/s10916-016-0597-z

SAĞLIKTAKİ SİBER-TEHDİTLERİN ETKİLİ YÖNETİMİ İÇİN BÜTÜNCÜL GÜVENLİK MİMARİSİ

Year 2018, Volume: 4 Issue: 2, 150 - 167, 31.08.2018

Abstract

Sağlık bilgisi güvenliği ve kişisel mahremiyet, hastalar, sağlık hizmeti sağlayıcıları ve hükümetler için önemli kaygılar olduğundan, siber güvenlik sağlık sistemleri için en önemli önceliklerden birisi haline gelmiştir. Sağlık kayıtlarında artmakta olan bilgiler çok daha uzun bir raf ömrüne sahiptir ve kimlik hırsızlığı için verimli ve paha biçilmez bir kaynaktır. Statik sosyal güvenlik numaraları kolayca iptal edilemez ve sistemlerde tıbbi ve reçete kayıtları kalıcıdır. Ayrıca, sağlık bilgisi, karanlık ağdaki yer altı pazarındaki kredi kartı bilgisinden daha yüksek bir değere sahiptir. Sağlık sigortası dolandırıcılığı ve suiistimali için büyük bir pazar var, bu da reklâmların forumlarda dürüstçe satılmasından daha karlı olabilir. Hasta sağlık kayıtlarının sayısallaştırıldığı durumlarda, istismarın artmasına neden olabilecek sağlık sorunlarının tehlikeye girmesi ya da çalınması sonucu ortaya çıkan yaygın ve ciddi tehlikeler vardır. DNA bilgisi gibi sağlık verilerinin kötüye kullanılması, olası hedefli biyolojik silahlar veya belirli hedeflenmiş yapay hastalıklar için kullanılabilecek en kritik durumdur. Ayrıca hastalara ait tanı verileri ilaç firmaları açısından da paha biçilmezdir. Bu çalışmanın amacı, sağlık sistemlerinde güvenlik ve siber tehditler kavramını tanımlayarak gelecekteki araştırmalar için bir çerçeve sağlamaktır.

References

  • Abbas A., Khan US., (2014), A Review on the State-of-the-Art Privacy-Preserving Approaches in the e-Health Clouds, IEEE Journal of Biomedical and Health Informatics, Vol. 18, No. 4, July
  • Adam David, (2004), https://www.theguardian.com/science/2004/oct/28/thisweekssciencequestions.weaponstechnology, last accesed on 25.06.2018
  • Bioterror, (2012), https://sites.google.com/site/bioterrorbible/BIO-WEAPONS/RACE-SPECIFIC-BIO-WEAPONS, last accesed on 10.05.2018
  • Cert, (2017), https://www.certtr.com/Iletisim.aspx, (Access Date: 28/05/2017).
  • Cryptome, (2013), https://cryptome.org/2013/09/infosecurity-cert.pdf, (Access Date: 28/05/2017).
  • EC, (2018), http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf, last accesed on 35.03.2018
  • Efe, A, (2015), COBIT-5 Framework As A Model For The Regional Development Agencies. International Journal of Ebusiness And Egovernment Studies, 33-43.
  • Efe, A. (2016), Unearthing and Enhancing Intelligence and Wisdom Within the COBIT 5 Governance of Information Model. ISACA Journal.
  • Efe, A. (2017), A Model Proposal for Organizational Prudence and Wisdom within Governance of Business and Enterprise IT. ISACA Journal.
  • ENISA, (2017), http://old.cimt.dk/wp-content/uploads/2017/04/Dimitra-Liveri-ENISA-Cybersecurity-in-hospitals.pdf last accesed on 15.05.2018
  • Eom J., Lee DH., Lee K., (2016) Patient-Controlled Attribute-Based Encryption for Secure, J Med Syst 40: 253, DOI 10.1007/s10916-016-0621-3
  • Faysela M.A., (2015) Evaluation of a Cyber Security System for Hospital Network, MEDINFO 2015: eHealth-enabled Health, I.N. Sarkar et al. (Eds.), IMIA and IOS Press, doi:10.3233/978-1-61499-564-7-915
  • Gope P., Ruhul Amin R., (2016), A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data, J Med Syst 40: 242, DOI 10.1007/s10916-016-0620-4
  • HHS, (2018), https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html, last accesed on 11.04.2018 HIMMS, (2017),
  • http://www.himss.org/sites/himssorg/files/081516_CybersecurityCheckup.pdf, (Access Date: 29/04/2017).
  • HIMSS, (2016), Cybersecurity Survey, Sponsored by FairWarning, www.himss.org
  • ICIT, (2016), http://icitech.org/wp-content/uploads/2016/01/ICIT-Brief-Hacking-Healthcare-IT-in-2016.pdf, last accesed on 10.05.2018
  • Infoesec, (2017), What Is The HCISPP? Healthcare Information Security & Privacy Practitioner http://resources.infosecinstitute.com/category/certifications-training/cissp/cissp-concentrations/hcispp/, last accesed on 17.06.2018
  • INFOSEC, (2015), http://resources.infosecinstitute.com/hackers-selling-healthcare-data-in-the-black-market/#gref, last accesed on 15.05.2018
  • ISACA, (2018), http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT-Focus-The-Failed-VASA-COBIT-5-Governance-and-the-Seven-Enablers-Part-3_nlt_Eng_1014.pdf, last accesed on 15.05.2018
  • Kruse SC., Frederick B., Jacobson T., Monticone DK., (2017), Cybersecurity in healthcare A systematic, Technology and Health Care 25 1–10, DOI 10.3233/THC-161263
  • Lopes P., Silva L.B., Oliveira J.L. 2015, Challenges and Opportunities for Exploring Patient-Level Data, Hindawi Publishing Corporation, BioMed Research International, Volume, Article ID 150435, pp:11, http://dx.doi.org/10.1155/2015/150435 Mayra R. F., (2017),
  • https://www.trendmicro.com/content/dam/trendmicro/en/security-intelligence/research/reports/wp-cybercrime-&-other-threats-faced-by-the-healthcare-industry.pdf, last accesed on 15.06.2018
  • McAfee, (2016), Threats Report,https://www.mcafee.com/au/resources/reports/rp-quarterly-threats-sep-2016.pdf (September 2016), ss. 49 (Access Date: 29/04/2017).
  • Mohammed EA., Slack JC., Naugler CT., (2016), Generating unique IDs from patient identification data using security models, Journal of Pathology Informatics, 7: 55, DOI 10.4103/2153-3539.197203
  • Ponemon, (2016), Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, Research Report Sponsored by ID Experts Independently conducted by Ponemon Institute LLC
  • Rau HH., Wu YS., Chu CM., Wang FC., Hsu MH., Chang CW., Chen KH., Lee YL., Kao S., Chiu YL., Wen HC., Fuad A., Hsu CY., Hung-Wen Chiu WH., (2017), Importance-Performance Analysis of Personal Health Records in Taiwan: A Web-Based Survey, Journal of Medical Internet Research, vol. 19, iss. 4, e131, p.1
  • RG, (2016), http://www.resmigazete.gov.tr/eskiler/2016/10/20161020-1.htm, last accesed on 15.05.2018
  • Saglik, (2017), https://bilgiguvenligi.saglik.gov.tr/ , (Access Date: 28/05/2017).
  • Saglik, (2018), http://sbsgm.saglik.gov.tr/TR,15220/kisisel-saglik-verileri-komisyonunun-teskili-ve-calisma-usul-ve-esaslari-hakkindaki-yonerge.html, last accesed on 15.05.2018
  • SANS, (2016) State of ICS Security Survey, https://www.sans.org/reading-room/whitepapers/analyst/2016-state-ics-security-survey-37067, (Access Date: 29/04/2017).
  • Veracode, (2018), https://info.veracode.com/whitepaper-state-of-web-and-mobile-application-security-in-healthcare.html, last accesed on 15.06.2018
  • Zeadally S., Isaac JT., Baig Z., (2016), Security Attacks and Solutions in Electronic Health (E-health) Systems, J Med Syst 40: 263, DOI 10.1007/s10916-016-0597-z
There are 33 citations in total.

Details

Primary Language English
Journal Section Articles
Authors

Elif Çalık 0000-0002-9203-7550

Ahmet Efe 0000-0002-2691-7517

Publication Date August 31, 2018
Acceptance Date August 11, 2018
Published in Issue Year 2018 Volume: 4 Issue: 2

Cite

APA Çalık, E., & Efe, A. (2018). HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS. Uluslararası Sağlık Yönetimi Ve Stratejileri Araştırma Dergisi, 4(2), 150-167.
AMA Çalık E, Efe A. HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS. USAYSAD. August 2018;4(2):150-167.
Chicago Çalık, Elif, and Ahmet Efe. “HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS”. Uluslararası Sağlık Yönetimi Ve Stratejileri Araştırma Dergisi 4, no. 2 (August 2018): 150-67.
EndNote Çalık E, Efe A (August 1, 2018) HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS. Uluslararası Sağlık Yönetimi ve Stratejileri Araştırma Dergisi 4 2 150–167.
IEEE E. Çalık and A. Efe, “HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS”, USAYSAD, vol. 4, no. 2, pp. 150–167, 2018.
ISNAD Çalık, Elif - Efe, Ahmet. “HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS”. Uluslararası Sağlık Yönetimi ve Stratejileri Araştırma Dergisi 4/2 (August 2018), 150-167.
JAMA Çalık E, Efe A. HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS. USAYSAD. 2018;4:150–167.
MLA Çalık, Elif and Ahmet Efe. “HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS”. Uluslararası Sağlık Yönetimi Ve Stratejileri Araştırma Dergisi, vol. 4, no. 2, 2018, pp. 150-67.
Vancouver Çalık E, Efe A. HOLISTIC SECURITY ARCHITECTURE FOR EFFECTIVE MANAGEMENT OF HEALTHCARE CYBER THREATS. USAYSAD. 2018;4(2):150-67.