Cybersecurity in The Health Sector in The Reality of Artificial Intelligence, And Information Security Conceptually

Yıl 2024, Cilt: 8 Sayı: 1, 61 - 82

Muhammet Damar , Ahmet Özen , Ayşin Yılmaz

https://doi.org/10.61969/jai.1466340

Cited By: 1

Öz

Healthcare service delivery, especially in terms of safeguarding personal data, requires ensuring the confidentiality of information. In this regard, establishing cybersecurity systems that ensure information security is highly necessary. The rapid advancement of technologies increases the likelihood of cyberattacks, and particularly, AI-supported threats can cause serious harm in service delivery. In the current era, attacks not only come from humans but also from AI tools, posing threats to information security. Considering that AI technology is expected to further advance in the future, it's evident that this technology could become even more menacing. This is especially pertinent to the healthcare sector. Cyberattacks can lead to breaches in healthcare system data and disrupt service delivery to the extent of paralyzing the healthcare system. Our study, which includes case examples, is a compilation-type research. Within the scope of our research, searches were conducted using the keywords healthcare sector, information security, and cybersecurity on Google Scholar and Web of Science. The most current topic headings intersecting information security with the healthcare sector were examined based on the articles found on the subject. Our study evaluates the following topics in order: information and cyber security concepts, cyber threats and public services, electronic health records and security, major cyber-attacks in the health sector, why healthcare data is attractive for cyberattacks, information security in the artificial intelligence era, and information security policies for Türkiye and other countries in the world. Ransomware holds a significant place among cyberattacks. Therefore, users within the healthcare system are advised to pay particular attention to this issue. Attacks generally occur via email, starting with enticing the user into a cyber-threat through email. Artificial intelligence can also be used to get rid of such spam mails. Hence, it is strongly recommended that users in the healthcare sector undergo training on this matter. These trainings should be conducted regularly and continuously, with the institution's IT center offering an institutional approach in this regard.

Anahtar Kelimeler

Cyber attacks in health sector, health information, security policies, health sector, artificial intelligence, cyber threats, cyber security

Teşekkür

M.Damar was supported by the Scientific and Technological Research Council of Türkiye (TUBITAK) under the TUBITAK 2219 International Postdoctoral Research Fellowship program. He would like to thank the Upstream Lab, MAP, Li Ka Shing Knowledge Institute at the University of Toronto for its excellent hospitality.

Kaynakça

• Abdallah, Y. O., Shehab, E., & Al-Ashaab, A. (2021). Understanding Digital Transformation In The Manufacturing Industry: A Systematic Literature Review And Future Trends. Product: Management and Development, 19(1), 1-12.
• Akalın, B., & Veranyurt, Ü. (2020). Sağlıkta Dijitalleşme Ve Yapay Zekâ. SDÜ Sağlık Yönetimi Dergisi, 2(2), 128-137.
• Akdağ, R. (2008). Türkiye Sağlık Dönüşüm Programı ve Sağlık Hizmetleri Değerlendirme Raporu,1.Baskı, Ankara: Türkiye Cumhurieti Sağlık Bakanlığı.
• Ali, O., Abdelbaki, W., Shrestha, A., Elbasi, E., Alryalat, M. A. A., & Dwivedi, Y. K. (2023). A systematic literature review of artificial intelligence in the healthcare sector: Benefits, challenges, methodologies, and functionalities. Journal of Innovation & Knowledge, 8(1), 100333.
• Almotiri, S. H., Khan, M. A., & Alghamdi, M. A. (2016). Mobile Health (M-Health) System in The Context of IoT. In 2016 IEEE 4th International Conference On Future Internet of Things and Cloud Workshops (Ficloudw) (Pp. 39-42). IEE, 22-24 Aug. 2016 Vienna, Austria.
• Alugubelli, R. (2016). Exploratory study of artificial intelligence in healthcare. International Journal of Innovations in Engineering Research and Technology, 3(1), 1-10.
• Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare: current state of research. International journal of Internet and enterprise management, 6(4), 279-314.
• Arcticwolf, (2023). The Top 15 Healthcare Industry Cyber Attacks of the Past Decade. https://arcticwolf.com/resources/blog/top-healthcare-industry-cyberattacks/. Access date: 06/04/2024.
• Avaner, T., & Fedai, R. (2017). Sağlik Hizmetlerinde Dijitalleşme: Sağlık Yönetiminde Bilgi Sistemlerinin Kullanilmasi. Süleyman Demirel Üniversitesi İktisadi ve İdari Bilimler Fakültesi Dergisi, 22(Kayfor 15 Özel Sayı), 1533-1542.
• Aydın, Ö. (2020). Bilgisayar dünyasında hile, ihlal ve siber saldırılar. In Eds. Talan, T., & Aktürk, C. Bilgisayar Bilimlerinde Teorik ve Uygulamalı Araştırmalar (pp. 29-60). Efe Akademi.
• Berber, L. (2009). Kişisel Sağlık Verileri ve Mahremiyet. 6. Ulusal Tıp Bilişimi Kongresi (TurkMIA '2009). 12-15 Kasım 2009, Antalya, Türkiye.
• Berber, L., Ülgü. M.M, & Er, C. (2009). Elektronik Sağlık Kayıtları ve Özel Hayatın Gizliliği. İstanbul: İstanbul Bilgi Üniversitesi, Bilişim Teknoloji Uygulaması Hukuku Uygulama Araştırma Merkezi.
• Caruson, K., Macmanus, S. A., & Mcphee, B. D. (2012). Cybersecurity Policy-Making at The Local Government Level: An Analysis of Threats, Preparedness, and Bureaucratic Roadblocks to Success. Journal of Homeland Security and Emergency Management, 9(2), 20120003. https://doi.org/10.1515/jhsem-2012-0003
• Casarosa, F. (2024). Cybersecurity of Internet of Things in the health sector: Understanding the applicable legal framework. Computer Law & Security Review, 53, 105982.
• Cavelty, M. D. (2010). Cyber-Security. In The Routledge Handbook Of New Security Studies (pp. 154-162). Netherlands: Routledge.
• Chałubińska-Jentkiewicz, K. (2021). Cybersecurity Policy. In K. Chałubińska-Jentkiewicz, In: Karpiuk, M. & Kostrubiec, J. (Eds.) The Legal Status Of Public Entities in The Field Of Cybersecurity in Poland. Maribor: Institute for Local Self-Government Maribor.
• Chatfield, A. T., & Reddick, C. G. (2019). A Framework for Internet of Things-Enabled Smart Government: a Case of IoT Cybersecurity Policies and Use Cases in US Federal Government. Government Information Quarterly, 36(2), 346-357. https://doi.org/10.1016/j.giq.2018.09.007
• Chikhaoui, E., Alajmi, A., & Larabi-Marie-Sainte, S. (2022). Artificial intelligence applications in healthcare sector: ethical and legal challenges. Emerging Science Journal, 6(4), 717-738.
• Chiuchisan, I., Balan, D. G., Geman, O., Chiuchisan, I., & Gordin, I. (2017). A security approach for health care information systems. In 2017 E-health and bioengineering conference (EHB) (pp. 721-724). 22-24 June 2017, Bucharest, Romania.
• Chodakowska, A., Kańduła, S., & Przybylska, J. (2022). Cybersecurity in The Local Government Sector in Poland: More Work Needs to Be Done: More Work Needs to Be Done. Lex Localis-Journal of Local Self-Government, 20(1), 161-192. https://doi.org/10.4335/m75jka54
• Cordella, A., & Iannacci, F. (2010). Information systems in the public sector: The e-Government enactment framework. The Journal of Strategic Information Systems, 19(1), 52-66.
• De Bruijn, H., & Janssen, M. (2017). Building Cybersecurity Awareness: The Need for Evidence-Based Framing Strategies. Government Information Quarterly, 34(1), 1-7. https://doi.org/10.1016/j.giq.2017.02.007
• Digital Guardian, (2024). Top 10 Biggest Healthcare Data Breaches of All Time. https://www.digitalguardian.com/dskb/top-10-biggest-healthcare-data-breaches-all-time. Access date: 06/04/2024.
• Dlamini, M. T., Eloff, J. H., & Eloff, M. M. (2009). Information Security: The Moving Target. Computers & Security, 28(3-4),189-198.
• DPT, (2005). E-Devlet Proje ve Uygulamaları. Ankara: Bilgi Toplumu Dairesi Yayını.
• Dülger, M. V. (2015). Sağlık Hukukunda Kişisel Verilerin Korunması ve Hasta Mahremiyeti. İstanbul Medipol Üniversitesi Hukuk Fakültesi Dergisi, 1(2), 43-80.
• Elattresh, J., A.M. (2022). Bilgi Güvenliği Hizmet Yönetimi: Bilgi Güvenliği Yönetimine Bir Hizmet Yönetimi Yaklaşımı Ve Bir Kurumun Müşterinin Memnuniyeti Ve Güvenirliği Üzerindeki Etkisi. Yayınlanmamış Doktora Tezi. Kastamonu Üniversitesi Fen Bilimleri Enstitüsü Malzeme Bilimi Ve Mühendisliği Ana Bilim Dalı.
• ELFANET, (2024). Stuxnet Nedir?. https://elfanet.com.tr/tr/main/article/stuxnet-nedir/105. Access date: 06/04/2024.
• European Union, (2005). Patient Safety- Making It Happen Luxemburg Decleration on Patient Safety, S.1
• Galetsi, P., Katsaliaki, K., & Kumar, S. (2020). Big data analytics in health sector: Theoretical framework, techniques and prospects. International Journal of Information Management, 50, 206-216.
• Ganai, P. T., Bag, A., Sable, A., Abdullah, K. H., Bhatia, S., & Pant, B. (2022, April). A Detailed Investigation of Implementation of Internet of Things (IOT) in Cyber Security in Healthcare Sector. In 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) (pp. 1571-1575). 28-29 April 2022 Greater Noida, India.
• Gellerstedt, M. (2016). The Digitalization of Health Care Paves The Way for Improved Quality of Life. Journal of Systemics, Cybernetics and Informatics, 14, 1-10.
• Gerçeker, B. (2012). Sağlık Kuruluşlarında Örgüt İklimi Ve Bilgi Güvenliğinin İlişkisi. Dokuz Eylül Üniversitesi Sağlık Bilimleri Enstitüsü Sağlıkta Kalite Geliştirme ve Akreditasyon Ana Bilim Dalı. İzmir.
• Getoppos, (2024). Cyber Attack in Hospitals: Biggest Healthcare Industry Cyber Threats. https://getoppos.com/cyber-attacks-in-hospitals/. Access date: 06/04/2024.
• Gopal, G., Suter-Crazzolara, C., Toldo, L., & Eberhardt, W. (2019). Digital Transformation in Healthcare–Architectures of Present and Future Information Technologies. Clinical Chemistry and Laboratory Medicine, 57(3), 328-335.S.329
• Goutam, R. K. (2015). Importance of Cyber Security. International Journal of Computer Applications, 111(7), 14-15
• Gritzalis, D. A. (1998). Enhancing security and improving interoperability in healthcare information systems. Medical Informatics, 23(4), 309-323.
• Häyrinen, K., Saranto, K., & Nykänen, P. (2008). Definition, structure, content, use and impacts of electronic health records: a review of the research literature. International journal of medical informatics, 77(5), 291-304.
• Henkoğlu, T., & Yılmaz, B. (2013). Avrupa Birliği AB Bilgi Güvenliği Politikaları. Türk Kütüphaneciliği, 27(3), 451-471.
• Herland, M., Khoshgoftaar, T. M., & Wald, R. (2014). A Review of Data Mining Using Big Data in Health Informatics. Journal of Big Data, 1(1), 1-35.
• Herrmann, M., Boehme, P., Mondritzki, T., Ehlers, J. P., Kavadias, S., & Truebel, H. (2018). Digital transformation and disruption of the health care sector: Internet-based observational study. Journal of medical internet research, 20(3), e104.
• Huang, D. L., Rau, P. L. P., & Salvendy, G. (2010). Perception of Information Security. Behaviour & Information Technology, 29(3), 221-232.
• Iqbal, M. H., Aydin, A., Brunckhorst, O., Dasgupta, P., & Ahmed, K. (2016). A Review of Wearable Technology in Medicine. Journal of The Royal Society of Medicine, 109(10), 372-380.
• Iyanna, S., Kaur, P., Ractham, P., Talwar, S., & Islam, A. N. (2022). Digital transformation of healthcare sector. What is impeding adoption and continued usage of technology-driven innovations by end-users?. Journal of Business Research, 153, 150-161.
• İzgi, M. C. (2014). Mahremiyet Kavramı Bağlamında Kişisel Sağlık Verileri. Türkiye Biyoetik Dergisi, 1(1), 201425-201437.
• Jee, K., & Kim, G. H. (2013). Potentiality of big data in the medical sector: focus on how to reshape the healthcare system. Healthcare informatics research, 19(2), 79-85.
• Kaspersky, (2024). WannaCry fidye yazılımı nedir? https://www.kaspersky.com.tr/resource-center/threats/ransomware-wannacry. Access date: 06/04/2024.
• Khan, B., Fatima, H., Qureshi, A., Kumar, S., Hanan, A., Hussain, J., & Abdullah, S. (2023). Drawbacks of artificial intelligence and their potential solutions in the healthcare sector. Biomedical Materials & Devices, 1(2), 731-738.
• Kissi, J., Dai, B., Owusu-Marfo, J., Bediako, I. A., Antwi, M. O., & Akey, B. C. A. (2018). A Review of Information Security Policies and Procedures for Healthcare Services. Canadian Journal of Applied Science and Technology, 6(2), 812-819.
• Korkmaz, A. Ç. (2018). Geçmişten Günümüze Hasta Güvenliği. İnönü Üniversitesi Sağlık Hizmetleri Meslek Yüksek Okulu Dergisi, 6(1), 10-19.
• Küzeci, E. (2019). Kişisel verilerin korunması. Ankara: Seçkin Yayıncılık.
• Lindgren, I., & Jansson, G. (2013). Electronic services in the public sector: A conceptual framework. Government Information Quarterly, 30(2), 163-172.
• Marttin, V., & Pehlivan, İ. (2010). ISO 27001: 2005 Bilgi Güvenliği Yönetimi Standardı ve Türkiye’deki Bazı Kamu Kuruluşu Uygulamaları Üzerine Bir İnceleme. Mühendislik Bilimleri ve Tasarım Dergisi, 1(1), 49-56.
• Mevzuat Bilgi Sistemi, (2016). Kişisel Verilerin Korunması Kanunu. https://www.mevzuat.gov.tr/mevzuat?MevzuatNo=6698&MevzuatTur=1&MevzuatTertip=5. Access date:01/03/2024.
• Mukherjee, S., Chittipaka, V., Baral, M. M., Pal, S. K., & Rana, S. (2022). Impact of artificial intelligence in the healthcare sector. Artificial Intelligence and Industry 4.0, 23-54.
• Öğütçü, G., Köybaşı, N. A. G., & Cula, S. (2011). Elektronik Sağlık Kayıtlarının İçeriği, Hassasiyeti ve Erişim Kontrollerine Yönelik Farkındalık ve Beklentilerin Değerlendirilmesi. VIII. Ulusal Tıp Bilişimi Kongresi, Tıp Bilişimi 2011. pp.88-97. 17-20 Kasım 2011, Xanadu Hotel, Belek, Antalya, Turkiye.
• Özek, Ç. (1999). Düşünce Özgürlüğünden Bilgilenme Hakkına. İstanbul: AlfaYayınları.
• Öztürk, H., Yüksek, C., & Aslan, M. (2014). Sağlık Bakanlığı Bilgi Güvenliği Politikaları Klavuzu, 2014. https://bilgiguvenligi.saglik.gov.tr/files/BilgiGüvenliğiPolitikalarıKılavuzu.pdf. Access date: 06/04/2024.
• Par, Ö.E. & Soysal, E. (2011). Kişisel Sağlık Bilgilerinin Güvenliği Açısından Medula’da Kullanılan Yasa ve Standartların HIPAA ile Karşılaştırılması. VIII. Ulusal Tıp Bilişimi Kongresi, Tıp Bilişimi 2011. pp.82-87. 17-20 Kasım 2011, Xanadu Hotel, Belek, Antalya, Turkiye.
• Pawar, J., Kulkarni, D., & Dhanwate, V. (2024). Understanding Cyber Security In Health Sector. Journal of Advanced Zoology, 45, 55-64.
• Perednia, D. A., & Allen, A. (1995). Telemedicine Technology and Clinical Applications. JAMA, 273(6), 483-488.
• Preis, B., & Susskind, L. (2022). Municipal Cybersecurity: More Work Needs to Be Done. Urban Affairs Review, 58(2), 614-629. https://doi.org/10.1177/1078087420973760
• Ravì, D., Wong, C., Deligianni, F., Berthelot, M., Andreu-Perez, J., Lo, B., & Yang, G. Z. (2016). Deep learning for health informatics. IEEE journal of biomedical and health informatics, 21(1), 4-21.
• Rosacker, K. M., & Olson, D. L. (2008). Public sector information system critical success factors. Transforming Government: People, Process and Policy, 2(1), 60-70.
• Sağlık Bakanlığı, (2003). Sağlıkta Dönüşüm, Ankara: Türkiye Cumhuriyeti Sağlık Bakanlığı.
• Sağlık Bakanlığı, (2004). Türkiye Sağlık Bilgi Sistemi Eylem Planı. Bilgi İşlem Dairesi Başkanlığı. Ankara: Türkiye Cumhuriyeti Sağlık Bakanlığı.
• Schwalbe, N., & Wahl, B. (2020). Artificial intelligence and the future of global health. The Lancet, 395(10236), 1579-1586.
• Seemma, P. S., Nandhini, S., & Sowmiya, M. (2018). Overview of Cyber Security. International Journal of Advanced Research in Computer and Communication Engineering, 7(11), 125-128.
• Shchavinsky, Y. V., Muzhanova, T. M., Yakymenko, Y. M., & Zaporozhchenko, M. M. (2023). Application Of Artificial Intelligence For Improving Situational Training Of Cybersecurity Specialists. Information Technologies and Learning Tools,97(5), 215-226.
• Smith, E., & Eloff, J. H. (1999). Security in health-care information systems—current trends. International journal of medical informatics, 54(1), 39-54.
• Smith, E., & Eloff, J. H. (1999). Security in health-care information systems—current trends. International journal of medical informatics, 54(1), 39-54.
• Stahl, B. C., Doherty, N. F., & Shaw, M. (2012). Information Security Policies in The UK Healthcare Sector: A Critical Evaluation. Information Systems Journal, 22(1), 77-94.
• Stahl, B. C., Doherty, N. F., & Shaw, M. (2012). Information security policies in the UK healthcare sector: a critical evaluation. Information systems journal, 22(1), 77-94.
• Tibodeau, P. (2014). Cyberattacks Could Paralyze US, Former Defence Chief Warns. https://www.computerworld.com/article/1612081/cyberattacks-could-paralyze-u-s-former-defense-chief-warns.html. Access date: 06/04/2024.
• Trend Micro, (2024). RYUK fidye yazılımı nedir? https://www.trendmicro.com/tr_tr/what-is/ransomware/ryuk-ransomware.html. Access date: 06/04/2024.
• Upguard, (2024). 14 Biggest Healthcare Data Breaches. https://www.upguard.com/blog/biggest-data-breaches-in-healthcare. Access date: 06/04/2024.
• Uysal, B., & Yorulmaz, M. (2018). Sağlıkta Kalite Standartları ve Bilişsel Mahremiyet. Selçuk Üniversitesi Sosyal ve Teknik Araştırmalar Dergisi, (16), 24-33.
• Van Deursen, N., Buchanan, W. J., & Duff, A. (2013). Monitoring information security risks within health care. Computers & Security, 37, 31-45.
• Vural, Y., & Sağıroğlu, Ş. (2008). Kurumsal Bilgi Güvenliği ve Standartlari Üzerine Bir İnceleme. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, 23(2),507-522.
• Yılmaz, D., Özkoç, E. E., & Öğütçü, G. (2021). Elektronik Sağlık Kayıtlarında Farkındalık. Hacettepe Sağlık İdaresi Dergisi, 24(4), 777-792.