Healthcare automation has brought significant benefits to health care in terms of operational cost reduction, quality of care, patient convenience and initiation of personalized care. It has also brought new and increasing security and privacy challenges. The recent spate of successful cyberattacks against healthcare systems demonstrate that the security and privacy threats in health care are more varied and capable of undermining patient care and diminish revenues of healthcare sector. Considering the role that the healthcare sector plays within our society, the importance of protecting this critical infrastructure cannot be overstated. In this chapter the foundation of healthcare cybersecurity is presented. Major components of the healthcare systems and the associated requirements in terms of security and privacy are discussed. The threat landscape, vulnerabilities exploited to perpetrate cyberattacks against healthcare organizations and the various cyberattack types are identified and presented. Countermeasures and tools to defend and mitigate cyberattacks are also discussed.

Chapter Contents:

• Abstract
• 5.1 Introduction
• 5.2 Health system architecture
• 5.2.1 Healthcare infrastructure
• 5.2.2 Healthcare dataset
• 5.2.3 Data access infrastructure
• 5.2.4 Privacy and security requirements
• 5.2.4.1 Health privacy
• 5.2.4.2 Health data security
• 5.3 Health data breach incidents
• 5.3.1 Cyberattacks against health care
• 5.3.2 Impact of cyberattacks
• 5.3.2.1 Financial loss
• 5.3.2.2 Reputational damage
• 5.3.2.3 Danger to patients
• 5.4 Healthcare vulnerability landscape
• 5.4.1 Medical device vulnerability
• 5.4.2 Outsourcing vulnerabilities
• 5.4.3 Software and hardware vulnerabilities
• 5.4.4 End user vulnerability
• 5.4.5 Business vulnerability
• 5.5 Healthcare threat landscape
• 5.5.1 Cyber threat
• 5.5.2 Social engineering threat
• 5.5.3 Employee threat
• 5.5.4 Malicious software threats
• 5.5.5 Mobile health technologies threats
• 5.5.6 Managing vendor security threats
• 5.5.7 Social media and BYOD threats
• 5.6 Cybersecurity controls
• 5.6.1 Regulatory authorities
• 5.6.2 Healthcare data protection
• 5.6.3 Planning for cybersecurity
• 5.6.3.1 Cybersecurity strategic planning
• 5.6.3.2 Contingency planning
• 5.6.3.3 Planning for risk analysis and management
• 5.6.4 Cybersecurity policies
• 5.7 Analysis of cyberattack impacts
• 5.7.1 Revenue loss
• 5.7.2 Financial impact on patients
• 5.7.3 Regulatory costs
• 5.7.4 Cost of downtime
• 5.8 Conclusion
• Acknowledgment
• References

Inspec keywords: security of data; data privacy; medical computing; medical information systems; patient care; health care

Other keywords: successful cyberattacks; initiation; healthcare organizations; privacy challenges; health care; healthcare cybersecurity; patient convenience; healthcare automation; personalized care; recent spate; healthcare systems; healthcare sector; patient care; operational cost reduction; privacy threats; significant benefits; increasing security; foundation

Subjects: Data security; Biology and medical computing