Gestión de riesgos enfocada en las mejores prácticas de los sistemas de seguridad de datos para la salud
DOI:
https://doi.org/10.5585/iji.v9i1.18246Palabras clave:
La seguridad cibernética, Sistema ciberfísico, Industria 4.0, Manejo de la salud, Gestión de riesgos.Resumen
Objetivo del estudio: Las estadísticas muestran un panorama preocupante de los desafíos que debe superar la ciberseguridad en el sector de la salud. Los datos evidencian que la industria de la salud experimenta cuatro violaciones de datos por semana solo en los Estados Unidos, lo que lo convierte en el sector más afectado por las violaciones de seguridad digital. Por lo tanto, el artículo actual tiene como objetivo investigar la gestión de riesgos centrándose en la identificación de requisitos y mejores prácticas para los sistemas de seguridad de datos sanitarios.
Metodología / enfoque: Se basa en una revisión sistemática de la literatura. Se recopilaron e interpretaron estudios sobre sistemas de seguridad de datos de última generación mediante análisis de contenido. Se utilizaron palabras clave asertivas, criterios de selección de fuentes, interpretación de artículos seleccionados y análisis de bases de datos para formar la muestra investigada y representar las amplias aplicaciones del objetivo de este estudio.
Originalidad / Relevancia: El estudio actual contribuye a definir un conjunto de requisitos mínimos y mejores prácticas que se pueden adoptar para gestionar los riesgos de seguridad de los datos en el sector sanitario y los dispositivos médicos.
Resultados principales: Los resultados han señalado que no existe una forma totalmente eficaz de prevenir todas las violaciones por parte de los ciberdelincuentes; sin embargo, la ciberseguridad debe formar parte de los procesos de gestión adoptados por diferentes organizaciones.
Aportes teóricos / metodológicos: Se encuentra que la ciberseguridad tiene una gran importancia para el sector salud, la información generada es rica en contenido y que la ciberseguridad está desatendida en el sector, que no es capaz de enfrentar la realidad de las ciberamenazas en la industria. 4.0 contexto.
Contribuciones sociales / de gestión: mediante las buenas prácticas de gestión de riesgos y la adopción de elementos de seguridad mínimos, las instituciones pueden garantizar que los administradores puedan prepararse y responder de manera eficiente a los riesgos cibernéticos.
Descargas
Citas
Abdelhamid, M., Kisekka, V., & Samonas, S. (2018). Mitigating e-services avoidance: the role of government cybersecurity preparedness. Information and Computer Security, 27, pp. 26-46. doi:10.1108/ICS-02-2018-0024.
Abraham, C., Chatterjee, D., & Sims, R. R. (2019). Muddling through cybersecurity: Insights from the U.S. healthcare industry. Business Horizons, v.62(n.04), pp. 539-548. doi:10.1016/j.bushor.2019.03.010.
Ahmed, A. A., & Ahmed, W. A. (2019). An Effective Multifactor Authentication Mechanism Based on Combiners of Hash Function over Internet of Things. Sensors, 19 n.17. doi:10.3390/s19173663.
Alcantara, D. P., & Martens, M. L. (2018). Technology Roadmapping (TRM): a systematic review of the literature focusing on models. Technological Forecasting and Social Change, pp. 127-138. doi:doi.org/10.1016/j.techfore.2018.08.014.
Alexander, B., Haseeb, S., & Baranchuk, A. (2019). Are implanted electronic devices hackable? Trends in Cardiovascular Medicine, pp. 476-480. doi:10.1016/j.tcm.2018.11.011.
Al-Muhtadi, J., Shahzad, B., Saleem, K., Jameel, W., & Orgun, M. A. (2019). Cybersecurity and privacy issues for socially integrated mobile healthcare applications operating in a multi-cloud environment. Health Informatics Journal, 25, 315-329. doi:10.1177/1460458217706184.
Askar, A. J. (2019). Healthcare management system and cybersecurity. International Journal of Recent Technology and Engineering, 237-248.
Baaziz, A.; Quoniam, l. (2013). How to use big data technologies to optimize operations in upstream petroleum industry. International Journal of Innovation, v. 1 n.1, p. 19-25. doi 10.5585/iji.v1i1.4.
Berger, K. M., & Schneck, P. A. (2019). National and transnational security implications of asymmetric access to and use of biological data. Frontiers in Bioengineering and Biotechnology, 7. doi:10.3389/fbioe.2019.00021.
Bilek, A. M., Muscionico, D., & Amiel, C. (2017). A primer on the regulation and development of M-Health products. Regulatory Rapporteur, https://www.scopus.com/record/display.uri?eid=2s2.085032879397&origin=inward&txGid=408ced46814b35c8bd8454243cf24e2d.
Bissonnette, L., & Bergeron, M. G. (2017). Portable devices and mobile instruments for infectious diseases point-of-care testing. Expert Review of Molecular Diagnostics, 471-494. doi:10.1080/14737159.2017.1310619.
Blanke, S. J., & McGrady, E. (2016). When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist. Journal of healthcare risk management, 14-24. doi:10.1002/jhrm.21230.
Bojanova, I., & Voas, J. (2017). Trusting the Internet of Things. IT Professional, 19 n.5, 16-19. doi:10.1109/MITP.2017.3680956.
Braga, A., Dahab, R., Antunes, N., Laranjeiro, N., & Vieira, M. (2019). Understanding How to Use Static Analysis Tools for Detecting Cryptography Misuse in Software. IEEE TRANSACTIONS ON RELIABILITY, 1384-1403. doi: 10.1109/TR.2019.2937214.
Brody, R. G., Chang, H. U., & Schoenberg, E. S. (2018). Malware at its worst: death and destruction. International Journal of Accounting & Information Management. doi:10.1108/ijaim.2011.36619caa.003.
Burns, L. R., DeGraaff, R. A., Danzon, P. M., Kimberly, J. R., Kissick, W. L., & Pauly, M. V. (2011). The Wharton School Study of the Health Care Value Chain. San Francisco CA: John Wilet and Sons.
Busdicker, M., & Upendra, P. (2017). The role of healthcare technology management in facilitating medical device cybersecurity. Biomedical Instrumentation and Technology, 19-25. doi:10.2345/0899-8205-51.s6.19.
Coronado, A. J., & Wong, T. L. (2014). Healthcare cybersecurity risk management: Keys to an effective plan. Biomedical Instrumentation and Technology, 48, 26-30. doi:10.2345/0899-8205-48.s1.26.
Coveney, P. V., Dougherty, E. R., & Highfield, R. R. (2016). Big data need big theory too. Philosophical Transactions Of The Royal Society A-Mathematical Physical And Engineering Sciences, 374. doi:10.1098/rsta.2016.0153.
Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 48-52. doi:10.1016/j.maturitas.2018.04.008.
Cleland-Huang, J. (2014). How well do you know your personae non gratae? IEEE Software, 31, 28-31. doi:10.1109/MS.2014.85.
Dandage, R., Mantha, S. S., & Rane, S. B. (2018). Ranking the risk categories in international projects using the TOPSIS method. International Journal of Managing Projects in Business, 11, 317-331. doi:10.1108/IJMPB-06-2017-0070.
Diggans, J., & Leproust, E. (2019). Next steps for access to safe, secure DNA synthesis. Frontiers in Bioengineering and Biotechnology, 7. doi:10.3389/fbioe.2019.00086.
Elizabeth, M. J., Jobin, J., & Dona, J. (2019). A fog based security model for electronic medical records in the cloud database. International Journal of Innovative Technology and Exploring Engineering, 8 n.7, pp. 2552-2560.
Frontoni, E., Mancini, A., Bald, M., Paolanti, M., Moccia, S., Zingaretti, P., . . . Misericordia, P. (2019). Sharing health data among general practitioners: The Nu.Sa. project. International Journal of Medical Informatics, 129, pp. 267-274. doi:10.1016/j.ijmedinf.2019.05.016.
Ghafir, I., Prenosil, V., Hammoudeh, M., Baker, T., Jabbar, S., Khalid, S., & Jaf, S. (2018). BotDet: A System for Real Time Botnet Command and Control Traffic Detection. IEEE Access, 38947-38958. doi:10.1109/ACCESS.2018.2846740.
Ghafur, S., Grass, E., Jennings, N., & Darzi, A. (2019). The challenges of cybersecurity in health care: the UK National Health Service as a case study. The Lancet Digital Health, 1 n.1, pp. 10-12. doi:10.1016/S2589-7500(19)30005-6.
Good, N., Dhamija, R., Grossklags, J., Thaw, D., Aronowitz, S., Mulligan, D., & Konstan , J. (2005). Stopping spyware at the gate: A user study of privacy, notice and spyware. ACM International Conference Proceeding Series. doi:10.1145/1073001.1073006.
Gordon, W. J., Stern, A. D., Landman, A. B., & Kramer, D. B. (2019). Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system. Journal of the American Medical Informatics Association, 547-552. doi:10.1093/jamia/ocz005.
Goncharov, E., Kruglov, K., & Dashchenko, Y. (2019). Five ICS cybersecurity myths based on Kaspersky Lab ICS CERT experience. At-Automatisierungstechnik, 67, pp. 372-382. doi:10.1515/auto-2019-0016.
Grimes, S., & Wirth, A. (2017). Holding the Line: Events that Shaped Healthcare Cybersecurity. Biomedical instrumentation & technology. doi:10.2345/0899-8205-51.s6.30.
Habibzadeh, H., Nussbaum, B. H., Anjomshoa, F., Kantarci, B., & Soyata, T. (2019). A survey on cybersecurity, data privacy, and policy issues in cyber-physical system deployments in smart cities. Sustainable Cities and Society, 50. doi:10.1016/j.scs.2019.101660.
Handler, I. (2018). Data Sharing Defined-Really! Computer, 36-42. doi:10.1109/MC.2018.1451659.
Huang, J. C. (2014). How well do you know your personae non gratae? IEEE Software, 31, 28-31. doi:10.1109/MS.2014.85.
ISO/IEC 27001 (2013) Information technology - Security techniques — Information security management systems — Requirements. [S.l.]. https://www.iso.org/standard/54534.html.
ISO31000 (2018). Risk management - Principles and guidelines. [S.l.]. https://www.iso.org/standard/65694.html.
Jalali, M. S., Russell, B., Razak, S., & Gordon, W. J. (2019). EARS to cyber incidents in health care. Journal of the American Medical Informatics Association, 26, 81-90. doi:10.1093/jamia/ocy148.
Kabir, U. Y., Ezekekwu, E., Bhuyan, S. S., Mahmood, A., & Dobalian, A. (2020). Trends and best practices in health care cybersecurity insurance policy. Journal of Healthcare Risk Management, pp. 1-5. doi:10.1002/jhrm.21414.
Kessler, S. R., Pindek, S., Kleinman, G., Andel, S. A., & Spector, P. E. (2019). Information security climate and the assessment of information security risk among healthcare employees. Health informatics Journal. doi:10.1177/1460458219832048.
Kharraz, A., Robertson , W., & Kirda, E. (2018). Protecting against Ransomware: A New Line of Research or Restating Classic Ideas? IEEE Security and Privacy, 16, 103-107. doi:10.1109/MSP.2018.2701165.
King, F., Klonoff, D. C., Kerr, D., Hu, J., Lyles, C., Quinn, C., . . . Gabbay, R. (2018). Digital Diabetes Congress 2018. Journal of Diabetes Science and Technology, 1231-1238. doi:10.1177/1932296818805632.
Koppel, R., & Kuziemsky, C. (2019). Healthcare data are remarkably vulnerable to hacking: Connected healthcare delivery increases the risks. Studies in Health Technology and Informatics, 218-222. doi:10.3233/978-1-61499-951-5-218.
Kruse, C. S., Frederick , B., Jacobson , T., & Monticone , K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25, 1-10. doi:10.3233/THC-161263.
Kuerbis, B., & Badiei, F. (2017). Mapping the cybersecurity institutional landscape. Australian Catholic University, 19, 466-492. doi:10.1108/DPRG-05-2017-0024.
Kure, H. I., Islam, S., & Razzaque, M. A. (2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences (Switzerland). doi:10.3390/app8060898.
Lebeda, F. J., Zalatoris, J. J., & Scheerer, J. B. (2018). Government Cloud Computing Policies: Potential Opportunities for Advancing Military Biomedical Research. MILITARY MEDICINE, 183, 438-447. doi:10.1093/milmed/usx114.
Lechler, T., & Wetzel, S. (2017). Conceptualizing the silent risk of inadvertent information leakages. Computers and Electrical Engineering, 67-75. doi:10.1016/j.compeleceng.2016.12.020.
Leung, K., Clark, C., Sakal, M., Friesen, M., & Strudwick, G. (2019). Patient and family member readiness, needs, and perceptions of a mental health patient portal: A mixed methods study. Studies in Health Technology and Informatics, 266-270. doi:10.3233/978-1-61499-951-5-266.
Loi, M., Christen, M., Kleine, N., & Weber, K. (2019). Cybersecurity in health –disentangling value tensions. Journal of Information, Communication and Ethics in Society, 229-245. doi:10.1108/JICES-12-2018-0095.
Maimó, L. F., Celdrán, A. H., Gómez, Á. L., Clemente, F. J., Weimer, J., & Lee, I. (2019). Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors (Switzerland). doi:10.3390/s19051114.
Martin, G., Martin , P., Hankin , C., Darzi , A., & Kinross , J. (2017). Cybersecurity and healthcare: How safe are we? BMJ (Online). doi:10.1136/bmj.j3179.
Mostfa Kamal, S. U., Abd Ali, R. J., Alani, H. K., & Abdulmajed, E. S. (2016). Survey and brief history on malware in network security case study: Viruses, worms and bots. ARPN Journal of Engineering and Applied Sciences, 683-698.
Natsiavas, P., Rasmussen, J., Voss-Knude, M., Votis, Κ., Coppolino, L., Cano, I., . . . Nalin, M. (2018). Comprehensive user requirements engineering methodology for secure and interoperable health data exchange. BMC Medical Informatics and Decision Making, 18 n.1. doi:10.1186/s12911-018-0664-0.
Okereafor, K., & Marcelo, A. (2020). Addressing Cybersecurity Challenges Of Health Data In The Covid-19 Pandemic. International Journal in IT & Engineering (IJITE), 8 n.6, pp. 1-12. Fonte: http://ijmr.net.in.
Ondiege, B., Clarke, M., & Mapp, G. (2017). Exploring a new security framework for remote patient monitoring devices. Computers, 6 n.1. doi:10.3390/computers6010011.
Pesapane, F., Volonté, C., Codari, M., & Sardanelli, F. (2018). Artificial intelligence as a medical device in radiology: ethical and regulatory issues in Europe and the United States. Insights into Imaging. doi:10.1007/s13244-018-0645-y.
PMI, P. M. (2017). Project Management Body of Knowledge -PMBOK. Global Standard.
Priestman, W., Anstis, T., Sebire, I. G., Sridharan, S., & Sebire, N. J. (2019). Phishing in healthcare organisations: threats, mitigation and approaches. BMJ Health & Care Informatics, 26, e100031. doi:10.1136/bmjhci-2019-100031.
Primo, H., Bishop, M., Lannum, L., Cram, D., Nader, A., & Boodoo, R. (2018). 10 Steps to Strategically Build and Implement your Enterprise Imaging System: HIMSS-SIIM Collaborative White Paper. Journal of Digital Imaging, 32, 535-543. doi:10.1007/s10278-019-00236-w.
Silva F., J. C., Braga, C. S., & Reboucas, S. M. (2016). Perception of the brazilian manufacturing industry about the main barriers to innovation. International journal of innovation, v. 5 n.1, p. 114-131, 2016. doi 10.5585/iji.v5i1.114.
Shneiderman, B., & Plaisant, C. (2015). Sharpening analytic focus to cope with big data volume and variety. IEEE Computer Graphics and Applications. doi:10.1109/MCG.2015.64.
Stern, A. D., Gordon, W. J., Landman, A. B., & Kramer, D. B. (2019). Cybersecurity features of digital medical devices: An analysis of FDA product summaries. BMJ Open, 9 n.6. doi:10.1136/bmjopen-2018-025374.
Swede, M. J., Scovetta, V., & Eugene-Colin, M. (2019). Protecting patient data is the new scope of practice: A recommended cybersecurity curricula for healthcare students to prepare for this challenge. Journal of Allied Health, 48 n.2, pp. 148-155. doi:PubMed ID: 31167018.
Thomé, A. M., Scavarda, L. F., Scavarda, A., & Thomé, F. E. (2016). Similarities and contrasts of complexity, uncertainty, risks, and. International Journal of Project Management, 1328-1346. doi:10.1016/j.ijproman.2015.10.012.
Van Eck, N. J., & Waltman, L. (2010). Software survey: VOSviewer, a computer program for bibliometric mapping. Scientometrics 84, 523–538. Scientometrics. doi:10.1007/s11192-009-0146-3.
Vecchione, L., Stintzing, S., Pentheroudakis, G., Douillard, J.-Y., & Lordick, F. (2020). ESMO management and treatment adapted recommendations in the COVID-19 era: colorectal cancer. Esmo Open. doi:10.1136/esmoopen-2020-000826.
Ward, s., & Chapman, C. (2008). Stakeholders and uncertainty management in projects. Construction Management and Economics, 26, 563-577. doi:10.1080/01446190801998708.
Wethington, E., Eccleston, C., Gooberman-Hill, R., Schofield, P. A., Bacon, E., Dombrowski, W., . . . Reid, M. C. (2018). Establishing a Research Agenda on Mobile Health Technologies and Later-Life Pain Using an Evidence-Based Consensus Workshop Approach. Journal of Pain, 1416-1423. doi:10.1016/j.jpain.2018.06.006.
Wiltz, C. (07 de April de 2014). Medical Device and Diagnostic Industry. Fonte: MD+DI Qmed: https://www.mddionline.com/report-healthcare-cybersecurity-appalling-legislation-not-enough.
World Economic Forum. (Janeiro de 2017). The Global Risks Report 2017. Fonte: World Economic Forum: https://www.weforum.org/reports/the-global-risks-report-2017.
Zhang, X., Tan, Y.-a., Xue, Y., Zhang, Q., Li, Y., Zhang, C., & Zheng, J. (2017). Cryptographic key protection against FROST for mobile devices. Cluster Comput, 2393-2402. doi:10.1007/s10586-016-0721-3.
Descargas
Publicado
Cómo citar
Número
Sección
Licencia
Derechos de autor 2021 International Journal of Innovation – IJI
Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial-CompartirIgual 4.0.
