The elephant in the room: cybersecurity in healthcare
- PMID: 37088852
- PMCID: PMC10123010
- DOI: 10.1007/s10877-023-01013-5
The elephant in the room: cybersecurity in healthcare
Abstract
Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient-the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.
Keywords: COVID; Cyberattack; Cybersecurity; Internet of things; Phishing; Protected health information.
© 2023. The Author(s), under exclusive licence to Springer Nature B.V.
Conflict of interest statement
I declare that the authors have no competing interests as defined by Springer, or other interests that might be perceived to influence the results and/or discussion reported in this paper.
Figures
Similar articles
-
Managing cybersecurity risk in healthcare settings.Healthc Manage Forum. 2024 Jan;37(1):17-20. doi: 10.1177/08404704231195804. Epub 2023 Aug 25. Healthc Manage Forum. 2024. PMID: 37625818 Free PMC article.
-
Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review.J Med Internet Res. 2021 Apr 20;23(4):e21747. doi: 10.2196/21747. J Med Internet Res. 2021. PMID: 33764885 Free PMC article.
-
Developing a Novel Ontology for Cybersecurity in Internet of Medical Things-Enabled Remote Patient Monitoring.Sensors (Basel). 2024 Apr 27;24(9):2804. doi: 10.3390/s24092804. Sensors (Basel). 2024. PMID: 38732910 Free PMC article.
-
HCAP: Hybrid cyber attack prediction model for securing healthcare applications.PLoS One. 2025 May 12;20(5):e0321941. doi: 10.1371/journal.pone.0321941. eCollection 2025. PLoS One. 2025. PMID: 40354442 Free PMC article.
-
An Overview on Security and Privacy of Data in IoMT Devices: Performance Metrics, Merits, Demerits, and Challenges.Stud Health Technol Inform. 2022 Nov 3;299:126-136. doi: 10.3233/SHTI220970. Stud Health Technol Inform. 2022. PMID: 36325853 Review.
Cited by
-
Orthodontic Educational Landscape in the Contemporary Context: Insights from Educators.Semin Orthod. 2024 Sep;30(4):369-378. doi: 10.1053/j.sodo.2024.05.001. Epub 2024 May 19. Semin Orthod. 2024. PMID: 40667479 Free PMC article.
-
Managing cybersecurity risk in healthcare settings.Healthc Manage Forum. 2024 Jan;37(1):17-20. doi: 10.1177/08404704231195804. Epub 2023 Aug 25. Healthc Manage Forum. 2024. PMID: 37625818 Free PMC article.
-
Exploring the Risks, Benefits, Advances, and Challenges in Internet Integration in Medicine With the Advent of 5G Technology: A Comprehensive Review.Cureus. 2023 Nov 13;15(11):e48767. doi: 10.7759/cureus.48767. eCollection 2023 Nov. Cureus. 2023. PMID: 38098915 Free PMC article. Review.
-
Cybersecurity threats and preparedness: Implications for dental schools.J Dent Educ. 2025 Apr;89(4):523-528. doi: 10.1002/jdd.13758. Epub 2024 Oct 27. J Dent Educ. 2025. PMID: 39462829 Free PMC article.
-
Narrative Review of Electronic Health Record Systems in Anesthesia: Benefits, Risks, and Medico-Legal Considerations in the United States of America.J Med Syst. 2025 Jun 23;49(1):87. doi: 10.1007/s10916-025-02221-z. J Med Syst. 2025. PMID: 40545522 Free PMC article. Review.
References
-
- Moore GE. Cramming more components onto integrated circuits. Electronics. 1965;38(8):114–7.
-
- World Economic Forum. What new technologies carry the biggest risks? https://www.weforum.org/agenda/2017/01/what-emerging-technologies-have-t... (2017). Accessed 25 Mar 2023.
-
- HM Government. National Cyber Security Strategy 2016–2021. London, United Kingdom: HM Government. https://assets.publishing.service.gov.uk/government/uploads/system/uploa... (2016). Accessed 12 Dec 2020.
-
- Verizon. 2019 Data Breach Investigations Report. https://enterprise.verizon.com/en-gb/resources/reports/dbir/ (2019). Accessed 5 Jan 2021.
Publication types
MeSH terms
LinkOut - more resources
Full Text Sources
Medical
