PDF(Pubmed)
Abstract:
Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient-the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.
摘要:
网络安全已经看到越来越频繁的网络攻击和受保护的健康信息(PHI)的暴露和影响。采用电子病历(EMR),物联网(IoT)设备的指数级采用,COVID-19大流行的影响增加了医疗保健部门网络攻击的威胁表面。在医疗保健领域,更具体地说,在麻醉和重症监护中,每天在几乎每位患者的护理中使用的有线和无线设备激增-医疗物联网(IoMT);呼吸机,麻醉机,输液泵,起搏装置,器官支持和过多的监测方式。所有这些设备,一旦连接到医院网络,为恶意政党提供了另一个进入医院系统的机会,要么获得PHI的财务,政治或其他利益,或直接攻击系统以导致错误的监控,更改任何设备的设置,甚至通过此IoMT窗口访问EMR。IoMT的这种指数增长以及麻醉和ICU设备以及可植入设备的无线连接的增加对患者安全构成了现实和当前的危险。有,同时,一直是医疗保健网络安全的长期资金不足。网络安全投资的缺乏使该行业暴露在外,随着PHI的货币化,引入技术上不安全的物联网设备,用于监控和直接患者护理,医疗保健行业正面临进一步毁灭性的网络攻击或PHI的违规行为。再加上COVID-19大流行给医疗保健和许多护理人员工作模式的变化带来的巨大压力,这进一步扩大了该部门遭受网络攻击的风险。
