IEEE Access (Jan 2022)
Digital Healthcare - Cyberattacks in Asian Organizations: An Analysis of Vulnerabilities, Risks, NIST Perspectives, and Recommendations
Abstract
Cyberattacks on healthcare institutions are on an upsurge all over the world. Recently, Asian hospitals have become targets of numerous cyberattacks. While Western countries like the United States have implemented security-related laws, policies, standards, and other protective measures to deal with the healthcare cyberattacks, Asian countries are lagging. The Healthcare insurance portability and accountability act (HIPAA), enacted by the United States federal government, is a classic example of a law that has been in existence for a quarter-century now. Awareness about electronic health records (EHR) and their importance is increasing in Asia. Many hospitals and healthcare systems successfully implement solutions to protect healthcare data, including sensitive patient data. However, protecting healthcare data involves a sophisticated technology and compliance-driven approach due to the high value associated with the data. In this research, an earnest attempt is made to investigate the recent cyberattacks in Asian healthcare institutions. Based on the investigation, five types of cyberattacks are found to dominate Asian healthcare institutions. A detailed analysis of these attacks, their vulnerabilities, and associated risks are performed as a part of this study. In many countries with higher cybersecurity maturity, risk frameworks are successfully employed to manage the risks associated with healthcare data. In this study, the cyberattacks on Asian healthcare institutions are also analyzed through the lens of the National Institute of standards and technology (NIST) risk framework. Based on the literature review, a few unique recommendations are included in this research study to be used as risk mitigation measures by Asian healthcare organizations and researchers to manage and improve the growing situation of cyberattacks.
Keywords