Evaluating applied security controls for safeguarding medical device-integrated electronic medical records.
cyber threats
electronic medical records
evaluation
medical device
risk assessment
security controls
Journal
Journal of evaluation in clinical practice
ISSN: 1365-2753
Titre abrégé: J Eval Clin Pract
Pays: England
ID NLM: 9609066
Informations de publication
Date de publication:
19 Sep 2024
19 Sep 2024
Historique:
revised:
02
09
2024
received:
28
05
2024
accepted:
03
09
2024
medline:
22
9
2024
pubmed:
22
9
2024
entrez:
19
9
2024
Statut:
aheadofprint
Résumé
Medical device-integrated electronic medical records (MDI-EMR) pose significant challenges in ensuring effective usage, data security and patient safety. The complexities of MDI-EMR necessitate applying various security mechanisms to safeguard against cyber threats. Therefore, we evaluated cyber threats to MDI-EMR and the effectiveness of applied security controls using a proposed framework from sociotechnical and risk assessment perspectives. We conducted a qualitative case study evaluation in a general hospital in Saudi Arabia using interviews, observation, and document analysis from the perspectives of major MDI-EMR stakeholders, including healthcare providers, IT professionals and cybersecurity specialists. The results showed the interplay among physical, technical and administrative security controls that maintained a secure posture of MDI-EMR. The effectiveness of security controls is highly influenced by the staff's cybersecurity awareness and training. The perceived effectiveness of security controls varied among users, with some expressing satisfaction with the ease of use and reliability, while others highlighting challenges such as password complexity and access procedures. Understanding these diverse perspectives is crucial for tailoring security measures to meet the needs of different stakeholders effectively. Collaboration among the key stakeholders is crucial for implementing security controls for MDI-EMR. Balancing security measures with usability concerns is essential, as highlighted by challenges in implementing technical controls. A comprehensive approach encompassing physical, technical and administrative controls, continuous education and awareness initiatives are significant to empower staff in recognising and mitigating cyber threats effectively to safeguard medical data and ensure the integrity of healthcare systems.
Types de publication
Journal Article
Langues
eng
Sous-ensembles de citation
IM
Subventions
Organisme : Saudi Cultural Mission
Organisme : Universiti Kebangsaan Malaysia
Informations de copyright
© 2024 John Wiley & Sons Ltd.
Références
SAMA. Financial Sector Cyber Threat Intelligence Principles. 2022;(March):1‐27.
Chua J, Sacopulos JDMJ. Cybersecurity awareness for healthcare organizations. J Med Pract Manage. 2022;37(4):202‐205.
Javaid M, Haleem A, Singh RP, Suman R. Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends. Cyber Security Appl. 2023;1:100016.
Nifakos S. Think Twice Before You Click! Exploring The Role of Human Factors in Cybersecurity and Privacy within Healthcare Organizations. Karolinska Institutet; 2023.
Alhammad A, Yusof MM, Jambari DI. Towards an evaluation framework for medical device‐integrated electronic medical record. Expert Rev Med Devices. 2024;21(3):217‐229.
Yusof MM, Papazafeiropoulou A, Paul RJ, Stergioulas LK. Investigating evaluation frameworks for health information systems. Int J Med Inform. 2008;77(6):377‐385.
Yusof MM. A case study evaluation of a critical care information system adoption using the socio‐technical and fit approach. Int J Med Inform. 2015;84(7):486‐499.
Yusof MM, Kuljis J, Papazafeiropoulou A, Stergioulas LK. An evaluation framework for health information systems: human, organization and technology‐fit factors (HOT‐fit). Int J Med Inform. 2008;77(6):386‐398. https://linkinghub.elsevier.com/retrieve/pii/S1386505607001608
Tong A, Sainsbury P, Craig J. Consolidated criteria for reporting qualitative research (COREQ): a 32‐item checklist for interviews and focus groups. 2007;19(6):349‐357.
Braun V, Clarke V. Using thematic analysis in psychology. Qual Res Psychol. 2006;3(2):77‐101.
HPHC. Healthcare and Public Health Cybersecurity. CISA; 2022.
Shafqat N, Masood A. Comparative analysis of various national cyber security strategies. Int J Comput Sci Inf Secur. 2016;14(1):129‐136.
Rohani N, Yusof MM. Unintended consequences of pharmacy information systems: a case study. Int J Med Inform. 2023;170:104958.
Thomasian NM, Adashi EY. Cybersecurity in the Internet of medical things. Health Policy Technol. 2021;10(3):100549.
Yaqoob T, Abbas H, Atiquzzaman M. Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices: a review. IEEE Commun Surv Tutor. 2019;21(4):3723‐3768.
Nifakos S, Chandramouli K, Nikolaou CK, et al. Influence of human factors on cyber security within healthcare organisations: a systematic review. Sensors. 2021;21(15):5119.
Basil NN, Ambe S, Ekhator C, Fonkem E. Health records database and inherent security concerns: a review of the literature. Cureus. 2022;14(10):e30168.
Otaibi MNAl. Internet of things (IoT) Saudi Arabia healthcare systems: state‐of‐the‐art, future opportunities and open challenges. J Health Inform Dev Ctries. 2019;13(1):e234.
Argyridou E, Nifakos S, Laoudias C, et al. Cyber hygiene methodology for raising cybersecurity and data privacy awareness in health care organizations: concept study. J Med Internet Res. 2023;25:e41294.