Journal:Health care and cybersecurity: Bibliometric analysis of the literature

From LIMSWiki
Revision as of 20:59, 4 May 2020 by Shawndouglas (talk | contribs) (Saving and adding more.)
Jump to navigationJump to search
Full article title Health care and cybersecurity: Bibliometric analysis of the literature
Journal Journal of Medical Internet Research
Author(s) Jalali, Mohammad S.; Razak, Sabina; Gordon, William; Perakslis, Eric; Madnick, Stuart
Author affiliation(s) Harvard Medical School, Massachusetts Institute of Technology, Brigham & Women’s Hospital, Partners Healthcare,
Primary contact Email: msjalali at mgh dot harvard dot edu
Year published 2019
Volume and issue 21(2)
Article # e12644
DOI 10.2196/12644
ISSN 1438-8871
Distribution license Creative Commons Attribution 4.0 International
Website https://www.jmir.org/2019/2/e12644/
Download https://www.jmir.org/2019/2/e12644/pdf (PDF)

Abstract

Background: Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery.

Objective: The objective of this study was to provide an overview of the literature at the intersection of cybersecurity and health care delivery.

Methods: A comprehensive search was conducted using PubMed and Web of Science for English-language peer-reviewed articles. We carried out chronological analysis, domain clustering analysis, and text analysis of the included articles to generate a high-level concept map composed of specific words and the connections between them.

Results: Our final sample included 472 English-language journal articles. Our review results revealed that a majority of the articles were focused on technology. Technology–focused articles made up more than half of all the clusters, whereas managerial articles accounted for only 32 percent of all clusters. This finding suggests that nontechnological variables (human–based and organizational aspects, strategy, and management) may be understudied. In addition, software development security, business continuity, and disaster recovery planning each accounted for three percent of the studied articles. Our results also showed that publications on physical security account for only one percent of the literature, and research in this area is lacking. Cyber vulnerabilities are not all digital; many physical threats contribute to breaches and potentially affect the physical safety of patients.

Conclusions: Our results revealed an overall increase in research on cybersecurity and identified major gaps and opportunities for future work.

Keywords: bibliometric review, cybersecurity, health care, literature analysis, text mining

Introduction

Cybersecurity is an increasingly critical aspect of health care information technology infrastructure. The rapid digitization of health care delivery, from electronic health records (EHR) and telehealth to mobile health (mHealth) and network-enabled medical devices, introduces risks related to cybersecurity vulnerabilities.[1] These vulnerabilities are particularly worrisome because cyberattacks in a health care setting can result in the exposure of highly sensitive personal information or cause disruptions in clinical care.[2][3][4][5] Cyberattacks may also affect the safety of patients, for example, by compromising the integrity of data or impairing medical device functionality. The WannaCry and NotPetya ransomware attacks and vulnerabilities in Medtronic Implantable Cardiac Device Programmers are recent examples that have resulted in impaired health care delivery capabilities.[6]

Health care organizations are particularly vulnerable to cyber threats. Verizon’s 2018 Data Breach Investigations Report found that the health care field, in general, was most affected by data breaches, which accounted for 24 percent of all investigated breaches across all industries.[7] Additionally, a report by the Ponemon Institute found that almost 90 percent of respondents (involved in health plans and health care clearinghouses, as well as health care providers with EHRs) experienced a data breach in the past two years.[8] Another survey of health care information security professionals revealed that over 75 percent of health care organizations experienced a recent security incident.[9] The causes are multifactorial, involving both technology and people, and human error and cultural factors play increasingly critical roles.[10][11] Despite efforts to teach best-practice security behavior through training programs, recent surveys have revealed that one in five health care employees still write down their usernames and passwords on paper.[12]

Given the increasing importance of cybersecurity for safe, effective, and reliable health care delivery, there is a need to provide an overview of the literature at the intersection of cybersecurity and health care. Recent systematic reviews synthesized insights from 31 articles on cyber threats in health care[13] and aggregated strategies from 13 articles about responding to cyber incidents in health care organizations.[14] In this study, we conduct a large bibliometric review of the literature and describe the current state of research on various aspects of cybersecurity in health care in order to not only understand current trends but also identify gaps and guide future research efforts toward improving the security of our health care systems.

Methods

Study eligibility criteria

A comprehensive search was conducted using PubMed and Web of Science (WoS) for English-language peer-reviewed articles. We identified search keywords by adopting terminologies in The National Initiative for Cybersecurity Careers and Studies[15] and The British Standards Institution glossaries.[15] The list of keywords used follows.

WoS (journal articles, all years):

“Health*” AND “Cybersecurity” OR “Cyber Security” OR “Cyber Attack*” OR “Cyber Crisis*” OR “Cyber Incident*” OR “Cyber Infrastructure*” OR “Cyber Operation*” OR “Cyber Risk*” OR “Cyber Threat*” OR “Cyberspace*” OR “Data Breach*” OR “Data Security*” OR “Firewall*” OR “Information Security*” OR “Information Systems Security*” OR “Information Technology Security*” OR “IT Security*” OR “Malware*” OR “Phishing*” OR “Ransomware*” OR “Security Incident*” OR “Information Assurance*”

PubMed (journal articles, all years, abstract availability):

“Cybersecurity” OR “Cyber Security” OR “Cyber Attack” OR “Cyber Crisis” OR “Cyber Incident” OR “Cyber Infrastructure” OR “Cyber Operation” OR “Cyber Risk” OR “Cyber Threat” OR “Cyberspace” OR “Data Breach” OR “Data Security” OR “Firewall” OR “Information Security” OR “Information Systems Security” OR “Information Technology Security” OR “IT Security” OR “Malware” OR “Phishing” OR “Ransomware” OR “Security Incident” OR “Information Assurance”

Keywords that widened the search results far beyond the scope were rejected. For example, “exploit” and “malicious” can be used in a cyber context, but they are more commonly used in unrelated contexts that add noise to the search. Such terms were not included because of their contribution to an overwhelming amount of irrelevant results.

We included articles published from the inception of PubMed in 1966 and WoS in 1900, all the way to September 2017. Articles were excluded if they did not clearly focus on cybersecurity or health care or if they were reviews or meta-analyses. Inclusion and exclusion criteria were formulated prior to the preliminary title and abstract screening. The eligibility criteria were intentionally nonspecific to obtain a complete picture of the existing relevant research. To increase our confidence in the inclusion criteria, we conducted an initial pilot screening of 100 articles.

Screening selection

Screening of titles and abstracts was conducted using the software package abstrackr.[16] Full texts of the “maybe” articles were independently reviewed by two trained individuals to assess study eligibility. Disagreements about study inclusion were discussed until a consensus was reached. More details about our methodology are available in Multimedia Appendix 1.

Chronological clustering and trend analysis

We performed chronological analysis of the number of articles published per year and the number of authors per article. We topically clustered articles using 10 security domains created by the International Information Systems Security Certification Consortium to categorize each article (Multimedia Appendix 1). Each clustered article was further categorized as technological, managerial, legal, or interdisciplinary (if it fell into more than three categories). Features of the included articles, such as the publishing journal and number of citations, were recorded.

Text analysis

After analyzing all the titles and abstracts, we removed words with high frequencies that were common in research articles but were not specific to our subject (e.g., “paper,” “using,” and “results”). In addition, we merged the plural forms with singular forms of the same word and merged “healthcare” and “health care” into “healthcare.” Subsequently, we created word clouds to visualize the word frequencies in titles and abstracts over time. Word frequency is represented by color and size, with darker, larger words representing higher occurrence.

We then assessed text titles and abstracts to generate a high-level concept map composed of specific words and the connections between them by using the software package Leximancer text analytics (version 4.5; Leximancer Pty Ltd, Brisbane, Australia). The software started with an unsupervised machine learning approach to extract a network of meaning from the data and developed a heat map that visually illustrated the end results. The method, underpinned by a naive Bayesian co-occurrence metric, considers how often two words co-occur as well as how often they occur apart.[17][18] Heat maps consist of “themes” represented by bubbles and “concepts” represented by grey dots. Concepts can be equated to a list of similar terms coalescing into a monothematic idea, and themes are clusters of these concepts. The lines between dots suggest a strong connection between two concepts.

Results

Search results

The primary search on PubMed for papers containing terms pertaining to “cyber” yielded 1,480 articles, and the search on WoS yielded 810 articles. After removing 310 duplicates, the titles and abstracts of 1,980 articles were screened, which was facilitated by the Abstrackr software.[16] Based on the inclusion criteria, 1,262 articles were excluded in the first screening, reducing the results to 718 articles for full-text review. Eventually, a further screening removed additional articles to provide a final selection of 472 articles. Figure 1 presents the search method and results.


References

  1. Jalali, M.S.; Kaiser, J.P. (2018). "Cybersecurity in Hospitals: A Systematic, Organizational Perspective". Journal of Medical Internet Research 20 (5): e10059. doi:10.2196/10059. PMC PMC5996174. PMID 29807882. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5996174. 
  2. Gordon, W.J.; Fairhall, A.; Landman, A. (2017). "Threats to Information Security - Public Health Implications". New England Journal of Medicine 377 (8): 707–9. doi:10.1056/NEJMp1707212. PMID 28700269. 
  3. Perakslis, E.D. (2014). "Cybersecurity in health care". New England Journal of Medicine 371 (5): 395–7. doi:10.1056/NEJMp1404358. PMID 25075831. 
  4. Jarrett, M.P. (2017). "Cybersecurity-A Serious Patient Care Concern". JAMA 318 (14): 1319–20. doi:10.1001/jama.2017.11986. PMID 28973258. 
  5. Kramer, D.B.; Fu, K. (2017). "Cybersecurity Concerns and Medical Devices: Lessons From a Pacemaker Advisory". JAMA 318 (21): 2077–78. doi:10.1001/jama.2017.15692. PMID 29049709. 
  6. Furnell, S.; Emm, D. (2017). "The ABC of ransomware protection". Computer Fraud & Security 2017 (10): 5–11. doi:10.1016/S1361-3723(17)30089-1. 
  7. Verizon (2018). "2018 Data Breach Investigations Report" (PDF). Verizon. https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf. Retrieved 01 September 2018. 
  8. Ponemon Institute, LLC (May 2016). "Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data" (PDF). Ponemon Institute, LLC. https://www.ponemon.org/local/upload/file/Sixth%20Annual%20Patient%20Privacy%20%26%20Data%20Security%20Report%20FINAL%206.pdf. Retrieved 09 April 2018. 
  9. Healthcare Information and Management Systems Society (2018). "2018 HIMSS Cybersecurity Survey" (PDF). Healthcare Information and Management Systems Society. https://www.himss.org/sites/hde/files/d7/u132196/2018_HIMSS_Cybersecurity_Survey_Final_Report.pdf. Retrieved 30 July 2020. 
  10. Madnick, S.; Jalali, M.S.; Siegel, M. et al. (2017). "Measuring Stakeholders’ Perceptions of Cybersecurity for Renewable Energy Systems". Proceedings from DARE 2016: Data Analytics for Renewable Energy Integration. Lecture Notes in Computer Science 10097: 67–77. doi:10.1007/978-3-319-50947-1_7. 
  11. Jalali, M.S.; Siegel, M.; Madnick, S. (2019). "Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment". The Journal of Strategic Information Systems 28 (1): 66–82. doi:10.1016/j.jsis.2018.09.003. 
  12. "One in Five Health Employees Willing to Sell Confidential Data to Unauthorized Parties, Accenture Survey Finds". Accenture. 1 March 2018. https://newsroom.accenture.com/news/one-in-five-health-employees-willing-to-sell-confidential-data-to-unauthorized-parties-accenture-survey-finds.htm. 
  13. Kruse, C.S.; Frederick, B.; Jacobson, T. et al. (2017). "Cybersecurity in healthcare: A systematic review of modern threats and trends". Technology and Health Care 25 (1): 1–10. doi:10.3233/THC-161263. PMID 27689562. 
  14. Jalali, M.S.; Russell, B.; Razak, S. et al. (2019). "EARS to cyber incidents in health care". JAMIA 26 (1): 81–90. doi:10.1093/jamia/ocy148. PMID 30517701. 
  15. 15.0 15.1 National Initiative for Cybersecurity Careers and Studies. "Glossary". National Initiative for Cybersecurity Careers and Studies. https://niccs.us-cert.gov/about-niccs/glossary. Retrieved 31 December 2018.  Cite error: Invalid <ref> tag; name "NICCSGlossary" defined multiple times with different content
  16. 16.0 16.1 Wallace, B.C.; Small, K.; Brodley, C.E. (2012). "Deploying an interactive machine learning system in an evidence-based practice center: abstrackr". Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium: 819–24. doi:10.1145/2110363.2110464. 
  17. Smith, A.E.; Humphreys, M.S. (2006). "Evaluation of unsupervised semantic mapping of natural language with Leximancer concept mapping". Behavior Research Methods 38: 262–79. doi:10.3758/BF03192778. 
  18. Cheng, M. (2019). "A comparative automated content analysis approach on the review of the sharing economy discourse in tourism and hospitality". Current Issues in Tourism 22 (1): 35–49. doi:10.1080/13683500.2017.1361908. 

Notes

This presentation is faithful to the original, with only a few minor changes to presentation, grammar, and punctuation. In some cases important information was missing from the references, and that information was added. The original cited an Accenture YouTube video for the claim regarding users writing their credentials down; for this version a more informative press release, which links to the video, was used.