Gestão de riscos com foco nas melhores práticas de sistemas de segurança de dados para saúde
DOI:
https://doi.org/10.5585/iji.v9i1.18246Palavras-chave:
Cibersegurança, Sistema Ciber-Físico, Indústria 4.0, Gestão de saúde, Gerenciamento de riscos.Resumo
Objetivo do estudo: As estatísticas mostram um quadro preocupante de desafios a serem superados pela segurança cibernética no setor da saúde. Dados evidenciam que o setor de saúde enfrenta quatro violações de dados por semana apenas nos Estados Unidos da América- EUA, tornando-o o setor mais afetado por violações de segurança digital. Assim, o presente artigo tem como objetivo investigar a gestão de riscos com foco na identificação de requisitos e melhores práticas para sistemas de segurança de dados de saúde.
Metodologia / abordagem: É baseada em uma revisão sistemática da literatura. Estudos sobre sistemas de segurança de dados de última geração foram coletados e interpretados por meio de análise de conteúdo. Palavras-chave assertivas, critérios de seleção de fontes, interpretação dos artigos selecionados e análise de banco de dados foram usados para formar a amostra investigada e para representar as amplas aplicações do objetivo deste estudo.
Originalidade / Relevância: O presente estudo contribui para definir um conjunto de requisitos mínimos e melhores práticas que podem ser adotados para gerenciar os riscos à segurança de dados no setor de saúde e dispositivos médicos.
Principais resultados: Os resultados apontaram que não há uma maneira totalmente eficaz de prevenir todas as violações por cibercriminosos; no entanto, a cibersegurança deve fazer parte dos processos de gestão adotados por diferentes organizações.
Contribuições teórico-metodológicas: Constata-se que a cibersegurança tem grande importância para o setor saúde, a informação gerada é rica em conteúdo e que a cibersegurança é negligenciada no setor, que não é capaz de lidar com a realidade das ameaças cibernéticas na indústria 4.0 contexto.
Contribuições sociais / de gestão: Por meio das boas práticas de gestão de riscos e da adoção de itens mínimos de segurança, as instituições podem garantir que os gestores possam se preparar e responder de forma eficiente aos riscos cibernéticos.
Downloads
Referências
Abdelhamid, M., Kisekka, V., & Samonas, S. (2018). Mitigating e-services avoidance: the role of government cybersecurity preparedness. Information and Computer Security, 27, pp. 26-46. doi:10.1108/ICS-02-2018-0024.
Abraham, C., Chatterjee, D., & Sims, R. R. (2019). Muddling through cybersecurity: Insights from the U.S. healthcare industry. Business Horizons, v.62(n.04), pp. 539-548. doi:10.1016/j.bushor.2019.03.010.
Ahmed, A. A., & Ahmed, W. A. (2019). An Effective Multifactor Authentication Mechanism Based on Combiners of Hash Function over Internet of Things. Sensors, 19 n.17. doi:10.3390/s19173663.
Alcantara, D. P., & Martens, M. L. (2018). Technology Roadmapping (TRM): a systematic review of the literature focusing on models. Technological Forecasting and Social Change, pp. 127-138. doi:doi.org/10.1016/j.techfore.2018.08.014.
Alexander, B., Haseeb, S., & Baranchuk, A. (2019). Are implanted electronic devices hackable? Trends in Cardiovascular Medicine, pp. 476-480. doi:10.1016/j.tcm.2018.11.011.
Al-Muhtadi, J., Shahzad, B., Saleem, K., Jameel, W., & Orgun, M. A. (2019). Cybersecurity and privacy issues for socially integrated mobile healthcare applications operating in a multi-cloud environment. Health Informatics Journal, 25, 315-329. doi:10.1177/1460458217706184.
Askar, A. J. (2019). Healthcare management system and cybersecurity. International Journal of Recent Technology and Engineering, 237-248.
Baaziz, A.; Quoniam, l. (2013). How to use big data technologies to optimize operations in upstream petroleum industry. International Journal of Innovation, v. 1 n.1, p. 19-25. doi 10.5585/iji.v1i1.4.
Berger, K. M., & Schneck, P. A. (2019). National and transnational security implications of asymmetric access to and use of biological data. Frontiers in Bioengineering and Biotechnology, 7. doi:10.3389/fbioe.2019.00021.
Bilek, A. M., Muscionico, D., & Amiel, C. (2017). A primer on the regulation and development of M-Health products. Regulatory Rapporteur, https://www.scopus.com/record/display.uri?eid=2s2.085032879397&origin=inward&txGid=408ced46814b35c8bd8454243cf24e2d.
Bissonnette, L., & Bergeron, M. G. (2017). Portable devices and mobile instruments for infectious diseases point-of-care testing. Expert Review of Molecular Diagnostics, 471-494. doi:10.1080/14737159.2017.1310619.
Blanke, S. J., & McGrady, E. (2016). When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist. Journal of healthcare risk management, 14-24. doi:10.1002/jhrm.21230.
Bojanova, I., & Voas, J. (2017). Trusting the Internet of Things. IT Professional, 19 n.5, 16-19. doi:10.1109/MITP.2017.3680956.
Braga, A., Dahab, R., Antunes, N., Laranjeiro, N., & Vieira, M. (2019). Understanding How to Use Static Analysis Tools for Detecting Cryptography Misuse in Software. IEEE TRANSACTIONS ON RELIABILITY, 1384-1403. doi: 10.1109/TR.2019.2937214.
Brody, R. G., Chang, H. U., & Schoenberg, E. S. (2018). Malware at its worst: death and destruction. International Journal of Accounting & Information Management. doi:10.1108/ijaim.2011.36619caa.003.
Burns, L. R., DeGraaff, R. A., Danzon, P. M., Kimberly, J. R., Kissick, W. L., & Pauly, M. V. (2011). The Wharton School Study of the Health Care Value Chain. San Francisco CA: John Wilet and Sons.
Busdicker, M., & Upendra, P. (2017). The role of healthcare technology management in facilitating medical device cybersecurity. Biomedical Instrumentation and Technology, 19-25. doi:10.2345/0899-8205-51.s6.19.
Coronado, A. J., & Wong, T. L. (2014). Healthcare cybersecurity risk management: Keys to an effective plan. Biomedical Instrumentation and Technology, 48, 26-30. doi:10.2345/0899-8205-48.s1.26.
Coveney, P. V., Dougherty, E. R., & Highfield, R. R. (2016). Big data need big theory too. Philosophical Transactions Of The Royal Society A-Mathematical Physical And Engineering Sciences, 374. doi:10.1098/rsta.2016.0153.
Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 48-52. doi:10.1016/j.maturitas.2018.04.008.
Cleland-Huang, J. (2014). How well do you know your personae non gratae? IEEE Software, 31, 28-31. doi:10.1109/MS.2014.85.
Dandage, R., Mantha, S. S., & Rane, S. B. (2018). Ranking the risk categories in international projects using the TOPSIS method. International Journal of Managing Projects in Business, 11, 317-331. doi:10.1108/IJMPB-06-2017-0070.
Diggans, J., & Leproust, E. (2019). Next steps for access to safe, secure DNA synthesis. Frontiers in Bioengineering and Biotechnology, 7. doi:10.3389/fbioe.2019.00086.
Elizabeth, M. J., Jobin, J., & Dona, J. (2019). A fog based security model for electronic medical records in the cloud database. International Journal of Innovative Technology and Exploring Engineering, 8 n.7, pp. 2552-2560.
Frontoni, E., Mancini, A., Bald, M., Paolanti, M., Moccia, S., Zingaretti, P., . . . Misericordia, P. (2019). Sharing health data among general practitioners: The Nu.Sa. project. International Journal of Medical Informatics, 129, pp. 267-274. doi:10.1016/j.ijmedinf.2019.05.016.
Ghafir, I., Prenosil, V., Hammoudeh, M., Baker, T., Jabbar, S., Khalid, S., & Jaf, S. (2018). BotDet: A System for Real Time Botnet Command and Control Traffic Detection. IEEE Access, 38947-38958. doi:10.1109/ACCESS.2018.2846740.
Ghafur, S., Grass, E., Jennings, N., & Darzi, A. (2019). The challenges of cybersecurity in health care: the UK National Health Service as a case study. The Lancet Digital Health, 1 n.1, pp. 10-12. doi:10.1016/S2589-7500(19)30005-6.
Good, N., Dhamija, R., Grossklags, J., Thaw, D., Aronowitz, S., Mulligan, D., & Konstan , J. (2005). Stopping spyware at the gate: A user study of privacy, notice and spyware. ACM International Conference Proceeding Series. doi:10.1145/1073001.1073006.
Gordon, W. J., Stern, A. D., Landman, A. B., & Kramer, D. B. (2019). Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system. Journal of the American Medical Informatics Association, 547-552. doi:10.1093/jamia/ocz005.
Goncharov, E., Kruglov, K., & Dashchenko, Y. (2019). Five ICS cybersecurity myths based on Kaspersky Lab ICS CERT experience. At-Automatisierungstechnik, 67, pp. 372-382. doi:10.1515/auto-2019-0016.
Grimes, S., & Wirth, A. (2017). Holding the Line: Events that Shaped Healthcare Cybersecurity. Biomedical instrumentation & technology. doi:10.2345/0899-8205-51.s6.30.
Habibzadeh, H., Nussbaum, B. H., Anjomshoa, F., Kantarci, B., & Soyata, T. (2019). A survey on cybersecurity, data privacy, and policy issues in cyber-physical system deployments in smart cities. Sustainable Cities and Society, 50. doi:10.1016/j.scs.2019.101660.
Handler, I. (2018). Data Sharing Defined-Really! Computer, 36-42. doi:10.1109/MC.2018.1451659.
Huang, J. C. (2014). How well do you know your personae non gratae? IEEE Software, 31, 28-31. doi:10.1109/MS.2014.85.
ISO/IEC 27001 (2013) Information technology - Security techniques — Information security management systems — Requirements. [S.l.]. https://www.iso.org/standard/54534.html.
ISO31000 (2018). Risk management - Principles and guidelines. [S.l.]. https://www.iso.org/standard/65694.html.
Jalali, M. S., Russell, B., Razak, S., & Gordon, W. J. (2019). EARS to cyber incidents in health care. Journal of the American Medical Informatics Association, 26, 81-90. doi:10.1093/jamia/ocy148.
Kabir, U. Y., Ezekekwu, E., Bhuyan, S. S., Mahmood, A., & Dobalian, A. (2020). Trends and best practices in health care cybersecurity insurance policy. Journal of Healthcare Risk Management, pp. 1-5. doi:10.1002/jhrm.21414.
Kessler, S. R., Pindek, S., Kleinman, G., Andel, S. A., & Spector, P. E. (2019). Information security climate and the assessment of information security risk among healthcare employees. Health informatics Journal. doi:10.1177/1460458219832048.
Kharraz, A., Robertson , W., & Kirda, E. (2018). Protecting against Ransomware: A New Line of Research or Restating Classic Ideas? IEEE Security and Privacy, 16, 103-107. doi:10.1109/MSP.2018.2701165.
King, F., Klonoff, D. C., Kerr, D., Hu, J., Lyles, C., Quinn, C., . . . Gabbay, R. (2018). Digital Diabetes Congress 2018. Journal of Diabetes Science and Technology, 1231-1238. doi:10.1177/1932296818805632.
Koppel, R., & Kuziemsky, C. (2019). Healthcare data are remarkably vulnerable to hacking: Connected healthcare delivery increases the risks. Studies in Health Technology and Informatics, 218-222. doi:10.3233/978-1-61499-951-5-218.
Kruse, C. S., Frederick , B., Jacobson , T., & Monticone , K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25, 1-10. doi:10.3233/THC-161263.
Kuerbis, B., & Badiei, F. (2017). Mapping the cybersecurity institutional landscape. Australian Catholic University, 19, 466-492. doi:10.1108/DPRG-05-2017-0024.
Kure, H. I., Islam, S., & Razzaque, M. A. (2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences (Switzerland). doi:10.3390/app8060898.
Lebeda, F. J., Zalatoris, J. J., & Scheerer, J. B. (2018). Government Cloud Computing Policies: Potential Opportunities for Advancing Military Biomedical Research. MILITARY MEDICINE, 183, 438-447. doi:10.1093/milmed/usx114.
Lechler, T., & Wetzel, S. (2017). Conceptualizing the silent risk of inadvertent information leakages. Computers and Electrical Engineering, 67-75. doi:10.1016/j.compeleceng.2016.12.020.
Leung, K., Clark, C., Sakal, M., Friesen, M., & Strudwick, G. (2019). Patient and family member readiness, needs, and perceptions of a mental health patient portal: A mixed methods study. Studies in Health Technology and Informatics, 266-270. doi:10.3233/978-1-61499-951-5-266.
Loi, M., Christen, M., Kleine, N., & Weber, K. (2019). Cybersecurity in health –disentangling value tensions. Journal of Information, Communication and Ethics in Society, 229-245. doi:10.1108/JICES-12-2018-0095.
Maimó, L. F., Celdrán, A. H., Gómez, Á. L., Clemente, F. J., Weimer, J., & Lee, I. (2019). Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors (Switzerland). doi:10.3390/s19051114.
Martin, G., Martin , P., Hankin , C., Darzi , A., & Kinross , J. (2017). Cybersecurity and healthcare: How safe are we? BMJ (Online). doi:10.1136/bmj.j3179.
Mostfa Kamal, S. U., Abd Ali, R. J., Alani, H. K., & Abdulmajed, E. S. (2016). Survey and brief history on malware in network security case study: Viruses, worms and bots. ARPN Journal of Engineering and Applied Sciences, 683-698.
Natsiavas, P., Rasmussen, J., Voss-Knude, M., Votis, Κ., Coppolino, L., Cano, I., . . . Nalin, M. (2018). Comprehensive user requirements engineering methodology for secure and interoperable health data exchange. BMC Medical Informatics and Decision Making, 18 n.1. doi:10.1186/s12911-018-0664-0.
Okereafor, K., & Marcelo, A. (2020). Addressing Cybersecurity Challenges Of Health Data In The Covid-19 Pandemic. International Journal in IT & Engineering (IJITE), 8 n.6, pp. 1-12. Fonte: http://ijmr.net.in.
Ondiege, B., Clarke, M., & Mapp, G. (2017). Exploring a new security framework for remote patient monitoring devices. Computers, 6 n.1. doi:10.3390/computers6010011.
Pesapane, F., Volonté, C., Codari, M., & Sardanelli, F. (2018). Artificial intelligence as a medical device in radiology: ethical and regulatory issues in Europe and the United States. Insights into Imaging. doi:10.1007/s13244-018-0645-y.
PMI, P. M. (2017). Project Management Body of Knowledge -PMBOK. Global Standard.
Priestman, W., Anstis, T., Sebire, I. G., Sridharan, S., & Sebire, N. J. (2019). Phishing in healthcare organisations: threats, mitigation and approaches. BMJ Health & Care Informatics, 26, e100031. doi:10.1136/bmjhci-2019-100031.
Primo, H., Bishop, M., Lannum, L., Cram, D., Nader, A., & Boodoo, R. (2018). 10 Steps to Strategically Build and Implement your Enterprise Imaging System: HIMSS-SIIM Collaborative White Paper. Journal of Digital Imaging, 32, 535-543. doi:10.1007/s10278-019-00236-w.
Silva F., J. C., Braga, C. S., & Reboucas, S. M. (2016). Perception of the brazilian manufacturing industry about the main barriers to innovation. International journal of innovation, v. 5 n.1, p. 114-131, 2016. doi 10.5585/iji.v5i1.114.
Shneiderman, B., & Plaisant, C. (2015). Sharpening analytic focus to cope with big data volume and variety. IEEE Computer Graphics and Applications. doi:10.1109/MCG.2015.64.
Stern, A. D., Gordon, W. J., Landman, A. B., & Kramer, D. B. (2019). Cybersecurity features of digital medical devices: An analysis of FDA product summaries. BMJ Open, 9 n.6. doi:10.1136/bmjopen-2018-025374.
Swede, M. J., Scovetta, V., & Eugene-Colin, M. (2019). Protecting patient data is the new scope of practice: A recommended cybersecurity curricula for healthcare students to prepare for this challenge. Journal of Allied Health, 48 n.2, pp. 148-155. doi:PubMed ID: 31167018.
Thomé, A. M., Scavarda, L. F., Scavarda, A., & Thomé, F. E. (2016). Similarities and contrasts of complexity, uncertainty, risks, and. International Journal of Project Management, 1328-1346. doi:10.1016/j.ijproman.2015.10.012.
Van Eck, N. J., & Waltman, L. (2010). Software survey: VOSviewer, a computer program for bibliometric mapping. Scientometrics 84, 523–538. Scientometrics. doi:10.1007/s11192-009-0146-3.
Vecchione, L., Stintzing, S., Pentheroudakis, G., Douillard, J.-Y., & Lordick, F. (2020). ESMO management and treatment adapted recommendations in the COVID-19 era: colorectal cancer. Esmo Open. doi:10.1136/esmoopen-2020-000826.
Ward, s., & Chapman, C. (2008). Stakeholders and uncertainty management in projects. Construction Management and Economics, 26, 563-577. doi:10.1080/01446190801998708.
Wethington, E., Eccleston, C., Gooberman-Hill, R., Schofield, P. A., Bacon, E., Dombrowski, W., . . . Reid, M. C. (2018). Establishing a Research Agenda on Mobile Health Technologies and Later-Life Pain Using an Evidence-Based Consensus Workshop Approach. Journal of Pain, 1416-1423. doi:10.1016/j.jpain.2018.06.006.
Wiltz, C. (07 de April de 2014). Medical Device and Diagnostic Industry. Fonte: MD+DI Qmed: https://www.mddionline.com/report-healthcare-cybersecurity-appalling-legislation-not-enough.
World Economic Forum. (Janeiro de 2017). The Global Risks Report 2017. Fonte: World Economic Forum: https://www.weforum.org/reports/the-global-risks-report-2017.
Zhang, X., Tan, Y.-a., Xue, Y., Zhang, Q., Li, Y., Zhang, C., & Zheng, J. (2017). Cryptographic key protection against FROST for mobile devices. Cluster Comput, 2393-2402. doi:10.1007/s10586-016-0721-3.
Downloads
Publicado
Como Citar
Edição
Seção
Licença
Copyright (c) 2021 Fábio Martins Dias, Mauro Luiz Martens, Sonia Francisca de Paula Monken, Luciano Ferreira da Silva, Ernesto Del Rosario Santibanez-Gonzalez
Este trabalho está licenciado sob uma licença Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
- Resumo 2974
- PDF (English) 1828
