Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Development of Cyber Security Policies and System in Hospitals

Verified

Added on 2023/05/29

AI Summary

This report describes the development of a security strategy and system model for the hospital IT infrastructure to provide immunity against cyber-attacks. It includes literature review, cyber security policies, methodology, and implementation.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

DEVELOPMENT OF CYBER
SECURITY POLICIES AND CYBER
SECURITY SYSTEM IN THE
HOSPITAL

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
1. Title..........................................................................................................................................3
2. Background of the project........................................................................................................3
2.1 Aim....................................................................................................................................3
2.2 Objectives..........................................................................................................................3
2.3 Research questions............................................................................................................4
2.4 Expected outcomes of the project.....................................................................................4
3. Literature Review.....................................................................................................................5
4. Cyber security.........................................................................................................................11
4.1 Security policies in the hospital environment.................................................................12
4.2 Information control and security policy in healthcare systems.......................................23
4.3 Cyber security in hospital...............................................................................................27
4.4 Cyber-attacks in the hospital...........................................................................................30
4.5 How to mitigate the cyber risks in the hospital...............................................................33
4.6 Cyber security risks in healthcare...................................................................................34
4.7 Preventing healthcare cyber security issues....................................................................36
1

4.8 Evolution of cyber security in healthcare.......................................................................41
5. Methodology..........................................................................................................................42
5.1 Preferred language..........................................................................................................42
5.2 Models of organizational security policies.....................................................................43
5.3 Establishing hospital security plan..................................................................................44
5.4 Effective ways for the hospital safety and security.........................................................45
6. Security policy model in healthcare systems.........................................................................45
6.1 Security policy model in healthcare................................................................................45
6.2 Information security and privacy in healthcare...............................................................48
6.3 Security and privacy of information in mobile health-care communication system......52
6.4 Effects of Security Policies, Security Awareness in healthcare system.........................57
6.5 Developing healthcare network security policy..............................................................58
7. Project planning......................................................................................................................59
8. Implementation.......................................................................................................................60
9. References..............................................................................................................................73
2

1. Title
Development of cyber security policies and cyber security system in the hospital.
2. Background of the project
The implementation of IT infrastructure in various industries both in production and service
sector increase day to day. In hospitals, the implementation of the IT systems changes the entire
structure of the hospital and it increases the servicing capability to the new height. But at the
same time, it also has some limitations or risks. Consider the cyber-attack has happened in the
hospital. It is a nightmare. It affects people’s lives. So, the need for updating the security systems
in the hospital IT infrastructure is high. This project is regarding the development of the security
strategy and security system model for the hospital IT infrastructure. The proposed system must
capable of providing the immune against the cyber-attacks. In this report, the overall outline of
the proposal for developing the security system model is described. Here also, the various cyber-
security models currently used in various places are considered for the benchmarking.
2.1 Aim
The main intention of this proposed research work is to develop and implement the
security system to prevent the data stealing and unauthorized use of data in hospitals by using the
“Java” platform during the part of my academic project.
2.2 Objectives
For archiving the main aim of the project, the following objectives are required to be
completed. And they are listed below.
 Conduct a deep review of the various kinds of literature.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 Initial analysis of the current information flow chain in the hospital.
 Identification of weaker zones in the current security system.
 Study about the various security models currently used.
 Develop the security model for our case.
 Develop the java code and implement the developed code.
 Test the functioning of the developed system in the real case.
2.3 Research questions
The completion of this project involves the process of answering the following questions.
And these are the major questions (problems) resolved in this project.
 What is the need for a new cybersecurity system instead of the existing system in
hospitals?
 What are the possible threats to the Hospital’s IT system?
 What are the major consequences of the improper cybersecurity system?
 What are the different methods or strategies to strengthen information security?
 How to improve the immune against the data stealing and hacking?
2.4 Expected outcomes of the project
Here the important outcomes expected by the completion of this project is described.
4

 Reduces the risks involved in the data processing in the hospital.
 Provides security to the data stored or shared through the hospital IT system.
 Improves the performance of the system.
 Increases the immune against the hacking and data stealing.
 Reduces the complications involved in the cybersecurity process.
3. Literature Review
The authors Tristan Caulfield and David Pym described the security policy of the system
in the ‘Modelling and Simulating Systems Security policy’ paper. Managers of security face lots
of challenges in providing and designing the policies as per the requirements of an organization.
In this paper, mathematical modeling of the systems and its simulations are described. It helps
the security managers in the organization to take the decisions regarding security. Utility
theories are used for describing the policies of security for the security managers. The models
created in this paper are based on the original and real-world data obtained in the systems.
Gnosis tool is used for system modeling. Then, the created framework of the model is
implemented in the Julia language. The models used in this paper are tailgating model, sharing
of document model, device loss and composed model. Then, the results obtained from the
document sharing model in an organization are given in the form of a table and described in this
paper. By using these models, one can easily create and take decisions regarding the security
policies in the organization.
According to the research work carried out by ‘Sonya H Y Hsu’ on information sharing
and cyber threats. Here the author describes the various prototypes regarding information
sharing. It will be done by exploring the application of secure data platform including the manual
script. Here for the information sharing two methods are followed by the author. First one is data
management with confidence. And the second one is the agility regarding the information
5

exchange. Also, the examples are covered by the author regarding the information exchange and
cyber threats. And the author including the data sets and the landscape surrounding in this paper.
Mainly this paper focused on the data sharing application. And this application should regarding
the statistical research data centers. These data centers make the security need for the facilities
and the motivations. The detailed explanation is provided by the author regarding the research
data centers. These centers are helping to develop the quality of visualization of the output and
the data collection. Also, there may be a balance between the creation of big data and
accessibility. It is used to create the assists. The key functions are used by the author such as
information sharing, cybersecurity, and adaptive security technologies.
According to the research work carried out by ‘Martti Lehto’ on cyberspace threats and
the objectives and strategies of cybersecurity. Generally, the cyber threats may be classified into
many ways. This is considered as the evidence by the author when taking the cybersecurity on a
multi-national level. The common model is represented as threefold classification. It is based on
motivational factors. Nowadays many countries use this model for the cybersecurity. This is used
to handle the cybersecurity threats. Here the author described the fifth model. They are
cybercrime, cyber activism, and cyber warfare. Here the cyber-security is defined by the author
regarding the cybersecurity policies and strategic properties regarding the objective of the
cybersecurity. In this paper, the objective of the cyber-security is defined by the author for the
improvement of national cybersecurity level. For that many methods are explored by the author.
Also, the strategies of cybersecurity are delivered. These strategies are used to define the key
objective regarding the strategic priorities. The cyberspace is more increased in the rational
function in the way of providing critical support to the critical infrastructure, economy and
national security. The methods are described by the author to make the security for the
cyberspace. These are done by the national governments. Also, the cybersecurity objectives are
clearly explained by the author to develop the cyber ecosystem. Also the threats, vulnerabilities,
objects are analyzed regarding the cybersecurity.
According to the research work carried out by ‘Kartik Gopalan’ on healthcare
architecture regarding the security analysis of cyber-physical systems. Here the survey is made
6

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

by the author regarding the architecture of cyber-physical systems. Some of the architectures are
illustrated in this paper by the author. Most of the architectures are evaluated and examined.
From the analysis, some of the architectures are used here by the author. These architectures are
evaluated by using the sequence of qualities regarding the cyber-physical systems for healthcare.
The architecture diagrams have explained the functionality with the detailed description. Mainly
the functionality of infusion pumps is analyzed. The STRDIDE model is used by the author to
decompose the functionality to describe the security issues and how they can be addressed. The
key functions are used by the author such as software architecture, healthcare, security,
blackboard, and cyber-physical systems. Then the architectural qualities of healthcare is defined
by the author. Finally the author concluded with the comparison of security issues between the
various architectures. These comparisons are used to make the conclusion about the architecture
which is suitable for making the security based on the need of cyber-physical systems in health
care systems.
According to the research work conducted by ‘Ajeet Singh’ on a study of cyber-attacks
on cyber-physical systems. Here the improvement of cyber-physical performance is described by
the author. Generally, the cyber-physical system is represented as the patch of the cyber world
and physical world components. These components only used to make the increment of physical
performance. Also, the usage of a cyber-physical system is explained by the author in this paper.
Here the cyber-physical systems could be increased. Because the cyber and the physical devices
are connected to illustrate the state of the art technologies. When the cyber threats and the cyber-
attacks have happened, it should be documented. From the study analysis, the author described
the security issues and challenges regarding the cyber-physical systems. It is considered as the
global issue. And also, the proper mechanism is needed for the cyber-physical systems. The
author also described the investigation regarding the relationship between the cyber-physical
systems and internet of things. The cyber-attacks are clearly explained by the author regarding
the cyber-physical systems. Also, the attacks happened in recent years are explained by the
author. Then the chart is prepared by the author regarding the recent cyber-attacks. Also, the
definitions and domains are analyzed by the author regarding the cyber-physical systems. And a
lot of vulnerabilities are identified and explained by the author. They are hardware, software,
7

network, technical and platform vulnerabilities. In this paper, the different kind of vulnerabilities
is explained by the author regarding the cyber-physical systems. The different kind of challenges
is explained by the author regarding the cyber-physical systems. Also, the discussion is made
regarding the cyber-attacks, cyber threats, and the cyber-physical systems. Finally, the author
concluded with the security protocols and security measures for optimizing the cyber-attacks on
the cyber-physical system. The structural diagrams are analyzed and illustrated by the author.
According to the research work conducted by ‘Qingliang Zeng’ on statistical tests for
integrity attacks on cyber-physical systems. In this, the author described the method to detect the
integrity attack by performing the statistical tests. The detailed description of the cyber-physical
system is provided by the author. Normally, this cyber-physical system had features such as
network, computation and widespread sensing. Here, the proof is delivered by the author. The
normality of the residual error is similar to that measurements. The residual error is obtained
from the Kalman filter. The proposed method uses this kind of property. It can detect the time
correlations rather than finding the distribution changes. The author used some key functions
regarding the statistical tests. They are a linear stochastic system, estimator, cyber-physical
systems and integrity attacks. The mathematical function and the calculations are used by the
author to define the problem statement. The statistical tests are conducted by the author. For each
detection and analysis, the definition, theorem and the results are provided. The application
method and the attacks are described in this paper.
According to the research carried out by the author ‘Devesh Mishra’, the network can be
protected from threats and Ransomware by implementing cybersecurity guidelines and defense.
In this paper, the attack surface and minimization of the attack surface is explained. For
minimizing surface attack, ‘defense in depth’ compelling structure is created. There are three
types of attack surface present in the hospital network. They are Network attack surface, human
attack surface and software attack surface. And also, follow the followings to minimize the
attack surface. They are the deployment of intrusion detection and prevention system, threat
assessment, encryption, backup the data, and create a layer of defense. In the Ransomware
attack, the hacker demands ransom in order to stop the attack. The attackers hack the medical
8

devices such as MRI machine, ventilators, an endoscope and demands the hospital management
to pay the ransom. If they pay the ransom, the attacker will stop the attack otherwise the attacker
will not stop it. It causes more uncomfortable for both patients and doctors. The event and log
management, vulnerability management, access control, network and policy profile, log retention
policy, data filter and awareness program are the elements in the analysis. These are explained in
detail. The key steps for effective incident response are preparation, identification, containment,
eradication, and recovery. In the preparation step, prevention steps are taken before the attack
has happened. In identification, the incident is identified after the attack has happened. In
containment, required steps are taken to avoid further damages and in eradication, response to
the incident is provided. Finally, in the recovery testing, monitoring and validation of the system
are take place.
According to the research carried out by the author ‘H. Joseph Wen’, security and privacy
is more important in E-Healthcare information management. In healthcare organization privacy
and security of the healthcare information is most important. The patient’s personnel healthcare
information such as health conditions and test results etc. must be maintained in privacy. The
medical information about the patient can affect the patient’s basic life activities because these
are sensitive data. If the privacy of the patients’ information is not maintained properly, then it
will affect the reputation of that healthcare organization. The lack of data privacy causes more
problems in healthcare organization and the hackers can easily get any patients’ information and
demand ransom from them and the hospital management. Another most important thing in
healthcare organization is security. The computer security is more critical and sensitive with the
internet and world wide networks. There are three basic things in E-Healthcare information
security. They are availability, confidentiality and integrity. The confidentiality means the
transmitted data and data present in the system are only revealed by the authorized persons. The
unauthorized access is need to be prevented. The integrity means the data present in the network
and computer should be free from any kind of modification, deletion and creation by the
unauthorized persons. The availability means only the authorized person access the data in the
computer and network and the authorized access must not denied. And in this paper, the security
measures of physical security, personal security and administrative security are explained in
9

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

detail. The technical solutions for E-healthcare information systems management such as
cryptography, encryption algorithms, digital signatures, user verification, personal identification,
computer architecture, protection against viruses and network communications linkage
safeguards are explained in detail.
According to the research work carried out by ‘Pooja Mohan’ on security policies for the
intelligent healthcare environment. The security policies are described by the author regarding
the healthcare management system. Here, patient monitoring is explained by the author. The
artificial intelligence had an important role in the healthcare management system. Actually,
patient monitoring would be performed by wearing a sensor on the body. Also, these sensors
should be embedded in the environment. The quality of service should be improved based on the
personalized health care services. The information exchange needs to be improved among the
healthcare system. It is used to provide care services. By these actions, the application may be
act as a vulnerable to security risks. In this paper, the author proposed the ontology development
for handling the risks in an effective manner. It also used to manage the healthcare system
problems. Mainly it contributes to the emergency situation. The author used some key functions
for the research. They are a sensor, security, attacks, and ontology. The context-aware secure
framework is provided by the author. Also, the rules and the procedures are delivered regarding
the development of ontology. Also, the ontology representation is provided by the author by
using HTML.
According to the research work conducted by ‘Bernd Carsten Stahl’ on information
security policies. Here, the author described the policies for the particular health sector. Initially,
the organizations need to concern about the security maintenance and integrity regarding the
information sources. But in hospitals, it seems to be critical. Because it had issues regarding the
accuracy and confidentiality of the information. Security managers need to monitor security
activities. It will be more useful for the development of security policy. The research is needed to
be developed to make the contribution of security policies. It is used to protect the system from
internal and external threats. The author explored some kind of works. That is important and
legitimate. But it missed describing the various views of security and policies. Also, the author
10

described the novels insights to handle the critical section regarding information exchange. Also,
the author delivered the analysis which includes the evidence regarding the health service. The
finding results are supporting the description of information security policies. Finally, it is
concluded with the discussion of finding implications and the future research avenue. The author
used the key functions for the research. They are information security, ideology, hegemony,
critical research, and healthcare.
According to the research work carried out by ‘John A. Stankovic’ on cyber-physical
systems in wireless and healthcare. The wireless and mobile healthcare systems are rapidly
increasing nowadays. So, most of the systems are represented as cyber-physical systems. The
crucial situation may happen when designing the cyber-physical systems. So, these cyber
physical systems are constructed by using the principles and other security policies. According
to healthcare cyber-physical system, the human physiology is free and independent. These
features are used to make the increase regarding the research problems for cyber-physical
systems. Also in this paper, the author highlighted the research questions and promising
directions regarding wireless and mobile healthcare cyber-physical systems. The author used
some key functions such as challenges, security, safety, privacy, and wireless health. And also
used the system components such as sensing, monitoring, classification, and inference. Then, the
research questions are developed by the author. The privacy, security, and safety are explained.
Also, the discussion is made regarding healthcare and networks.
4. Cyber security
Cybersecurity is used to secure a network from hackers or unauthorized access. The
malicious attacks are overcome by this cybersecurity. It protects the data and important files of
the organization in a secure manner. Here, cyber-security is going to be implemented in the
hospital (Rizov, 2018).
Cybersecurity is very important to any organizations like government, defense, and medical
and in industries. Because all the data which related to the above-mentioned departments are
11

stored in the system. Then, all these industries communicate and transmit the data through the
internet. While transmitting through the internet, there is a chance to the loss of the sensitive
data of the organization. Here, at the time of communication and transmission of information
cybersecurity plays a major role to protect and safely delivered the information to the correct
destination. In cybersecurity, some areas are covered. They are information security,
application security, network security and disaster recovery (Cyber-security, 2014).
Application security in the hospital provides measures to protect the application of the
organization from the attack of hackers through the design of the application, deployment, and
development of the application. The techniques which used basically for the application security
are classified into four types. The first technique in the application security is the validation of
the parameters which are given as input. The second is the authentication and authorization of
the user. The third technique is the exception and session management and the manipulation of
parameters. The fourth and last technique in the application security is auditing and logging into
the system.
The cybersecurity is also used in the area of information security in the hospital. The name
itself describes that the security is provided for the information or data. It helps to avoid the
unauthorized access of information in an enterprise or an organization. It provides and creates
the privacy for the organization regarding important information. There are some techniques
used in information security as part of cybersecurity. They are identification, authentication, and
authorization of the user and the cryptography. In information security, cryptographic
techniques are used. It means, if any information or messages are sent through the internet
means, then it should be encrypted. Because the encryption provides security to the data which
is sent through the internet. Then, the decryption process is followed at the receiver through the
keys. Then the original message is retrieved at the end of the receiver.
Then the cyber security is used for recovering the data or information in case of any sudden
disasters occurred in the hospital. This recovery process is done by performing the risk
assessment, development of stages in the recovery process and establishment of priorities in case
12

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

of any disasters occurred in the hospital. Then, there is always a plan for the recovery of
disasters which happens suddenly in the hospital.
Network security as part of cybersecurity in the hospital indicates that the hospital network
should be secured always. The components which used for the network security are antivirus
software, firewall, Intrusion prevention systems and the usage of virtual private networks
(Vidalis, Jones and Blyth, 2004).
4.1 Security policies in the hospital environment
In a modern hospital environment, the adoption of Information systems plays an
important role. It improves the overall effectiveness of the system. It facilitates many advantages
to the patients and hospital staffs. It also reduces the various problems faced by doctors even
though it has some limitations. In the modern information era, each information has some value.
So, the accumulated data on the number of patients and their medical conditions and staff data
easily attracts hackers (Ilvonen and Virtanen, 2013). They try to steal the data or collapse the
data. So, we need strong security policies to prevent that. In this section, the overview of the
hospital security system and security policies (Ansari, 2016).
Before going to see about the hospital security policies, the overview of the hospital
security system is discussed in this section. After that, the Security policies of the hospital will be
discussed. In hospital information system has some key issues to secure from the hackers and
cyber attackers (Horowitz and Lucero, 2016).
13

The above figure illustrates the typical information system of the hospital’s information
system. These topics are discussed clearly in other sections (Kant, 2016). Here, the overview of
the hospital information system is described for developing the security policies for the hospital.
This topic is mainly concentrated to identify the various areas where the possibility of the
security breaches is too high. As already discussed in the above sections, most of the security
breaches are occurring because of authentication mistakes (Kim and Jeoung, 2015). So, we need
to concentrate on the authentication system.
Here, all the policies are developed with the intention of reducing the possibility of data
stealing and security breach. Initially, the proposed system requires two types of security. One is
physical security and another one is data security. Physical security of the system is also
important in the hospital. In hospitals, major security threads are happening due to the internal
mistakes in the security system (Klaic, 2016). These problems are rectified by strengthening the
physical security of the systems (Li et al., 2014). In hospitals, it is the major problem. Hospitals
14

concentrate on the data security but they forget to secure the physical systems like medical
instruments and terminals. By using this weakness, the hacker or attacker can easily collapse the
precise data stored in the system.
Physical security
For that, the hospitals need to implement and follow the security strategies and
instruments. Unlike industries, the different instruments are placed in different locations in the
hospital. It leads to an increase in the initial investment for developing the security systems.
After that, they have to adopt access control techniques. There are the number of access control
techniques available. Among them, the most suitable access control system will be selected. The
selection process mainly depends on the size of the hospital and the budget allocated for
resolving the security problems. Among all access control systems, the five common and most
effective systems are described here. And they are listed below (Mohan and Singh, 2016).
 Manual checking
 Electromagnetic doors with card swiping option.
 User name and Password.
 Biometric Access control system
 Combined security systems.
Manual checking
Manual checking process is suitable for small hospitals and the number of visitors must
be low in this type of hospital. So, mostly these kinds of security systems are followed by small
hospitals. Here, the security staff assigned to secure the instruments and server rooms. This
method is not the most efficient method. Because the overall cost for this method is higher than
other methods (Rademaker, 2016). Here, the security staff representatives check the ID card or
access details of each and every individuals (Hospital staffs and patient visitors and outpatients).
This large process creates a negative impact on the hospital. It creates unwanted stress and
15

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

frustrations for many of them. So, this is not recommended here. As compared to other access
control techniques, this technique does not have any costlier test process and costlier
infrastructural needs. But the running cost of this method is too high because the company wants
to pay a salary for the number of staffs. So, it not practically as well as economically viable
method (Singh and Jain, 2018).
Electromagnetic doors with card swiping option
Securing the important devices by using the Electromagnetic swipe card is another way
of securing the Information system physically. Here, the access cards are given to all the
authorized persons. In each card, the access permissions are preloaded. So, the one who has the
card to open the door can access the particular room. Comparatively, it is cheaper than the
biometric security system. But, the major problem is its reliability. These kinds of cards can
easily be duplicated. But it increases the security of the systems (Sterlicchi, 2001).
User name and Password
Username and password system is the cheapest safety system when compared to other
methods. Here, the username and password are given for all the staff members. In the centralized
database, the credentials for each account is maintained. Based on the credential, one can open
the door. This method also has some risks like stealing of passwords and guessing of the
passwords etc. (Stojmenovic and Zhang, 2014).
Biometric Access control system
The biometric access control system is similar to the other methods. But the major
difference is key to opening the door (in other methods). Here, the biometric details like
fingerprint etc. are used to open the door. This method is costlier method when compared to the
other two methods. As similar to other methods, all the details and login credentials for the each
and every staff members are collected and stored in the centralized database. Also, the biometric
details are also stored in the same database. This method provides a higher level of security than
16

other methods. In this method, the biometric scanner embedded with all the door locks. So, only
the authorized persons can open the rooms and use the systems (Tsoumas and Gritzalis, 2012).
Combined security systems
Combined systems are a combination of two or more security systems. Here, the two more
systems are coordinated to improve the security. Mostly, the biometric system and username
password systems are used. Because it brings the additional layer of security. It improves the
performance of the security systems (Venkatachary, Prasad and Samikannu, 2018). The physical
security strategies of the information system are briefly explained. Most of the hospitals cannot
concentrate on these fields. They only concentrate on virtual data security.
Data Security
At the same time, the hospitals must concentrate on the process of securing the network
systems. In hospitals, the awareness regards to the data security is created by the big ransom
attack carried out in the last year (2017). From that, they realized the importance of the
information system’s security. Here the process of securing the data is conducted by the five
stages. In this section, the detailed overview of all the five stages is described. And these five
stages are listed below (Yucelen, Haddad and Feron, 2016).
 Initial Capability analysis
 Analyzing the data flow
 Split-up the network
 Develop different security layers
 Develop an emergency recovery plan
17

Initial Capability analysis
In this stage, a deep investigation is carried out with the intention of identifying the
various elements of the system. Here, all the systems are considered. So that, we may know
about the major flaws in the security systems (Bhuiyan et al., 2018).
Analyzing the data flow
Data flow analysis is the second stage of developing the security system for the secure
the data. Here, the data flow process of the systems is analyzed to find the data flow process. It
may help to develop the rules and regulations as well as security policies (Guest Editorial:
Reliability and Quality Control for Cyber-Physical Systems, 2018).
Split-up the network
After finding the data flow inside the systems, the detailed data flow map will be
developed. Based on the developed map, each and every system are split as the clusters. This
cluster development process is carried based on the zero trust principle. Here, one system or
device cannot trust another device. For example, consider the situation the doctor uses his tablet
or computer for viewing the scan reports of the patients (Haque and Aziz, 2013). By entering his
login credentials, the doctor can open those details but the system cannot control the scanning
machines. This is the principle behind this process. In simple words, it is not possible to change
the function of one system by other systems (Haque, Aziz and Rahman, 2014). This system
provides the advantages like resist the spreading of infected files etc. Also, this method ensures
that the connection between systems. This system does not allow to establish the connection
between two or more systems at one time. So, we can easily avoid hacking etc.
Develop different security layers
Also, the hospital management is required to develop the various number of security
layers like spam filter etc. to ensure the security of the network. For increasing the security of the
18

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

network, the management needs to increase the number of security layers. If the security layer
number is high means the security is also high.
In the above-given figure, the various layers of security measures are shown. Each layer
of security measures the increase in the security of the system (Jadlovská, Jadlovská and Vošček,
2016). The first layer of security is creating awareness to users by developing the various set of
policies and procedures. Here, the policies are developed with the intention of avoiding to expose
the system (Joerger et al., 2018). The security policies for the network systems will be described
in the last of this section. Next layer is the physical security layer. We already have seen the
importance of the physical security systems in the above sections. Then the third layer is
perimeter. This layer introduces the various set of barriers against hackers. These barriers reduce
the possibility of risk. And other security layers are internal network, host, and application. The
level of various layers contracting from the first layer to the final layer. In other words, the first
layer is very generic and the last layer is specific which means the strength of each layer are
increasing with the increase of layer number (M., K. and R., 2018).
19

Develop and emergency recovery plan
Also, the recovery plan development is an important process. In the case of security
system development, we have to plan for the worst condition. The recovery plan is important
when all the security systems get cracked. The recovery plan helps to maintain the business
continuity in the worst situation. The recovery plan must facilitate the quick recovery from the
impact. The recovery plan must be flexible enough to tackle emergency situations. It must be
dynamically changed according to the damage caused by the incident (Martini et al., 2017).
Security policy development
In this section, the security policy development for the hospital IT system is discussed. At
first, the different stages which followed to develop the security policies for the hospital IT
system is discussed here. It brings the overview about the functionality and need of each security
policies. For developing the security policies, there are some set of steps are need to be followed
and they are listed below. Also, the brief description about the each and every step are given here
(Seifert and Reza, 2016).
20

 Risk Identification
 Learn from others
 Confirm the legal requirements
 Analyze Level of risk
 Assign a dedicated person to develop and correct the security policies
 Conduct Training and awareness programs
 Documentation
 Develop enforcing comity
 Implementation
Risk Identification
The first step in security policy development starts with the process of identifying the
risks involved in the process (WEN, WU and SU, 2012). Because the security policy must be
developed according to the level of risk. If the policies given the additional security features than
the present risks, it means it leads to higher initial and running costs. If the developed policies
did not meet the requirements means it leads to losses. So that, the risk identification process is
considered as the important step in security policy development. In this stage, the various
internal, as well as external risks involved in the process, are found.
Learn from others
Before developing the new security policy, we have to review the security policies of
others and partner companies. It may bring an overview of the security policies. These overview
helps to develop the security policies for the current situation. Also, they faced the difficulties in
some areas. In this case, we get their advice on those areas to avoid the same difficulties in our
organization. Also, the security system developed by others acts as the benchmark. We can use
others' policies as the baseline. We may modify the base plan as per our requirements.
21

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Confirm the legal requirements
According to the place, the legal policies and norms will be changed. So, checking the
security policy’s legal standards are the responsibility of the security policy developer. Here, the
security policy developer needs to consider the main things like Data security, data permission
etc. Based on the norms and terms of the country, network security policies will be developed.
Conduct Training and awareness programs
Initially, create the basic awareness about the developed policies to all the employees.
Use proper communication strategy to communicate the important things of the developed
policies. Also, conduct the appropriate training programs for all the employees. This training
program creates the basic knowledge about the developed policies and its advantages to the
employees. We can only see the effects of the security system and security policy
implementation when all of the followings are used in those systems.
Documentation
Development of the final document is the last step in security policy development. In this
stage, the developed security policies and strategies are documented. Here, the developed
document allows both technical reader and non-technical reader to understand the developed
policies. The documentation process is one of the most important processes involved in every
project activities. And it is followed by the signing of various authorities.
Develop enforcing committee
Even we develop the rules and regulations, all the users will not follow this. For those
kinds of irresponsible employees, we need to bring the penalties and punishments. So there is a
strong need to monitor the process and identify the rules breakdowns. For that, the special
autonomous committee is required. They reduce the violation of rules.
22

Implementation strategy development
Then finally they need to develop the most appropriate implementation strategy for
implementing the developed policies. Here, the implementation strategy includes the process of
announcing the important things of the developed policies to the various persons who involved in
the process. Implementation strategy must state the roles and responsibilities of each stakeholder
in the project.
Network Security Policies for the Hospital Information system
Here, the developed security policies for the hospital information system is described. It
may consist of three important things and they are stated below.
Password Policies
All the user accounts are secured by strong passwords. So all the users are required to use
the hard password for their accounts. It is recommended to change the passwords frequently to
avoid get cracked by hackers. And also another important recommendation 'do not share your
passwords with others'.
Information Security Policies
All the users are must ensure the security of the confidential and sensitive information
that is not allowed to download and use the data from the information systems with their
personal computers or mobile gadgets etc. Leakage of sensitive data is punishable offence.
Acceptable use policies
According to the government rules and hospital rules, the doctors and other employees
have a permission to use some data for their references. But the person who uses the data must
23

ensure the security of the data at all the levels. If any leakage of data is found, they are
responsible for that.
4.2 Information control and security policy in healthcare systems
In every healthcare organization, information control and security policy are a major
security management problems. The control elements of accessibility, integrity, and
confidentiality are analyzed by the framework of information control. Healthcare system
information monitoring, input and output control of the system, and unauthorized access
prevention are involved in security policy. In the healthcare environment, the most critical
resources are information and information systems. The features of the healthcare information
system are computerized information system’s nature, the importance of end users, and
networking technologies’ development (Zarei and Sadoughi, 2016).
In computerized healthcare information system, electrically stored information which is
stored at high concentration, end-users, and management of healthcare information system are
contributing to the efficiency (Wen and Tarn, 2001). Healthcare organizations are understood the
importance of healthcare information system security and how to implement and maintain that.
In healthcare organizations, three agents care about healthcare information system security. They
are healthcare organization managers, end-users, and department of the information system. The
managers want to maximize service value, end users want to maximize the quality of the
software and the information system department wants to secure the healthcare information
system (Olaronke and Rhoda, 2013).
In healthcare information system, many problems raised related to integrity, ownership,
and privacy and so many questions are asked related to them. Such as how the healthcare
information is collected, how they are used and how they are protected? Who is responsible to
maintain accuracy in healthcare information system? And who owns healthcare information
system and the information stored in it? The healthcare information system has three major
challenges. They are listed below (Kadam, 2007).
24

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

 Maintenance of security infrastructure
 Building a secure environment.
 Determining the interoperability in distributed environment (Huang et al., 2009)
Information control in hospitals
Information control in healthcare information systems refers to the information protection. The
healthcare information system processes the information, transmits them and also stores them.
The healthcare information system is treated as an administrative resource (Devesh Kumar
Mishra, 2017). To analyze the control elements, an integrated focus is provided. Three control
elements are integrity, confidentiality, and accessibility (Alcaraz, Huang and Rome, 2018).
In general, the word ‘security’ refers to the information protection against destruction,
modification and unauthorized access and the word ‘integrity’ refers to the validity or accuracy
of the information. The overall information assurance is concerned by integrity. In end-user
computing, security and integrity are the primary concern. In an information system, the security
cannot be added directly on it. The information control mechanisms are needed for that.
Assurance is a basic of integrity. The well-formed transaction should not allow the end users to
manipulated information. Authentication is also needed to access the information. In the
authentication process, the end users must enter their identity and password. Only after the
authentication, the end user can be allowed to access the healthcare information (Information
Warfare: How to Survive Cyber Attacks, 2002).
Another control element is confidentiality. This is related to the privacy of the information. In
healthcare information system, confidentiality refers to how protected the information is from the
access of others. For example, in a healthcare organization, the patients’ test results must be
protected confidentially to avoid troubles. But in some situations, according to the ‘harm
principle’, the doctors can reveal the truth about the patients’ test results in order to protect the
innocents (Introduction to Cyber-Warfare, 2013). For example, the patient who is engaged to be
married has a positive HIV test result and that patient is refused to inform his fiancée about his
25

test results. In this situation, the doctor can reveal the patients' test results in order to protect that
fiancée from the harm. Now the confidentiality of the information is based on the ‘harm
principle’. Every individual has the right to control the collection of the information about them
and also has control over storage, usage, accuracy, and dissemination of that information.
Confidentiality and right to know are the different concepts. Confidentiality is a duty but right to
know is a right only. In healthcare organizations, the doctors have a professional duty to
maintain the healthcare information system in confidentiality. The patients have a right to know
that their information is stored and maintained in confidence (Julisch, 2013).
Accessibility is one of the control elements. It means that the end users can access or extract the
information they need whenever they need it. Accessibility includes the data collection, data
processing in the healthcare information system, and the correction of errors. There are two
aspects of accessibility. They are access restriction and access privileges. In access privileges,
there are four levels. They are full working access, access following authorization, absolutely no
access and access to static data only (Kanjee and Liu, 2014). Most of the healthcare information
system uses file access lists. These access lists give permissions to individual users and group of
different users to access specific files at a different level (K, 2017). Access restriction limits the
entry to access the information from unauthorized users. There are three forms in access
restrictions. They are physical, logical and inherent. For access restriction determination, the end
users are classified into four groups. They are public, administrative personnel, paramedical
personnel, and medical personnel. For individual users and group of users, the variable access to
the system is controlled. So some operations are restricted to some terminals. For example, only
the financial personnel can change the patients’ charges (Langer, 2016).
Security policy in healthcare information systems
In general, the word ‘policy’ refers to the strategy or plan of the organization which in
turn defines the organization’s overall objectives and goals. In another term, the word ‘policy’
refers the specific statements which defining the unacceptable and desirable management
26

practices. The security policy in healthcare information systems has four aspects (Lutz, 2001).
They are listed below.
 Assets Identification of healthcare information systems
 Defining who is responsible for the information assets for valuing and classifying
 Describing the role for hospital workers in order to protect the information
 Constructing an information infrastructure
The security policy is one of the management issues in healthcare information systems.
So, the managers in the healthcare organization must understand both technical and
organizational aspects in security policy. The security policy of healthcare information systems
must include the hospital information infrastructure, healthcare environment’s culture, the way
of resource allocation and precautions employed (Seifert and Reza, 2016). The security policy of
the healthcare information system is examined at many levels in the hospital. There are two
perspectives in the examination. They are vertical perspectives and horizontal perspectives. The
vertical perspective deals with management reporting level whereas the horizontal perspective
deals with the primary reporting level. Depending on the type of application used, the security
policy may vary. The security policy is divided into three areas. They are input and output
control, unauthorized access prevention, and security monitoring and healthcare information
system recovery (Shin, Woon Lee and Kim, 2016).
4.3 Cyber security in hospital
Cybersecurity is one of the biggest issues in every business including hospitals.
Cybersecurity vulnerabilities and intrusion poses risks for every hospital and its reputation. So,
the hospital leaders care about cybersecurity. Healthcare organizations are the major targets for
cybercriminals. There are several areas in healthcare organization which poses risks to the
security of the information. In hospitals, at the organizational level, lack of funding is the main
issue. The budget allocated for the information security is much lower than needed. So, the
hospitals cannot afford to retain in-house information security personnel. Lack of resources is
27

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

another problem area which is present at the organizational level of the hospitals. The third
problem in healthcare organizations at the organizational level is lack of hospital staff training.
Generally, the medical and administrative staffs do not have the knowledge of cybersecurity.
Most of the healthcare organizations do not know their IT infrastructure and also they do not
know what the vulnerabilities are present in their IT infrastructure. They do not have basic
knowledge about IT infrastructure, cybersecurity, and cybercrime (Special issue on
cybersecurity, crime, and forensics of wireless networks and applications, 2015). So, the system
updates and upgrades are not done properly when it required. And also the devices are
configured wrongly and the legacy system is kept online even when there are not at use. Most of
the healthcare organizations do not track the treat and report it (Ardagna et al., 2010). They do
not even manage those threats effectively. As a result, it leads to cyber-attacks. An IT
infrastructure of many healthcare organization did not build with security controls. Because of
this, important information stored in the healthcare information system can be accessed without
proper rights. And also, all communication systems in the hospital can communicate with each
and every system without appropriate data protection (Bellettini, Bertino and Ferrari, 2001).
Because of this, major two threats are posed against the healthcare information system. They are
listed below (Targeted Cyber-attacks, 2014).
 Malware infection on the system and leakage of data
 Possibility to access medical devices which are connected to patients
In the hospital environment, there are physical threats also present such as it is very easy
to get access to the hospital network. Open ports lead the hackers to access the Wi-Fi
connections present in the hospital and lead them to access the hospital network. The most
important challenge in hospitals’ cybersecurity is a number of devices with access to a facility’s
network. Unlike other organizations and industries, in healthcare organizations, a number of
patients and visitors come with their own devices (de Carvalho Junior and Bandiera-Paiva,
2018). So, it makes the hospital network vulnerable. For example, if the patients’ device is
infected with malware, then it will affect the hospital network and create vulnerabilities when it
connected to the hospital network. So, it is necessary to use software to ensure that only
28

authorized devices can connect to the network (Greaves and Coetzee, 2017). The followings are
some of the instructions to boost the cybersecurity of the healthcare organization. These are also
called security steps (Wu et al., 2016).
 Providing Unique identification for system users
 Performing a Security Risk Analysis to analyze the risk which is present in the network
 Understanding the data breaches’ different causes
 Setting Automatic logoff for system users
 Give training and educate staffs in the hospital to access and monitor the hospital network
and find out if there is any vulnerability present in the network
 Establishing a security policy for employees who Bring Their Own Devices (BTOD)
 Ensuring that all devices in the healthcare organization are regularly updated.
 Doing backup of hospital’s and patient’s data regularly in particular intervals
 Using strong passwords for systems to avoid unauthorized access (Honnegowda, 2013)
 Setting Passcodes and providing encryption for mobile devices to protect the devices
from the unauthorized access
 Using intrusion detection systems in hospital network, detect if there is any intrusion
present in the network
 Providing Encryption to the wireless networks to secure the network.
 Creating an action plan for potential attacks in the hospital network
 Also providing Encryption to the laptops, personal computers and workstations to secure
the devices in the hospital network
 Providing Encryption to removable storage media
The checklist about cyber security that the hospital must have is given below (Karyda,
Kiountouzis and Kokolakis, 2005).
 Are all staffs in the hospital have sufficient cybersecurity awareness?
 Are they aware of healthcare facilities which attract the attackers?
 Are the hospital network is protected?
29

 Are all the hospital process consistent?
The hospitals must have the following facilities to ensure their network protected. The
hospitals should have better technology to protect the data and their system from the attackers
(Lakaraju, Xu and Wang, 2016). They also need to boost the cybersecurity for infrastructure
advancements and they have to secure their network by making policies like BYOD (Bring-your-
own-devices) and access rights. They have to purchase cyber insurance if they afford it and it
will be a good solution for healthcare facilities in the hospitals. The hospitals must give training
to their employees and patients about cyber security (Zhang et al., 2011).
To improve cybersecurity capabilities, endpoint complexity is reduced, internal
stakeholder alignment is improved and Resource availability is maintained. The hospital takes
the following steps to manage the hospital’s cybersecurity risks (Liu et al., 2014).
 Establishing procedures and a core cyber security team for identifying risks and mitigate
them.
 Developing an incident response plan and hospital-wide cyber security investigation
Investigating the medical devices used by the hospital to ensure that these devices are
including intrusion detection and prevention assistance with them and they are currently
infected with malware or not
 The hospital’s incident response plans and data breach plans are needed to be the review,
test, evaluate and modify to ensure that the plans remain as current as possible even in the
cyber threat environment
 The staffs are need to learn more about the cyber security risks faced by hospitals
 Determining whether the current hospital’s insurance coverage is adequate and
appropriate given cyber security risks (Caulfield and Pym, 2015).
 Evaluating and documenting the medical devices which use Internet services to transmit
patients’ healthcare information and ensure they are kept in safe (Malin, 2007).
30

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

4.4 Cyber-attacks in the hospital
The cyber-attacks have happened nowadays in most of the hospitals. These attacks are classified
as four attacks (Mejri and Yahyaoui, 2017). Ransomware, DDoS Attacks, Data breaches, Insider
threat and the compromise of business email and the fraud scams. These attacks have highly
happened in hospitals.
Ransomware is one the malware. It generally affects the files and the systems used in the
hospital (Cyber Security for Remote Patient Monitoring System, 2016). Then, the group of
hackers wants some ransoms to be paid. If the amount is given means, then they provide access
to the hospital to work on the software (Narasimhan, Croll and Caelli, 2009). This mostly occurs
in hospitals. The ransomware attacks the machines or systems in one of the following three
options. The first option is, the accessing of the emails which contain the malicious files in it.
The second option is, the user unknowingly select the unwanted and malicious link wrongly.
The third option is, watching the ads which contain malware portions in it (Cyber-security,
2014). Then, this ransomware is uploaded based on the Tactics, Techniques, and Procedures
(TTP). This type of attack is very hard. Then, if someone who does not have technical skills in
the ransomware can also able to launch or perform ransomware attacks on the system by using a
platform as Ransomware as a Service (RaaS). Recently, some hospitals are attacked by the
ransomware attacks. This attack is happened due to the use of outdated software JBoss server
(Omran et al., 2013). This is an open source software. So, it needs to be updated for every
version. If it is not updated means, then the malicious attacks are easily performed in the JBoss
servers. Mostly the hospital only contains the important health information about the patients.
The patients of the hospital may be a higher official (Olaronke and Rhoda, 2013). If those
details are hacked means, then it will become a serious issue. Therefore, if any ransomware
attack happened in hospital means, the hospital management paid the ransoms as required by
attackers. To overcome this type of attacks, the following things need to be followed by the
management of hospitals. The anti-virus software and the JBoss servers need to be updated
accordingly. Then, the email filtering needs to be properly maintained in the hospital. Then,
store and backup the files in the system with high security (Devesh Kumar Mishra, 2017).
31

The second most cyber - attack in the hospitals is data breaches. It is done by different
techniques (Rath and Colin, 2013). Like, particularly take some patient data and ask ransoms.
Then, data of the patient is breached knowingly or unknowingly by the workers in the hospital
itself. Personal Health Information (PHI) provides more value when compared to the credit card
information. So, most of the hackers target the databases in the medical field. If anyone wants
that personal health data other than the patient means, then the hackers provide those patient
details by getting some ransoms from the person (Sadki and El Bakkali, 2014). This has
happened in most of the hospitals. Then, these breaches are also occurred due to any damage
occurred in the system (or) PC. Nearly 15 million health records are breached according to the
report provided by the Health and Human Services Breaches Report through all over the world.
These attacks are overcome by proper maintenance of the security in the application software
used by the hospitals. Then, the hospital network security should be proper. Then, the
encryption process needs to be followed to protect the medical data of the patient. Then,
encryption needs to be implemented in all level of information in the hospital (Singh, 2012). It is
not only maintained between one worker and the higher officer (Ward and Smith, 2002). Each
and every worker send any data through the network means, then it should be properly encrypted
and the receiver gets the data by decrypting the information. This data breach is done mostly by
the mistakes of the employees in the hospitals. Therefore training is a must for all the workers
who are going to maintain the patient’s data in the software. Because of no training, the workers
may do their work wrongly and it leads to a huge loss for the hospital. If the workers are trained
means, then these type of attacks are reduced in the hospital management (Fellows, 2012).
The third cyber - attack in the hospitals is the Distributed Denial of Service (DDoS)
attack. It makes the network inoperable by the users in the network. It leads to severe damage to
hospital management. If the DDoS attack has happened in the network of particular hospital
means, then that hospital cannot able to provide the medical data and advice to the patient
through online basis (Ward and Smith, 2002). It delays in sending email to the patients regarding
prescriptions and their health information. Due to this DDoS attack, the online appointment
timings and dates are not shown to the patients. These DDoS attacks are mitigated by partnering
the companies which provide the mitigation to the DDoS attacks in the network (Langer, 2016).
32

The fourth cyber - attack in the hospital is the insider threat. Insider threat indicates that
the threats happened in the hospital network by the inside own hospital workers. The persons
who are all working in the hospital can be made this attack. For example, if someone did some
illegal activities, so the person is fired from the hospital. Unfortunately, that management
forgets to delete that person access in the hospital network (Lehto, 2013). Then, that person
access through the same ID and password to enter into the hospital network and delete some
most important of data of important and VIP patients. Then, the insider threats also have done
by unknowing manner. For example, workers in the hospital click some malicious link which
comes through the mail. These lead to loss of data in the system (Ward and Smith, 2002). The
insider threat is overcome by providing proper training to the workers and give some awareness
about unwanted links. If the management trained them to use only the particular links, then the
workers will not click the unwanted links which are displayed in the mail. Then, trained them to
detect the unwanted reports in the hospital. If any unwanted works done by the one worker
means, then other workers if known that the worker is doing some abnormal thing on the
website, then it should be intimated to the higher officials about that person to overcome the
huge attack (Mohan and Singh, 2016).
Challenges of cyber security in the health care
The cyber vulnerabilities have mostly occurred in the healthcare system. It is considered
the biggest cyber threat. Usually, the attackers get the patient and administration data to hack the
hospital network. It has many threats (Rizov, 2018). The first one is Ransomware. The attackers
mostly use the ransomware to attack the individual computer systems or server or the whole
network. It also demonstrates the encryption. The cloud threat is also a cyber-attack. Mostly the
healthcare information’s will be stored in the cloud. These details may obtain by the attackers
unless the proper encryption (Wen and Tarn, 2001). The attackers may get the patient
information by creating similar websites. The phishing attack is the next one. This attack can be
executed by sending a large size of emails to get sensitive information. According to encryption
it has blind spots. It helps to the attackers for hiding the data. Also, the creation of weak
passwords makes the way to hack the hospital staff details (Aldrawiesh, 2013). According to the
33

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

healthcare industries, most of the devices are connected to the internet. So, for avoiding the
cyber-attacks, the administration needs to develop the system or devices with the security
(Vidalis, Jones and Blyth, 2004).
4.5 How to mitigate the cyber risks in the hospital
Cybersecurity risk needs to be maintained in the hospital to overcome the cybersecurity
attacks in the hospital network (Cankaya and Kywe, 2015). The steps are available to mitigate
the risk in the healthcare center (Chondamrongkul and Chondamrongkul, 2017). Then, the
selection of third-party vendors is also important to overcome the unwanted access of the
hospital information. The vendors should be well known to some of the hospitals. Then, only
the hospital should select that vendor for carrying and delivering the medicines to their
organizations. Some of the hospitals did not review or ask anything to some person and they add
as the vendor if they give a certain amount to join as the vendor in the hospital (Forte, 2000).
This leads to the loss of some data in the hospital Database. So, the management of the hospital
should take of implementing and assigning the positions to each and every worker in the
hospital. The following three steps need to be followed to mitigate the cyber risk in the hospital
(Haggerty, 2017). The first step is to know about the security performance of the vendors who
are all already working in the hospital network. For software, it is obviously the hospital will go
for the third party to maintain their patient’s health records and some important information
related to hospitals. If the proper security is not maintained in the software, then it will ease the
hackers to take the data from the hospital website. Therefore, the performance of the security
needs to be maintained in the hospital server to overcome the cybersecurity attacks. The second
step in mitigating the cyber risk is to properly select the products and services. The selection
process needs the vendors to select the proper products and give it to the hospital (Healthcare
organizations struggle to maintain security, 2015). The assessment such as vendor security
assessment helps the organization to evaluate the partners. Then, it identifies the risk which
comes from third party access in the hospital network. It is overcome when the attack becomes
huge in the hospital. The third step in mitigating the risk in cybersecurity has the following
points (Healthcare under attack, 2018). Real-time security monitoring process needs to be
34

performed in the hospital. If any threat occurs in the website means, then the alert is sent to the
hospital management. Then, the third party software which is used by the hospital should be
updated accordingly. Then, only the hospital server can able to withstand all the unwanted
vulnerabilities which are generally occurred in the network. The vulnerabilities need to be
patched quickly to reduce the unwanted infections and the loss of data in the hospital website.
These are all the steps needs to be done to mitigate the risk in the hospital.
4.6 Cyber security risks in healthcare
The healthcare industry is affected mostly by cyber-attacks. The recent analysis is made
regarding the cyber-attacks in the healthcare networks. It is facing the hosts of cybersecurity
problems. Here, the host is mentioned as the financial impact of hospital and other platforms
regarding healthcare networks. According to the healthcare network, the data would be
compromised. More researches are delivered regarding the data breaches in healthcare
management. According to the recent study, the healthcare environments are affected mostly by
the data breaches in recent years (Khalil, 2015). The healthcare management only spends a few
for the cyber security management. This is also considered as one of the reasons for the
cybersecurity risks. So making the high investment on the cybersecurity, we can reduce the risks
in the healthcare environment. From the detailed analysis, we got the results of cybersecurity
investments. Only 53 percentage healthcare providers are never approaching the security against
cyber-attacks. Also, the demand for medical records are increasing in the market (Kim and
Jeoung, 2015). This may lead the cyber-attacks on the healthcare management. From the
investigation the researcher said, the electronic records are most valuable than the financial data.
The electronic health records contain the patient names, date of birth, policy numbers and billing
information. The attackers may use the fake id for accessing the medical equipment. It is more
valuable because it is hard to detect. So, these are the reasons to make the impact on the cyber-
attacks regarding the healthcare networks. The attacks are increasing in healthcare networks very
year (Mansfield-Devine, 2016). Here the ransomware is considered as the main cyber-attack.
Generally, the cyber attackers are not able to steal the hospital data easily. But the ransomware is
considered as the new security threat and targeted many healthcare management. It also has
35

some kind of malware that helps the attackers to make the attack on the healthcare system
(Mathur, 2017). The user cannot access the information which is infected by the cyber attacker.
By using this chance, the hacker fixes the amount for the user to get the details. If the user
provided the money, the data will be obtained. So by these activities, the healthcare industries are
affected a lot (Mathur, 2017). Also, the hackers want the payment through the bitcoins rather
than the credit cards. Because hacking bitcoin is not easy.
Hence, the healthcare industries are made the order such as all staffs should keep their
own tablets or phones (Newbold, 2013). So based on the research, the communication is made
between the doctor and staff by the own devices such as iPad and mobile phones. This will
reduce the cybersecurity risks (Secure Healthcare for Patients Using Cloud Computing, 2016).
But these mobile devices are also lead to cyber risk such as data breaches. Because the
information’s are accessed from the internet without encryption. So, the healthcare management
decides to share the information with the other staffs through the own devices. With this activity,
we can reduce the risks. Also, it is recommended to install the third party packages with the
mobile devices. This will be used to store and locate the data with security (NHS computer
viruses impact on patient healthcare, 2009).
The healthcare industries are made the conclusion as these are the activities do not
enough to reduce the cyber-attacks and data breaches (Srinivas et al., 2018). The security
problems also happened by the employee negligence. For example, by clicking unwanted email
attachment the staff and patient details may be obtained by the attacker. Hence, the healthcare
industries and hospitals are decided to make the cybersecurity training programs to the staffs
(Stock, 2009). So, the information technology needs to provide the technologies with the features
of mitigating the risks. The healthcare organizations should focus the personnel and it must be
aware of cyber-attacks. Also, the healthcare management provided the training to maintaining
the confidential information which is patient data. Then the security knowledge should be tested
for each staff. The training is also included the email safety (Tzang, Chang and Tzang, 2014).
36

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

4.7 Preventing healthcare cyber security issues
Nowadays in most of the hospitals, the information of the patients are stored in the form
of digital. There is no usage of pen and paper to store the information of the patient. This digital
form is called Electronic Health Records (EHR). This EHR helps the hospital to work and
communicate easily to the patients when compared to written records. Now in all hospitals, they
computerized all the information (WANG and WANG, 2018). From the statistics taken all over
the world, it is found that for every two months, the data breach has happened in large hospitals
which are using the website to provide the care and advice to their patients. It is overcome by
the following techniques used in the hospital (JOURNAL OF HEALTHCARE
MANAGEMENT, 2008).
The first technique is performing the analysis in security risk. This analysis should give
the report that the existing software is fully secured. If any attacks occurred, then these methods
need to be followed to overcome that risk or that risk will not happen again in the hospital. The
audit needs to be done by the Information Systems Audit and Control Association (ISACA).
This audit is regarding the security of the software, the server used by the hospital. Then, it
produces the evaluations of security analysis of the hospital. These process needs to be done in
every hospital to protect their data from hackers.
The second technique is understanding the different methods of hacking done in the
hospital networks. For example, if any cyber - attacks happen in any hospital means, then that
attack should be known to all the hospitals in the world. Then each and every hospital should be
aware of that attack. In the hospital, the workers should know about that by the proper
explanation of the higher officials. This will highly overcome the same mistake done in other
hospitals. So, the officers who are all in maintaining the network department should be aware of
each and every incident happened regarding security threat in the hospitals. The third technique
is providing training and education to the staffs who are all working in the hospitals (Mazurczyk
et al., 2016). For system work, the employees need to have a certain knowledge. Those
employees are allowed to working in the system alone. Then, they should be well trained to
37

work in the system regarding the patient’s data in the hospital software. Skilled employees are
hired for the work means, then most of the security-based issues are reduced. If the employee is
not a skilled means, then the employee will not work properly as per the order. Therefore, a lot
of mistakes may happen. These starting small mistakes will lead to huge one when goes from
small to the big mistake. So, proper training should be given to the hospital staffs (Adefala,
2018).
The fourth technique is the establishment of policies for the employees (or) workers who
are all come up with their own devices. In most of the hospitals, 80 % of employees bring their
own device for organization purpose (Raiu, 2012). But, they must important to follow the ‘Bring
Your Own Device’ policy. Then, the employees need to be maintained some applications in
their systems to overcome the cyber – attacks and some malware actions. After that, the IT
department in the hospital should update the security applications every time in each worker in
the hospital. At last, if any updates are done in the security policy of the hospital means, then it
should be updated in each and every worker in the hospital (Smith, 2013) (Phe.gov, 2018).
The fifth technique is to check the devices which are going to be installed in the hospital.
It should be free of some unwanted applications. Because, if the hospital gets the device from
manufacturers means, then some of the applications and software are installed by the
manufacturers and give it to the customers. These applications have some vulnerabilities in
them. Therefore, it needs to be checked by the IT department in the hospital. If any unwanted
applications are found in the device, then it should be removed and give it to workers to work in
it (Fireeye.com, 2018).
The sixth technique is multifactor authentication. It is used to provide another layer to
the security in the network of the hospital (Fireeye.com, 2018). The security is improved in
many ways. But there are two methods which common for all the places. Security of the system
identifies the person and allows them to access the system (or) network. For this, the two
common methods are used. They are in the following. The first method is the identification of
the employee. It means the corresponding workers according to the hospital only able to log into
38

the hospital software (Blogs.harvard.edu, 2018). Then the second method is identifying the
person by the scanning process. This scanning includes the fingerprint, eye scanning, face
scanning, password, etc. These scanning needs to be implemented as the second option while
using or authenticate the hospital network. This is indicated as multifactor authentication. It
reduces the cyber - attacks in hospitals (Thielst, 2007).
The seventh technique is the backup process. This backup process needs to be taken
regularly. For this, the evaluation of vendors needs to be conducted. It leads to the development
of hardware and software for backup of the data. Then, the hospital should provide the guidelines
to back up the data. Then, software is programmed according to that guidelines and given to the
workers in the hospital (Trantham and Garcia, 2015). These all process are responsible for the IT
department in the hospital. This backup process needs to be checked annually in the hospital.
The backup process helps the hospital if any virus attacked the man system in the network.
Because of backup, all the data gets stored in the local memory of the system in the hospital
(Anon, 2018).
The eighth technique is the encrypting process (Hklaw.com, 2018). The encryption of
sensitive data is important to overcome the cyber - attacks. It is used to send the information in a
secured manner. For this encryption, management needs to be developed in hospitals. This
management will take care of all the data which are sent through the internet. The encryption
algorithm should be difficult and the selection of the keys needs to be complex. So, only the
hackers cannot easily find the keys and the data will be received at the correct destination
(Wagner et al., 2018).
Improving the cyber security
Generally the cyber security needs to be developed in the healthcare systems. In recent
years cyber security is needed one to manage the risks in healthcare management (Rapid7 Blog,
2018). According to cyber-attacks the data breaches are considered as the important one for
creating the cyber-attacks. So the hospital environment needs to develop the security system to
39

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

protect the patient information from the cyber threats. These cyber-attacks are protected by the
expert in the healthcare industry (Department of Homeland Security, 2018).
The healthcare industries need to make the plan against the data breaches and the cyber-
attacks. The cyber security training is needed to be conducted for the staffs who are working in
the hospitals. Nowadays the usage of mobile devices is increasing in the healthcare industry. So
the encryption method needs to be implemented in mobile devices. The computer systems should
be properly maintained and used by the staffs and the patients (Healthsectorcouncil.org, 2018).
Then the firewall needs to be implemented in the hospital system. The anti-virus software should
be installed to protect the data from the viruses. And these software’s should be updated
properly. Then only the data and files are able to recover in case of any attacks (Ibm.com, 2018).
It is easy to restore the needed items. The information’s are need to be protected. So the access
should be provided to the corresponding staff who can view and access the data. Always for the
encryption, the strong passwords need to be maintained by the user. It should be provided with
the ransom values. Also, the passwords are needed to be changed often. The installation of
essential software’s needs to be discussed with the administration. Because the virus can be
affected by installing unwanted software’s. The information can be hacked (Industry and
Insurance, 2018). So it would be maintained as secure inside the locked room. So these are the
strategies which are needed to consider mainly in the hospital to keep the environment as secure
(Wang and Lu, 2013).
Protecting the healthcare systems from ransomware attacks
The ransomware is considered as the high profile attacks. Nowadays these ransom attacks
are happening in the healthcare industries to make the data breaches. For avoiding the attack, the
organization needs to pay the amount. The hospitals need to make the security within inside and
outside also. For the protection, initially, the data backup is the needed one. And also the system
and configurations need to be backed up (HealthITSecurity, 2018). This is called the gold image.
If the hospital environment needs to change the data every day, the combination is needed to be
made with the offline data backup and gold image. Also, the immediate plan should be
40

developed when the system gets hang. The cyber security should be established with the secure
systems (Wu et al., 2016).
Cyber security for the data protection
The cyber security needs to be implemented in the hospital environment to secure the
patients' data (HealthITSecurity, 2018). It had totally nine steps to improve the data protection
against the cyber-attacks. The staffs in the hospital need to know the preventive measures against
the attacks. So the consultant needs to be appointed for training the staff regarding the security
measures. Because, mostly staffs avoid the update of the software without the proper knowledge
(InfoSec Resources, 2018). The hackers may inject the virus into the system (Systems, 2018).
Also nowadays the new software’s are more vulnerable. The control access needs to be provided
for protecting the patient data. There is a chance to steal the information by the hackers without
access control (TechCrunch, 2018). The patient accounts need to be monitored. It is controlled
by the person who is responsible for the control access. The different type of passwords needs to
be used by the hospital staffs and patients. If else, it will create the vulnerable. Mostly the hacker
found one password and may use others also. So all kind of accounts will be stolen by hackers.
So by creating different passwords, keeps the systems in a secured manner (Zikhani, 2016). Then
the passwords should be stored in a secured place. So the passwords are not included in the email
or shared document. Also, avoid the storage of the document in the sticky notes. The risk
management needs to be established in the hospital environment. It needs to be done often to
secure the system properly. The information technology team needed to establish a risk
assessment. The defense system should be maintained by the administration. The security
protocols are needed to be developed. And then the locking doors are needed to be built to secure
the system. The physical security, robust firewall, and the anti-virus software’s needs to be
established. The plan needs to be developed from the hospital administration to avoid the data
breaches. So for that, the latest protocols need to be used for the security. The status needs to be
checked often. The cloud based backup also considered as the good choice to prevent the data
breaches. And the better software’s should be installed for the system usage. Because much fake
software’s are presents on the internet. It should be created by hackers. So the good authorized
41

software’s are need to be installed. And that should be trained to the hospital staffs (InfoSec
Resources, 2018).
4.8 Evolution of cyber security in healthcare
According to the healthcare industry the data sets are increasing rapidly. It could be both
volume and complexity. In the world information, thirty percent of information is regarding the
health care industries (Baxter et al., 2002). Also, the risk occurs in the top-level regarding the
healthcare networks. The data breaches and wanna cry attacks are mostly happening in the
healthcare networks. The phishing attack also compromises the sensitive information from the
employee and patients. So some guidelines are provided by the healthcare industries to handle
and reduce the cyber risks. It provides data privacy and security for protecting the patients’
medical information. Also, the cyber security experts are playing a major role to handle the
network security (Call for Papers for Special Issue on Security in Computer and Cyber-Physical
Systems and Networks, 2009). The cyber criminals are making the threat often against the
healthcare industries. The cyber security specialist is needed because of the growth of risk
regarding patient data. Based on the growing of IoT devices, the level of data security needs to
be increased. Nowadays the healthcare industries are needed the data from the medical research
or various reasons. So the specialist needed to make the analysis of the data. With this activity,
we can ensure the data security (Zorabedian, 2018). This process seems to be very hard. Because
the big data technology is needed to analyze the data storage. Also, the importance of data
security is also increased day by day. The size and the diversity of medical data seem to be the
challenge for big data evolution. Normally the healthcare industries have some rules and
procedures for using big data resources and technologies (Ferguson, 2009). The resources of big
data are used to identify and distinguish the network threats. These technologies are used to
secure the integrity of patient data. The security program is used in big data technologies. It is
used to analyze the information regarding the cyber-attacks. The information contains the threats
and patterns regarding the malicious activities. Also, the healthcare industries are using more
advanced technologies like artificial intelligence and machine learning. These technologies are
used to identify the attack strategies. The process of data security is needed for long period in
42

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

healthcare industries. So the cyber security specialists are needed to make the training to other
staffs (Gardam, Reason and Rykert, 2010).
5. Methodology
5.1 Preferred language
The preferred programming language is Java. The Java is object oriented, high level,
secure and robust programming language. It has the Application Programming Interface (API)
and Java Runtime Environment (JRE), it is called the platform. The Java has the feature called
thread. It helps to improve security. It also has a garbage collector and checks all memory
references. So we preferred the Java language for modeling of the cyber-security system. There
are two types of cyber-attacks. They are web-based and system based attacks. In this hospital,
transmit sensitive data to other devices across networks. We protect sensitive data using encrypt
and decrypt method using Java programming language. We use the authentication and
authorization to prevent the hacking of the web applications and hospital databases. The hospital
applications access is based on the username and password (Dark, 2011). The authentication is
avoiding the unauthorized leak of information. It is used to protect the data. The authorization is
used to allow the access for resources. The hospital, system administrators are assigned the
permission levels to the user. During authorization, a system verifies the authenticated user
access. The data encryption is used to prevent the important data from unauthorized user
(Anantharam, 2001).
5.2 Models of organizational security policies
In this project, the security would be developed by using the java application. The project
development is based on the model of security inside the hospital. So for that, the model of
security policies needs to be developed regarding the security in the hospital. Here the decision
making will help to improve the security policies (Caulfield and Pym, 2015). The security policy
43

is a collection of rules. These rules will help to protect the confidentiality, integrity of the system
and their information. The policies should support both physical and virtual environments.
The security policies are used for securing the staff and the information. For developing
the security policies the characteristics and problem of the hospital should be recognized. The
Java programming language is preferred here for the development of the secured system in the
hospital. Here the model will be developed regarding hospital security. Actually, the model is a
representation of system operation in details. By this model, we can get the information about the
system operations and type of events. This model will help to make the interactions between the
security policies and technologies. The model design is to be compositional to manage the
complexity in the security policies. Three main models are used for hospital security
(Aurigemma, 2013).
The first model is regarding the tailgating behavior of human and hackers. The second
model is regarding how the confidential documents are shared between the hospital staffs. It will
be done when the normal system is unavailable (Bartenfeld et al., 2017). Tailgating is the method
should be implemented in a hospital at the entrance. This will help to notice the behavior of
hospital staffs. This model could be implemented by using the card. The second one is the
document sharing. These policies would recommend how to share the information between the
staffs in a secured manner (Dancer, 2012). This model could be used to make the monitoring of
outside regarding the document sharing. The third model is the device loss. It mainly deals with
the loss devices outside the hospital. These three models should be implemented in a secure
system for the hospital.
Also, these models contain some of the decision makers. The essential part of the model
is to make the interaction between security policies and the technologies. According to the
security policies the decision making is the important one. The hospital staff decisions based on
the preferences towards productivity and security. So making a decision is the challenging part
regarding the development of security policies (Dmitriev, 2002).
44

5.3 Establishing hospital security plan
The healthcare facilities are considered as the serious issue. So the security planning and
the legitimate training need to be increased. The healthcare leaders need to be identified the
security issues. So the security managers need to be trained well. And the violence is considered
as the first issue. According to that, the plans and the procedures are needed to be developed. The
reactive plans also need to be maintained. Hence the healthcare management has the policies and
procedures to report the vulnerabilities. Patient safety is also considered as one of the regarding
security policies. For patient safety, the visitation security policy needs to be developed. It can
identify the attackers which are in the hospital environment. And the security areas such as the
emergency department, infants need to be investigated. When providing the training for
someone, the policies and the security procedures are need to be analyzed. Then, the use to force
needs to be analyzed to illustrate the security staff (Glowa and Weber, 2009).
Then the security risk assessment needs to be considered. It is considered on the regular
basis. The main objective of this risk assessment is to identify the assets of healthcare facilities.
Also, the risk mitigation strategies are needed to be developed. The primary components are
needed to be monitored for the optimal security system. The equipment’s, card access and the
alarms need to be identified and controlled for the secure access. Workplace violence should be
monitored under the security managers. Also, it should be used to make an effective healthcare
specific. These security policies should be linked with all departments in the hospital
environment. The departments are violence, nursing and legal and security departments. The
healthcare facilities are needed to be prepared for the security purpose. The designing of security
features are used to develop the safety and the security, human resources and operational host.
Satisfaction is also one of the consideration (Hospitals become major target for ransomware,
2016).
45

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5.4 Effective ways for the hospital safety and security
According to healthcare networks, developing a security system is quite complex. So, for
that security, three things need to be considered. First, one needs to ensure the website users.
Need to check whether the person is authorized or not. And the guest account recommended
using for the bad issues (Kiesling, 2005). The sensitive data storage rooms need to be secured.
The software should be installed to get the software package related to the hospital management.
Always the hospital management will prepare the software which is attractive to the peoples.
Also, the security system should inspire patients. It would like a visitor management software.
The software should check the guest id proof and verify the names presents in the database. It
could be various shapes and sizes. The hospital access control system needs to be limited. The
identification proof needs to be issued to the workers. The hackers may use the same kind of ID
cards to enter into the hospital environment. The patient and staff information’s are need to be
kept in the locker room. By this access control system, we can manage the entries in the hospital
easily (Mateosian, 2002).
6. Security policy model in healthcare systems
6.1 Security policy model in healthcare
The policy model in the healthcare Centre will contain some set of rules. That rules are
designed according to the requirements of the hospitals. These rules will provide the subject
which can access the object. Subject indicates the user of the computer. It may be a health
administrator, doctor or hackers. The object indicates the data present in the PC. It consists of
data and programs. Then access indicates providing rights to read, write and execution of
objects to the users in the system of the hospital. The records are fully maintained regarding the
health report of the patients in the hospital (De Borchgrave, 2001).
The security policies are created based on the Access Control List. Each record is
marked with ACL. It consists of the name of the person or group of persons and the medical
46

data related to it. The access control list persons only able to access the medical records in the
hospital. Other than except the persons on the list cannot be able to access the records. This
feature is possible through the use of ACL.
Another policy used for the security purpose is the record opening process. This
indicates the clinician open a record of their patient in the ACL list. Then, the clinician wants to
see their patient about their records also, they can intimate through the ACL list. Then, the
patients easily see their health status in the medical record. In hospitals, three types of records
are maintained. They are the general record, high sensitive record and heart disease record. The
general record is accessible to all the clinicians in the hospital. The high sensitive record is
accessed only to General Practitioner (GP). Heart disease record can be accessed by all the
casualty staffs. The summary of this record is carried out in an emergency medical record of the
system (or) PC in the hospital. This is indicated as record opening (Graham, Howard and Olson,
2011).
The third principle in the security policy is Control. The control should be provided in
the ACL list. This control should be given to one clinician in the hospital. That person needs to
maintain the full ACL list and report to the higher authorities if any issues occurred. If some of
the patients are doing something illegal and performing some unrelated actions means, then the
control person should control the access of that particular patient in the ACL list. Then, the
professionals who are in the healthcare Centre newly wants to add in the ACL list means the
controller needs to add them in the list (Greene, 2014).
The fourth principle in creating the security policy is the consent and the notification.
The clinician should have a responsibility in the access of the patients in the ACL list. He needs
to provide notification about the patient to the hospital if the patient accesses their accounts in
the ACL list. Then, the responsible clinician provides consent to their patients on the list. The
clinician need not provide the concerns to the hospital in case of emergency and any statutory
situations of their patients. This work is difficult for the clinicians if the patient is not regularly
47

accessing and providing the ACL list. It happens only when the patient went abroad and some
other hospital for treatment (Hsu and Marinucci, 2013).
The fifth principle of the security policy in the hospital is persistence. The term
persistence means there should be no obstacles, it needs to be a flow of action. It indicates that
no one can delete the information regarding health records. The records have a certain time limit
to exist in the system (Johnson, 2013). Until that, the record should be visible to the patients.
This is referred to as persistence in the security terms and policies. In case, the patient cannot
access his medical record in the ACL list for the time when compared to the before accessing
timings means, then the clinicians should not delete the information of records in the ACL list.
Instead of that, they need to wait for some due date which is already provided by the hospital.
Until that, the patient has not accessed their record means, then the clinician will inform to the
higher officials regarding that. Then, they will take some decisions to delete that particular
patient record (Knudsen, 2013).
The sixth principle is the attribution in the policy of security in the network and website
of the hospital. Each and every access in the clinical records need to be marked on the record.
This marked record should consist of the following data (LeVeque, 2006). They are the name of
the subject and accessing date and time. Then, the audit process needs to be done for all
deletions in the records. This audition process needs to be conducted to overcome the mistakes.
The mistakes include, unknowingly the clinician may delete the active patient record instead of
non-active patient medical record. This leads to severe problems. Therefore the audit process
needs to be carried out in the hospital regarding the deletions. These all are included in the
attribution (Meghanathan, Nagamalai and Chaki, 2012).
The seventh principle is the flow of information. The information derived from the
record A should reflect in the record B. This is possible if the record B’s ACL is contained in
the record A. For example, in Netherland hospitals, if any patient is found to be affected by the
cancer means, then the patient’s records are deleted from the hospital systems. Then, in other
cases like, if the patient is suffered from aids means, then their record is also hidden to a
48

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

particular extent. Because, if the patient is too weak. And he knows about his disease means,
then he gets feared. Because of this fear itself many patients may have a chance to die soon.
Therefore, most of the hospitals hide such patient’s most affected diseases from the hospital
website (O'Hanley and Tiller, 2014).
The eighth policy is the aggregation control. This principle indicates that measures need
to be provided to prevent or protect the group of Personal Health Information (PHI). Then, the
patient needs to be intimated by the hospital authorities, if an unknown person accesses their PHI
information. The unknown person of the patient is known by checking the names already given
by the patient while creating a record in the hospital. If the clinician finds any unknown access in
the ACL list means, then he should provide notification to the patient for the security purpose
(Vacca, n.d.).
The last and ninth principle in the security policy in the hospital is the trusted base of
computing. This principle depicts that the system which maintains the PHI of the patient should
have a subsystem. This subsystem needs to maintain all the above mentioned eight security
policies. Then, these policies need to be worked in an efficient manner to protect the patient data
in the hospital website (or) network. At last, the effectiveness of each policy is found by
evaluating its process. This evaluation is done by the specialists in the security evaluation field
in the network of the hospital. It needs to be done regularly to avoid the cyber related attacks in
the hospital website on the internet. At last, these all are done by the workers who maintained the
system of medical records. Therefore, proper maintenance needs to be followed by the clinicians
and workers to overcome the unwanted effects in the system (or) PC in the hospital (Whitman
and Mattford, n.d.).
6.2 Information security and privacy in healthcare
The program of information security is a framework. It ensures measures which are
implemented to protect the security and privacy of the patient’s healthcare information. And it
also educates the organization staffs about laws and regulations which are governing the privacy,
49

security and information management. The information security program has the following
advantages. They enhanced the information security goal understanding, management support,
and enhanced organization. By establishing information security goals and responsibilities,
information security policy, periodic information security program assessments and safeguards
selection and implementation, information security programs are accomplished in a correct
manner (Ahmed, Acharjya and Sanyal, 2017).
The first step in information security is establishing a policy. The policy is a document.
The policy defines the rules, responsibilities and expected behaviors. These must be followed by
the organization to safeguard the information (Barnett et al., 2013). After writing the policy, the
procedures, guidelines and supporting standards need to be developed. It will help the policy at a
detailed level. Based on the size and complexity of the organization, the depth of the guidelines
and standards will increase (Carpenter, 2010). In policy development, there are many stages.
They are obtaining executive support, drafting, and engagement, review, approval,
implementation and maintenance, and review. The second step in information security is
establishing roles and responsibilities. By assigning roles and responsibilities for security, the
information management structure is placed. Every organization has its own unique
requirements. A small organization may combine it all responsibilities into a single role while
medium and large industries separate its responsibilities into multiple roles (Home Security
System Design and Implementation, 2016). The third step in information security is program
assessment. All healthcare organization needs to be reviewed their information security program
at the regular time period and make some changes in the information security program when
needed (Jung, 2017). The fourth step in information security is a confidentiality agreement. It is a
contract. It requires an employee not to reveal the confidential data which they acquire while
working as an employee in a healthcare organization. And the final step in information security
is third-party agreements. It is also a type of confidentiality agreement. It is used when disclosure
the confidential information to a third party (Mansfield-Devine, 2017).
In information security, risk management also plays a major role. It is used for ensuring
the identification, analysis, and understanding of the security risks. The risk management is
50

enhancing support for privacy legislation, reducing risks which affect the confidential
information and minimizing liabilities (Meena and Kanti, 2014). The risk is defined as the
combination of the event’s probability and the consequences of that event. The risk assessment is
defined as the overall process of risk analysis and evaluation. The risk management is
coordinated activities which direct and control the organization during the risk. Because of the
vulnerabilities present in the healthcare organization devices such as old anti-virus, unpatched
systems etc. lead a path to threats to affect the devices. So, assets in the organization are not safe
anymore and the security risks are increased gradually. The security control gives protection to
the system from the threats. According to the newly generated security risks, the security
requirements must be modified. It will further affect the security control (Muftic, 1992).
The security for data and the privacy of the data in the website of the hospital is one of
the important issues in the software services provided by the hospitals to their patients. Because
the information needs to be secured while communication takes place between several persons.
It includes communication between the providers, workers, patients, and payers in the hospitals.
The state of the security and privacy for the information are described below. Then, the new
way to improve these security process is also explained briefly in the below content. This leads
to giving proper security and privacy to the information in the hospital network (O'Kane, Sezer
and Carlin, 2018).
Here privacy of information indicates that the communication between the doctor and the
patient needs to be private. No one will see the communication and cannot try to access the
information. If the patient is affected by some severe disease means, he wants to hide it from the
close family members. For this, privacy should be maintained between the doctor and the
patient. If privacy does not there mean, then that disease is known to all other persons in the
family. It leads to some unwanted situations to the patient. Therefore privacy needs to be
maintained when the online service is offered by the hospital management (Rizov, 2018).
The personal health information records should be known only to the patient and the
primary provider. The primary provider includes physicians, clinics, home healthcare, nurses
51

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

who are working in homes, hospitals, etc. Then, primary providers should have contact with the
payers and the business associates. The payers include health plans, Medicare, private insurance
and Medicaid. Then the primary provider also has two-way communication with the business
associates or subcontractors in the hospital. The above-mentioned payers are responsible for
paying the amount to the employers in the primary provider. For example, any patient is
suddenly met with an accident, then they need the help to do some operations and for medicines.
At this time, the payers help the patient through the pharmacists in the hospital. It indicates that
the amount needs for the medicine to do the operation is taken care by the buyers. It is possible
only when the patient has some plans, and insurance. Then, the secondary provider in the health
care system is the physicians, clinics and the labs. They provide regional health information
with the primary providers in the healthcare system. Then the above mentioned primary
provider, secondary provider, payer, business associates are providing the services to the social
uses of the health data. This is classified into two. They are public policy and the decisions
which are effective in the credential and the evaluations. The public policy indicates the disaster
response, controlling of disease, fraud control, medical and social research, national health
information network. The credential and evaluative decisions include the insurance, licensing,
employment, education, etc. In this way, the information is flowing in the health care Centre.
Like these, the services are provided to the patients in the hospital (The WannaCry ransomware
attack, 2017).
The threats to the privacy of information in the security is divided into two types. They
are organizational threats and systematic threats. Organizational threats indicate that it arises
from accessing the patient data in an inappropriate manner. It is done by internal as well as
external agents in the hospital. This unwanted access is done by the internal agents by abusing
the privileges in the hospital (Xue and Sun, 2014). Then the external agents will exploit the
vulnerability in the system of information. The organizational threats include the data breach by
inside and outside the hospital, accidental disclosure, and may be due to the curiosity of the
insider in the hospital. The second threat in the privacy of information is the systemic threats.
This threat is done by the agent who works in the system related work. This threat occurs when
the flow of communication is known to an unauthorized person in the network. These need to be
52

prevented by the network administrator in the hospital. The systemic threats include the
unauthorized access and attacks in the network of the hospital.
The research domain in the hospital information security is described as follows.
Information security includes privacy/confidentiality, integrity, accountability, and availability.
This information security is related to four departments in hospital management. They are
patient, inter-organizational productivity and quality, intra organizational productivity and
quality, and public policy. The patient includes the three areas. They are the management of
personal health record, clinical trial participation, personal disposition for the disclosure of
medical data. Inter organizational productivity and quality includes the following works. They
are subcontracting of health services, integrated health care systems, payment, and billing
efficacy. Intra organizational productivity and quality includes IT impacts on the medical errors,
deployment of RFID in the administration of the hospital, telemedicine / e-Health, and
management of operations. Public policy includes the research in the medical field, controlling
of disease, program conducted for social welfare. The above mentioned areas need information
security to properly communicate and implement their work in the hospital.
6.3 Security and privacy of information in mobile health-care communication system
In this modern world, the sensitivity and accessibility of healthcare information through
mobile technology systems and internet causes major concern. While transmitting the patient’s
information, the following key factors need to be considered. They are confidentiality, integrity,
and privacy. Drug administration, treatment, medical consultant, lab result provisions are
enabled in mobile communication even the patient is outside. With the use of internet and
intranet, the digital patient records are shared among the healthcare providers. But the major
issue in sharing those details through the internet and intranet is security. While sharing the
patients’ information, the privacy, confidentiality, and integrity of the information should not be
compromised. So, it must be necessary to ensure the security and privacy of the patients’
information in order to ensure the information’s integrity and confidentiality. The patient
information unavailability, incorrect diagnosis recording, access delays, insufficient personnel,
53

and space limitations are the problem faced by the healthcare organization. Most of the
healthcare organization uses the internet as a tool for healthcare providers and they established
their own websites. These websites are allowing the patients to access their information and it
gives global access to the healthcare information. Only the authorized persons are able to access
this information. The paper-based records are converted into electronic records. This is enabled
by the internet. The internet is also facilitating the sensor network which is used to monitor the
patients’ health condition remotely. It is very useful for healthcare practitioners to access the
patients’ medical information.
Dynamism in health-care delivery systems
To reduce the overall cost of healthcare delivery without reducing the healthcare service
quality, the information technology opportunities are explored. This is known as dynamism. In
this, the healthcare is distributed, decentralized. Then, among the healthcare providers, the
responsibilities are shared. Using the mobile devices, remote patient monitoring system and local
server, the practitioners can able to monitor the health of a patient who is in a remote area. From
the sensor, the periodic report of the patients’ health information is sent to the system server. It is
done by wireless communication (such as Bluetooth). The system server is connected to the
central monitoring station. From this central monitoring station, the final response is sent to the
local server. The internet connects the two ends and acts as a link between the local server
(which is at the patients’ house) and the central monitoring station.
The proposed dynamism in health-care delivery system architecture includes patient at
the center point, laboratory information system, pharmacy, patient registration, Orthopedics,
Insurance and contracts management, Appointment scheduling, surgery, and radiology
information system. In a healthcare delivery information system, the interaction between
different departments and patient is inevitable and the system is an interwoven relationship.
Some of the advantages of the healthcare delivery information system are listed below.
 Enhancing the quality of care
54

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

 Cost controlled
 Time spent is reduced
 Professionalism is improved and increased
Patient Records
The patient record is defined as any relevant record which is made by the health-care
practitioner at the time of health management. The patient record consists of the health of the
patient which is recorded by the healthcare practitioners or professionals either at their direction
or personally. The patient record is also consisting of treatments and their prescribed medicines
etc. The patient record is recorded in a paper form or in a digital form. The paper-based patients’
record needs more space to store them than the digital-based patients’ record. The paper-based
patients’ records are converted into digital format. So, the patient’s record is available in
electronic form. After that, it can be transmitted through the internet to the healthcare
practitioners who have a right to access the database. Even the nurses, physicians, patients, and
insurance companies can able to access the records which are stored in the database through the
internet. The disadvantage of the Electronic Patient Record (EPR) is internet connectivity. This
makes the EPR vulnerable. It leads to hacking, eavesdropping, skimming and unauthorized
access to the database in which the patient information is stored. And also there is a great
challenge to the security and integrity of the EPR.
eHealth to mHealth Transformation
The electronic health is simply called as eHealth. The eHealth is defined as the
intersection of business, public health, and medical information. It refers to the delivered or
improved information and health services through the internet. The patients and stakeholders are
involved in this. It delivers health services at good quality and low cost. By using information
and communication technologies, the eHealth improves the healthcare locally, regionally, and
also globally. The eHealth included business transactions, digital data transmission of medical
55

images, laboratory report, insurance claims, purchase orders, medical diagnoses, and medical
signals’ digital data transmission.
The mHealth is known as mobile health. It is a new term. It forms a human-centered
healthcare delivery. New technologies, systems and standards, application integration,
communication-enhanced disease management programs, collaboration, and care coordination
systems, policies, and devices are involved in mHealth. Mobile technology. It enables isolated
and remote communities to communicate with each other. The mHealth is used for clinician and
staff education, wireless connectivity strategy, existing medical application inventory, literacy of
patient, and management of text messages and emails. The mHealth brings a revolutionary
change in healthcare delivery systems. It requires mobile devices and mobile technologies. This
mHealth technology can able to reach people anywhere at any time with the help of mobile
broadband and 3G networks.
Security and Privacy concerns
In healthcare delivery systems, the privacy, and security of the patient’s information need
to be maintained. First, the patients’ information is captured. Then, in the database, this
information is stored and maintained. After that, the confidentiality and integrity of this
information are guaranteed. It is a great challenge to secure information in a distributed
environment over the mobile network. There are three basic elements in data security. They are
availability, integrity, and confidentiality. All the confidential data in the healthcare organization
must be processed to establish a confidence level in the data. The integrity of data means
ensuring that the information which is recorded, is correct and is not corrupted in any way. If the
patient’s record is corrupted then it will cause a serious problem. And it can lead to the patient’s
death also. The availability means the mobile devices and computer systems should be available
to patients whenever the need arises. Because it improves the information sharing by health-care
practitioners. The patients have a right to the confidentiality and privacy of their information
about their medical treatment and their health condition. The legal and ethical guidelines state
that the staff who works in a healthcare organization must keep all the information about patient
56

confidential unless the patients' consent is sought. The encryption, digital watermarking, and
steganography are the data security methods to protect the information in the healthcare
databases.
Encryption
It is one of the data security methods used in healthcare. It prevents the data from the
third party. The patients’ information is encrypted. Without the proper key, this information
cannot be decrypted. This key is used to transform the encrypted data to its original form. There
are two types of encryption. They are symmetric and asymmetric. The symmetric encryption
system provides a two-way channel. Here, only one secret key is shared for all the users. But in
the asymmetric encryption system, two keys are used. They are private key and public key. It is
unique to all users. These keys are used to encrypt the information while sending it from one end
to another end and decrypt the received information. By using this encryption, the patients’
information is protected.
Digital Watermarking
This is used to protect the patients’ information when access controls are compromised.
The digital watermarking is used for copyright protection. It is an art of embedding data into the
multimedia object. These watermarks are often inserted into images. Later, without repairing the
object, these watermarks can be extracted or detected. These are inserted into the images when
this image is compared with the original document.
Steganography
It is an ancient science and art. It is used to hide the information. It is done by embedding
information within other information. The cryptography and steganography are not same. In
steganography the communication medium is a cover object. Here the embedded message is
called as ‘stego’ object. The cover object and stego object together forms a stegosystem. To keep
57

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

the operation safe and secure, the stego key is used. In the stegosystem, the stego object cannot
be extracted from the cover object without the stego key.
Database security
Security within the server is referred to database security. The benefit of the database
security is its ability to perform data mining. Data mining is a technique. It allows information
sharing. The information sharing has security implications and for the database restricting the
access is necessary. By using multilevel security implications, the restricting access is achieved.
By implementing the followings, the unauthorized data mining prevention is achieved. They are
auditing database, limiting access to the database and augmenting the data.
6.4 Effects of Security Policies, Security Awareness in healthcare system
Because of the development in computer technology, the information system in the
hospital is changing accordingly. The information system in hospitals has patients’ information
and other information. The patient’s information included family history, genetic information,
diagnosis and treatment of disease. If this detail leak out, then it will cause damage. Generally, in
the information system, the patients’ information is stored in digital form. Because of the
cybercrimes, these data must be protected. The information protection is protecting the
information system from altering, deleting and accessing by mistake or intentionally. In
healthcare organizations, the patients’ details are generated while treating a disease and
diagnosing. These details are very sensitive and these must be protected. It is a basic right of the
patient to know whether their health information is protected or not. The security policy is the
most important security requirement to protect all the information efficiently. The hypothesis H1
is the security policies which are stronger and it gives a positive influence on security awareness.
The hypothesis H2 is the security policies which is a stronger policy. It provides a positive
influence on individual characteristics. The hypothesis H5 is the security policies which give a
positive effect on security effectiveness. The doctors and staffs who work at healthcare
organization should have the awareness about the security of the patients’ information and they
58

have to know how sensitive and valuable those data’s are. The hypothesis H5 is a higher security
awareness. It has a more positive effect on security effectiveness. The individual characteristics
also have an effect on information security. The hypothesis H4 has a positive effect on security
effectiveness. The security risks in the healthcare organization are identified. The degree of risk
is determined. After that, the security effectiveness is realized. It is realized by examining places
where the security controls and measures are required. The security effectiveness is maximized
by security measures and security education programs. The above-discussed security policies,
security awareness, and individual characteristics are the major factors that influence security
effectiveness.
6.5 Developing healthcare network security policy
Generally, the analysis of information security seems to be a complex process. So the
network security policies need to be developed. Initially, the network security controls should get
identified. The network devices need to be analyzed which are all connected to the internet. Also
in the healthcare industries, the electronic healthcare application needs to be developed. Then
only the staff and patients can able to identify the network usage and users. The network
monitoring and configuration need to be established for the security policies. It is used to make
the potential security against the vulnerabilities. The healthcare industries should have a plan to
mitigate the risks. And the network security policy should be created by using these network
security controls. The security controls are described below. First one is the whitelist which
needs to be created. It is used to allow the network. Then the vulnerabilities need to be analyzed.
And the network needs to be scanned daily. This activity is used to find the new updated devices
and software in the system. The auditing records should be consolidated. It would be stored in a
central reporting tool. The access control should be enhanced by establishing the method such as
password sharing and auditing the user accounts. The auditing records are used to get the details
of employees and their behavior. The vulnerabilities listing services need to be monitored. The
incident response team should be developed for the healthcare industries. And all the processes
need to be kept up-to-date. Then the software developers should be trained to make the best
security practices. Also, this training must be used to prevent the security loopholes in the code.
59

These network security policies are used to handle network devices. Also, the patients and staffs
in the healthcare industries should access the network with more number of computers. Because
internet access is the essential one for the patients and the guests. The hospital industries had
open access and device control. But these activities seem to be complex for handling. So the IT
developers are needed to manage the system. So the defined whitelist strategy is very useful for
the network and data security. It makes the alarm when unlisted devices entered into the
network.
7. Project planning
In this section, the detailed project planning is developed in an effective manner. Here, the
effective project planning and scheduling tool - Gantt chart is used. This project contains six
major stages. All the six stages having some subtasks in it. This project is estimated to complete
within two months. And the developed schedule for this project is described below.
 In first stage (Concept and Initiation), the current system is analyzed properly and flaws
in the current systems are identified.
 Then the problem identification and development of the data security policy for the
hospital takes place in the second stage (Definition and Planning).
60

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

 After the planning, the implementation of the developed model using the Java platform is
carried out.
 Then the developed system is tested to ensure the performance of the system. It is carried
out in the fourth stage (Performance measuring).
 And finally the corrective actions according to the test results are carried out to fix the
issues in the developed cyber security model in the fifth stage (Corrective action).
61

8. Implementation
62

The above figure shows two models. They are security model for inside the hospital. It is
designed for securely sending medical report and testing report. The model collected together on
the hospital and sharing the document of the locations. The security model consists five locations
such as inside, foyer, reception, entrance, and the chamber. The report sharing model has to send
the report securely, no one cannot be accessed
Escort model
The Escort model looks like the actions of doctors, staffs, patients and visitors who are all
enter into the hospital. In escort model, doctor and staffs are must to swipe their tags to enter into
the hospital. If doctor and staff forgot to bring tags, they must taking a decision. The decision has
two choices. One is challenge the escort behind the doctor or staff. The second one is waiting in
a queue at reception to collect the badge tags for the short term period. The escort model is in the
first of the above figure. The model contains various locations. They are inside, foyer, reception,
way to entrance and chamber. The doctors, staffs, patients, and visitors are enters into the foyer
in the hospital. Foyer is used for security purposes. The foyer contains security guard and access
control. It allows the corresponding persons into the hospital. It will be checked and then
allowed to the hospital. The doctors and staffs only takes the decision. After taking the decision,
the doctors and staffs are stand in queue for getting the badge tags. These badge tags are
collected by them at reception. Escorts are mostly don’t have any badge tags. Here, Escort
means that person who are following over the door without knowledge of the person who has
unlocked the door. If anybody in the entrance of the hospital, they can easily noticed an escort.
They also have another choice for taking decision to allow the escort into the hospital. The
decisions are intrude and block the escort or else neglect them. If the escort is not caught, then
he/she can continue into the chamber.
Report sharing model
The second model is patient report sharing model. This model shows how to send a
patient report securely inside the hospital. Staffs needs to send a patient report to specialized
63

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

doctors. These reports are shared with the help of server. These patient report are shared between
on-the-spot doctors and staffs constraints access only to those with right authentication. This
model depicts normal operation occurs inside the hospital. Then, staffs must share the reports
using a various process. This model has only two locations. They are chamber and Lab. The
doctor and staff are going from the chamber to the lab. Staffs start the work in the lab. If they
faced any problems in sending the patient reports to the doctors, then they need to take the
decisions to send those reports in secured manner. The patient report can be secured with the
help of encryption method. Before using encryption method, we generate a key for preventing
the unauthorized access. The encryption method is used to securely send and receive a data,
communication between sender and receiver, and files sharing. It can be protected your data,
report and keys. Staff can be send the encrypted patient report to the specialized doctor through
using some methods. They are three methods to sharing a patient report securely. The first way,
the report can be upload into server, to accessible by specialized doctors and staffs. Second way
the report can be send to the system. The last way, the report can be stored to compact disk and it
can be given to doctors and nurse or kept in lab. If doctors, staff open the encrypted patient
reports, it can’t be accessed because of it is secured report. The encrypted patient report can be
decrypted by doctor or staff. Then only the patient report can be viewed. The attacker can be
tried to accessing the report in lab location. They are not accessed, because the report was
secured.
Cyber security
The cyber security is the production of internet-connected systems from cyber-attacks.
The security is used to prevent the data from the unauthorized access.
64

The above picture shows the import header file for security purpose. This project includes
much security such as generate a key, encrypt and decrypt the patient report. The AES algorithm
is used for Encryption to prevent the unauthorized user.
There are three main parts include in this project. They are patient report, shortest
path, and Histogram.
65

In the above coding, switch case is used to call one java class to another java class. For
example, enter your choice and enter the number 1. Then, the page is automatically called the
Security class using Security.main (args) function.
Generate Key
The AES key is generated for encrypting the data. The AES key is randomly generated
using the RNG (Random Number Generator).
66

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

The AES algorithm used for the generating the key. The key is referred to the private key.
It is known only to the sender. The “toHexString” refers to the key which is displayed in the
hexadecimal with string. The “toUpperCase” is used to the key which is displayed in the
uppercase. The following picture is the output for the generation of key.
67

The Patient report has three important tasks. They are Generation of key, Encryption,
and Decryption. Here, enter your choice type as 1. Then, the key is generated for preventing the
report from an unauthorized user.
68

Encryption
Encryption is used for encoding the information. It is only accessed by the authorized
user.
The encryption process has the key and the original dataset. We took the Post-Operative
Patient Dataset from the UCI repository (https://archive.ics.uci.edu/ml/datasets/Post-
Operative+Patient).
69

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

The second choice is the patient report encryption process. The encrypting process needs
the key. So before encryption, it needs to enter the generated key and also modified the key in
the Key.txt. Then, the encrypted message of the patient report is displayed on the screen.
Decryption
Decryption is the process of converting the encrypted information to the original
information (or) message.
70

The decryption process needs key and encrypted file. The key value is taken from the key.txt
file. The encrypted file is patient_report.encrypted.
Then, the successful message displayed after the decryption process. The decrypted file is
decrypted-patient.csv.
First, run the Hospital_index.java. The key.txt file has the key for security. The
patient.csv is the original dataset. The patient_report.encrypted is the encrypted file. The
decrypted-patient.csv is the decrypted file which looks like the original report.
71

Shortest path
The Dijkstra algorithm is used to find the Shortest Path among the nodes in the graph.
The matrix has the five rows and five columns is shown in the above screenshot.
The following diagram represents the graph for patient report file sharing. It contains the
nodes, edges and cost.
72

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

The 0 is represent the source such as server, system and CD in the hospital. The other
nodes (1 to 5) are destination such as specialized doctors and lab in the hospital. The cost is
represent the how much time taken for sending the patient report to the doctors and lab in the
hospital.
The program output shows the source, destination, cost, and path. The vertex is used in
making the graph for finding the shortest path. The vertex is a unit of a graph. The shortest distance
between each pair of vertices is given in the graph for sharing the patient report. The output of the
shortest path algorithm is displayed the source as 0 denoted server, system and CD in the
hospital. Then, the destination as 1, 2, 3, and 4 denoted specialized doctors and lab. Here, the
cost indicates the weight between the vertices. For example 0 -> 1 meaning is the source is 0 and
the destination is 1. Here, assume the cost is 5. Now the path is named as 01. The above
explained output is shown in the above screenshot.
73

Histogram
The JFreechart is used to draw the histogram. The histogram is the distribution of
numerical data representation. It title is Histogram, X axis is Year and Y axis is Health Problems
of patient.
74

The histogram shows five years (2010 to 2018) for rating the patient health problems in
the hospital. There are three health problems are define in this diagram such as Asthma, Heart
disease and Headaches. The Asthma refers the red color. The Heart disease refers the blue color.
The green color represent the Headaches.
75

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

9. References
Caulfield, T. and Pym, D. (2015). Improving Security Policy Decisions with Models. IEEE
Security & Privacy, 13(5), pp.34-41.
Cyber-security. (2014). Network Security, 2014(1), p.4.
Rizov, V. (2018). Information Sharing for Cyber Threats. Information & Security: An
International Journal, 39(1), pp.43-50.
Vidalis, S., Jones, A. and Blyth, A. (2004). Assessing cyber-threats in the information
environment. Network Security, 2004(11), pp.10-16.
Cyber Security for Remote Patient Monitoring System. (2016). International Journal of Science
and Research (IJSR), 5(5), pp.190-197.
Devesh Kumar Mishra (2017). Cyber Security Guidelines for Healthcare Providers Threats and
Defense from Ransomware. International Journal of Engineering Research and, V6(12).
Fellows, S. (2012). ‘Immune system’ cyber-security for SCADA systems. Engineering &
Technology Reference, 1(1).
Langer, S. (2016). Cyber-Security Issues in Healthcare Information Technology. Journal of
Digital Imaging, 30(1), pp.117-125.
Lehto, M. (2013). The Cyberspace Threats and Cyber Security Objectives in the Cyber Security
Strategies. International Journal of Cyber Warfare and Terrorism, 3(3), pp.1-18.
Mohan, P. and Singh, M. (2016). Security Policies for Intelligent Health Care
Environment. Procedia Computer Science, 92, pp.161-167.
Seifert, D. and Reza, H. (2016). A Security Analysis of Cyber-Physical Systems Architecture for
Healthc. Computers, 5(4), p.27.
Shin, H. and Eom, J. (2017). Establishment of Cyber Security Strategy according to the change of
cyberspace environment. Journal of Security Engineering, 14(4), pp.251-262.
Singh, A. and Jain, A. (2018). Study of Cyber Attacks on Cyber-Physical System. SSRN
Electronic Journal.
76

Wen, H. and Tarn, J. (2001). Privacy and Security in E-Healthcare Information
Management. Information Systems Security, 10(4), pp.1-16.
Zeng, Q., Pu, S. and Zhang, X. (2018). Statistical Tests for Integrity Attacks on Cyber-Physical
Systems. Asian Journal of Control.
Ransomware expands, attacks hospitals and local authorities, and moves to new platforms.
(2016). Network Security, 2016(3), pp.1-2.
Stahl, B., Doherty, N. and Shaw, M. (2011). Information security policies in the UK healthcare
sector: a critical evaluation. Information Systems Journal, 22(1), pp.77-94.
Thielst, C. (2007). Regional Health Information Networks and the Emerging Organizational
Structures. Journal of Healthcare Management, 52(3), pp.146-150.
Stankovic, J. (2016). Research Directions for Cyber Physical Systems in Wireless and Mobile
Healthcare. ACM Transactions on Cyber-Physical Systems, 1(1), pp.1-12.
Ansari, M. (2016). INFORMATION SYSTEM SECURITY (CYBER SECURITY). Jurnal
Informatika, 2(1).
Horowitz, B. and Lucero, D. (2016). SYSTEM-AWARE CYBER SECURITY: A SYSTEMS
ENGINEERING APPROACH FOR ENHANCING CYBER SECURITY. INSIGHT, 19(2),
pp.39-42.
Ilvonen, I. and Virtanen, P. (2013). Preparing for Cyber Threats with Information Security
Policies. International Journal of Cyber Warfare and Terrorism, 3(4), pp.22-31.
Kant, V. (2016). Cyber-physical systems as sociotechnical systems: a view towards human–
technology interaction. Cyber-Physical Systems, 2(1-4), pp.75-109.
Kim, S. and Jeoung, K. (2015). Effects of Security Policies, Security Awareness of Hospital
Employee to Patients' Personal Information Protection. Indian Journal of Science and
Technology, 8(21).
Klaic, A. (2016). A Method for the Development of Cyber Security Strategies. Information &
Security: An International Journal, 34, pp.37-55.
Li, T., Cao, J., Liang, J. and Zheng, J. (2014). Towards context-aware medical cyber-physical
systems: design methodology and a case study. Cyber-Physical Systems, 1(1), pp.5-23.
77

Mohan, P. and Singh, M. (2016). Security Policies for Intelligent Health Care
Environment. Procedia Computer Science, 92, pp.161-167.
Rademaker, M. (2016). Assessing Cyber Security 2015. Information & Security: An International
Journal, 34, pp.93-104.
Singh, A. and Jain, A. (2018). Study of Cyber Attacks on Cyber-Physical System. SSRN
Electronic Journal.
Sterlicchi, J. (2001). Invicta Unveils Cyber-security System. Computer Fraud & Security,
2001(7), pp.5-6.
Stojmenovic, I. and Zhang, F. (2014). Inaugural issue of ‘cyber-physical systems’. Cyber-
Physical Systems, 1(1), pp.1-4.
Tsoumas, B. and Gritzalis, D. (2012). Inside Cyber Warfare: Mapping the Cyber
Underworld. Computers & Security, 31(6), p.801.
Venkatachary, S., Prasad, J. and Samikannu, R. (2018). Cybersecurity and cyber terrorism - in
energy sector – a review. Journal of Cyber Security Technology, pp.1-20.
Yucelen, T., Haddad, W. and Feron, E. (2016). Adaptive control architectures for mitigating
sensor attacks in cyber-physical systems. Cyber-Physical Systems, 2(1-4), pp.24-52.
Bhuiyan, M., Kuo, S., Lyons, D. and Shao, Z. (2018). Dependability in Cyber-Physical Systems
and Applications. ACM Transactions on Cyber-Physical Systems, 3(1), pp.1-4.
Guest Editorial: Reliability and Quality Control for Cyber-Physical Systems. (2018). IET Cyber-
Physical Systems: Theory & Applications, 3(2), pp.63-64.
Haque, S. and Aziz, S. (2013). False Alarm Detection in Cyber-physical Systems for Healthcare
Applications. AASRI Procedia, 5, pp.54-61.
Haque, S., Aziz, S. and Rahman, M. (2014). Review of Cyber-Physical System in
Healthcare. International Journal of Distributed Sensor Networks, 10(4), p.217415.
Huang, C., Sun, J., Wang, X. and Si, Y. (2009). Security Policy Management for Systems
Employing Role Based Access Control Model. Information Technology Journal, 8(5), pp.726-
734.
Jadlovská, A., Jadlovská, S. and Vošček, D. (2016). Cyber-Physical System Implementation into
the Distributed Control System. IFAC-PapersOnLine, 49(25), pp.31-36.
78

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Joerger, G., Rambourg, J., Gaspard-Boulinc, H., Conversy, S., Bass, B., Dunkin, B. and Garbey,
M. (2018). A Cyber-Physical System to Improve the Management of a Large Suite of Operating
Rooms. ACM Transactions on Cyber-Physical Systems, 2(4), pp.1-24.
Kadam, A. (2007). Information Security Policy Development and Implementation. Information
Systems Security, 16(5), pp.246-256.
M., R., K., P. and R., S. (2018). A Systematic Study on Cyber Physical System. Bonfring
International Journal of Research in Communication Engineering, 8(1), pp.01-04.
Martini, D., Benetti, G., Vedova, M. and Facchinetti, T. (2017). Adaptive Real-Time Scheduling
of Cyber-Physical Energy Systems. ACM Transactions on Cyber-Physical Systems, 1(4), pp.1-25.
Olaronke, I. and Rhoda, I. (2013). A Security based Framework for Interoperability of Healthcare
Systems. International Journal of Applied Information Systems, 6(2), pp.23-31.
Seifert, D. and Reza, H. (2016). A Security Analysis of Cyber-Physical Systems Architecture for
Healthcare. Computers, 5(4), p.27.
Wen, H. and Tarn, J. (2001). Privacy and Security in E-Healthcare Information
Management. Information Systems Security, 10(4), pp.1-16.
WEN, J., WU, M. and SU, J. (2012). Cyber-physical System. Acta Automatica Sinica, 38(4),
pp.507-517.
Zarei, J. and Sadoughi, F. (2016). Information security risk management for computerized health
information systems in hospitals: a case study of Iran. Risk Management and Healthcare Policy,
p.75.
Alcaraz, C., Huang, X. and Rome, E. (2018). Security and privacy in cloud-assisted cyber-
physical systems. Computer Networks, 138, pp.13-14.
Devesh Kumar Mishra (2017). Cyber Security Guidelines for Healthcare Providers Threats and
Defense from Ransomware. International Journal of Engineering Research and, V6(12).
Information Warfare: How to Survive Cyber Attacks. (2002). Kybernetes, 31(3/4).
Introduction to Cyber-Warfare. (2013). Network Security, 2013(10), p.4.
Julisch, K. (2013). Understanding and overcoming cyber security anti-patterns. Computer
Networks, 57(10), pp.2206-2211.
79

K, S. (2017). Examination of Cyber Crime in Special Reference of Non- Technical
Attacks. International Journal of Forensic Sciences, 2(1).
Kanjee, M. and Liu, H. (2014). Authentication and key relay in medical cyber-physical
systems. Security and Communication Networks, 9(9), pp.874-885.
Langer, S. (2016). Cyber-Security Issues in Healthcare Information Technology. Journal of
Digital Imaging, 30(1), pp.117-125.
Lutz, M. (2001). Fighting cyber attacks [Book Review]. Computer, 34(12), pp.153-153.
Seifert, D. and Reza, H. (2016). A Security Analysis of Cyber-Physical Systems Architecture for
Healthcare. Computers, 5(4), p.27.
Shin, S., Woon Lee, S. and Kim, H. (2016). Authentication Protocol for Healthcare Services over
Wireless Body Area Networks. International Journal of Computer and Communication
Engineering, 5(1), pp.50-60.
Special issue on cyber security, crime, and forensics of wireless networks and applications.
(2015). Security and Communication Networks, 8(17), pp.3300-3300.
Targeted Cyber-attacks. (2014). Network Security, 2014(6), p.4.
Wu, S., Wang, H., Wu, D., Chatzimisios, P. and Chen, Z. (2016). Security and networking for
cyber-physical systems. Security and Communication Networks, 9(9), pp.807-807.
Zhang, Y., Xiao, Y., Ghaboosi, K., Zhang, J. and Deng, H. (2011). A survey of cyber
crimes. Security and Communication Networks, 5(4), pp.422-437.
Baxter, L., Legaspi, M., Bailey, B. and Brown, C. (2002). Community Health Center-Led
Networks: Cooperating to Compete. Journal of Healthcare Management, 47(6), pp.376-388.
Call for Papers for Special Issue on Security in Computer and Cyber-Physical Systems and
Networks. (2009). Security and Communication Networks, 2(5), pp.455-456.
Ferguson, J. (2009). Preventing healthcare-associated infection: risks, healthcare systems and
behaviour. Internal Medicine Journal, 39(9), pp.574-581.
Gardam, M., Reason, P. and Rykert, L. (2010). Healthcare Culture and the Challenge of
Preventing Healthcare-Associated Infections. Healthcare Quarterly, 13(sp), pp.116-120.
JOURNAL OF HEALTHCARE MANAGEMENT. (2008). Journal of Healthcare Management,
53(1), pp.67-70.
80

Mazurczyk, W., Szczypiorski, K., Duric, Z. and Ye, D. (2016). Cyber Crime. Security and
Communication Networks, 9(15), pp.2861-2863.
Raiu, C. (2012). Cyber-threat evolution: the past year. Computer Fraud & Security, 2012(3),
pp.5-8.
Smith, T. (2013). Cyber liability in the healthcare sector. British Journal of Healthcare
Management, 19(6), pp.268-269.
Thielst, C. (2007). Regional Health Information Networks and the Emerging Organizational
Structures. Journal of Healthcare Management, 52(3), pp.146-150.
Trantham, N. and Garcia, A. (2015). Reputation Dynamics in Networks: Application to Cyber
Security of Wind Farms. Systems Engineering, 18(4), pp.339-348.
Wagner, T., Palomar, E., Mahbub, K. and Abdallah, A. (2018). A Novel Trust Taxonomy for
Shared Cyber Threat Intelligence. Security and Communication Networks, 2018, pp.1-11.
Wang, W. and Lu, Z. (2013). Cyber security in the Smart Grid: Survey and challenges. Computer
Networks, 57(5), pp.1344-1371.
Wu, S., Wang, H., Wu, D., Chatzimisios, P. and Chen, Z. (2016). Security and networking for
cyber-physical systems. Security and Communication Networks, 9(9), pp.807-807.
Zikhani, R. (2016). Seven-Step Pathway for Preventing Errors in Healthcare. Journal of
Healthcare Management, 61(4), pp.271-281.
Ardagna, C., De Capitani di Vimercati, S., Foresti, S., Grandison, T., Jajodia, S. and Samarati, P.
(2010). Access control for smarter healthcare using policy spaces. Computers & Security, 29(8),
pp.848-858.
Bellettini, C., Bertino, E. and Ferrari, E. (2001). Role Based Access Control Models. Information
Security Technical Report, 6(2), pp.21-29.
de Carvalho Junior, M. and Bandiera-Paiva, P. (2018). Health Information System Role-Based
Access Control Current Security Trends and Challenges. Journal of Healthcare Engineering,
2018, pp.1-8.
Greaves, B. and Coetzee, M. (2017). Access control for secure information sharing in smart
content spaces. Journal of Information Security and Applications, 34, pp.63-75.
81

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Honnegowda, L. (2013). Security Enhancement for Magnetic Data Transaction in Electronic
Payment and Healthcare Systems. International Journal of Engineering and Technology, pp.331-
335.
Karyda, M., Kiountouzis, E. and Kokolakis, S. (2005). Information systems security policies: a
contextual perspective. Computers & Security, 24(3), pp.246-260.
Lakaraju, S., Xu, D. and Wang, Y. (2016). Analysis of Healthcare Workflows in Accordance with
Access Control Policies. International Journal of Healthcare Information Systems and
Informatics, 11(1), pp.1-20.
Liu, C., Lin, F., Chen, C. and Chen, T. (2014). Design of secure access control scheme for
personal health record-based cloud healthcare service. Security and Communication Networks,
8(7), pp.1332-1346.
Malin, A. (2007). Designing Networks that Enforce Information Security Policies. Information
Systems Security, 16(1), pp.47-53.
Mejri, M. and Yahyaoui, H. (2017). Formal specification and integration of distributed security
policies. Computer Languages, Systems & Structures, 49, pp.1-35.
Narasimhan, V., Croll, P. and Caelli, W. (2009). A specification process for communicating
security policies towards developing trusted e-health information systems. International Journal
of Healthcare Technology and Management, 10(6), p.378.
Olaronke, I. and Rhoda, I. (2013). A Security based Framework for Interoperability of Healthcare
Systems. International Journal of Applied Information Systems, 6(2), pp.23-31.
Omran, E., Grandison, T., Nelson, D. and Bokma, A. (2013). A Comparative Analysis of Chain-
Based Access Control and Role-Based Access Control in the Healthcare Domain. International
Journal of Information Security and Privacy, 7(3), pp.36-52.
Rath, A. and Colin, J. (2013). Towards purpose enforcement model for privacy-aware usage
control policy in distributed healthcare. International Journal of Security and Networks, 8(2),
p.94.
Sadki, S. and El Bakkali, H. (2014). A Patient-Centric Approach for Intelligent Privacy Policies
Generation in Mobile Healthcare. International Journal of e-Healthcare Information Systems,
1(1), pp.2-9.
82

Singh, S. (2012). A Trust Based Approach For Secure Access Control In Information Centric
Network. International Journal of Information and Network Security (IJINS), 1(2).
Ward, P. and Smith, C. (2002). The Development of Access Control Policies for Information
Technology Systems. Computers & Security, 21(4), pp.356-371.
Wen, H. and Tarn, J. (2001). Privacy and Security in E-Healthcare Information
Management. Information Systems Security, 10(4), pp.1-16.
Aldrawiesh, K. (2013). Towards, Building and Implementing a Digital Healthcare
System. International Journal of Information and Education Technology, pp.16-20.
Cankaya, E. and Kywe, T. (2015). A Secure Healthcare System: From Design to
Implementation. Procedia Computer Science, 62, pp.203-212.
Chondamrongkul, N. and Chondamrongkul, P. (2017). Secure Mobile Cloud Architecture for
Healthcare Application. International Journal of Future Computer and Communication, 6(3),
pp.76-80.
Forte, D. (2000). Auditing and Security Policy: The Cornerstone of Company Information
Protection. Network Security, 2000(3), pp.12-13.
Haggerty, E. (2017). Healthcare and digital transformation. Network Security, 2017(8), pp.7-11.
Healthcare organisations struggle to maintain security. (2015). Network Security, 2015(10), pp.1-
2.
Healthcare under attack. (2018). Network Security, 2018(6), p.2.
Khalil, H. (2015). Implementing change in healthcare. International Journal of Evidence-Based
Healthcare, 13(2), pp.41-42.
Kim, S. and Jeoung, K. (2015). Effects of Security Policies, Security Awareness of Hospital
Employee to Patients' Personal Information Protection. Indian Journal of Science and
Technology, 8(21).
Mansfield-Devine, S. (2016). Your life in your hands: the security issues with healthcare
apps. Network Security, 2016(4), pp.14-18.
Mathur, D. (2017). A Survey of Awareness about Security in E-payment System. International
Journal Of Mechanical Engineering And Information Technology, 05(03).
83

Newbold, G. (2013). Secure mobility in healthcare networks for optimal patient care. Network
Security, 2013(4), pp.18-20.
NHS computer viruses impact on patient healthcare. (2009). Network Security, 2009(7), p.2.
Secure Healthcare for Patients Using Cloud Computing. (2016). International Journal of Science
and Research (IJSR), 5(4), pp.149-152.
Srinivas, J., Das, A., Kumar, N. and Rodrigues, J. (2018). Cloud Centric Authentication for
Wearable Healthcare Monitoring System. IEEE Transactions on Dependable and Secure
Computing, pp.1-1.
Stock, S. (2009). Examining Strategies for Implementing Best Practices in Home
Healthcare. Journal For Healthcare Quality, 31(2), pp.10-17.
Tzang, Y., Chang, H. and Tzang, C. (2014). Enhancing the performance and security against
media-access-control table overflow vulnerability attacks. Security and Communication Networks,
8(9), pp.1780-1793.
WANG, N. and WANG, J. (2018). The Security and Privacy Protection of Hospital Information
System. DEStech Transactions on Social Science, Education and Human Science, (icssd).
Adefala, L. (2018). Healthcare Experiences Twice the Number of Cyber Attacks As Other
Industries. [online] CSO Online. Available at:
https://www.csoonline.com/article/3260191/security/healthcare-experiences-twice-the-number-of-
cyber-attacks-as-other-industries.html [Accessed 22 Nov. 2018].
Anon, (2018). [online] Available at: https://cytellix.com/industries/cybersecurity-for-the-
healthcare-sector/ [Accessed 22 Nov. 2018].
Blogs.harvard.edu. (2018). [online] Available at:
http://blogs.harvard.edu/cybersecurity/files/2017/01/risks-and-threats-healthcare-strategic-
report.pdf [Accessed 22 Nov. 2018].
Department of Homeland Security. (2018). Cybersecurity. [online] Available at:
https://www.dhs.gov/topic/cybersecurity [Accessed 22 Nov. 2018].
Fireeye.com. (2018). [online] Available at:
https://www.fireeye.com/content/dam/fireeye-www/global/en/solutions/pdfs/sb-healthcare-and-
health-insurance.pdf [Accessed 22 Nov. 2018].
84

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Fireeye.com. (2018). [online] Available at:
https://www.fireeye.com/content/dam/fireeye-www/global/en/solutions/pdfs/sb-healthcare-and-
health-insurance.pdf [Accessed 22 Nov. 2018].
HealthITSecurity. (2018). Preparing for the 2017 Healthcare Cybersecurity Threats. [online]
Available at: https://healthitsecurity.com/news/preparing-for-the-2017-healthcare-cybersecurity-
threats [Accessed 22 Nov. 2018].
HealthITSecurity. (2018). Preparing for the 2017 Healthcare Cybersecurity Threats. [online]
Available at: https://healthitsecurity.com/news/preparing-for-the-2017-healthcare-cybersecurity-
threats [Accessed 22 Nov. 2018].
Healthsectorcouncil.org. (2018). Health Sector Mobilizes Against Cyber Threats – Health Sector
Council. [online] Available at: https://healthsectorcouncil.org/health-sector-mobilizes-against-
cyber-threats/ [Accessed 22 Nov. 2018].
Hklaw.com. (2018). Cyber Threats to the Healthcare Industry: Best Practices to Help Protect
Your Organization. [online] Available at: https://www.hklaw.com/healthblog/cyber-threats-to-
the-healthcare-industry--best-practices-to-help-protect-your-organization-07-21-2017/ [Accessed
22 Nov. 2018].
Ibm.com. (2018). Healthcare Cybersecurity | IBM. [online] Available at:
https://www.ibm.com/industries/healthcare/cybersecurity [Accessed 22 Nov. 2018].
Industry, T. and Insurance, H. (2018). Healthcare and Health Insurance Threat Intelligence |
FireEye. [online] FireEye. Available at: https://www.fireeye.com/current-threats/reports-by-
industry/healthcare-threat-intelligence.html [Accessed 22 Nov. 2018].
InfoSec Resources. (2018). Risks and Cyber Threats to the Healthcare Industry. [online]
Available at: https://resources.infosecinstitute.com/risks-cyber-threats-healthcare-industry/
[Accessed 22 Nov. 2018].
InfoSec Resources. (2018). Top Cyber Security Risks in Healthcare. [online] Available at:
https://resources.infosecinstitute.com/category/healthcare-information-security/healthcare-cyber-
threat-landscape/top-cyber-security-risks-in-healthcare/ [Accessed 22 Nov. 2018].
85

Phe.gov. (2018). [online] Available at:
https://www.phe.gov/Preparedness/planning/cip/Documents/cybersecurity-primer.pdf [Accessed
22 Nov. 2018].
Rapid7 Blog. (2018). Cyber-Threats and Vulnerabilities in the Healthcare Industry. [online]
Available at: https://blog.rapid7.com/2018/11/08/top-5-threats-healthcare-organizations-face-and-
how-to-combat-them/ [Accessed 22 Nov. 2018].
Systems, G. (2018). Cybersecurity Threats Continue to Haunt the Healthcare Industry. [online]
Blog.ghsystems.com. Available at: http://blog.ghsystems.com/blog/cybersecurity-threats-
continue-to-haunt-the-healthcare-industry [Accessed 22 Nov. 2018].
TechCrunch. (2018). The healthcare industry is in a world of cybersecurity hurt. [online]
Available at: https://techcrunch.com/2018/08/09/the-healthcare-industry-is-in-a-world-of-
cybersecurity-hurt/ [Accessed 22 Nov. 2018].
Zorabedian, J. (2018). Why cybercriminals attack healthcare more than any other industry.
[online] Naked Security. Available at: https://nakedsecurity.sophos.com/2016/04/26/why-
cybercriminals-attack-healthcare-more-than-any-other-industry/ [Accessed 22 Nov. 2018].
Dark, M. (2011). Information assurance and security ethics in complex systems. Hershey, Pa.: IGI
Global (701 E. Chocolate Avenue, Hershey, Pennsylvania, 17033, USA).
De Borchgrave, A. (2001). Cyber threats and information security. Washington, D.C.: CSIS
Press.
Graham, J., Howard, R. and Olson, R. (2011). Cyber security essentials. Boca Raton, FL:
Auerbach Publications.
Greene, S. (2014). Security program and policies. Indianapolis, Ind.: Pearson IT Certification.
Hsu, D. and Marinucci, D. (2013). Advances in cyber security. New York: Fordham University
Press.
Johnson, M. (2013). Cyber Crime, Security and Digital Intelligence. Farnham: Ashgate
Publishing Ltd.
Knudsen, G. (2013). Risk Management of National Security Threats. Hauppauge: Nova Science
Publishers, Inc.
LeVeque, V. (2006). Information security. New York: Wiley.
86

Meghanathan, N., Nagamalai, D. and Chaki, N. (2012). Advances in computing and information
technology. Berlin: Springer.
O'Hanley, R. and Tiller, J. (2014). Information security management handbook. Boca Raton
[Fla.]: CRC Press.
Vacca, J. (n.d.). Cyber security and IT infrastructure protection.
Whitman, M. and Mattford, H. (n.d.). Management of information security.
Ahmed, N., Acharjya, D. and Sanyal, S. (2017). A framework for phishing attack identification
using rough set and formal concept analysis. International Journal of Communication Networks
and Distributed Systems, 18(2), p.186.
Barnett, D., Sell, T., Lord, R., Jenkins, C., Terbush, J. and Burke, T. (2013). Cyber Security
Threats to Public Health. World Medical & Health Policy, 5(1), pp.37-46.
Carpenter, S. (2010). Battling Cyber Threats. Science.
Home Security System Design and Implementation. (2016). International Journal of Science and
Research (IJSR), 5(3), pp.2144-2148.
Jung, Y. (2017). Cyber Threats, Issues of Cyber Securitization, and Positive Cyber Peace. The
Journal of Peace Studies, 18(3), pp.105-125.
Mansfield-Devine, S. (2017). Ransomware: the most popular form of attack. Computer Fraud &
Security, 2017(10), pp.15-20.
Meena, K. and Kanti, T. (2014). A Review of Exposure and Avoidance Techniques for Phishing
Attack. International Journal of Computer Applications, 107(5), pp.27-31.
Muftic, S. (1992). Implementation of the Comprehensive Integrated Security System for
computer networks. Computer Networks and ISDN Systems, 25(4-5), pp.469-475.
O'Kane, P., Sezer, S. and Carlin, D. (2018). Evolution of ransomware. IET Networks, 7(5),
pp.321-327.
Rizov, V. (2018). Information Sharing for Cyber Threats. Information & Security: An
International Journal, 39(1), pp.43-50.
The WannaCry ransomware attack. (2017). Strategic Comments, 23(4), p.vii-ix.
Xue, L. and Sun, G. (2014). Design and implementation of a malware detection system based on
network behavior. Security and Communication Networks, 8(3), pp.459-470.
87

1 out of 88

+13062052269

info@desklib.com

Development of Cyber Security Policies and System in Hospitals

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Educational Program Risk Management

Cyber Risk Management in Healthcare

Healthcare Technology in Turkey

Various Solutions And Technologies

The Internet and the Web: Security Risks and Mitigation Strategies

Regional Gardens Case Study PDF