In the face of the Covid-19 outbreak, Americans are waking up to the limitations of their analogue health care system. It seems clear that we need an immediate digital revolution to face this crisis.

Click below to read this perspective.

Digital health systems and innovative care delivery within these systems have great potential to improve national health care and positively impact the health outcomes of patients. However, currently, very few countries have systems that can implement digital interventions at scale. This is partly because of the lack of interoperable electronic health records (EHRs). It is difficult to make decisions for an individual or population when the data on that person or population are dispersed over multiple incompatible systems. This viewpoint paper has highlighted some key obstacles of current EHRs and some promising successes, with the goal of promoting EHR evolution and advocating for frameworks that develop digital health systems that serve populations—a critical goal as we move further into this data-rich century with an ever-increasing number of patients who live longer and depend on health care services where resources may already be strained. This paper aimed to analyze the evolution, obstacles, and current landscape of EHRs and identify fundamental areas of hindrance for interoperability. It also aimed to highlight countries where advances have been made and extract best practices from these examples. The obstacles to EHR interoperability are not easily solved, but improving the current situation in countries where a national policy is not in place will require a focused inquiry into solutions from various sources in the public and private sector. Effort must be made on a national scale to seek

Next generation sequencing (NGS) is becoming the new gold standard in public health microbiology. Like any disruptive technology, its growing popularity inevitably attracts cyber security actors, for whom the health sector is attractive because it combines mission-critical infrastructure and high-value data with cybersecurity vulnerabilities. In this Perspective, we explore cyber security aspects of microbial NGS. We discuss the motivations and objectives for such attack, its feasibility and implications, and highlight policy considerations aimed at threat mitigation. Particular focus is placed on the attack vectors, where the entire process of NGS, from sample to result, could be vulnerable, and a risk assessment based on probability and impact for representative attack vectors is presented. Cyber attacks on microbial NGS could result in loss of confidentiality (leakage of personal or institutional data), integrity (misdetection of pathogens) and availability (denial of sequencing services). NGS platforms are also at risk of being used as propagation vectors, compromising an entire system or network. Owing to the rapid evolution of microbial NGS and its applications, and in light of the dynamics of the cyber security domain, frequent risk assessments should be carried out in order to identify new threats and underpin constantly updated public health policies.

Cybercrime has become an increasing concern for consumers in the United States and internationally. In recent years, cybercrimes in the healthcare industry have drastically increased in type, impact, and frequency. These attacks have negatively impacted patient privacy, the ability of providers to deliver care, and the security of healthcare organizations. Nurses are uniquely positioned to help protect against and report cybercrimes because they are one of the largest employed populations in the healthcare industry and they are on the front line of patient care and healthcare technology use. This article discusses the main concerns of cybersecurity in healthcare, the nurse’s role in preventing and managing cyber security, and recommendations for nurses, educators, and regulators.

Introduction Healthcare data have significant value as a potential target for hackers. Phishing is a method of exploitation for malicious reasons using targeted communications (email/messaging). This study reports on an internal evaluation targeting hospital staff and summarises peer-reviewed literature regarding phishing and healthcare.

Methods An assessment was performed as part of cybersecurity activity during a designated test period using multiple credential harvesting approaches through staff email. We also searched the medical-related literature to identify relevant phishing-related publications.

Results During the 1-month testing period, the organization received 858 200 emails: 139 400 (16%) marketing, 18 871 (2%) identified as potential threats. Of 143million internet transactions, around 5million (3%) were suspected threats. 468 employee email addresses were identified from public data and targeted through phishing using a range of payloads including attachments and malicious links; however, no credentials were recovered or malicious files downloaded. Several hospital employees were, however, identified on social media profiles, including some tricked into accepting false friend requests.

Discussion Healthcare organizations are increasingly moving to digital systems, but healthcare professionals have limited awareness of threats. Increasing emphasis on ‘cyberhygiene’ and information governance through mandatory training increases understanding of these risks. While no credentials were harvested in this study, since up to 5% of emails/internet traffic are suspicious, the need for robust firewalls, cybersecurity infrastructure, IT policies and, most importantly of all, staff training, is emphasized.

Conclusion Hospitals receive a significant volume of potentially malicious emails. While many staff appear to be aware of phishing and respond appropriately, ongoing education is required across the spectrum of cybersecurity, with specific emphasis around ‘leakage’ of information on social media.

The recent rise in cybersecurity breaches in healthcare organizations has put patients’ privacy at a higher risk of being exposed. Despite this threat and the additional danger posed by such incidents to patients’ safety, as well as operational and financial threats to healthcare organizations, very few studies have systematically examined the cybersecurity threats in healthcare. To lay a firm foundation for healthcare organizations and policymakers in better understanding the complexity of the issue of cybersecurity, this study explores the major type of cybersecurity threats for healthcare organizations and explains the roles of the four major players (cyber attackers, cyber defenders, developers, and end-users) in cybersecurity. Finally, the paper discusses a set of recommendations for the policymakers and healthcare organizations to strengthen cybersecurity in their organization

Background: Hospitals have been one of the major targets for phishing attacks. Despite efforts to improve information security compliance, hospitals still significantly suffer from such attacks, impacting the quality of care and the safety of patients.

Objective: This study aimed to investigate why hospital employees decide to click on phishing emails by analyzing actual clicking data.

Methods: We first gauged the factors that influence clicking behavior using the theory of planned behavior (TPB) and integrating trust theories. We then conducted a survey in hospitals and used structural equation modeling to investigate the components of compliance intention. We matched employees’ survey results with their actual clicking data from phishing campaigns.

Results: Our analysis (N=397) reveals that TPB factors (attitude, subjective norms, and perceived behavioral control), as well as collective felt trust and trust in information security technology, are positively related to compliance intention. However, compliance intention is not significantly related to compliance behavior. Only the level of employees’ workload is positively associated with the likelihood of employees clicking on a phishing link.

Conclusions: This is one of the few studies in information security and decision making that observed compliance behavior by analyzing clicking data rather than using self-reported data. We show that, in the context of phishing emails, intention and compliance might not be as strongly linked as previously assumed; hence, hospitals must remain vigilant with vulnerabilities that cannot be easily managed. Importantly, given the significant association between workload and noncompliance behavior (ie, clicking on phishing links), hospitals should better manage employees’ workload to increase information security. Our findings can help health care organizations augment employees’ compliance with their cybersecurity policies and reduce the likelihood of clicking on phishing links.

Cloud computing is a promising technology that is expected to transform the healthcare industry. Cloud computing has many benefits like flexibility, cost and energy savings, resource sharing, and fast deployment. In this paper, we study the use of cloud computing in the healthcare industry and different cloud security and privacy challenges. -e centralization of data on the cloud raises many security and privacy concerns for individuals and healthcare providers. -is centralization of data (1) provides attackers with one-stop honey-pot to steal data and intercept data in-motion and (2) moves data ownership to the cloud service providers; therefore, the individuals and healthcare providers lose control over sensitive data. As a result, security, privacy, efficiency, and scalability concerns are hindering the wide adoption of the cloud technology. In this work, we found that the stateof-the art solutions address only a subset of those concerns. -us, there is an immediate need for a holistic solution that balances all the contradicting requirements.