EARS to Cyber Incidents in Health Care

Forthcoming in the Journal of the American Medical Informatics Association (JAMIA)

MIT Sloan Research Paper No. 5528-18

15 Pages Posted: 10 Aug 2018 Last revised: 8 Nov 2018

See all articles by Mohammad Jalali

Mohammad Jalali

Massachusetts Institute of Technology (MIT) - Sloan School of Management; Harvard University - Harvard Medical School

Bethany Russell

MIT Sloan School of Management

Sabina Razak

MIT Sloan School of Management

William Gordon

Harvard University - Harvard Medical School

Date Written: July 1, 2018

Abstract

Background: Connected medical devices and electronic health records have added important functionality to patient care, but have also introduced a range of cybersecurity concerns. When a healthcare organization suffers from a cybersecurity incident, its incident response strategies are critical to the success of its recovery.

Objective: In this article, we identify gaps in research concerning cybersecurity response plans in health care. Through a systematic literature review, we develop aggregated strategies that professionals can use to construct better response strategies in their organizations.

Methods: We reviewed journal articles on cyber incident response plans in health care published in PubMed and Web of Science. We sought to collect articles on the intersection of cybersecurity and health care that focused on incident response strategies.

Results: We identified and reviewed thirteen articles for cybersecurity response recommendations. We then extracted information such as research methods, findings, and implications. Finally, we synthesized the recommendations into a framework of eight aggregated response strategies (EARS) that fall under managerial and technological categories. A direct comparison of EARS with other frameworks demonstrates the necessity of utilizing EARS in addition to these commonly accepted frameworks. While existing frameworks are undeniably useful, we have identified at least one point for potential improvement in each framework.

Conclusions: We conducted a systematic review of the literature on cybersecurity response plans in health care and developed a novel framework for response strategies that could be deployed by healthcare organizations. More work is needed to evaluate incident response strategies in health care.

Keywords: Incident Response Strategies, Cyber Incidents, Healthcare Organizations, Cybersecurity, Systematic Review

Suggested Citation

Jalali, Mohammad and Russell, Bethany and Razak, Sabina and Gordon, William, EARS to Cyber Incidents in Health Care (July 1, 2018). Forthcoming in the Journal of the American Medical Informatics Association (JAMIA); MIT Sloan Research Paper No. 5528-18 . Available at SSRN: https://ssrn.com/abstract=3220471 or http://dx.doi.org/10.2139/ssrn.3220471

Mohammad Jalali (Contact Author)

Massachusetts Institute of Technology (MIT) - Sloan School of Management ( email )

77 Massachusetts Avenue
50 Memorial Drive
Cambridge, MA 02139-4307
United States

HOME PAGE: http://scholar.harvard.edu/jalali

Harvard University - Harvard Medical School ( email )

101 Merrimac St
Suite 1010
Boston, MA 02114
United States

HOME PAGE: http://scholar.harvard.edu/jalali

Bethany Russell

MIT Sloan School of Management ( email )

100 Main Street
Cambridge, MA 02142
United States

Sabina Razak

MIT Sloan School of Management ( email )

100 Main Street
Cambridge, MA 02142
United States

William Gordon

Harvard University - Harvard Medical School ( email )

25 Shattuck St
Boston, MA 02115
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
64
rank
339,190
Abstract Views
380
PlumX Metrics
!

Under construction: SSRN citations while be offline until July when we will launch a brand new and improved citations service, check here for more details.

For more information