Cybersecurity Measurability: Three Magnified Vulnerabilities of USA Healthcare
摘要
There are two defining characteristics of a healthcare provider: (1) geographic location and services available at their physical structure and (2) services available via their virtual Internet presence. For centuries we have focused on the first defining characteristic - now we need to shift our focus to understand and address issues that may arise from the new second defining characteristic. This chapter is an updated summary of a paper originally presented at the ACM Cybersecurity in Healthcare (HealthSec) Workshop in October 2024 [39]. We address issues related to Internet connectivity and virtual presence of USA healthcare providers, especially hospitals, when ransomware cyberattacks resulting in service outages occur. We show the cybersecurity posture of a large critical national infrastructure (USA healthcare) can be measured, mapped, and quantitatively baselined. Empirical measurability results reveal systemic issues in USA healthcare presenting “magnified vulnerabilities” in that a single exploit can have an outsized impact on an entire nationwide infrastructure. As the initial step toward addressing this issue, we identify the three magnified cybersecurity vulnerabilities of USA healthcare: (1) shared IT infrastructure; (2) market concentration; and (3) the geographical distribution of hospitals across the USA.