There are two defining characteristics of a healthcare provider: (1) geographic location and services available at their physical structure and (2) services available via their virtual Internet presence. For centuries we have focused on the first defining characteristic - now we need to shift our focus to understand and address issues that may arise from the new second defining characteristic. This chapter is an updated summary of a paper originally presented at the ACM Cybersecurity in Healthcare (HealthSec) Workshop in October 2024 [39]. We address issues related to Internet connectivity and virtual presence of USA healthcare providers, especially hospitals, when ransomware cyberattacks resulting in service outages occur. We show the cybersecurity posture of a large critical national infrastructure (USA healthcare) can be measured, mapped, and quantitatively baselined. Empirical measurability results reveal systemic issues in USA healthcare presenting “magnified vulnerabilities” in that a single exploit can have an outsized impact on an entire nationwide infrastructure. As the initial step toward addressing this issue, we identify the three magnified cybersecurity vulnerabilities of USA healthcare: (1) shared IT infrastructure; (2) market concentration; and (3) the geographical distribution of hospitals across the USA.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cybersecurity Measurability: Three Magnified Vulnerabilities of USA Healthcare

  • William Yurcik,
  • Andreas Schick,
  • Stephen North,
  • Michael T. Gastner,
  • Fabio Roberto de Miranda,
  • Rodolpho da Silva Avelino,
  • Andre Filipe de Moreas Batista,
  • Gregory Pluta,
  • Ian Brooks

摘要

There are two defining characteristics of a healthcare provider: (1) geographic location and services available at their physical structure and (2) services available via their virtual Internet presence. For centuries we have focused on the first defining characteristic - now we need to shift our focus to understand and address issues that may arise from the new second defining characteristic. This chapter is an updated summary of a paper originally presented at the ACM Cybersecurity in Healthcare (HealthSec) Workshop in October 2024 [39]. We address issues related to Internet connectivity and virtual presence of USA healthcare providers, especially hospitals, when ransomware cyberattacks resulting in service outages occur. We show the cybersecurity posture of a large critical national infrastructure (USA healthcare) can be measured, mapped, and quantitatively baselined. Empirical measurability results reveal systemic issues in USA healthcare presenting “magnified vulnerabilities” in that a single exploit can have an outsized impact on an entire nationwide infrastructure. As the initial step toward addressing this issue, we identify the three magnified cybersecurity vulnerabilities of USA healthcare: (1) shared IT infrastructure; (2) market concentration; and (3) the geographical distribution of hospitals across the USA.