St. Petersburg Medical and Social Institute
Russian Federation
Russian Federation
The relevance of this study is due to the significant increase in cyber threats in the healthcare sector, which has intensified after the COVID-19 pandemic, and the high vulnerability of medical institutions to attacks from both external and internal attackers. Leaks of confidential information in healthcare not only cause economic and image damage, but also pose a direct threat to the health and lives of patients. The article presents a comprehensive analysis of the state of information security in the healthcare system based on incident statistics for 2023-2024. The authors highlight the main sources of threats - hacker attacks, negligence and malicious actions of personnel, as well as insufficient digital maturity of institutions, manifested in outdated software and a shortage of information security specialists. Particular attention is paid to the economic consequences of information security incidents and international regulatory practices, including a comparative analysis of sanctions mechanisms in Russia and abroad. The scientific novelty of the study lies in the integrated approach to assessing the relationship between information, economic and social security in the context of the digitalization of the healthcare system. The practical significance of the work lies in the formation of the basis for the development of effective risk management strategies in the field of information security of medical organizations, including staff training, the introduction of monitoring of employee actions and increasing penalties for violations.
information security, healthcare, cyber attacks, data leaks, personal data, economic damage
1. Gallese-Nobile K. Legal aspects of using artificial intelligence in telemedicine // Journal of Digital Technologies and Law. – 2023. – Vol. 1, No. 2. – Pp. 314-336. – DOIhttps://doi.org/10.21202/jdtl.2023.13. – EDN VSKCFB.
2. Kharchenko E.B., Sheydakov N.E. On the danger of cyberattacks on the information systems of healthcare institutions // Information systems, economics and management: Scientific notes. Volume Issue 23. – Rostov-on-Don: Rostov State University of Economics "RINH", 2021. - Pp. 76-79. - EDN YNZFOW.
3. Zaitsev A.K., Matveev V.V. Economic crimes using digital technologies // National security and strategic planning. – 2022. – No. 1(37). – P. 63-81. – DOIhttps://doi.org/10.37468/2307-1400-2022-1-63-81. – EDN WFNIFZ.
4. Antonov A.E., Matveev V.V. Ensuring economic security using a DLP system (artificial intelligence) // Theoretical and applied issues of integrated security: Proceedings of the V International scientific and practical conference, St. Petersburg, March 23, 2022. – SPb: St. Petersburg Institute of Nature Management, Industrial Safety and Environmental Protection, 2022. – P. 251-257. – EDN DEOZZA.
5. Shekokar N. M. et al. (ed.). Cyber Security Threats and Challenges Facing Human Life. – CRC Press, 2022.
6. Analytics in the field of information leakage [Electronic resource]. – Access mode: https://www.infowatch.ru/analytics
7. Trusov Yu.A., Antipov A.V. The right to be forgotten: experience of practical analysis // Digital technologies and law: Collection of scientific papers of the I International scientific and practical conference. In 6 volumes, Kazan, September 23, 2022. – Kazan: Publishing house "Poznanie", 2022. – P. 362-366. – EDN HAUILR.
8. Moore W., Frye S. Review of HIPAA, part 1: history, protected health information, and privacy and security rules // Journal of nuclear medicine technology. – 2019. – V. 47. – No 4. – P. 269-272. – DOI: https://doi.org/10.2967/jnmt.119.227819
9. Kiel J. M., Ciamacco F. A., Steines B. T. Privacy and data security: HIPAA and HITECH // Healthcare information management systems: Cases, strategies, and solutions. – 2016. – P. 437-449. – DOI: https://doi.org/10.1007/978-3-319-20765-0_25
10. EyeMed agrees $600,000 settlement over 2020 data breach URL: https://www.zdnet.com/article/eyemed-us-attorney-agree-600000-settlement-over-2020-data-breach/
11. Swasey K. Insufficient healthcare cybersecurity invites ransomware attacks and sale of phi on the dark web // Center for Anticipatory Intelligence Student Research Reports. – 2020. URL: https://www.usu.edu/cai/files/studentpaper-swasey.pdf
12. Reeves K. Cyberattacks: Not a Matter of If, but When // Applied Radiology. – 2024. – V. 53. – No 2. – P. 38-41. URL: https://cdn.agilitycms.com/applied-radiology/PDFs/Issues/AR_03-24_radmatters.pdf
13. Orenburg hackers transferred ambulance data to funeral agencies URL: https://www.securitylab.ru/news/532648.php
14. Study of leaks of confidential information from medical institutions in 2017 URL: https://www.infowatch.ru/sites/default/files/report/analytics/russ/InfoWatch_med2017.pdf
15. COVID-19: leaks during the pandemic (1st half of 2020) URL: https://www.infowatch.ru/analytics/analitika/covid-19-utechki-perioda-pandemii-1-polugodie-2020More than 4,000 individuals’ medical data left exposed for 16 years. URL: https://portswigger.net/daily-swig/more-than-4-000-individuals-medical-data-left-exposed-for-16-years
16. More than 4,000 individuals’ medical data left exposed for 16 years. URL: https://portswigger.net/daily-swig/more-than-4-000-individuals-medical-data-left-exposed-for-16-years
17. Rawat R. et al. Organ trafficking on the dark web—The data security and privacy concern in healthcare systems // Internet of Healthcare Things: Machine Learning for Security and Privacy. – 2022. – P. 189-216. – DOI: https://doi.org/10.1002/9781119792468.ch9
18. Gaming firm Razer wins lawsuit against IT vendor over data leak, awarded $8.7m in damages. URL: https://www.straitstimes.com/singapore/courts-crime/gaming-firm-razer-wins-lawsuit-against-it-vendor-over-data-leak-awarded-87m-in-damages
19. Mrežar F. Analysis of fines under GDPR. – University of Zagreb. Faculty of Law. Information Technology Law and Informatics, 2023. URL: https://repozitorij.pravo.unizg.hr/en/islandora/object/pravo:5002
20. Meta fined €265m over data protection breach that hit more than 500m users. URL: https://www.theguardian.com/technology/2022/nov/28/meta-fined-265m-over-data-breach-affecting-more-than-500m-users
21. Heath M., Porter T. H., Silvera G. Hospital characteristics associated with HIPAA breaches // International Journal of Healthcare Management. – 2022. – V. 15. – No 2. – P. 171-180. – DOI: https://doi.org/10.1080/20479700.2020.1870349
22. Five former Methodist Hospital employees charged with HIPAA violations. URL: https://www.databreaches.net/five-former-methodist-hospital-employees-charged-with-hipaa-violations/
23. AstraZeneca password lapse exposed patient data. URL: https://techcrunch.com/2022/11/03/astrazeneca-passwords-exposed-patient-data/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZGF0YWJyZWFjaGVzLm5ldC8&guce_referrer_sig=AQAAAAE8Y-wn6fo1Qi-8AU_fm0vQeRXNT33dCZm9xadXJu-GZWz74n7EcPfHE32674LobeN4v1ZqAtZSv0juf8txbWO4h84jFb0rLKorSpG0Uv514Oa95_LvoJVpkDniwzWwBy_PjdW8N1rfJTEQdOr_XzjK0b69LDt9eP2nAzyO9o72
24. Besenyő J. Security Science Journal Healthcare Cybersecurity Threat Context and Mitigation Opportunities (Vol. 4 No. 1, 2023. Security Science Journal). – DOI: https://doi.org/10.37458/ssj.4.1.6
25. Oops, web trackers may have leaked 3 million patients' info. URL: https://www.theregister.com/2022/10/20/health_group_says_tracking_pixel/
26. 300K Patients' Data Compromised In Ransomware Attack On Yonkers-Based Empress EMS. URL: https://patch.com/new-york/newrochelle/300k-patients-compromised-ransomware-attack-empress-ems
27. Kayes A. S. M. et al. Safeguarding Individuals and Organisations from Privacy Breaches: A Comprehensive Review of Problem Domains, Solution Strategies, and Prospective Research Directions // IEEE Internet of Things Journal. – 2024. – DOI: https://doi.org/10.1109/JIOT.2024.3481316
28. How a massive data breach has exposed Australia. URL: https://www.saudigazette.com.sa/article/625539/World/Asia/How-a-massive-data-breach-has-exposed-Australia
29. Alleged Optus hacker apologises for data breach and drops ransom threat. URL: https://www.theguardian.com/business/2022/sep/27/alleged-optus-hacker-apologises-for-data-breach-and-drops-ransom-threat
30. Thomas J. Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks // Thomas, JE (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business Management. – 2018. – V. 12. – No 3. – P. 1-23. – DOI:https://doi.org/10.5539/ijbm.v13n6p1
31. SCOOP: Glenn County Office of Education Pays $400K Ransom After Ransomware Attack. URL: https://www.databreaches.net/scoop-glenn-county-office-of-education-paid-400k-ransom-after-ransomware-attack/
32. LockBit Publishes Stolen Data as Hospital Rejects Extortion. URL: https://www.bankinfosecurity.com/lockbit-publishes-stolen-data-as-hospital-rejects-extortion-a-20155
33. BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands. URL: https://resecurity.com/blog/article/blackcat-aka-alphv-ransomware-is-increasing-stakes-up-to-25m-in-demands
34. Varzin S.A., Matveev V.V. Ensuring information security in the healthcare system // National security and strategic planning. – 2023. – No. 3 (43). – P. 19-56. – DOIhttps://doi.org/10.37468/2307-1400-2024-2023-3-19-56. – EDN ONKEFE.
35. Ige T. O., Frimpong A. A., Akinbobola B. A. Mitigating Cybersecurity Threats in the Healthcare Sector: An Analysis of Challenges and Solutions in the USA // Journal of Energy Technologies and Policy. – 2024. – V. 14. – No 2. – P. 66-76. – DOI:https://doi.org/10.7176/JETP/14-2-05
36. Campbell R. J. Cybersecurity Vulnerabilities and Considerations in US Healthcare Facilities: A Scoping Review. – 2024. URL: https://digitalcommons.unmc.edu/coph_slce/352