Knowledge

The curriculum development process consists of four phases, namely A. Planning, B. Articulating and Developing, C. Implementing, and D. Evaluating (Ct.gov, 2001). Each phase consists of multiple steps, which are shown in Table 1. How much time and effort should be dedicated to each phase and/or individual step depends on multiple factors, such as…

Boston Children’s Hospital (US): Hacktivism and DDoS attacks In 2014, the Boston Children’s Hospital (located in the US) was targeted by a DDoS attack. A DDoS attack is a Distributed Denial of Service attack, meaning that multiple systems target a single system in such a way that the targeted system cannot deliver its intended services. The…

The UnityPoint Health breach: Phishing for sensitive information On 31 May 2018, UnityPoint Health, a US-based healthcare provider organisation, discovered their business email system was compromised due to a phishing attack (UnityPoint Health, 2018). This was the second phishing attempt to be reported by UnityPoint Health in 2018 (HIPAA…

The Barbie case (The Netherlands): GDPR and the mishandling of patient information Not all security breaches stem from sources outside of healthcare organisations, they can also stem from within the organisation. In 2018, a Dutch local TV-show personality was admitted to a hospital in the Netherlands. Curious staff members sought access to…

Spoofing medical imaging: Highlighting security issues of malware Most of the known cybersecurity incidents in healthcare have to do with data breaches and malware campaigns. However, when hackers gain access to medical data, they could also corrupt it. Potential motivations to do this range from influencing politics, sabotaging research,…

The EVILNUGGET case: The potential for cyberespionage Healthcare data, and specifically medical research data, is increasingly targeted by Chinese advanced persistent threat (APT) groups (IANS, 2019). In August 2019 FireEye, a US-based cybersecurity firm, reported a data breach of an Indian-based healthcare website (IANS, 2019). Reportedly,…

The Nansh0u campaign: Cryptojacking medical computing power On 29 May 2019 security researchers published about a malware that allegedly infected over 50.000 MS-SQL and PHPAdmin servers around the world since February of that year. This malware was Nansh0u, which is a cryptomining malware (CERT-EU, n.d.). It is believed Nansh0u is a China-based…

The  WannaCry (UK) and ASP (Italy) cases: Holding medical data hostage through ransomware One of the most well known cases of ransomware is WannaCry that happened in May 2017. This ransomware caused a devastating global event that affected hospitals, government systems, railway networks and private companies, as well as individual citizens. The…

The AMCA case: Hacking and data breaches in healthcare In August 2018, hackers gained access to AMCA’s systems, that remained undetected for almost a year (Whittaker, 2019). The breach resulted in over 25 million patient records to be compromised (Davis, 2019). AMCA, the American Medical Collection Agency, is a company providing billing and…

Risk management and assessment in healthcare organisations Risk management is an essential process for any organisation, including healthcare organisations. The European Union Agency for Cybersecurity (‘ENISA’) defines risk management as “the process of identifying, quantifying, and managing the risks that an organisation faces” (ENISA, n.d.).…