Adopting Organizational Cultural Changes Concerning Whistle-Blowing in Healthcare Around Information Security in the “Internet of Things” World

Adopting Organizational Cultural Changes Concerning Whistle-Blowing in Healthcare Around Information Security in the “Internet of Things” World

Darrell Norman Burrell, Nimisha Bhargava, Delores Springs, Maurice Dawson, Sharon L. Burton, Damon P. Anderson, Jorja B. Wright
DOI: 10.4018/IJHIoT.2020010102
(Individual Articles)
No Current Special Offers


Medical labs, hospitals, doctor's offices, and medical devices face significant cyber risks. The insecurity of medical devices, including imaging hardware, threatens patient safety. Health organizations are rich with valuable data as well as weak with information security expertise, protocols, and infrastructure. It is critical for more health organizations to focus creating organizational cultures with processes that offer all employees to fully understand the nature of information security risks and have the ability to be active participants in the minimization and reporting of observable risks. This article will lay a foundation to establish techniques and practices for open door policies.
Article Preview

Introduction Of Security Vulnerabilities

More than 29.1 million patient records have been breached or stolen in the United States between 2010 and 2013 (McCoy & Perlis, 2018), with 7 million breaches affecting 500 or extra sufferers stated in 2013 alone accounting for a 137% growth over the previous 12 months (Collier, 2014). The increase in offenses illustrates the fact that the progressed access to health care data and the consequent increase in clinic revel is an alternate-off with statistics security. Hospitals, medical labs, medical offices, and medical devices face significant cyber risks (Martin et al., 2017). A report by KPMG states that in 2015, 110 million patients in the U.S. had their data compromised (KPMG, 2015). Cyber-attacks have gone up 300% in the past three (3) years (Martin et al., 2017). The insecurity of medical devices, including imaging hardware, threatens patient safety. For cybercriminals, health organizations are rich with valuable data (2017). At the same time, these organizations are weak with cybersecurity expertise, protocols, and infrastructure to minimize the risks (2017). Whereas the cybersecurity risks in different industries can be severe, the same exposure within healthcare has more severe risks because the data they use is critical to making life-saving decisions (Coventry & Branley, 2018). The clinical statistics saved in EHRs consist of individually identifiable information (PII), which include highly sensitive information like a patient's medicines, ailments, biometric data, sexual records, hospitalization facts, and laboratory test results (Coventry & Branley, 2018). Information security breaches in healthcare consist of identification robbery, unauthorized personal information disclosures, Internet of Things (IoT) tool loss, system hacking, and, wrong disposal of Health care statistics (Coventry & Branley, 2018) There is a dire need to minimize the threats to electronic health records(Coventry & Branley, 2018 The introduction of processes that can protect health data could enhance safety, lessen medical errors, and improve affected person care and improve treatment.

Cybersecurity in health care has become so severe that the U.S. Food and Drug Administration (FDA) and the Department of Homeland Security (DHS) have introduced a memorandum of settlement to encourage collaboration and enlarge synchronization of their efforts around data security (Martin et. Al., 2017). The security of medical devices has long been a worry. Cybersecurity failings in scientific devices can expose patients to harm by allowing hackers to alter and falsify medical test results and medical diagnoses, as an increasing number of clinical gadgets connect to healthcare networks and the Internet (2017). Medical devices are a likely frail point for exploitation (2017). Susceptibilities can also be exploited to intentionally cause harm to patients due to a lack of adequate information security processes and protocols (2017).

Healthcare organizations often suffer from cultures and processes that create risks including deficiencies when updating their software due to asynchronous communication amid distributed system components, the void of a devoted staff, minimal on-site cybersecurity know-how, and unplanned time or the lack of resources to test patches before installing them into production systems (Iqbal et al., 2016; Packer-Tursman, 2015). The average time to prepare a patch depends upon the system, and its number of components (Rosen, 2011); and testing before implementation could cause a long delay. The various healthcare information technology leaders developed an increase in hacking concerns, as well as the void of hacking information-sharing unveiling existing and emerging risks. A salient point to remember is that adding software patches may initiate security susceptibilities. If new-users add equipment, applications, or components, this paves the way for more ethics concerns due to non-transparency (Bhargava, Madala, & Burrell, 2018). As a result, there is a dire need to understand further immeasurable threats concerning EHR to proffer a security strategy that would enhance security, reduce medical errors, and improve patient care.

Complete Article List

Search this Journal:
Volume 8: 1 Issue (2024)
Volume 7: 1 Issue (2023)
Volume 6: 2 Issues (2022): 1 Released, 1 Forthcoming
Volume 5: 2 Issues (2021)
Volume 4: 2 Issues (2020)
Volume 3: 2 Issues (2019)
Volume 2: 2 Issues (2018)
Volume 1: 2 Issues (2017)
View Complete Journal Contents Listing