{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T15:31:36Z","timestamp":1773156696666,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T00:00:00Z","timestamp":1700438400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,20]]},"DOI":"10.1145\/3689942.3694754","type":"proceedings-article","created":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T00:21:45Z","timestamp":1732234905000},"page":"45-52","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Cybersecurity Monitoring\/Mapping of USA Healthcare (All Hospitals) - Magnified Vulnerability due to Shared IT Infrastructure, Market Concentration, & Geographical Distribution"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-8453-3898","authenticated-orcid":false,"given":"William","family":"Yurcik","sequence":"first","affiliation":[{"name":"U.S. Department of Health & Human Services (HHS), Baltimore, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7119-885X","authenticated-orcid":false,"given":"Andreas","family":"Schick","sequence":"additional","affiliation":[{"name":"U.S. Department of Health & Human Services (HHS), Rockville, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1087-1577","authenticated-orcid":false,"given":"Stephen","family":"North","sequence":"additional","affiliation":[{"name":"Infovisible, Oldwick, NJ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1097-8833","authenticated-orcid":false,"given":"Michael T.","family":"Gastner","sequence":"additional","affiliation":[{"name":"Singapore Institute of Technology, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-1101-0631","authenticated-orcid":false,"given":"Fabio Roberto","family":"de Miranda","sequence":"additional","affiliation":[{"name":"Insper, S\u00e3o Paulo, Brazil"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9176-8271","authenticated-orcid":false,"given":"Rodolfo da Silva","family":"Avelino","sequence":"additional","affiliation":[{"name":"Insper, S\u00e3o Paulo, Brazil"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4627-0244","authenticated-orcid":false,"given":"Andre Filipe de Moraes","family":"Batista","sequence":"additional","affiliation":[{"name":"Insper, S\u00e3o Paulo, Brazil"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-4760-1441","authenticated-orcid":false,"given":"Gregory","family":"Pluta","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3793-3635","authenticated-orcid":false,"given":"Ian","family":"Brooks","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1056\/NEJMsa2206117"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1056\/NEJM199102073240604"},{"key":"e_1_3_2_1_3_1","volume-title":"Applied Cryptography","author":"Blaze Matt","year":"1996","unstructured":"Matt Blaze. \"Afterword\" within Bruce Schneier. 1996. Applied Cryptography 2nd Edition. 1996.","edition":"2"},{"key":"e_1_3_2_1_4_1","volume-title":"filed","author":"Boyer Stephen","year":"2011","unstructured":"Stephen Boyer, Nagarjuna Venna, and Megumi Ando (BitSight Technologies Inc. filed September 22, 2011), Information Security Assessment System U.S. Patent 20160205126, granted July 14, 2016."},{"key":"e_1_3_2_1_5_1","unstructured":"Centers for Medicare & Medicaid Services (CMS) National Health Expenditures (NHE) 2024 Fact Sheet https:\/\/www.cms.gov\/data-research\/statistics-trends-and-reports\/national-health-expenditure-data\/nhe-fact-sheet"},{"key":"e_1_3_2_1_6_1","article-title":"The Relationship Between Cybersecurity Ratings and the Risk of Hospital Data Breaches","volume":"8","author":"Choi Sung J.","year":"2021","unstructured":"Sung J. Choi and M. Eric Johnson. 2021. The Relationship Between Cybersecurity Ratings and the Risk of Hospital Data Breaches. Journal of the American Medical Informatics Association, Vol 00(No 0), 1--8.","journal-title":"Journal of the American Medical Informatics Association"},{"key":"e_1_3_2_1_7_1","volume-title":"Care: Populations in Counties With No FQHC, RHC, or Acute Care Hospital. NC Rural Health Research Program.","author":"M. Clawar","year":"2018","unstructured":"M. Clawar et al. 2018. Access to Care: Populations in Counties With No FQHC, RHC, or Acute Care Hospital. NC Rural Health Research Program."},{"key":"e_1_3_2_1_8_1","volume-title":"CISA INSIGHTS","author":"Cybersecurity Infrastructure and Security Agency (CISA)","year":"2021","unstructured":"Cybersecurity Infrastructure and Security Agency (CISA), 2021. Provide Medical Care is in Critical Condition: Analysis and Stakeholder Decision Support to Minimize Further Harm. CISA INSIGHTS, September 2021."},{"key":"e_1_3_2_1_9_1","unstructured":"Cybersecurity & Infrastructure Security Agency (CISA). Critical Infrastructure Sectors.https:\/\/www.cisa.gov\/topics\/critical-infrastructure-security-and-resilience\/critical-infrastructure-sectors."},{"key":"e_1_3_2_1_10_1","unstructured":"Cybersecurity & Infrastructure Security Agency (CISA). National Critical Functions.https:\/\/www.cisa.gov\/topics\/risk-management\/national-critical-functions."},{"key":"e_1_3_2_1_11_1","unstructured":"Emanate Health v. Optum Health. 2023. California Central District Court -- No. 2:23-cv-09872."},{"key":"e_1_3_2_1_12_1","first-page":"2023","volume":"23","author":"Fein Adam J.","year":"2023","unstructured":"Adam J. Fein, 2023. The Top Pharmacy Benefit Managers of 2022: Market Share and Trends for the Biggest Companies. Drug Channels Institute, May 23, 2023.","journal-title":"Drug Channels Institute"},{"key":"e_1_3_2_1_13_1","volume-title":"by Revenue. Fortune Magazine","author":"The Largest Fortune","year":"2023","unstructured":"Fortune 500 -- The Largest Companies in the U.S. by Revenue. Fortune Magazine. 2023. https:\/\/fortune.com\/ranking\/fortune500\/2023\/"},{"key":"e_1_3_2_1_14_1","first-page":"1","article-title":". Effectiveness of Area-to-Value Legends and Grid Lines in Contiguous Area Cartograms","volume":"2023","author":"Fung Kevin L.T.","year":"2023","unstructured":"Kevin L.T. Fung, Simmon T, Perrault, and Michael T. Gastner, 2023. Effectiveness of Area-to-Value Legends and Grid Lines in Contiguous Area Cartograms. IEEE Transactions on Visualization and Computer Graphics. May 2023, 1--18.","journal-title":"IEEE Transactions on Visualization and Computer Graphics"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.1712674115"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevE.74.016117"},{"key":"e_1_3_2_1_17_1","volume-title":"CyberInsecurity: The Cost of Monopoly -- How the Dominance of Microsoft's Products Poses a Risk to Security","author":"Dan Geer","unstructured":"Dan Geer et. al. 2003. CyberInsecurity: The Cost of Monopoly -- How the Dominance of Microsoft's Products Poses a Risk to Security. Computer & Communications Industry Association Report."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","unstructured":"Dan Geer Eric Jardine & Eireann Leverett. 2020. On Market Concentration and Cybersecurity Risk Journal of Cyber Policy. DOI: 10.1080\/23738871.2020.1728355","DOI":"10.1080\/23738871.2020.1728355"},{"key":"e_1_3_2_1_19_1","volume-title":"Adverse Events in Hospitals: A Quarter of Medicare Patients Experienced Harm","author":"Grimm Christi A.","year":"2018","unstructured":"Christi A. Grimm. 2022. Adverse Events in Hospitals: A Quarter of Medicare Patients Experienced Harm in October 2018. U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG), May 2022, OEI-06--18-00400."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"K. Gujral and A. Basu. 2019. Impact of Rural and Urban Hospital Closures on Inpatient Mortality. National Bureau of Economic Research Working Paper 26182.","DOI":"10.3386\/w26182"},{"key":"e_1_3_2_1_21_1","volume-title":"August 21, 1996.","author":"Portability Health Insurance","year":"1996","unstructured":"Health Insurance Portability and Accountability Act of 1996, Public Law 104--191, August 21, 1996."},{"key":"e_1_3_2_1_22_1","volume-title":"2005 Hard Problem List","author":"INFOSEC Research Council","year":"2005","unstructured":"INFOSEC Research Council. 2005 Hard Problem List. November 2005."},{"key":"e_1_3_2_1_23_1","first-page":"2022","article-title":"Judge Denies DOJ's Move to Block $13B UnitedHealth","volume":"20","author":"Liss Samantha","year":"2022","unstructured":"Samantha Liss. 2022. Judge Denies DOJ's Move to Block $13B UnitedHealth, Change Deal. Healthcare Dive. September 20, 2022.","journal-title":"Change Deal. Healthcare Dive"},{"key":"e_1_3_2_1_24_1","volume-title":"HealthInfoSec","author":"McGee Marianne Kolbasuk","year":"2021","unstructured":"Marianne Kolbasuk McGee. 2021. Lawsuit: Hospital's Ransomware Attack Led to Baby's Death. HealthInfoSec, October 21, 2021."},{"key":"e_1_3_2_1_25_1","volume-title":"Opens UnitedHealth Antitrust Probe. Wall Street Journal","author":"Mathews Anna Wilde","year":"2024","unstructured":"Anna Wilde Mathews and Dave Michaels. 2024. U.S. Opens UnitedHealth Antitrust Probe. Wall Street Journal, February 27, 2024."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"T. Joseph Matttingly II and David Hyman. 2023. Pharmacy Benefit Managers -- History Business Practices Economics. And Policy. JAMA Health Forum 4(11).","DOI":"10.1001\/jamahealthforum.2023.3804"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.08.055"},{"key":"e_1_3_2_1_28_1","volume-title":"Schweitzer Jr","author":"Meyer Morton","year":"1975","unstructured":"Morton Meyer, Frederick R. Broome, and Richard H. Schweitzer Jr.. 1975. Color Statistical Mapping by the U.S. Bureau of the Census. The American Cartographer, Volume 2 Issue 2, 101--117."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/0168-8510(88)90001-2"},{"key":"e_1_3_2_1_30_1","volume-title":"Measurement Guide for Information Security","author":"NIST.","unstructured":"NIST. 2024. Measurement Guide for Information Security: Volume 1 -- Identifying and Selecting Measures. NIST SP 800--55 Vol. 1."},{"key":"e_1_3_2_1_31_1","unstructured":"Rebecca Robbins and Reed Abelson. 2024. A Shadow Industry -- How Pharmacy Benefit Managers Inflate the Cost of Prescription Drugs for Millions of People. NY Times 60(194)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"J. Shepperd. 2020. Pharmacy Benefit Managers Rebates & Drug Prices: Conflicts of Interest in the Market for Prescription Drugs. Yale Law & Policy Review.","DOI":"10.2139\/ssrn.3313828"},{"key":"e_1_3_2_1_33_1","volume-title":"Clinical and Hospital System Emergency Management: Implications of Cyberthreats Beyond Privacy Concerns. ACM CCS Workshop on Cybersecurity in Healthcare (HealthSec'24)","author":"Sullivan Natalie","year":"2024","unstructured":"Natalie Sullivan and Kristan Raphel. 2024. Clinical and Hospital System Emergency Management: Implications of Cyberthreats Beyond Privacy Concerns. ACM CCS Workshop on Cybersecurity in Healthcare (HealthSec'24)."},{"key":"e_1_3_2_1_34_1","volume-title":"Aug. 13, 2024.","author":"Trang B.","year":"2024","unstructured":"B. Trang. 2024. Why U.S. Health Care Cybersecurity Laws are Better at Protecting a Corpse's Privacy than Patients? Lives. STAT+, Aug. 13, 2024."},{"key":"e_1_3_2_1_35_1","unstructured":"UnitedHealthcare - Individuals Served by Segment 2023. Statista. https:\/\/www.statista.com\/statistics\/622420\/individuals-served-by-unitedhealthcare-by-segment\/"},{"key":"e_1_3_2_1_36_1","volume-title":"July 24, 2024.","author":"U.S. Department of Justice.","year":"2024","unstructured":"U.S. Department of Justice. 2024. UnitedHealth Group Abandons Two Acquisitions Following Antitrust Division Scrutiny, July 24, 2024."},{"key":"e_1_3_2_1_37_1","unstructured":"U. S. Government Accountability Office. 2020. Rural Hospital Closures-Affected Residents Had Reduced Access to Health Care Services."},{"key":"e_1_3_2_1_38_1","volume-title":"Methods for Calculating Patient Travel Distance to Hospital in HCUP Data","author":"Weiss A.J.","year":"2021","unstructured":"A.J. Weiss et al. Methods for Calculating Patient Travel Distance to Hospital in HCUP Data. 2021. U.S. Agency for Healthcare Research and Quality (AHRQ)."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 Workshop on Cybersecurity in Healthcare"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689942.3694754","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689942.3694754","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T02:29:09Z","timestamp":1755916149000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689942.3694754"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,20]]},"references-count":38,"alternative-id":["10.1145\/3689942.3694754","10.1145\/3689942"],"URL":"https:\/\/doi.org\/10.1145\/3689942.3694754","relation":{},"subject":[],"published":{"date-parts":[[2023,11,20]]},"assertion":[{"value":"2024-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}