{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,15]],"date-time":"2026-07-15T04:49:10Z","timestamp":1784090950353,"version":"3.55.0"},"reference-count":112,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2019,1,11]],"date-time":"2019-01-11T00:00:00Z","timestamp":1547164800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["BMC Med Inform Decis Mak"],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1186\/s12911-018-0724-5","type":"journal-article","created":{"date-parts":[[2019,1,11]],"date-time":"2019-01-11T06:49:55Z","timestamp":1547189395000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":77,"title":["The state of research on cyberattacks against hospitals and available best practice recommendations: a scoping review"],"prefix":"10.1186","volume":"19","author":[{"given":"Salem T.","family":"Argaw","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Nefti-Eboni","family":"Bempong","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Bruce","family":"Eshaya-Chauvin","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6957-2977","authenticated-orcid":false,"given":"Antoine","family":"Flahault","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2019,1,11]]},"reference":[{"key":"724_CR1","unstructured":"Health Care in Danger: Making the Case. Geneva: International Committee of the Red Cross; 2011. 4\u201322."},{"key":"724_CR2","unstructured":"Long S. The cyber attack - from the POV of the CEO - Hancock regional hospital. Hancock Health 2018. \n                    https:\/\/www.hancockregionalhospital.org\/2018\/01\/cyber-attack-pov-ceo\/\n                    \n                  . Accessed 21 Feb 2018."},{"key":"724_CR3","doi-asserted-by":"crossref","unstructured":"Bisson D. Hollywood hospital pays $17,000 to ransomware attackers. The State of Security 2016. \n                    https:\/\/www.tripwire.com\/state-of-security\/latest-security-news\/hollywood-hospital-pays-17000-to-ransomware-attackers\/\n                    \n                  . Accessed 20 Feb 2018.","DOI":"10.1016\/S1353-4858(16)30097-6"},{"key":"724_CR4","unstructured":"Hughes O. Norway healthcare cyber-attack could be biggest of its kind. Digital Health. 2018; \n                    https:\/\/www.digitalhealth.net\/2018\/01\/norway-healthcare-cyber-attack-could-be-biggest\/\n                    \n                  . Accessed 21 Feb 2018."},{"key":"724_CR5","unstructured":"Muchai C, Kimani K, Mwangi M, Shiyayo B, Ndegwa D, Kaimba B, et al. Kenya Cyber Security Report 2015. Nairobi, Kenya: Serianu; 2015. 8\u201345."},{"key":"724_CR6","doi-asserted-by":"publisher","unstructured":"*Williams P, Woodward A. Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med Devices Evid Res. 2015; doi:\n                    https:\/\/doi.org\/10.2147\/MDER.S50048\n                    \n                  .","DOI":"10.2147\/MDER.S50048"},{"key":"724_CR7","unstructured":"Protecting Your Networks from Ransomware. Washington, D.C.: The United States Department of Justice; 2016. 2\u20138."},{"key":"724_CR8","unstructured":"2017 Global Threat Intelligence Report. 77% of all ransomware detected in four industries - Business & Professional Services. Health Care and Retail. NTTSecurity: Government; 2017. \n                    https:\/\/www.nttsecurity.com\/en-us\/about\/press-releases\/detail\/2017-global-threat-intelligence-report-77-of-all-ransomware-detected-in-four-industries---business-professional-services-government-health-care-and-retail\n                    \n                  . Accessed 15 May 2018"},{"key":"724_CR9","doi-asserted-by":"publisher","first-page":"313","DOI":"10.5114\/fmpcr.2017.69297","volume":"19","author":"R Sus\u0142o","year":"2017","unstructured":"*Sus\u0142o R, Trnka J, Drobnik J. Current threats to medical data security in family doctors\u2019 practices. Fam Med Prim Care Rev. 2017;19:313\u2013318.","journal-title":"Fam Med Prim Care Rev"},{"key":"724_CR10","doi-asserted-by":"publisher","unstructured":"*Martin G, Martin P, Hankin C, Darzi A, Kinross J. Cybersecurity and healthcare: how safe are we? BMJ. 2017; doi:\n                    https:\/\/doi.org\/10.1136\/BMJ.J3179\n                    \n                  .","DOI":"10.1136\/BMJ.J3179"},{"key":"724_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3233\/THC-161263","volume":"25","author":"CS Kruse","year":"2017","unstructured":"*Kruse CS, Frederick B, Jacobson T, Monticone DK. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technol Heal Care. 2017;25:1\u201310.","journal-title":"Technol Heal Care"},{"key":"724_CR12","first-page":"1","volume-title":"\u201cThe Cyber Resilient Organization: Learning to Thrive Against Threats\u201d.","author":"Ponemon Institute Study","year":"2017","unstructured":"Ponemon Institute Study. \u201cThe Cyber Resilient Organization: Learning to Thrive Against Threats\u201d. Traverse City: Ponemon Institute; 2017. p. 1\u201333."},{"key":"724_CR13","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1080\/14639230601135497","volume":"32","author":"J-W Huang","year":"2007","unstructured":"Huang J-W, Hou T-W. A cost-effective add-on-value card-assisted firewall over Taiwan\u2019s NHI VPN framework. Med Inform Internet Med. 2007;32:103\u201316.","journal-title":"Med Inform Internet Med"},{"key":"724_CR14","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1097\/01.NURSE.0000516242.05454.b4","volume":"47","author":"L Kim","year":"2017","unstructured":"*Kim L. Cybersecurity awareness: Protecting data and patients. Nursing 2018 2017;47:65\u201367.","journal-title":"Nursing"},{"key":"724_CR15","doi-asserted-by":"publisher","unstructured":"*Dyer O. Hackers demand ransom to release encrypted US medical records. BMJ. 2016; doi:\n                    https:\/\/doi.org\/10.1136\/BMJ.I1876\n                    \n                  .","DOI":"10.1136\/BMJ.I1876"},{"key":"724_CR16","doi-asserted-by":"publisher","unstructured":"*Millard WB. Where Bits and Bytes Meet Flesh and Blood. Ann Emerg Med. 2017; doi:\n                    https:\/\/doi.org\/10.1016\/j.annemergmed.2017.07.008\n                    \n                  .","DOI":"10.1016\/j.annemergmed.2017.07.008"},{"key":"724_CR17","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1016\/S0020-7101(96)01220-2","volume":"43","author":"CP Waegemann","year":"1996","unstructured":"Waegemann CP. IT security: developing a response to increasing risks. Int J Biomed Comput. 1996;43:5\u20138.","journal-title":"Int J Biomed Comput"},{"key":"724_CR18","first-page":"273","volume":"24","author":"SI Khan","year":"2016","unstructured":"*Khan SI, Hoque ASML. Digital Health Data: A Comprehensive Review of Privacy and Security Risks and Some Recommendations. Comput Sci J Mold. 2016;24:273\u2013292.","journal-title":"Comput Sci J Mold"},{"key":"724_CR19","doi-asserted-by":"publisher","unstructured":"Silver JK, Binder DS, Zubcevik N, Zafonte RD. Healthcare hackathons provide educational and innovation opportunities: a case study and best practice recommendations. J Med Syst. 2016. \n                    https:\/\/doi.org\/10.1007\/s10916-016-0532-3\n                    \n                  .","DOI":"10.1007\/s10916-016-0532-3"},{"key":"724_CR20","first-page":"2","volume-title":"Security trends in the healthcare industry","author":"M Alvarez","year":"2017","unstructured":"Alvarez M. Security trends in the healthcare industry. Somers: IBM; 2017. p. 2\u201318."},{"key":"724_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3233\/THC-151102","volume":"24","author":"R Luna","year":"2016","unstructured":"*Luna R, Rhine E, Myhra M, Sullivan R, Kruse CS. Cyber threats to health information systems: A systematic review. Technol Health Care. 2016;24:1\u20139.","journal-title":"Technol Health Care"},{"key":"724_CR22","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1080\/1364557032000119616","volume":"8","author":"H Arksey","year":"2005","unstructured":"Arksey H, O\u2019Malley L. Scoping studies: towards a methodological framework. Int J Soc Res Methodol. 2005;8:19\u201332.","journal-title":"Int J Soc Res Methodol"},{"key":"724_CR23","doi-asserted-by":"publisher","unstructured":"Levac D, Colquhoun H, O\u2019Brien KK. Scoping studies: advancing the methodology. Int J Nurs Stud. 2010. \n                    https:\/\/doi.org\/10.1186\/1748-5908-5-69\n                    \n                  .","DOI":"10.1186\/1748-5908-5-69"},{"key":"724_CR24","doi-asserted-by":"crossref","first-page":"873","DOI":"10.1093\/ptj\/89.9.873","volume":"89","author":"D Moher","year":"2009","unstructured":"Moher D, Liberati A, Tetzlaff J, Altman DG, Group TP. Preferred reporting items for systematic reviews and meta-analyses: the PRISMA statement (reprinted from annals of internal medicine). Phys Ther. 2009;89:873\u201380.","journal-title":"Phys Ther"},{"key":"724_CR25","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1177\/1932296816676189","volume":"11","author":"S Thiel","year":"2017","unstructured":"*Thiel S, Mitchell J, Williams J. Coordination or Collision? The Intersection of Diabetes Care, Cybersecurity, and Cloud-Based Computing. J Diabetes Sci Technol. 2017;11:195\u2013197.","journal-title":"J Diabetes Sci Technol"},{"key":"724_CR26","first-page":"14","volume":"2017","author":"S Mansfield-Devine","year":"2017","unstructured":"*Mansfield-Devine S. Leaks and ransoms \u2013 the key threats to healthcare organisations. Netw Secur. 2017;2017:14\u201319.","journal-title":"Netw Secur"},{"key":"724_CR27","doi-asserted-by":"publisher","unstructured":"*Rajam\u00e4ki J, Pirinen R. Towards the cyber security paradigm of ehealth: Resilience and design aspects. AIP Conf Proc 1836. 2017; doi: \n                    https:\/\/doi.org\/10.1063\/1.4981969\n                    \n                  .","DOI":"10.1063\/1.4981969"},{"key":"724_CR28","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1142\/S0219519407002170","volume":"07","author":"WSA Chee","year":"2007","unstructured":"*Chee WSA. It Security in Biomedical Imaging Informatics: the Hidden Vulnerability. J Mech Med Biol. 2007;07:101\u2013106.","journal-title":"J Mech Med Biol"},{"key":"724_CR29","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1089\/hs.2015.0077","volume":"14","author":"FL Smith","year":"2016","unstructured":"*Smith FL. Malware and Disease: Lessons from Cyber Intelligence for Public Health Surveillance. Heal Secur. 2016;14:305\u2013314.","journal-title":"Heal Secur"},{"key":"724_CR30","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1089\/tmj.2012.0022","volume":"19","author":"D Harries","year":"2013","unstructured":"*Harries D, Yellowlees PM. Cyberterrorism: is the U.S. healthcare system safe? Telemed J E Health. 2013;19:61\u201366.","journal-title":"Telemed J E Health"},{"key":"724_CR31","unstructured":"*Jones RW, Katzis K. Cybersecurity and the Medical Device Product Development Lifecycle. Stud Health Technol Inform. 2017;238:76\u2013239."},{"key":"724_CR32","doi-asserted-by":"publisher","first-page":"1143","DOI":"10.1177\/1932296815583334","volume":"9","author":"DC Klonoff","year":"2015","unstructured":"*Klonoff DC. Cybersecurity for Connected Diabetes Devices. J Diabetes Sci Technol. 2015;9:1143\u20131147.","journal-title":"J Diabetes Sci Technol"},{"key":"724_CR33","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1177\/1932296816678264","volume":"11","author":"J Sackner-Bernstein","year":"2017","unstructured":"*Sackner-Bernstein J. Design of Hack-Resistant Diabetes Devices and Disclosure of Their Cyber Safety. J Diabetes Sci Technol. 2017;11:198\u2013202.","journal-title":"J Diabetes Sci Technol"},{"key":"724_CR34","doi-asserted-by":"crossref","unstructured":"*Alvarenga A, Tanev G. Cybersecurity Risk Assessment Framework that Integrates Value-Sensitive Design. Technol Innov Manag Rev. 2017;7:32.","DOI":"10.22215\/timreview\/1069"},{"key":"724_CR35","doi-asserted-by":"publisher","first-page":"11","DOI":"10.3390\/computers6010011","volume":"6","author":"B Ondiege","year":"2017","unstructured":"*Ondiege B, Clarke M, Mapp G. Exploring a New Security Framework for Remote Patient Monitoring Devices. Computers. 2017;6:11.","journal-title":"Computers"},{"key":"724_CR36","doi-asserted-by":"publisher","first-page":"17","DOI":"10.22215\/timreview\/903","volume":"5","author":"G Tanev","year":"2015","unstructured":"*Tanev G, Apiafi R. A Value Blueprint Approach to Cybersecurity in Networked Medical Devices. Technol Innov Manag Rev. 2015;5:17\u201325.","journal-title":"Technol Innov Manag Rev"},{"key":"724_CR37","first-page":"25","volume":"226","author":"K Katzis","year":"2016","unstructured":"*Katzis K, Jones RW, Despotou G. The challenges of balancing safety and security in implantable medical devices. Stud Health Technol Inform. 2016;226:25\u201328.","journal-title":"Stud Health Technol Inform"},{"key":"724_CR38","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1109\/ACCESS.2016.2521727","volume":"4","author":"R Altawy","year":"2016","unstructured":"*Altawy R, Youssef AM. Security Tradeoffs in Cyber Physical Systems: A Case Study Survey on Implantable Medical Devices. IEEE Access. 2016;4:959\u2013979.","journal-title":"IEEE Access"},{"key":"724_CR39","unstructured":"*FDA issues reminder on cybersecurity for networked medical devices. Biomedical instrumentation & technology\/Association for the Advancement of Medical Instrumentation. 2010;Suppl:4."},{"key":"724_CR40","doi-asserted-by":"publisher","first-page":"343","DOI":"10.2214\/AJR.14.12882","volume":"204","author":"V Moses","year":"2015","unstructured":"*Moses V, Korah I. Lack of security of networked medical equipment in radiology. Am J Roentgenol. 2015;204:343\u2013353.","journal-title":"Am J Roentgenol"},{"key":"724_CR41","doi-asserted-by":"publisher","first-page":"913","DOI":"10.1111\/pace.13102","volume":"40","author":"B Ransford","year":"2017","unstructured":"*Ransford B, Kramer DB, Foo Kune D, Auto de Medeiros J, Yan C, Xu W, et al. Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists. Pacing Clin Electrophysiol. 2017;40:913\u2013917.","journal-title":"Pacing Clin Electrophysiol"},{"key":"724_CR42","first-page":"109","volume":"9","author":"TD Dimitrova","year":"2010","unstructured":"*Dimitrova TD. Risk and Protection of Medical Information Systems. Elektron Ir Elektrotechnika. 2010;9:109\u2013112.","journal-title":"Elektron Ir Elektrotechnika"},{"key":"724_CR43","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1145\/1089107.1089141","volume":"48","author":"PG Goldschmidt","year":"2005","unstructured":"*Goldschmidt PG. HIT and MIS: implications of health information technology and medical information systems. Commun ACM. 2005;48:68.","journal-title":"Commun ACM"},{"key":"724_CR44","doi-asserted-by":"publisher","first-page":"42","DOI":"10.5455\/aim.2012.21.42-45","volume":"21","author":"N Hajrahimi","year":"2013","unstructured":"*Hajrahimi N, Dehaghani SMH, Sheikhtaheri A. Health information security: a case study of three selected medical centers in iran. Acta Inform Med. 2013;21:42\u201345.","journal-title":"Acta Inform Med"},{"key":"724_CR45","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/s10916-017-0778-4","volume":"41","author":"CS Kruse","year":"2017","unstructured":"*Kruse CS, Smith B, Vanderlinden H, Nealand A. Security Techniques for the Electronic Health Records. J Med Syst. 2017;41:127.","journal-title":"J Med Syst"},{"key":"724_CR46","first-page":"174","volume-title":"Secure Data Management - 4th VLDB Workshop, SDM 2007, Proceedings","author":"R Hasan","year":"2007","unstructured":"*Hasan R, Winslett M, Sion R. Requirements of Secure Storage systems for healthcare records. In: Secure Data Management - 4th VLDB Workshop, SDM 2007, Proceedings. Springer-Verlag Berlin Heidlberg; 2007. p. 174\u2013180."},{"key":"724_CR47","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1016\/j.clsr.2012.01.003","volume":"28","author":"P Kierkegaard","year":"2012","unstructured":"*Kierkegaard P. Medical data breaches: Notification delayed is notification denied. Comput Law Secur Rev. 2012;28:163\u2013183.","journal-title":"Comput Law Secur Rev"},{"key":"724_CR48","doi-asserted-by":"publisher","unstructured":"*Page A, Kocabas O, Soyata T, Aktas M, Couderc JP. Cloud-Based Privacy-Preserving Remote ECG Monitoring and Surveillance. Ann Noninvasive Electrocardiol. 2015; doi: \n                    https:\/\/doi.org\/10.1111\/anec.12204","DOI":"10.1111\/anec.12204"},{"key":"724_CR49","doi-asserted-by":"publisher","first-page":"240","DOI":"10.3844\/jcssp.2014.240.250","volume":"10","author":"MA Bamiah","year":"2014","unstructured":"*Bamiah MA, Brohi SN, Chuprat S, Ab Manan J Lail. Trusted cloud computing framework for healthcare sector. J Comput Sci. 2014;10:240\u2013250.","journal-title":"J Comput Sci"},{"key":"724_CR50","doi-asserted-by":"publisher","unstructured":"*Pycroft L, Boccard SG, Owen SLF, Stein JF, Fitzgerald JJ, Green AL, et al. Brainjacking: Implant Security Issues in Invasive Neuromodulation. Elsevier. 2016; doi:\n                    https:\/\/doi.org\/10.1016\/j.wneu.2016.05.010\n                    \n                  .","DOI":"10.1016\/j.wneu.2016.05.010"},{"key":"724_CR51","doi-asserted-by":"publisher","unstructured":"*Lenzer J. Hackers demand $10m for eight million medical records they are holding hostage. BMJ. 2012; doi:b1917\\r\n                    https:\/\/doi.org\/10.1136\/bmj.b1917\n                    \n                  .","DOI":"10.1136\/bmj.b1917"},{"key":"724_CR52","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/s10916-017-0752-1","volume":"41","author":"JM Ehrenfeld","year":"2017","unstructured":"*Ehrenfeld JM. WannaCry, Cybersecurity and Health Information Technology: A Time to Act. J Med Syst. 2017;41:104.","journal-title":"J Med Syst"},{"key":"724_CR53","doi-asserted-by":"publisher","unstructured":"*Kramer DB, Baker M, Ransford B, Molina-Markham A, Stewart Q, Fu K, et al. Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance. PLoS One. 2012; doi:\n                    https:\/\/doi.org\/10.1371\/journal.pone.0040200\n                    \n                  .","DOI":"10.1371\/journal.pone.0040200"},{"key":"724_CR54","doi-asserted-by":"crossref","unstructured":"*Drevin L, Kruger H, Bell AM, Steyn T. A linguistic approach to information security awareness education in a healthcare environment. In: Bishop M, Futcher L, Miloslavskaya N, Theocharidou M, (eds) Information Security Education for a Global Digital Society. WISE 2017. IFIP Advances in Information and Communication Technology, vol 503. Springer, Cham; 2017.","DOI":"10.1007\/978-3-319-58553-6_8"},{"key":"724_CR55","doi-asserted-by":"publisher","first-page":"1319","DOI":"10.1001\/jama.2017.11986","volume":"318","author":"MP Jarrett","year":"2017","unstructured":"*Jarrett MP. Cybersecurity\u2014A Serious Patient Care Concern. JAMA. 2017;318:1319.","journal-title":"JAMA"},{"key":"724_CR56","unstructured":"*Masys DR, Baker DB. Patient-Centered Access to Secure Systems Online (PCASSO): a secure approach to clinical data access via the World Wide Web. AMIA Symp Proc. 1997;340\u2013343."},{"key":"724_CR57","unstructured":"*Ries JE, Asaro P V, Guillen A, Ivanova J. The futility of common firewall policies: an experimental demonstration. AMIA Symp Proc. 2000;699\u2013703."},{"key":"724_CR58","first-page":"1","volume":"7","author":"S Sankaranarayanan","year":"2016","unstructured":"*Sankaranarayanan S, Udayasuriyan V. Biometric Secured Electronic Health Record. Int J E-Health Med Commun. 2016;7:1\u201327.","journal-title":"Int J E-Health Med Commun"},{"key":"724_CR59","first-page":"25","volume":"1","author":"SE Swanson","year":"2001","unstructured":"*Swanson SE. Access management: Living with firewalls. J Hosp Librariansh. 2001;1:25\u201340.","journal-title":"J Hosp Librariansh"},{"key":"724_CR60","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1016\/j.compeleceng.2016.12.020","volume":"58","author":"T Lechler","year":"2017","unstructured":"*Lechler T, Wetzel S. Conceptualizing the silent risk of inadvertent information leakages. Comput Electr Eng. 2017;58:67\u201375.","journal-title":"Comput Electr Eng"},{"key":"724_CR61","doi-asserted-by":"publisher","unstructured":"*Kalyango ST, Maiga G. A technique for strengthening weak passwords in electronic medical record systems. Lect Notes Comput Sci. 2012; doi:\n                    https:\/\/doi.org\/10.1007\/978-3-642-53956-5\n                    \n                  .","DOI":"10.1007\/978-3-642-53956-5"},{"key":"724_CR62","first-page":"915","volume":"216","author":"MA Faysel","year":"2015","unstructured":"*Faysel MA. Evaluation of a Cyber Security System for Hospital Network. Stud Health Technol Inform. 2015;216:915.","journal-title":"Stud Health Technol Inform"},{"key":"724_CR63","first-page":"37","volume":"13","author":"J Pope","year":"2016","unstructured":"*Pope J. Ransomware: Minimizing the Risks. Innov Clin Neurosci. 2016;13:37\u201340.","journal-title":"Innov Clin Neurosci"},{"key":"724_CR64","doi-asserted-by":"publisher","first-page":"1115","DOI":"10.1007\/s11606-016-3741-z","volume":"31","author":"A Wright","year":"2016","unstructured":"*Wright A, Aaron S, Bates DW. The Big Phish: Cyberattacks Against U.S. Healthcare Systems. J Gen Intern Med. 2016;31:1115\u20131118.","journal-title":"J Gen Intern Med"},{"key":"724_CR65","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/s10278-016-9913-x","volume":"30","author":"SG Langer","year":"2017","unstructured":"*Langer SG. Cyber-Security Issues in Healthcare Information Technology. J Digit Imaging. 2017;30:117\u2013125.","journal-title":"J Digit Imaging"},{"key":"724_CR66","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1177\/1932296815602100","volume":"10","author":"DG Armstrong","year":"2016","unstructured":"*Armstrong DG, Kleidermacher DN, Klonoff DC, Slepian MJ. Cybersecurity Regulation of Wireless Devices for Performance and Assurance in the Age of \u201cMedjacking\u201d. J Diabetes Sci Technol. 2016;10:435\u2013438.","journal-title":"J Diabetes Sci Technol"},{"key":"724_CR67","doi-asserted-by":"publisher","first-page":"559","DOI":"10.1016\/j.clsr.2017.05.004","volume":"33","author":"T Webb","year":"2017","unstructured":"*Webb T, Dayal S. Building the wall: Addressing cybersecurity risks in medical devices in the U.S.A. and Australia. Comput Law Secur Rev. 2017;33:559\u2013563.","journal-title":"Comput Law Secur Rev"},{"key":"724_CR68","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1177\/1081180X08092831","volume":"14","author":"PAH Williams","year":"2008","unstructured":"*Williams PAH. When trust defies common security sense. Health Informatics J. 2008;14:211\u2013221.","journal-title":"Health Informatics J"},{"key":"724_CR69","doi-asserted-by":"publisher","first-page":"624","DOI":"10.4338\/ACI-2016-04-SOA-0064","volume":"7","author":"DF Sittig","year":"2016","unstructured":"*Sittig DF, Singh H. A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks. Appl Clin Inform. 2016;7:624\u2013632.","journal-title":"Appl Clin Inform"},{"key":"724_CR70","doi-asserted-by":"publisher","first-page":"1329","DOI":"10.1148\/rg.235035021","volume":"23","author":"RD Caruso","year":"2003","unstructured":"*Caruso RD. Part 1. Firewalls, Antivirus Software, and Internet Security Suites. Radiographics. 2003;23:1329\u20131337.","journal-title":"Radiographics"},{"key":"724_CR71","doi-asserted-by":"publisher","first-page":"10599","DOI":"10.1007\/s11042-015-3127-y","volume":"76","author":"SA Parah","year":"2017","unstructured":"*Parah SA, Sheikh JA, Ahad F, Loan NA, Bhat GM. Information hiding in medical images: a robust medical image watermarking system for E-healthcare. Multimed Tools Appl. 2017;76:10599\u201310633.","journal-title":"Multimed Tools Appl"},{"key":"724_CR72","doi-asserted-by":"crossref","unstructured":"*Kumari PV, Thanushkodi K. A Secure Fast 2D-Discrete Fractional Fourier Transform Based Medical Image Compression Using Hybrid Encoding Technique. 2013 Int Conf Curr Trends Eng Technol. 2013;1\u20137.","DOI":"10.1109\/ICCTET.2013.6675900"},{"key":"724_CR73","doi-asserted-by":"publisher","first-page":"943","DOI":"10.1016\/j.ics.2005.03.326","volume":"1281","author":"J Keese","year":"2005","unstructured":"*Keese J, Motzo L. Pro-active approach to malware for healthcare information and imaging systems. Int Congr Ser. 2005;1281:943\u2013947.","journal-title":"Int Congr Ser"},{"key":"724_CR74","doi-asserted-by":"publisher","first-page":"2077","DOI":"10.1001\/jama.2017.15692","volume":"318","author":"DB Kramer","year":"2017","unstructured":"*Kramer DB, Fu K. Cybersecurity Concerns and Medical Devices Lessons from a Pacemaker Advisory. JAMA. 2017;318:2077\u20132078.","journal-title":"JAMA"},{"key":"724_CR75","doi-asserted-by":"publisher","first-page":"664","DOI":"10.1089\/dia.2014.0328","volume":"17","author":"DT O\u2019Keeffe","year":"2015","unstructured":"*O\u2019Keeffe DT, Maraka S, Basu A, Keith-Hynes P, Kudva YC. Cybersecurity in Artificial Pancreas Experiments. Diabetes Technol Ther. 2015;17:664\u2013666.","journal-title":"Diabetes Technol Ther"},{"key":"724_CR76","doi-asserted-by":"publisher","first-page":"216","DOI":"10.1177\/1932296816681585","volume":"11","author":"KE Britton","year":"2017","unstructured":"*Britton KE, Britton-Colonnese JD. Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors. J Diabetes Sci Technol. 2017;11:216\u2013219.","journal-title":"J Diabetes Sci Technol"},{"key":"724_CR77","first-page":"22","volume":"77","author":"JD Elhai","year":"2015","unstructured":"*Elhai JD, Frueh BC. Security of Electronic Mental Health Communication and Record-Keeping in the Digital Age. J Clin Psychiatry. 2015;77:22\u201327.","journal-title":"J Clin Psychiatry"},{"key":"724_CR78","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1136\/amiajnl-2012-000906","volume":"20","author":"J Kwon","year":"2013","unstructured":"*Kwon J, Johnson ME. Security practices and regulatory compliance in the healthcare industry. J Am Med Informatics Assoc. 2013;20:44\u201351.","journal-title":"J Am Med Informatics Assoc"},{"key":"724_CR79","doi-asserted-by":"publisher","first-page":"1673","DOI":"10.1007\/s10916-010-9628-3","volume":"36","author":"C-H Liu","year":"2012","unstructured":"*Liu C-H, Chung Y-F, Chen T-S, Wang S-D. The Enhancement of Security in Healthcare Information Systems. J Med Syst. 2012;36:1673\u20131688.","journal-title":"J Med Syst"},{"key":"724_CR80","first-page":"215","volume":"208","author":"R Koppel","year":"2015","unstructured":"*Koppel R, Smith S, Blythe J, Kothari V. Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient? Stud Health Technol Inform. 2015;208:215\u2013220.","journal-title":"Stud Health Technol Inform"},{"key":"724_CR81","doi-asserted-by":"publisher","unstructured":"*Liebowitz J, Schaller R. Biological Warfare: Tampering with implantable medical devices. IT Prof. 2015; doi: \n                    https:\/\/doi.org\/10.1109\/MITP.2015.82","DOI":"10.1109\/MITP.2015.82"},{"key":"724_CR82","first-page":"8","volume":"48","author":"S Loughlin","year":"2014","unstructured":"*Loughlin S, Fu K, Gee T, Gieras I, Hoyme K, Rajagopalan SR, et al. A roundtable discussion: Safeguarding information and resources against emerging cybersecurity threats. Biomed Instrum Technol. 2014;48:8\u201317.","journal-title":"Biomed Instrum Technol"},{"key":"724_CR83","doi-asserted-by":"publisher","first-page":"347","DOI":"10.3928\/00220124-20160715-03","volume":"47","author":"L Billingsley","year":"2016","unstructured":"*Billingsley L, McKee SA. Cybersecurity in the Clinical Setting: Nurses\u2019 Role in the Expanding \u201cInternet of Things\u201d. J Contin Educ Nurs. 2016;47:347\u2013349.","journal-title":"J Contin Educ Nurs"},{"key":"724_CR84","doi-asserted-by":"publisher","first-page":"197","DOI":"10.2345\/0899-8205-49.3.197","volume":"49","author":"B Rios","year":"2015","unstructured":"*Rios B. Cybersecurity expert: Medical devices have \u201ca long way to go\u201d. Biomed Instrum Technol. 2015;49:197\u2013200.","journal-title":"Biomed Instrum Technol"},{"key":"724_CR85","doi-asserted-by":"crossref","first-page":"44","DOI":"10.5694\/j.1326-5377.1997.tb138705.x","volume":"166","author":"IR Cheong","year":"1997","unstructured":"*Cheong IR, Kidd MR. Safe practices in cyberspace: a medical perspective on computer viruses. Med J Aust. 1997;166:44\u201346.","journal-title":"Med J Aust"},{"key":"724_CR86","doi-asserted-by":"publisher","unstructured":"*Cohen IG, Hoffman S, Adashi EY. Your Money or Your Patient\u2019s Life? Ransomware and Electronic Health Records. Ann Intern Med. 2017; doi:\n                    https:\/\/doi.org\/10.7326\/M17-1312\n                    \n                  .","DOI":"10.7326\/M17-1312"},{"key":"724_CR87","doi-asserted-by":"crossref","unstructured":"*Jensen RD, Copeland S, Domas S, Hampton R, Hoyme K, Jump M, et al. A Roundtable Discussion: Thawing Out Healthcare Technology\u2019s \u2018Special Snowflake\u2019 Cybersecurity Challenges. Biomed Instrum Technol. 2017;51:10\u201316.","DOI":"10.2345\/0899-8205-51.s6.10"},{"key":"724_CR88","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1016\/j.procs.2017.11.193","volume":"119","author":"J Kasurinen","year":"2017","unstructured":"*Kasurinen J. Usability Issues of Virtual Reality Learning Simulator in Healthcare and Cybersecurity. Procedia Comput Sci. 2017;119:341\u2013349.","journal-title":"Procedia Comput Sci"},{"key":"724_CR89","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1097\/JCE.0b013e31823fe1bc","volume":"37","author":"WA Hyman","year":"2012","unstructured":"*Hyman WA. The integrating the healthcare environment-PCD-MEM medical device cyber security white paper: An overview. J Clin Eng. 2012;37:24\u201328.","journal-title":"J Clin Eng"},{"key":"724_CR90","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1016\/j.ics.2004.03.242","volume":"1268 C","author":"DM Seymour","year":"2004","unstructured":"*Seymour DM, McCall KR, DiPaola L. Security and interconnection of medical devices to healthcare networks. Int Congr Ser. 2004;1268 C:131\u2013134.","journal-title":"Int Congr Ser"},{"key":"724_CR91","doi-asserted-by":"publisher","unstructured":"*Burleson W, Clark SS, Ransford B, Fu K. Design challenges for secure implantable medical devices. Proc 49th Annu Des Autom Conf - DAC \u201812. 2012; doi:\n                    https:\/\/doi.org\/10.1145\/2228360.2228364\n                    \n                  .","DOI":"10.1145\/2228360.2228364"},{"key":"724_CR92","doi-asserted-by":"publisher","first-page":"1174","DOI":"10.1109\/JPROC.2014.2322103","volume":"102","author":"M Zhang","year":"2014","unstructured":"*Zhang M, Raghunathan A, Jha NK. Trustworthiness of Medical Devices and Body Area Networks. Proc IEEE. 2014;102:1174\u20131188.","journal-title":"Proc IEEE"},{"key":"724_CR93","doi-asserted-by":"publisher","first-page":"19","DOI":"10.2345\/0899-8205-51.s6.19","volume":"51","author":"M Busdicker","year":"2017","unstructured":"*Busdicker M, Upendra P. The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity. Biomed Instrum Technol. 2017;51:19\u201325.","journal-title":"Biomed Instrum Technol"},{"key":"724_CR94","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1145\/2667218","volume":"58","author":"J Sametinger","year":"2015","unstructured":"*Sametinger J, Rozenblit J, Lysecky R, Ott P. Security challenges for medical devices. Commun ACM. 2015;58:74\u201382.","journal-title":"Commun ACM"},{"key":"724_CR95","doi-asserted-by":"publisher","first-page":"26","DOI":"10.2345\/0899-8205-48.s1.26","volume":"48","author":"AJ Coronado","year":"2014","unstructured":"*Coronado AJ, Wong TL. Healthcare cybersecurity risk management: Keys to an effective plan. Biomed Instrum Technol. 2014;48:26\u201330.","journal-title":"Biomed Instrum Technol"},{"key":"724_CR96","doi-asserted-by":"publisher","unstructured":"*Burns AJ, Johnson ME, Honeyman P. A Brief Chronology of Medical Device Security. Commun ACM. 2016; doi:\n                    https:\/\/doi.org\/10.1145\/2890488","DOI":"10.1145\/2890488"},{"key":"724_CR97","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1109\/MC.2010.237","volume":"43","author":"N Leavitt","year":"2010","unstructured":"*Leavitt N. Researchers Fight to Keep Implanted Medical Devices Safe from Hackers. Computer. 2010;43:11\u201314.","journal-title":"Computer"},{"key":"724_CR98","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1145\/1516046.1516055","volume":"52","author":"K Fu","year":"2009","unstructured":"*Fu K. Inside risks Reducing risks of implantable medical devices. Commun ACM. 2009;52:25.","journal-title":"Commun ACM"},{"key":"724_CR99","doi-asserted-by":"publisher","unstructured":"*Fu K, Blum J. Controlling for cybersecurity risks of medical device software. Commun ACM. 2013; doi: \n                    https:\/\/doi.org\/10.2345\/0899-8205-48.s1.38","DOI":"10.2345\/0899-8205-48.s1.38"},{"key":"724_CR100","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1016\/j.ijcip.2017.04.001","volume":"19","author":"I Stine","year":"2017","unstructured":"*Stine I, Rice M, Dunlap S, Pecarina J. A cyber risk scoring system for medical devices. Int J Crit Infrastruct Prot. 2017;19:32\u201346.","journal-title":"Int J Crit Infrastruct Prot"},{"key":"724_CR101","doi-asserted-by":"publisher","first-page":"70","DOI":"10.4018\/IJEHMC.2017070105","volume":"8","author":"S Rauti","year":"2017","unstructured":"*Rauti S, Lahtiranta J, Parisod H, Hyrynsalmi S, Salanter\u00e4 S, Aromaa ME, et al. A Proxy-Based Solution for Asynchronous Telemedical Systems. Int J E-Health Med Commun. 2017;8:70\u201383.","journal-title":"Int J E-Health Med Commun"},{"key":"724_CR102","doi-asserted-by":"publisher","first-page":"941","DOI":"10.1016\/j.ijmedinf.2015.08.010","volume":"84","author":"Y He","year":"2015","unstructured":"*He Y, Johnson, C. Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template. Int J Med Inform. 2015;84:941\u2013949.","journal-title":"Int J Med Inform"},{"key":"724_CR103","doi-asserted-by":"publisher","first-page":"42","DOI":"10.4018\/ijhisi.2014010103","volume":"9","author":"F Kamoun","year":"2014","unstructured":"*Kamoun F, Nicho M. Human and Organizational Factors of Healthcare Data Breaches. Int J Healthc Inf Syst Informatics. 2014;9:42\u201360.","journal-title":"Int J Healthc Inf Syst Informatics"},{"key":"724_CR104","doi-asserted-by":"publisher","first-page":"48","DOI":"10.4018\/jebr.2009040103","volume":"5","author":"EJ Szewczak","year":"2009","unstructured":"*Szewczak EJ, Snodgrass CR. Business Associates in the National Health Information Network: Implications for Medical Information Privacy. Int J E-Business Res. 2009;5:48\u201362.","journal-title":"Int J E-Business Res"},{"key":"724_CR105","doi-asserted-by":"publisher","first-page":"374","DOI":"10.1136\/amiajnl-2013-002079","volume":"21","author":"IT Agaku","year":"2014","unstructured":"*Agaku IT, Adisa AO, Ayo-Yusuf OA, Connolly GN. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. J Am Med Informatics Assoc. 2014;21:374\u2013378.","journal-title":"J Am Med Informatics Assoc"},{"key":"724_CR106","doi-asserted-by":"crossref","unstructured":"*Diamantopoulou V, Angelopoulos K, Flake J, Praitano A, Ruiz JF, Jurjens J, et al. Privacy Data management and awareness for public adminstrations: a case study from the healthcare domain. In: 5th Annual Privacy Forum, APF 2017. Springer International Publishing; 2017. p. 192\u2013209.","DOI":"10.1007\/978-3-319-67280-9_11"},{"key":"724_CR107","doi-asserted-by":"crossref","unstructured":"*Bhatti R, Grandison T. Towards improved privacy policy coverage in healthcare using policy refinement. In: Secure Data Management - 4th VLDB Workshop, SDM 2007, Proceedings. Springer-Verlag Berlin Heidlberg; 2007. p. 158\u201373.","DOI":"10.1007\/978-3-540-75248-6_11"},{"key":"724_CR108","doi-asserted-by":"publisher","first-page":"63","DOI":"10.4015\/S1016237207000069","volume":"19","author":"J-C Chien","year":"2007","unstructured":"*Chien J-C, Wang J-P, Cho C-L, Chong F-C. Security Biosignal Transmission Based on Face Recognition for Telemedicine. Biomed Eng Appl Basis Commun. 2007;19:63\u201369.","journal-title":"Biomed Eng Appl Basis Commun"},{"key":"724_CR109","doi-asserted-by":"publisher","first-page":"954","DOI":"10.1016\/j.ics.2005.03.084","volume":"1281","author":"W Leetz","year":"2005","unstructured":"*Leetz W. Patching off-the-shelf software used in medical information systems. Int Congr Ser. 2005;1281:954\u2013958.","journal-title":"Int Congr Ser"},{"key":"724_CR110","doi-asserted-by":"publisher","first-page":"23","DOI":"10.2345\/0899-8205-50.1.23","volume":"50","author":"F Wu","year":"2016","unstructured":"*Wu F, Eagles S. Cybersecurity for medical device manufacturers: Ensuring safety and functionality. Biomed Instrum Technol. 2016;50:23\u201334.","journal-title":"Biomed Instrum Technol"},{"key":"724_CR111","doi-asserted-by":"publisher","first-page":"71","DOI":"10.4018\/jisp.2008070106","volume":"2","author":"BD Medlin","year":"2008","unstructured":"*Medlin BD, Cazier JA, Foulk DP. Analyzing the Vulnerability of U.S. Hospitals to Social Engineering Attacks: How Many of Your Employees Would Share Their Password? Int J Inf Secur Priv. 2008;2:71\u201383.","journal-title":"Int J Inf Secur Priv"},{"key":"724_CR112","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1212\/CON.0000000000000442","volume":"23","author":"RV Rose","year":"2017","unstructured":"*Rose R V., Kass JS. Mitigating Cybersecurity Risks. Contin Lifelong Learn Neurol. 2017;23:553\u2013556.","journal-title":"Contin Lifelong Learn Neurol"}],"container-title":["BMC Medical Informatics and Decision Making"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s12911-018-0724-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s12911-018-0724-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s12911-018-0724-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,10]],"date-time":"2020-01-10T19:09:48Z","timestamp":1578683388000},"score":1,"resource":{"primary":{"URL":"https:\/\/bmcmedinformdecismak.biomedcentral.com\/articles\/10.1186\/s12911-018-0724-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,11]]},"references-count":112,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["724"],"URL":"https:\/\/doi.org\/10.1186\/s12911-018-0724-5","relation":{},"ISSN":["1472-6947"],"issn-type":[{"value":"1472-6947","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,1,11]]},"assertion":[{"value":"22 June 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 December 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 January 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Not applicable","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"Not applicable","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare that they have no competing interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Publisher\u2019s Note"}}],"article-number":"10"}}