{"title":"医院的信息安全和隐私:文献制图和研究差距的回顾。","authors":"Steve Ahouanmenou, Amy Van Looy, Geert Poels","doi":"10.1080/17538157.2022.2049274","DOIUrl":null,"url":null,"abstract":"<p><p>Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function \"Protect,\" meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.</p>","PeriodicalId":54984,"journal":{"name":"Informatics for Health & Social Care","volume":"48 1","pages":"30-46"},"PeriodicalIF":2.5000,"publicationDate":"2023-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Information security and privacy in hospitals: a literature mapping and review of research gaps.\",\"authors\":\"Steve Ahouanmenou, Amy Van Looy, Geert Poels\",\"doi\":\"10.1080/17538157.2022.2049274\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function \\\"Protect,\\\" meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.</p>\",\"PeriodicalId\":54984,\"journal\":{\"name\":\"Informatics for Health & Social Care\",\"volume\":\"48 1\",\"pages\":\"30-46\"},\"PeriodicalIF\":2.5000,\"publicationDate\":\"2023-01-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Informatics for Health & Social Care\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://doi.org/10.1080/17538157.2022.2049274\",\"RegionNum\":4,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"HEALTH CARE SCIENCES & SERVICES\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Informatics for Health & Social Care","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1080/17538157.2022.2049274","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"HEALTH CARE SCIENCES & SERVICES","Score":null,"Total":0}
Information security and privacy in hospitals: a literature mapping and review of research gaps.
Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function "Protect," meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.
期刊介绍:
Informatics for Health & Social Care promotes evidence-based informatics as applied to the domain of health and social care. It showcases informatics research and practice within the many and diverse contexts of care; it takes personal information, both its direct and indirect use, as its central focus.
The scope of the Journal is broad, encompassing both the properties of care information and the life-cycle of associated information systems.
Consideration of the properties of care information will necessarily include the data itself, its representation, structure, and associated processes, as well as the context of its use, highlighting the related communication, computational, cognitive, social and ethical aspects.
Consideration of the life-cycle of care information systems includes full range from requirements, specifications, theoretical models and conceptual design through to sustainable implementations, and the valuation of impacts. Empirical evidence experiences related to implementation are particularly welcome.
Informatics in Health & Social Care seeks to consolidate and add to the core knowledge within the disciplines of Health and Social Care Informatics. The Journal therefore welcomes scientific papers, case studies and literature reviews. Examples of novel approaches are particularly welcome. Articles might, for example, show how care data is collected and transformed into useful and usable information, how informatics research is translated into practice, how specific results can be generalised, or perhaps provide case studies that facilitate learning from experience.