医院的信息安全和隐私:文献制图和研究差距的回顾。

IF 2.5 4区 医学 Q2 HEALTH CARE SCIENCES & SERVICES
Steve Ahouanmenou, Amy Van Looy, Geert Poels
{"title":"医院的信息安全和隐私:文献制图和研究差距的回顾。","authors":"Steve Ahouanmenou,&nbsp;Amy Van Looy,&nbsp;Geert Poels","doi":"10.1080/17538157.2022.2049274","DOIUrl":null,"url":null,"abstract":"<p><p>Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function \"Protect,\" meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.</p>","PeriodicalId":54984,"journal":{"name":"Informatics for Health & Social Care","volume":"48 1","pages":"30-46"},"PeriodicalIF":2.5000,"publicationDate":"2023-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Information security and privacy in hospitals: a literature mapping and review of research gaps.\",\"authors\":\"Steve Ahouanmenou,&nbsp;Amy Van Looy,&nbsp;Geert Poels\",\"doi\":\"10.1080/17538157.2022.2049274\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function \\\"Protect,\\\" meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.</p>\",\"PeriodicalId\":54984,\"journal\":{\"name\":\"Informatics for Health & Social Care\",\"volume\":\"48 1\",\"pages\":\"30-46\"},\"PeriodicalIF\":2.5000,\"publicationDate\":\"2023-01-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Informatics for Health & Social Care\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://doi.org/10.1080/17538157.2022.2049274\",\"RegionNum\":4,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"HEALTH CARE SCIENCES & SERVICES\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Informatics for Health & Social Care","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1080/17538157.2022.2049274","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"HEALTH CARE SCIENCES & SERVICES","Score":null,"Total":0}
引用次数: 3

摘要

信息安全和隐私是每个行业都关注的问题。医疗保健行业在实施网络安全措施方面落后。因此,由于患者数据的重要性,医院更容易受到网络事件的影响。目前,人们对医院信息安全和隐私的最新研究知之甚少。本研究的目的是报告系统文献综述的结果,研究的信息安全和隐私在医院的应用。按照PRISMA方法进行了系统的文献综述。为了根据网络安全领域参考我们的样本,我们根据两个网络安全框架对每篇文章进行了基准测试:ISO 27001附件A和NIST框架核心。我们的论文中有限的文章提到了ISO 27001的政策和合规部分。此外,我们的大多数样本都是根据NIST功能“保护”进行分类的,这意味着与身份管理、访问控制和数据安全相关的活动。此外,我们还确定了安全和隐私研究至关重要的关键领域,如大数据、物联网、云计算、标准和法规。结果表明,尽管网络安全日益受到医院的关注,但在某些领域的研究仍然薄弱。考虑到网络攻击在医疗保健行业的反复出现,我们呼吁在我们的分析中发现的信息安全和隐私的管理和非技术领域对医院进行更多的研究。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Information security and privacy in hospitals: a literature mapping and review of research gaps.

Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function "Protect," meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
6.10
自引率
4.20%
发文量
21
审稿时长
>12 weeks
期刊介绍: Informatics for Health & Social Care promotes evidence-based informatics as applied to the domain of health and social care. It showcases informatics research and practice within the many and diverse contexts of care; it takes personal information, both its direct and indirect use, as its central focus. The scope of the Journal is broad, encompassing both the properties of care information and the life-cycle of associated information systems. Consideration of the properties of care information will necessarily include the data itself, its representation, structure, and associated processes, as well as the context of its use, highlighting the related communication, computational, cognitive, social and ethical aspects. Consideration of the life-cycle of care information systems includes full range from requirements, specifications, theoretical models and conceptual design through to sustainable implementations, and the valuation of impacts. Empirical evidence experiences related to implementation are particularly welcome. Informatics in Health & Social Care seeks to consolidate and add to the core knowledge within the disciplines of Health and Social Care Informatics. The Journal therefore welcomes scientific papers, case studies and literature reviews. Examples of novel approaches are particularly welcome. Articles might, for example, show how care data is collected and transformed into useful and usable information, how informatics research is translated into practice, how specific results can be generalised, or perhaps provide case studies that facilitate learning from experience.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信