Singapore Institute of Technology
Browse

Cybersecurity Monitoring/Mapping of USA Healthcare (All Hospitals) - Magnified Vulnerability due to Shared IT Infrastructure, Market Concentration, & Geographical Distribution

Download (1.36 MB)
conference contribution
posted on 2025-01-10, 05:21 authored by William Yurcik, Andreas Schick, STEPHEN NORTHSTEPHEN NORTH, Michael Thorsten GastnerMichael Thorsten Gastner, Fabio Roberto de Miranda, Rodolfo da Silva Avelino, André Filipe de Moraes Batista, Gregory Pluta, Ian Brooks

In October 2024, there are two defining characteristics of a healthcare provider: (1) geographic location and services available at their physical structure and (2) Internet connectivity and services available via their virtual presence. For previous centuries we focused on the first defining characteristic and now we need to shift to understand and address issues that may arise from the new second defining characteristic. In this paper we address issues related to Internet connectivity and virtual presence of USA healthcare providers, especially hospitals, when ransomware cyberattacks resulting in service outages occur. We show the cybersecurity posture of a large critical national infrastructure (USA healthcare) can be measured, mapped, and quantitatively baselined. Empirical results reveal systemic issues in USA healthcare presenting "magnified vulnerabilities" in that a single exploit can have an outsized impact on an entire nationwide infrastructure. As the initial step toward addressing this issue, we document for the first time the magnified cybersecurity vulnerability of USA healthcare to shared IT infrastructure, market concentration, and the geographical distribution of hospitals.

History

Journal/Conference/Book title

HealthSec '24: Proceedings of the 2024 Workshop on Cybersecurity in Healthcare

Publication date

2024-10-14

Version

  • Published

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC