Cybersecurity Monitoring/Mapping of USA Healthcare (All Hospitals) - Magnified Vulnerability due to Shared IT Infrastructure, Market Concentration, & Geographical Distribution
In October 2024, there are two defining characteristics of a healthcare provider: (1) geographic location and services available at their physical structure and (2) Internet connectivity and services available via their virtual presence. For previous centuries we focused on the first defining characteristic and now we need to shift to understand and address issues that may arise from the new second defining characteristic. In this paper we address issues related to Internet connectivity and virtual presence of USA healthcare providers, especially hospitals, when ransomware cyberattacks resulting in service outages occur. We show the cybersecurity posture of a large critical national infrastructure (USA healthcare) can be measured, mapped, and quantitatively baselined. Empirical results reveal systemic issues in USA healthcare presenting "magnified vulnerabilities" in that a single exploit can have an outsized impact on an entire nationwide infrastructure. As the initial step toward addressing this issue, we document for the first time the magnified cybersecurity vulnerability of USA healthcare to shared IT infrastructure, market concentration, and the geographical distribution of hospitals.
History
Journal/Conference/Book title
HealthSec '24: Proceedings of the 2024 Workshop on Cybersecurity in HealthcarePublication date
2024-10-14Version
- Published