Task Solutions of Developing The Security Program- CSIT988

Preview text

Running head: SECURITY, ETHICS AND PROFESSIONALISM
SECURITY, ETHICS AND PROFESSIONALISM
Name of the Student
Name of the University
Author Note
1 SECURITY, ETHICS AND PROFESSIONALISM
Abstract:
Managing the health information within a healthcare organization is one of the
important aspects. Considering that, Hillside Hospital also needs to have an effective system
that can protect the organization from a ny kinds of cyber -attacks and can protect the system
with proper security. This research has showcased different po licies and procedures that the
organization can adopt to ensure proper security within the organization. In addition to that
analysing risks and accordingly having security programs are the area that has been taken into
account in this study.
2 SECURITY, ETHICS AND PROFESSIONALISM
Table of Contents
Introd uc tio n: ………………………….. ………………………….. ………………………….. …………………………. 3
Solutio n: ………………………….. ………………………….. ………………………….. ………………………….. ….. 4
Disc ussio n: ………………………….. ………………………….. ………………………….. ………………………….. . 5
Pla nning & Po lic y: ………………………….. ………………………….. ………………………….. …………….. 5
De ve lop ing the sec urity pro gra m: ………………………….. ………………………….. …………………….. 8
Risk ma na ge me nt: ………………………….. ………………………….. ………………………….. ……………. 11
Protectio n Mec ha nism: ………………………….. ………………………….. ………………………….. …….. 13
Conc lusio n: ………………………….. ………………………….. ………………………….. ………………………… 16
Re fe re nces: ………………………….. ………………………….. ………………………….. …………………………. 17
3 SECURITY, ETHICS AND PROFESSIONALISM
Introduction:
In the sector of healthcare, organizations are dea ling with different security -related
issues concerning the conditions of the patient. Dealing with the information of the patient is
one of the challenging tasks that business organizations are facing while taking care of
patients and data. Based on the utilization of data, the medical institution can work on
providing better care and treat ment for patients. A case study of Hillside hospital has taken
into consideration that the hospital is having 200 beds and also provide different facilities
such as child care, emergency care, physiotherapy, pharmacy and much more other
consideration. Diff erent occupational people such as a therapist, medical offers, registers and
nurses are working to provide services to the patients. In addition to that, this medical
institution does not only provide services to the patients, some of the staff also work a s
medical researcher s. There are people who are also allocated to ac cess the information or data
of patients for different research purposes. This study will discuss different policies and
planning that can ensure providing better security protection to th e hospital in terms of
protecting data. In order to have that effect, a team of IT experts have been appointed to
provide security to the organization. The first and foremost th ing that needs to be taken into
consideration is about understanding the needs and requirements of security requirements in
the healthcare environment. Th e level of access is where the healthcare organization needs to
take into account from where the start in terms of security measurement takes into
consideration. The management of r isks also needs to take into consideration to ensure that
the organization does not find any errors within the organization in terms of security. The
development of a security program also needs to be discussed in the below research work
with differe nt hea lthcare privacy.
4 SECURITY, ETHICS AND PROFESSIONALISM
Solution:
Data security is considered to be one of the crucial parts of healthcare for protecting
the information of patients. Technological advancement can be effective to ensure the
protection of the data of patients in healthcare. The storage or server is one o f the
technological areas where the use of cloud storage is becoming effective (Ya ng, Hsu and Wu,
2022 ). This is where the organization does not need extra devices for storing the information
of the patient. This is because often it can be seen that having storage becomes difficult to
manage in terms of storing and without having an encrypting way of server, it becomes easier
for cyber attackers to get access to the system. But it also needs to keep in mind that
electronic records also increase the risks of data breaches because the injection of malware
damages the function of the data and also omits or deletes the stored data. In todayâ€s era,
doctors, nurses and other professionals in healthcare services are dependent on digital w ays
of storing and accessing data.
Hillside hospital is operating with a high number of patients and in order to manage
those dat a, the organization can have a different solution where the initial step is to educate
the staff of the healthcare because th e role of nurses, medical staff and other people must
know how to access the information (Mahapatra, Krishnamurthi and Nayyar, 2019 ).
Misguide in accessing data and lack of knowledge and awareness can also make the issues
towards the security consideration. Another effective solution is the encryption of data where
the storage and devices must be protected wi th a two -layer encryption method where the
unwanted users will face difficulty to break the encr yption to enter into the devices to access
data. In addition to that, restricting access to the data and application is another effective way
of minimizing the risks of security access. This is because often it can be seen that giving
access to all the med ical staff can be chaos to manage the information. Rather the
organization can keep a team who will also have the responsibility to access the information.
5 SECURITY, ETHICS AND PROFESSIONALISM
Along with that implementing proper control for the usage of data is another way to manage
the infor ma tio n in a proper way (Bhuyan et al . 2020 ).
Monitoring the use of information can be considered as another way because often the
healthcare researcher and doctors within the organization store data for different medical
purposes and to take care of the patient in a better way. Therefore monitoring the addition,
deletion and modification of data need proper care in terms of monitoring. There should be
proper measurements of logging into the system so that the organization can understand any
access of unwanted users. Data backup is another solution that can be taken into account by
the organization to make sure about no damage to data or information. This is be cause regular
backup can help the organization maintain the same count of information wit h protection
without any damage. With proper backup, even if cyber attackers attacks or damage the data,
the backup help the organization without any interruption of m edical operations in healthcare
services (Gauld, 2021 ).
Discussion:
Pl anni ng & Pol i cy :
There are different policies and planning that Hillside hospital must implement in
their healthcare operations so that they can get rid of any kinds of IT security issues which
will be discussed in this area of research as follows:
 Data bre ach re sponse policy: the healthcare organization which has been chosen as
the case study must develop a team that can ensure the condition of a data breach.
This is a crucial condi tion because even if cyber attackers use to attack, there will be
an unknown scenario. So after the incident of the breach, the team must respond
toward the negative side and must adopt different roles to ensure getting rid of the
situation. In addition, this policy will make sure to the patients that even if some
6 SECURITY, ETHICS AND PROFESSIONALISM
incident happens, there will be a systematic approach which will ensure no disruption
in the process of the treatment. This will increase the confidence among the entire
management of t he organization and also the patients can ensure their safeguard of
data (Fla umenhaft and Ben -Assuli, 2018 ). The policies will also make sure that,
before any breaches happen, the team must have the capability to get a hint of the
breach to ensure data pro tection of the devices and systems.
 Acce ptable e ncryption and ke y manage me nt policy: the main purpose of this
policy is to provide effective guidance that can make it limit the utilization of
encryption technologies. According to this policy, Hillside hos pital cannot implement
the encryption algorithm for other purposes except to have security from the
cybercriminal . If it has been found, that the organization is breaching the code of
conduct in te rms of adopting encryption, then the reputation of the organization can
be reduced and the patients will also reduce the trust in the organization (McLeod and
Dolezel, 2018 ). The management of the organization also ensures that the team IT
should not misguide or breach the security polic ies and there will be proper
monitoring of each and every security consideratio n.
 Risk asse ssme nt proce dure s and standards: this is considered to be another policy
where the organization must ensure following proper procedures to ensure about
managing the risks related to IT security. According to this policy, the organization
must identify , quantify and prioritize the acceptance of risk. All risks related to the IT
security may not have the same quantity of risks and thus the organization must
prioritize the risks related to the healthcare operations. The assessment of risks must
combine the systematic approach to estimating the magnitude of risks or in short risks
analysis. I n addition to that, the risk assessment also includes the process of
comparing ri sks against the criteria of risk to determine the risk’s significance (Peter
7 SECURITY, ETHICS AND PROFESSIONALISM
Stahl, 2019 ). There should be effective standards based on which risks can be
measured and accordingly implementation towards risk reduction can be taken into
account.
 M onitoring and logging policy: this is another key consideration where Hillside
hospital needs to have a team of IT experts who can monitor the system where the
information regarding the healthcare data. Even if the devices will b e encrypted and
protected, still it can monitor the login factors so that can detect any unwanted
activities. Each and every staff such as nurses, doctors and other medical researchers
must be aware of the policies related to logging into the devices because not all the
membe rs wil l be permitted to have access to the system and devices of healthcare.
Few those who will be really in the need of accessing the data such as doctors for
medical purposes of patients, the researchers for researching the medical conditions of
the patient wi ll only be permi tted to enter into the database (Park , Kim and Park,
2017 ). Any unwanted authorization from the staff will be punishable according to the
policy so that data can be stored in a proper way to be managed.
 Pe rsonne l se curity and data backup policy: The data base within the healthcare
organization should be separate storage or space for personnel data of patients and the
information of staff as well needs to be stored separately. This is needed because
differe nt kinds of patients can have different health conditions and accordingly
researchers and doctors need to work on it. In addition to that, the backup policy also
needs to take into account that each and every day the management required having a
backup of information . This is how the organization can ensure keeping data safe
from cyber attackers from getting access to data.
In order to follow the security policies the workers initially must be aware of the fact
that the attackers can attack without letti ng others know. Therefore each and everyone must
8 SECURITY, ETHICS AND PROFESSIONALISM
understand the consequences of security aspects so that the policies and procedures can be
followed accordingly. The safety of patient s comes with top priorities for the Hillside hospital
where the checking of identification needs to take into account (Newaz et al . 2021 ). The staff
of the organization, the patients and the families of patients also must be aware of the policies
and procedures regarding IT security so that their unawareness does not impact the healthcare
operations within the organization. It can also be said that security policies are not good until
and unless the workers are willing to protect the hospi tal and follow the good practices of
security consideration. The leaders within the organization must set a proper example and
train the workers in such a way so that they can ensure the effectiveness of the system and
can also protect the system with prop er security measures. The planning process also needs to
include trained personnel who can work on setting up the firewalls to protect the system of
Hillside hospital from any kinds of external attacks. The firewalls for data security need to be
developed based on software and hardware system depending on the capacity of the chosen
healthcare organization. In addition to that, the system also needs to have proper passwords
and security cons iderations so that not all users will be permitted to enter the syst em.
Multiple passwords can be utilized for different systems to make sure that the hackers will
not access the system (Abouelmehdi, Ben i-Hessane and Khaloufi, 2018 ). Along with that
changing passwords within a period of usage can also be another way to man age the
operations within the healthcare organization to make sure uninterrupted operations are
continuing. Using multi -factor authentication which is needed for e -prescribing systems in
healthcare can also be adopted for better security purposes.
Devel op i ng the securi ty program :
In terms of having a security program for providing IT security to the healthcare
operation, the business organization needs to develop a plan and for that, it needs a few stages
which will be discussed as follows:
9 SECURITY, ETHICS AND PROFESSIONALISM
Ste p 1: the first and foremost consideration is that Hillside hospital needs to develop a team
of few members who will take the security concerns into consideration related to the overall
activities and operations within the organization. The team will also be res ponsible for the
charges of developing and executing each and every policy related to IT security which has
been discussed above. In addition to that, the team will also be responsible for finding the
threats in cyber -security (Nasir et al . 2019 ). Updating all the things related to what is
happening with the information system or database will be the role that the team will play
within the organizatio n.
Ste p 2: After identifying and developing a proper team of a few members, now the
organization needs to h ave a security program or planning where the team will evaluate the
risks related to cyber -security, vulnerabilities and threats . Looking at how the system can be
vulnerable towards adopting and managing the risks is necessary. This is because without
know ing how the system can handle the risk, implementing measurements towards the
system will be difficult to take into consideration. Knowing and identifying the flows such as
inadequate training to staff, outdated software and testing of the system to ensure the
effectiveness of the operation. In order to understand about having no loopholes and gaps to
take better advantage of, this step needs to take into consideration where the team will
evaluate the weaknesses and accordingly specific measurements will ta ke into account (Angst
et al. 2017 ).
Ste p 3: After evaluating the reasons behind the risks associated with the security system, it
needs to identify the present measurements of protecti ng the system . Understanding how the
present security system is workin g and to what extent the present system can protect the
security consideration also needs to identify to have an updated system to keep the cyber
threats away. The team who has been given the responsibilities must test the system in
different ways and also must find out the threats and risks within the system. Accordingly, it
10 SECURITY, ETHICS AND PROFESSIONALISM
also needs to measure the areas such as physical security; features in business software,
procedural process, and guarded access are useful safeguards that need to be in place.
Therefo re the role of the IT
Ste p 4: In order to measure the threats and the effectiveness of the current system, the
healthcare organization now needs to conduct an analysis to find the risks that can impact
the business environment (Tanwar , Parekh and Evans, 2020 ). Examining the impact of the
breaches and issues within the organization is a necessary aspect. Without analysing the risk,
Hillside hospital might not be able to understand the things that can damage the control
procedure of risks and what will be t he consequences will also be understood effectively.
Determining which factors are linked with the dangers related to cyber security can provide a
better understand ing of the factors to provide a solutio n to the healthcare operations.
Ste p 5: Determining Regulatory Standards is another stage of planning where the
organization cannot implement security measurements related to their own choice. Rather
must have to follow certain guidelines to protect the system from cyber attackers. According
to The Securiti es and Exchange Commission (SEC), there are different requirements that
Hillside hospital must need to follow in order to develop a proper security program for the
organization (Yaqoob, Abbas and Atiquzzaman, 2019 ). The standards must include the
confident iality of stakeholders related to the healthcare operations such as patients, doctors,
medical researchers, therapists and many more other stakeholders. Maintaining a document
of regulations and letting the team of IT and workers within the organization be aware of the
regulatio ns needs to work on.
Ste p 6: After setting the regulatory standards, now it needs to create a disaster recovery and
plans for incident management where the team will have a certain plan of recovery after an
incident of a data breach within the organization. Even if developing strategies for protecting
11 SECURITY, ETHICS AND PROFESSIONALISM
the healthcare system, the organization needs to evaluate the hazards of security breaches.
This is because, after the implementation of data security plans, cyber attackers can also ha ve
a solution to attack the system to access that which might not be in the control of the security
management team. But recovering after an incident or disaster also needs to take into account
to make sure that the system can manage and can have interrupt ed services in the healthcare
system (Knapp, Maurer and Plachkinova, 2017 ). Making a detailed outline of the process can
help the IT team to respond to the breaches of cyber security in an orderly and calm manner.
Ste p 7 : the last stage of the planning for IT security can be the training and evaluation
program of workers . This is because, after the process of implementing different policies and
measurements, the organization now needs to provide effective training to the wo rkers. This
is because the workers are the key stakeholders who will be accessing the database of the
healthcare system. In addition to that, the employees must be aware of the standards so that
they can act accordingly and will not breach the security pol icies within the healthcare
services.
Ri sk management:
The risk assessment related to healthcare indicates the procedure of identifying ,
analysing and implementing processes and systems to protect the healthcare assets from
different kinds of risks. The confidentiality in the healthcare data and lack of effective
management can in this healthcare industry and organization be a gap between the life and
death of an individual (Hathaliya and Tanwar, 2020 ). The changing nature of cyber security
is increasing the pressure on the healthcare organization to damage the workplace activities to
keep them away from the cyber -attacks . Therefore proper risk management needs to be
evaluated for the business organization. There are few objectives related to the
implemen tation or adoption of risk management in the sector of healthcare and knowing the
objectives are necessary before finding the stages of risk management. Identifying th e
12 SECURITY, ETHICS AND PROFESSIONALISM
vulnerabilities of the network is one of the objectives that Hillside Hospital needs to take into
consideration. Cyber -security is one of the growing concerns for different healthcare
organizations where the chosen organization is also included. Being a medium -sized
organization, Hillside Hospital needs to consider key components of the system related to risk
management (Salih et al. 2019 ). The organization is having access to sensitive information
about a vast range of patients that can be mishandled, and can also be life -threatening to the
patients. According to the Health Insurance Por tability and Accountability Act (HIPPA),
there are certain guidelines and requirements that need to follow to make sure about the
safety of the patients (Thompson, 2020 ). If something went wrong, not only the patients will
have to face the consequences but the reputation of the organization will also be reduced
drastically. Based on the risk management , the organization can return to the healthcare
operation even after an incident occurs within the organization. Without having a proper risk
assessment metho d, it will be difficult to quickly return to the process as soon as possible to
continue the operations. Now, this part of the research will discuss a few considerations
related to effective risk manageme nt which will be discussed as follows:
 Identifying t he risks related to IT security is the first aspect that the organization
needs to work on. This first step is for the building of the system of healthcare risks to
gain a more complete view of potential attacks so that accordingly measurements can
be take n into account (Kaur et al. 2020 ). The risk tolerance and appetite can
determine the extent to which the system can go on to protect the IT security system.
In addition to that with the adoption of threat intelligence, the system will inform the
security teams within the organization about the past, present and future threats
(Manogaran et al . 2018 ).
 Analysing and classifying the risks are considered the seco nd stage of risk
management where the team of security management will ensure the level and quality
13 SECURITY, ETHICS AND PROFESSIONALISM
of risks. Based on the likelihood of risk occurrence , the organization can prioritize
protecting the system from those risks (Petschni g and Haslinger -Baumann, 2017 ). The
more the risks will have an impact, the more protective measurements will be given to
those risks to make sure effective measurement and protection will be given to the
databases of patients within the organizatio n.
 Assessing and esta blishing the controls of security is the third stage of risk
assessment where based on the prioritization of risks, proper control can be
implemented within the system (Dias et al . 2021 ). The organization must give proper
hope to the patients that their se nsitive data is completely safe within the organization
and will only be utilized for the purposes of medical research to provide better care to
patients. Evaluating the existing control, understanding the gaps and accordingly
establishing a new system to reduce the gaps needs to be worked on.
 Third -party risk management can also be seen in this current era of healthcare
services where the chosen organization Hillside Hospital can also employ the
assistance of third -party vendors to streamline the care of patients and can also
optimize the efficiencies within the operations. But by assessing the sensitive
information of patient s, they might breach the security protocols within the network.
That is why the business organization with their IT team needs to have proper
visibility of the third -party vendors so that they do not breach any protocols which can
hamper the continuo us operations within the organiza tio n (Catalyst, 2018 ).
Protecti on Mechani sm:
The concepts of a protection mechanism are to implement the layers of trust among
the levels of security within a system. Similarly, in the case of Hillside H ospital, the trust
level needs to be there in the operating systems to provide a structured way to
14 SECURITY, ETHICS AND PROFESSIONALISM
compartmentalize the access of data and a lso can create a hierarchical order (Velibor, 2020 ).
There are differe nt sections of data protection which will be discussed in the following area:
 Laye ring: in order to protect the resources of the system, the data system within the
organization must use a form of layering. If the organization is using UNIX , then it
uses a two -layer approach to manag e the system resources. In addition to that, while
using protected resources such as disk, the system sends a request to the operating
system and accordingly act is used to perform. If found anything wrong with the
resources, then the system sends a notification about t he negative side and
accordingly, actions are stopped performing and the s ystem can be protected
alongside (Herzig and Walsh, 2020 ). In short, i t can also be said that the process of
layering makes it difficult for the hackers to enter into a system among different
layers where they cannot ensure which layer is the k ey to getting access to the
database. Therefore with the help of a layering protec tion mechanism, the healthcare
organization can protect the resources of the operating system and can set security
zones. In order to enter into the zones, each and every authorized user must have
proper access to and without special permission the data ca nnot be moved from one
place to another in terms of zone to zone. Therefore will become challenging for the
hackers to enter those zones without having access control. Thus this method is also
called an Access Control System where without having special pe rmission, the users
and the organization can protect the system from unwanted access into the system
(Kure, Islam and Razzaque, 2018 ).
 Abstraction: This is another mechanism for protecting the data of patients and staff
within the chosen case study of the healthcare organization. This is one of the
common terms within the area of object -oriented design. Data is stored within the
system as a collection which is called an object and based on classes and methods a
15 SECURITY, ETHICS AND PROFESSIONALISM
user can have access to the data. Based on the classification of objects, data can be
searched an d found by authorized users. If an unwanted user wants to have an access
to those data, decoding the classification of an object can become c hallenging to take
into account (Sardi et al . 2020 ). Thus wit h the process of abstraction, the grouping of
data can be done and accordingly can make it safe within the system for business
operations.
 Data Hiding: this is where the layering process works as often access to all levels of
data is not provided to the s taff and that is where the process of data hiding works.
Data in different levels is often used for internal calculations and hiding those data in
a certain layer, can keep the hackers a way to find out the hidden data which can
hamper the business operatio ns.
 Encryption: this is one of the most used and effective ways of protecting a device or
system. In this case of a healthcare organization, this method of encryption helps in
keeping the secret key to access the data within a system (Lv and Qiao, 2020 ). The
way developing algorithms which are utilized to encrypt data is being done by
Cryptography in order to store and transmit data. Often it can be seen that while
transmitting data through a medium, the hackers used to inject malware in the process
of tra nsmission and accordingly get access to those data. Thus with the process of
encryption, the storing and transmission process holds a certain security key which
also encrypted the information that is being sent through the mediums. Decoding that
information needs the key to finding out the information and that is where the hackers
do not get opportunities. The same key for the process of encryption and decryption
can ensure keeping the data safe in the business environment (Son, Nguyen and Vo ,
20 19 ). Not only in the healthcare system but also while operating through internet
sources the process of encryption can help the organization prevent any unwanted
16 SECURITY, ETHICS AND PROFESSIONALISM
access to enter into the transmission and storing of data in internet -based storage such
as cl oud services.
Conclusion:
The research report which has been conducted above is all about a healthcare
organization which is operating with a 200 bed and has different facilities for the patients
within the organization Hillside Hospital . There are peopl e working with patients directly and
indirectly for different purposes. Therefore managing the data or information of patients and
staff is an essential consideration for each and every healthcare organization. Managing the
confidentiality of patients, pro viding health privacy to them and maintaining different levels
of access all fall under the security consideration within the organization. This research has
discussed the ways that the organization can provide better security to the database of
Hillside H ospital. The research has been started with the planning and policy related to IT
security within the organization and ended with a different protection mechanism that can
help the organization prevent any unwanted attacks or assess the healthcare system.
Developing a proper security program and managing the risks related to security are the key
areas that have been elaborated on in the above research.
17 SECURITY, ETHICS AND PROFESSIONALISM
References :
Abouelmehdi, K., Beni -Hessane, A. and Khaloufi, H., 2018. Big healthcare data: preserving
security and privacy. Journal of big data , 5(1), pp.1 -18.
Angst, C.M., Block, E.S., D’arcy, J. and Kelley, K., 2017. When do IT security investments
matter? Accounting for the influence of institutional factors in the conte xt of healthcare data
breaches. Accounting for the Influence of Institutional Factors in the Contex t of Healthcare
Data Breaches (January 24, 2016). Angst, CM, Block , ES, D’Arcy, J., and Kelley, K , pp.893 –
916.
Bhuyan, S.S., Kabir, U.Y., Escareno, J.M., Ect or, K., Palakodeti, S., Wyant, D., Kumar, S.,
Levy, M., Kedia, S., Dasgupta, D. and Dobalian, A., 2020. Transforming healthcare
cybersecurity from reactive to proactive: current status and future recommendations. Journal
of medical systems , 44 (5), pp.1 -9.
Catalyst, N.E.J.M., 2018. What is risk manageme nt in healthcare?. NEJM Catalyst .
Dias, F.M., Martens, M.L., de Paula Monken, S.F., da Silva, L.F. and Santibanez -Gonzalez,
E.D.R., 2021. Risk management focusing on the best practices of data security systems for
healthcare. International Journal of Innov ation , 9(1), pp.45 -78.
Flaumenhaft, Y. and Ben -Assuli, O., 2018. Personal health records, global policy and
regulatio n review. Health Policy , 122 (8), pp.815 -826.
Gauld, R., 2021. The challenges of long -range p lanning for healthcare funding, performance
and outcomes. The New Zealand Medical Journal (Online) , 134 (1533), pp.8 -10.
Hathaliya, J.J. and Tanwar, S., 2020. An exhaustive survey on security and privacy issues in
Healthcare 4.0. Computer Communications , 15 3, pp.311 -335.
18 SECURITY, ETHICS AND PROFESSIONALISM
Herzig, T. and Walsh, T., 2020. Implementing information security in healthcare: building a
security program . CRC Press.
Kaur, J., Khan, A.I., Abushark, Y.B., Alam, M.M., Khan, S.A., Agrawal, A., Kumar, R. and
Khan, R.A., 2020. Security risk assessment of healthcare web application through adaptive
neuro -fuzzy inference system: A design perspective. Risk Management and Healthcare
Policy , 13 , p.355.
Knapp, K.J., Maurer, C. and Plachkinova, M., 2017. Maintaining a cybersecurity curriculum:
Prof essional certifications as valuable guidance. Journal of Information Systems
Education , 28 (2), p.101.
Kure, H.I., Islam, S. and Razzaque, M.A., 2018. An integrated cyber security risk
manageme nt approach for a cyber -physica l system. Applied Sciences , 8(6), p.898.
Lv, Z. and Qiao, L., 2020. Analysis of healthcare big data. Future Generation Computer
Systems , 109 , pp.103 -110.
Mahapatra, B., Krishnamurthi, R. and Nayyar, A., 2019. Healthcare models and algorithms
for privacy and security in healthcare records. Security and Priv acy of Electronic Healthcare
Records: Concepts, Paradigms and Solutions , p.183.
Manogaran, G., Varatharajan, R., Lopez, D., Kumar, P.M., Sundarasekar, R. and Thota, C.,
2018. A new architecture of Internet of Things and big data ecosystem for secured smart
healthcare monitoring and alerting system. Future Generation Computer Systems , 82 , pp.375 –
387.
McLeod, A. and Dolezel, D., 2018. Cyber -analytics: Modeling factors associated with
healthcare data breaches. Decision Support Systems , 108 , pp.57 -68.
19 SECURITY, ETHICS AND PROFESSIONALISM
Nasir, A., Arshah, R.A., Ab Hamid, M.R. and Fahmy, S., 2019. An analysis on the
dimensions of information security culture concept: A review. Journal of Information
Security and Applications , 44 , pp.12 -22.
Newaz, A.I., Sikder, A.K., Rahman, M.A. and Uluagac, A.S., 2021. A survey on security and
privacy issues in modern healthcare systems: Attacks and defenses. ACM Transactions on
Computing for Healthcare , 2(3), pp.1 -44.
Park, E.H., Kim, J. and Park, Y.S., 2017. The role of information security lea rning and
individual factors in disclosing patients’ health information. Computers & Security , 65 , pp.64 –
76.
Peter Stahl, C.F.P., 2019. The Convergence of Healthcare and Financia l Planning.
Petschnig, W. and Haslinger -Baumann, E., 2017. Critical Incident Re porting System (CIRS):
a fundamental component of risk management in health care systems to enhance patient
safety. Safety in Health , 3(1), pp.1 -16.
Salih, F.I., Bakar, N.A.A., Hassan, N.H., Yahya, F., Kama, N. and Shah, J., 2019. IOT
security risk managem ent model for healthcare industry. Malaysian Journal of Computer
Science , pp.131 -144.
Sardi, A., Rizzi, A., Sorano, E. and Guerrieri, A., 2020. Cyber risk in health facilities: A
systematic literature review. Sustainability , 12 (17), p.7002.
Son, H.X., Nguy en, M.H. and Vo, H.K., 2019, May. Toward an privacy protection based on
access control model in hybrid cloud for healthcare systems. In International Joint
Conference: 12th International Conference on Computational Intelligence in Security for
Information Systems (CISIS 2019) and 10th International Conference on EUropean
Transnational Education (ICEUTE 2019) (pp. 77 -86). Springer, Cham.
20 SECURITY, ETHICS AND PROFESSIONALISM
Tanwar, S., Parekh, K. and Evans, R., 2020. Blockchain -based electronic healthcare record
system for healthcare 4.0 applic ations. Journal of Information Security and Applications , 50 ,
p.102407.
Thompson, E.C., 2020. Designing a HIPAA -Compliant Security Operations Center: A Guide
to Detecting and Responding to Healthcare Breaches and Ev ents . Apress.
Velibor, B.O.Ž.I.Ć., 2020. Managing information security in healthcare. ORAȘE
INTELIGENTE ȘI DEZVOLTARE REGIONALĂ , 4(02), pp.63 -83.
Yang, C.H., Hsu, W. and Wu, Y.L., 2022. A hybrid multiple -criteria decision portfolio with
the resource constraints model of a smart healthcare managem ent system for public medical
centers. Socio -economic planning sciences , 80 , p.101073.
Yaqoob, T., Abbas, H. and Atiquzzaman, M., 2019. Security vulnerabilities, attacks,
countermeasures, and regulations of networked medical devices — A review. IEEE
Communic ations Surv eys & Tutorials , 21 (4), pp.3723 -3768.