Denis Gracanin receives CCI Award

The Commonwealth Cyber Initiative (CCI) Southwest Virginia (“CCI SWVA”), awarded Denis Gracanin, Department of Computer Science (PI) and Sarah Parker, Carilion School of Medicine (Co-PI), a grant entitled “Cybersecurity for Healthcare Teams.” CCI SWVA is a regional node of the Commonwealth Cyber Initiative (“CCI”). 

CCI SWVA seeks to build an ecosystem of research, entrepreneurship, and workforce development in advanced cyber technologies across the Commonwealth. The Commonwealth Cyber Initiative (CCI) is Virginia’s main access point for cybersecurity research, innovation, workforce development, and news. In this community, researchers can find funding and collaboration, and students can discover diverse career opportunities.

Abstract

The adoption of healthcare technology is a complex process that requires major planning, implementation time, and continuous management (especially software updates). While healthcare organizations are investing a lot of money and efforts to integrate their operations, they are not doing enough to address cybersecurity challenges (e.g., to maintain and update the software). We witnessed in recent years a significant increase in healthcare related cyberattacks (e.g., ransomware attacks). 

Cybersecurity in healthcare can be defined as protection of electronic information and assets from unauthorized access, use and disclosure. There are three cybersecurity goals: protecting the confidentiality, integrity, and availability of information (“CIA triad”). Healthcare organizations did not keep up with cybersecurity trends and threats so they are very vulnerable to cybersecurity attacks. With technology companies (e.g., Amazon, Apple) acquiring healthcare platforms and with self-monitoring technology becoming ever more ubiquitous, cybersecurity issues are becoming very important. In addition to technological advancement, federal policy changes also contribute to cybersecurity vulnerability. Federal initiatives are promoting the expansion of electronic healthcare information exchanges requiring healthcare organizations to depend on networking and related information technology. Cybersecurity breaches could result in identity theft, medical fraud, extortion, and the ability to illegally obtain controlled substances.

Healthcare cybersecurity is essential for the normal functioning of healthcare organizations. There are many types of specialized healthcare information systems such as electronic health record (EHR) systems, e-prescribing systems, practice management support systems, clinical decision support systems, radiology information systems and computerized physician order entry systems. There are thousands of Internet of Things (IoT) hospital devices that must be protected. Such IoT devices include smart elevators, smart heating, ventilation and air conditioning (HVAC) systems, infusion pumps, remote patient monitoring devices and others. 

The healthcare stakeholders (patients, healthcare workers, IT support, manufacturers) must be aware of the cybersecurity challenges and be able to address them. At the same time healthcare workers are also data-workers, who must interpret complex and dense amounts of data and seek meaning or patterns in large amounts of noise. They are increasingly dependent on the healthcare information systems and thus increasingly vulnerable to cybersecurity attacks. The introduction of new technological innovation has outstripped their understanding of the challenges for facilitating human-human relationships and cybersecurity factors. We propose to investigate the impact of cybersecurity factors on healthcare team workflows and determine the best practices in addressing the relevant cybersecurity problems.