EARS to Cyber Incidents in Health Care

Abstract

Background: Connected medical devices and electronic health records have added important functionality to patient care, but have also introduced a range of cybersecurity concerns. When a healthcare organization suffers from a cybersecurity incident, its incident response strategies are critical to the success of its recovery. Objective: In this article, we identify gaps in research concerning cybersecurity response plans in health care. Through a systematic literature review, we develop aggregated strategies that professionals can use to construct better response strategies in their organizations. Methods: We reviewed journal articles on cyber incident response plans in health care published in PubMed and Web of Science. We sought to collect articles on the intersection of cybersecurity and health care that focused on incident response strategies. Results: We identified and reviewed thirteen articles for cybersecurity response recommendations. We then extracted information such as research methods, findings, and implications. Finally, we synthesized the recommendations into a framework of eight aggregated response strategies (EARS) that fall under managerial and technological categories. A direct comparison of EARS with other frameworks demonstrates the necessity of utilizing EARS in addition to these commonly accepted frameworks. While existing frameworks are undeniably useful, we have identified at least one point for potential improvement in each framework. Conclusions: We conducted a systematic review of the literature on cybersecurity response plans in health care and developed a novel framework for response strategies that could be deployed by healthcare organizations. More work is needed to evaluate incident response strategies in health care.