Home
DrugRxiv Drug Repurposing Network Medicine
REPO4EU Meet the team Drug Repurposing Research Collection Conference
Blog
Register Dashboard
Search
Home
DrugRxiv Drug Repurposing Network Medicine
REPO4EU Meet the team Drug Repurposing Research Collection Conference
My ScienceOpen

Register Dashboard
Search
71
views
cited by
0
1
comments
 Comment
0
recommends
+1 Recommend
0
shares
    464
    similar
     All similar
    • Review: found
    Is Open Access

    Review of 'Case Study: Responding to Cybersecurity Threats in the Healthcare Sector'

    Reviewer:
    Inviter role(s): USER
    Publication date of review:
    Bookmark
    4
    Case Study: Responding to Cybersecurity Threats in the Healthcare SectorCrossref
    A good case study on cybsersecurity threats in the healthcare sector in Boston
    Average rating:
        Rated 4 of 5.
    Level of importance:
        Rated 4 of 5.
    Level of validity:
        Rated 3 of 5.
    Level of completeness:
        Rated 4 of 5.
    Level of comprehensibility:
        Rated 4 of 5.
    Competing interests:
    		None

    Reviewed article

    • Record: found
    • Abstract: found
    • Article: found
    Is Open Access

    Case Study: Responding to Cybersecurity Threats in the Healthcare Sector

    Patrick Kiley (2024)
    The healthcare sector in the United States faced an unprecedented cybersecurity threat in October 2020, leading to a cascade of events without established protocols for response. This case study examines the response to the cyberattack in the Boston area (Region 4C), evaluating actions, outcomes, strengths, weaknesses, and strategies for future incidents. Initiated by credible threats reported by federal agencies, the incident escalated rapidly as hospitals encountered suspicious emails and ransomware attacks. Regional emergency management coordination, led by Conference of Boston Teaching Hospitals Emergency Management (COBTH), along with Boston Public Health Commission and Mayor’s Office of Emergency Management, played crucial roles in mitigating the crisis. Challenges such as communication disruptions and lack of cybersecurity personnel lists were swiftly addressed through establishment of redundant communication channels and information security officer lists. Strengths included pre-existing emergency preparedness measures, collaboration between healthcare entities and agencies, and timely information dissemination. Utilization of National Incident Management System (NIMS), Incident Command System (ICS), and Hospital Incident Command System (HICS) facilitated coordinated response. Despite the incident's resolution without patient care impacts, post-incident analysis identified areas for improvement. Recommendations include developing plans for communication downtime, creating cybersecurity officer lists, and enhancing redundant communication methods. Lessons learned emphasize the importance of proactive technology readiness and continual refinement of response protocols for future cyber threats.
    Article 0 comments Cited 0 times    Rated -3 of 5. – based on 3 reviews
    (Latest)
      Bookmark

      Review information

      DOI:: 10.14293/S2199-1006.1.SOR-MED.ATC7DF.v1.RLVEHX
      License:
      This work has been published open access under Creative Commons Attribution License CC BY 4.0, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Conditions, terms of use and publishing policy can be found at www.scienceopen.com.

      ScienceOpen disciplines: Medicine

      Review text

      Positives:

      • Clear and Detailed Description of the Incident
      • Use of Real-world Examples and Evidence
      • Comprehensive Coverage of Response Actions
      • Identification of Strengths and Weaknesses and Focus on Continuous Improvement

      Areas of improvement:

      • Lack of Depth in Analysis
      •  Insufficient Exploration of Broader Implications
      • Limited Engagement with Existing Literature
      • Need for Clearer Structure and Organization
      • Inconsistent Terminology and Definitions

       

      The case study "Responding to Cybersecurity Threats in the Healthcare Sector" provides a valuable account of a significant cybersecurity incident, with strong points in its clear description of events, use of real-world examples, and focus on strengths and continuous improvement. However, to enhance the case study's academic rigor and practical value, the author should deepen the analysis, engage more with existing literature, improve the structure and clarity, and offer more detailed recommendations. Addressing these areas for improvement will make the work more comprehensive, insightful, and applicable to broader contexts.

            

       

       

      Comments

      wrote:

      Hello,

      Thank you so much for taking the time to review this Case Study. With recent events such as the Crowdstrike Incident, this topic has been brought back to the forefront for planning and consideration. With recent events, we will likely conduct a new case study that looks at the response to the Crowdstrike Incident and compares this response to the recent response. Of importance, while this incident was of shorter duration, it had a far greater immediate impact on operations. With this more recent response, we were able to quickly respond and use lessons learned and strategies implemented to streamline and lead effective response to this IT downtime. With the ever changing threat landscape, we need to continue to learn and adapt to challenges by learning from events of the past.

      Sincerely,

      Patrick Kiley

      2024-08-23 12:42 UTC
      +1

      Comment on this review

      Version and Review History
      3
      Preprint
      Reviewed by Snehal Satish Reviewed by Philippe FunkReviewed by Dr. Karthik Meduri