SOCIAL ENGINEERING AS AN EVOLUTIONARY THREAT TO INFORMATION SECURITY IN HEALTHCARE ORGANIZATIONS

Naiya Patel

= http://dx.doi.org/10.20473/jaki.v8i1.2020.56-64
Abstract views = 1544 times | downloads = 1144 times

Abstract


Information security in healthcare settings is overlooked even though it is the most vulnerable for social engineering attacks. The theft of hospital information data is critical to be monitored as they contain patients’ confidential health information. If leaked, the data can impact patients’ social as well as professional life. The hospital data system includes administrative data, as well as employees’ personal information hacked, which can cause identity theft. The current paper discusses types and sources of social engineering attacks in healthcare organizations. Social engineering attacks occur more frequently than other malware attacks, and hence it is crucial to understand what social engineering is and its vulnerabilities to understand the prevention measures. The paper describes types of threats, potential vulnerabilities, and possible solutions to prevent social engineering attacks in healthcare organizations.

 

Keywords: social engineering, hospitals, healthcare organizations, information security.

 


Full Text:

PDF

References


Brown, G. et al. (2008) ‘Social networks and context-aware spam’, in Proceedings of the ACM Conference on Computer Supported Cooperative Work, CSCW. San Diego. doi: 10.1145/1460563.1460628.

Bullée, J. W. H. et al. (2015) ‘The persuasion and security awareness experiment: reducing the success of social engineering attacks’, Journal of Experimental Criminology, 11, pp. 97–115. doi: 10.1007/s11292-014-9222-7.

Chitrey, A., Singh, D. and Singh, V. (2012) ‘A Comprehensive Study of Social Engineering Based Attacks in India to Develop a Conceptual Model’, International Journal of Information and Network Security (IJINS), 1(2), pp. 45–53. doi: 10.11591/ijins.v1i2.426.

Conteh, N. Y. and Schmick, P. J. (2016) ‘Cybersecurity:risks, vulnerabilities and countermeasures to prevent social engineering attacks’, International Journal of Advanced Computer Research, 6(23), pp. 31–38. doi: 10.19101/ijacr.2016.623006.

Heartfield, R. and Loukas, G. (2015) ‘A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks’, ACM Computing Surveys, 48(3), pp. 1–37. doi: 10.1145/2835375.

Heartfield, R., Loukas, G. and Gan, D. (2016) You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks, IEEE Access. doi: 10.1109/ACCESS.2016.2616285.

Irani, D. et al. (2011) ‘Reverse social engineering attacks in online social networks’, in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Amsterdam: Springer-Verlag Berlin Heidelberg. doi: 10.1007/978-3-642-22424-9_4.

Jagatic, T. N. et al. (2007) ‘Social phishing’, Communications of the ACM, 50(10), pp. 94–100. doi: 10.1145/1290958.1290968.

Krombholz, K. et al. (2015) ‘Advanced social engineering attacks’, Journal of Information Security and Applications, 22, pp. 113–122. doi: 10.1016/j.jisa.2014.09.005.

Medlin, B. D., Cazier, J. A. and Foulk, D. P. (2010) ‘Analyzing the Vulnerability of U.S. Hospitals to Social Engineering Attacks: How Many of Your Employees Would Share Their Password?’, International Journal of Information Security and Privacy (IJISP), 2(3). doi: 10.4018/jisp.2008070106.

Mick, Stephen S and Shay, P. D. (2014) Advances in health care organization theory. 2nd edn. New York: Jossey-Bass.

Mohan, P. and Singh, M. (2016) ‘Security Policies for Intelligent Health Care Environment’, Procedia Computer Science, 92, pp. 161–167. doi: 10.1016/j.procs.2016.07.341.

Narayana Samy, G., Ahmad, R. and Ismail, Z. (2010) ‘Security threats categories in healthcare information systems’, Health Informatics Journal, 16(3), pp. 201–209. doi: 10.1177/1460458210377468.

Office for Civil Rights (OCR) (2013) Summary of the HIPAA Privacy Rule, Health Information Privacy. Available at: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html# (Accessed: 12 December 2019).

Patel, N. (2017) ‘Modern Technology and Its Use as Storytelling Communication Strategy in Public Health’, MOJ Public Health, 6(3), pp. 338–341. doi: 10.15406/mojph.2017.06.00171.

Patel, N. (2018) ‘Bridging the gap of translation research in public health-from research to real world.’, MOJ Public Health, 7(6), pp. 347–349. Available at: https://www.researchgate.net/profile/Naiya_Patel2/publication/329451197_Bridging_the_gap_of_translation_research_in_public_health_-_from_research_to_real_world/links/5c094a694585157ac1ad2309/Bridging-the-gap-of-translation-research-in-public-health-from-r.

Patel, N. (2019) ‘Why New Drugs, Treatments, and Medical Devices Still Needs to be Tested Clinically Before Making it Available in the Market? A Systematic Review’, Journal of Neurological Research and Therapy, 3(1), pp. 1–5. doi: 10.14302/issn.2470-5020.jnrt-19-2618.

Salahdine, F. and Kaabouch, N. (2019) ‘Social Engineering Attacks: A Survey’, Future Internet, 11(89), pp. 1–17. doi: 10.3390/fi11040089.

Smith, A., Papadaki, M. and Furnell, S. M. (2009) ‘Improving awareness of social engineering attacks’, in IFIP Advances in Information and Communication Technology. Brazil: Springer, pp. 249–256. doi: 10.1007/978-3-642-39377-8_29.


Refbacks

  • There are currently no refbacks.




Web
Analytics

Views JAKI Stats

 

This journal is indexed by:

   

     

And many more...

We follow the ICMJE recommendations and Listed on 

 

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.