1 / 24

Cyber Security Threats to Public Health

Cyber Security Threats to Public Health. Daniel J. Barnett, MD, MPH Associate Professor Department of Environmental Health Sciences Johns Hopkins Bloomberg School of Public Health. The Problem. “Everything gets hacked” – Bruce Schneier HITECH Rollout

brier
Download Presentation

Cyber Security Threats to Public Health

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Threats to Public Health Daniel J. Barnett, MD, MPH Associate Professor Department of Environmental Health Sciences Johns Hopkins Bloomberg School of Public Health

  2. The Problem • “Everything gets hacked” – Bruce Schneier • HITECH Rollout • Increased electronic healthcare infrastructure • Minimal coincident healthcare security • Healthcare as a “tantalizing opportunity” for cyberterrorism (Harries & Yellowlees 2013)

  3. Blackouts…

  4. …Chemical Spills…

  5. …and Targeted Attacks?

  6. Attack Scenarios • EMR Data -> Targeted blackmail/broad-scale mistrust in healthcare • Public Infrastructure -> Large-scale crisis • Medical Devices and Hospital Infrastructure -> Direct attacks on patients and providers

  7. Healthcare seems to “[lag] behind the other critical industries, mostly because of its diverse, fragmented nature and a relative lack of regulation when compared with, say, the energy industry.” (Colias, 2004)

  8. What can we leverage? Barnett, Kirk, Lord, et al., 2013

  9. Health Care Delivery System • Vulnerabilities • Power/public utilities dependency (GAO, 2012b) • Direct attacks/hacking (Kramer et al., 2012) • Theft/loss of data • Strengths • Specialized skill sets • Tested in stressful situations • Used to coordinating complex workflows

  10. Homeland Security and Public Safety • Vulnerabilities • Communication disruption in EMS (Kun, 2002) • Overload of a physical attack + cyber attack (Gellman, 2002) • Coordination is a challenge (Lord & Sharp, 2011) • Strengths • Scale • Training • Unique portfolio of force use

  11. Employers and Businesses • Vulnerabilities • Ill-prepared for physical attacks • Minimally-prepared for cyber attacks • Part of medical supply chains (De Olivera et al., 2011) • Strengths • Diversity of industry • Nexus for both production and centralizing citizenry

  12. The Media • Vulnerabilities • Communications/utilities dependent • Strengths • Scope of reach and role as “legitimator” of information (Wray et al., 2004) • Social media coordination capcity (DHS, 2012)

  13. Communities • Vulnerabilities • Highly vulnerable to public health effects • Lack backups and redundancies of other groups ( Clem et al., 2003) • Social unrest possible (Choo, 2011) • Strengths • They’re our friends, neighbors and strongest allies when properly mobilized and informed

  14. Academia • Vulnerabilities • Limited capacity to respond during an attack (Wray et al., 2004) • Strength • Tremendous capacity to prepare for an attack (IOM, 2002)

  15. Governmental PH Infrastructure • Vulnerabilities • Subject to the same physical and cyber threats as other actors • Strengths • Can serve as a centralized actor and facilitator in public health emergencies

  16. How do we convene these disparate groups to proactively and creatively mitigate our respective vulnerabilities, and develop resilient systems that utilize our unique strengths?

  17. Our 2013 publication discusses a list of 10 recommendations for utilizing these resources... …but we need more than publications on this topic… …we need real, actionable solutions, and the means to implement them

  18. Next Step • Creation of a Common Resource Core • A Public Health Cybersecurity Partnership • A method for convening the public sector, the private sector and academia • A nexus for understanding the threat landscape and implementing solutions

  19. 4 C’s We need a resource that can: - Convene all necessary parties • Comprehend the threat • Create the tools we need • Collaborate on an ongoing basis

  20. What Comprises the PHCP? • Risk Analysis Resources Core • New Tool R&D Group • Evidence-Informed Training • Inter-Institutional Exchanges

  21. Step One – Haddon Matrix

  22. The Haddon Matrix

  23. Reference & Special Acknowledgements • Barnett DJ, Sell TK, Lord RK, Jenkins CJ, Terbush JW, Burke TA. Cyber security threats to public health. World Medical & Health Policy 2013; 5(1): 37-46. • Robert K. Lord, Johns Hopkins University School of Medicine • Capt James Terbush, MD, MPH, USN (Ret.), Martin, Blanck & Associates

  24. Thank You • Questions? • dbarnet4@jhu.edu • (410) 502-0591

More Related