Skip to main content Accessibility help
×
Home
Hostname: page-component-55597f9d44-zdfhw Total loading time: 0.214 Render date: 2022-08-18T21:33:21.954Z Has data issue: true Feature Flags: { "shouldUseShareProductTool": true, "shouldUseHypothesis": true, "isUnsiloEnabled": true, "useRatesEcommerce": false, "useNewApi": true } hasContentIssue true

The EDIT Survey: Identifying Emergency Department Information Technology Knowledge and Training Gaps

Published online by Cambridge University Press:  15 March 2021

Daniel Kollek*
Affiliation:
Division of Emergency Medicine, McMaster University, Hamilton, ON, Canada
David Barrera
Affiliation:
School of Computer Science, Carleton University, Ottawa, ON, Canada
Elizabeth Stobert
Affiliation:
School of Computer Science, Carleton University, Ottawa, ON, Canada
Valérie Homier
Affiliation:
Department of Emergency Medicine, McGill University, Montreal, PQ, Canada
*
Corresponding author: Daniel Kollek, Email: kollekd@mcmaster.ca.

Abstract

Objective:

To review Emergency Department internet connectivity, cyber risk factors, perception of risks and preparedness, security policies, training and mitigation strategies.

Methods:

A validated targeted survey was sent to Canadian ED physicians and nurses between March 5, 2019 and April 28, 2019.

Results:

There were 349 responses, with physicians making up 84% of the respondents (59% urban teaching, 35% community teaching, 6% community non-teaching hospitals). All had multiple passwords, 93% had more than 1 user account, over 90% had to log repeatedly each workday, 52% had to change their passwords every 3 months, 75% had multiple methods of authentication and 53% reported using a terminal where someone else was already logged in. Passwords were used to review laboratory and radiology data, access medical records and manage patient flow. Majority of the respondents (51%) did not know if they worked with internet linked devices. Only 7% identified an ‘air gapped’ computer in their facility and 76% used personal devices for patient care, with less than a third of those allowing the IT department to review their device. A total of 26 respondents received no cyber security training.

Conclusion:

This paper revealed significant computer-human interface dysfunctionality and readiness gaps in the event of an IT failure. These stemmed from poor system design, poor planning and lack of training. The paper identified areas with technical or training solutions and suggested mitigation strategies.

Type
Original Research
Copyright
© Society for Disaster Medicine and Public Health, Inc. 2021

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Scott, J, Spaniel, D. Combating the Ransomware Blitzkrieg. http://icitech.org/wp-content/uploads/2016/04/ICIT-Brief-Combatting-the-Ransomware-Blitzkrieg2.pdf. Accessed April 15, 2018.Google Scholar
Yaqooba, I, Ahmed, E, Habib ur Rehman, M, et al. The rise of ransomware and emerging security challenges in the Internet of Things. Computer Networks. https://www.researchgate.net/publication/319527564_The_rise_of_ransomware_and_emerging_security_challenges_in_the_Internet_of_Things/citation/download. Accessed September 6, 2017.CrossRefGoogle Scholar
IBM. IBM Report: Government, Financial Services and Manufacturing Sectors Top Targets of Security Attacks in First Half of 2005. IBM website. https://www-03.ibm.com/press/us/en/pressrelease/7815.wss. Accessed March 10, 2018.Google Scholar
Ayala, L. Cybersecurity for Hospitals and Healthcare Facilities: A Guide to Detection and Prevention. Springer Science + Business Media New York. ISBN-13 (pbk): 978-1-4842-2154-9 ISBN-13 (electronic): 978-1-4842-2155-6.Google Scholar
Alder, S. 40% of Healthcare Delivery Organizations Attacked with WannaCry Ransomware in the Past 6 Months. HIPAA Journal. https://www.hipaajournal.com/40-of-healthcare-delivery-organizations-attacked-with-wannacry-ransomware-in-the-past-6-months/. Accessed January 10, 2020.Google Scholar
Ivanov, A, Emm, D, Sinitsyn, F, Pontiroli, S. The ransomware revolution. Kaspersky Security Bulletin. 2016. https://securelist.com/kaspersky-security-bulletin-2016-story-of-the-year/76757/. Accessed April 7, 2018.Google Scholar
Symantec Internet Security. Symantec Internet Security Threat Report –Volume 22, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf. Accessed April 7, 2018.Google Scholar
Alemzadeh, H, Iyer, RK, Kalbarczyk, Z, Raman, J. Analysis of safety-critical computer failures in medical devices. IEEE Security & Privacy. 2013;11(4):1426.CrossRefGoogle Scholar
PenTest. Thermostat Ransomware: a lesson in IoT security. PenTest Partners website. https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/. Accessed April 7, 2018.Google Scholar
van Oorschot, PC. Computer Security and the Internet: Tools and Jewels. 2020, Springer, New York. Chapter 6, pages 174-175.Google Scholar
Zetter, K. Hacker Lexicon: What is an air gap? https://www.wired.com/2014/12/hacker-lexicon-air-gap/. Retrieved October 2, 2020.Google Scholar
Lemos, R. NSA attempting to design crack-proof computer. ZDNet News. CBS Interactive, Inc. Accessed October 2, 2020.Google Scholar
Koppel, R, Smith, S, Blythe, J, Kothari, V. Workarounds to computer access in healthcare organizations: You want my password or a dead patient? Stud Health Technol Inform. 2015;208:215220.Google ScholarPubMed
Chiasson, S, van Oorschot, PC. Quantifying the Security Advantage of Password Expiration Policies. Designs, Codes and Cryptography. 2015;77(2):401408.CrossRefGoogle Scholar
Zhang, Y, Monrose, F, Reiter, M. The security of modern password expiration: An algorithmic framework and empirical analysis. Proceedings of the ACM Conference on Computer and Communications Security. 2010;176-186.CrossRefGoogle Scholar
Marc, Beique. Update: Computer system failure, McGill University Heath Care website https://muhc.ca/news-and-patient-stories/news/update-computer-system-failure Accessed July 8, 2020.Google Scholar
Perry, SJ, Wears, RL, Cook, RI. The role of automation in complex system failures. J Patient Saf Risk Manag. 2005;1(1):5661.CrossRefGoogle Scholar
Bagalio, SA. When systems fail: Improving care through technology can create risk. J Healthc Risk Manag. 27(4):1318.CrossRefGoogle Scholar

Save article to Kindle

To save this article to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

The EDIT Survey: Identifying Emergency Department Information Technology Knowledge and Training Gaps
Available formats
×

Save article to Dropbox

To save this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Dropbox account. Find out more about saving content to Dropbox.

The EDIT Survey: Identifying Emergency Department Information Technology Knowledge and Training Gaps
Available formats
×

Save article to Google Drive

To save this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Google Drive account. Find out more about saving content to Google Drive.

The EDIT Survey: Identifying Emergency Department Information Technology Knowledge and Training Gaps
Available formats
×
×

Reply to: Submit a response

Please enter your response.

Your details

Please enter a valid email address.

Conflicting interests

Do you have any conflicting interests? *