Hostname: page-component-78c5997874-dh8gc Total loading time: 0 Render date: 2024-11-05T02:38:39.738Z Has data issue: false hasContentIssue false

The EDIT Survey: Identifying Emergency Department Information Technology Knowledge and Training Gaps

Published online by Cambridge University Press:  15 March 2021

Daniel Kollek*
Affiliation:
Division of Emergency Medicine, McMaster University, Hamilton, ON, Canada
David Barrera
Affiliation:
School of Computer Science, Carleton University, Ottawa, ON, Canada
Elizabeth Stobert
Affiliation:
School of Computer Science, Carleton University, Ottawa, ON, Canada
Valérie Homier
Affiliation:
Department of Emergency Medicine, McGill University, Montreal, PQ, Canada
*
Corresponding author: Daniel Kollek, Email: [email protected].

Abstract

Objective:

To review Emergency Department internet connectivity, cyber risk factors, perception of risks and preparedness, security policies, training and mitigation strategies.

Methods:

A validated targeted survey was sent to Canadian ED physicians and nurses between March 5, 2019 and April 28, 2019.

Results:

There were 349 responses, with physicians making up 84% of the respondents (59% urban teaching, 35% community teaching, 6% community non-teaching hospitals). All had multiple passwords, 93% had more than 1 user account, over 90% had to log repeatedly each workday, 52% had to change their passwords every 3 months, 75% had multiple methods of authentication and 53% reported using a terminal where someone else was already logged in. Passwords were used to review laboratory and radiology data, access medical records and manage patient flow. Majority of the respondents (51%) did not know if they worked with internet linked devices. Only 7% identified an ‘air gapped’ computer in their facility and 76% used personal devices for patient care, with less than a third of those allowing the IT department to review their device. A total of 26 respondents received no cyber security training.

Conclusion:

This paper revealed significant computer-human interface dysfunctionality and readiness gaps in the event of an IT failure. These stemmed from poor system design, poor planning and lack of training. The paper identified areas with technical or training solutions and suggested mitigation strategies.

Type
Original Research
Copyright
© Society for Disaster Medicine and Public Health, Inc. 2021

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Scott, J, Spaniel, D. Combating the Ransomware Blitzkrieg. http://icitech.org/wp-content/uploads/2016/04/ICIT-Brief-Combatting-the-Ransomware-Blitzkrieg2.pdf. Accessed April 15, 2018.Google Scholar
Yaqooba, I, Ahmed, E, Habib ur Rehman, M, et al. The rise of ransomware and emerging security challenges in the Internet of Things. Computer Networks. https://www.researchgate.net/publication/319527564_The_rise_of_ransomware_and_emerging_security_challenges_in_the_Internet_of_Things/citation/download. Accessed September 6, 2017.Google Scholar
IBM. IBM Report: Government, Financial Services and Manufacturing Sectors Top Targets of Security Attacks in First Half of 2005. IBM website. https://www-03.ibm.com/press/us/en/pressrelease/7815.wss. Accessed March 10, 2018.Google Scholar
Ayala, L. Cybersecurity for Hospitals and Healthcare Facilities: A Guide to Detection and Prevention. Springer Science + Business Media New York. ISBN-13 (pbk): 978-1-4842-2154-9 ISBN-13 (electronic): 978-1-4842-2155-6.Google Scholar
Alder, S. 40% of Healthcare Delivery Organizations Attacked with WannaCry Ransomware in the Past 6 Months. HIPAA Journal. https://www.hipaajournal.com/40-of-healthcare-delivery-organizations-attacked-with-wannacry-ransomware-in-the-past-6-months/. Accessed January 10, 2020.Google Scholar
Ivanov, A, Emm, D, Sinitsyn, F, Pontiroli, S. The ransomware revolution. Kaspersky Security Bulletin. 2016. https://securelist.com/kaspersky-security-bulletin-2016-story-of-the-year/76757/. Accessed April 7, 2018.Google Scholar
Symantec Internet Security. Symantec Internet Security Threat Report –Volume 22, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf. Accessed April 7, 2018.Google Scholar
Alemzadeh, H, Iyer, RK, Kalbarczyk, Z, Raman, J. Analysis of safety-critical computer failures in medical devices. IEEE Security & Privacy. 2013;11(4):1426.CrossRefGoogle Scholar
PenTest. Thermostat Ransomware: a lesson in IoT security. PenTest Partners website. https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/. Accessed April 7, 2018.Google Scholar
van Oorschot, PC. Computer Security and the Internet: Tools and Jewels. 2020, Springer, New York. Chapter 6, pages 174-175.Google Scholar
Zetter, K. Hacker Lexicon: What is an air gap? https://www.wired.com/2014/12/hacker-lexicon-air-gap/. Retrieved October 2, 2020.Google Scholar
Lemos, R. NSA attempting to design crack-proof computer. ZDNet News. CBS Interactive, Inc. Accessed October 2, 2020.Google Scholar
Koppel, R, Smith, S, Blythe, J, Kothari, V. Workarounds to computer access in healthcare organizations: You want my password or a dead patient? Stud Health Technol Inform. 2015;208:215220.Google ScholarPubMed
Chiasson, S, van Oorschot, PC. Quantifying the Security Advantage of Password Expiration Policies. Designs, Codes and Cryptography. 2015;77(2):401408.Google Scholar
Zhang, Y, Monrose, F, Reiter, M. The security of modern password expiration: An algorithmic framework and empirical analysis. Proceedings of the ACM Conference on Computer and Communications Security. 2010;176-186.Google Scholar
Marc, Beique. Update: Computer system failure, McGill University Heath Care website https://muhc.ca/news-and-patient-stories/news/update-computer-system-failure Accessed July 8, 2020.Google Scholar
Perry, SJ, Wears, RL, Cook, RI. The role of automation in complex system failures. J Patient Saf Risk Manag. 2005;1(1):5661.CrossRefGoogle Scholar
Bagalio, SA. When systems fail: Improving care through technology can create risk. J Healthc Risk Manag. 27(4):1318.CrossRefGoogle Scholar