Improving Cyber Resilience in Mobile Field Hospitals: Towards an Assessment Model

The Mobile field hospital is critical in terms of managing emergencies in crisis. It is a sub-section of the main hospitals and the health sector, tasked with delivering responsive, immediate, and efficient medical services during a crisis. With the aim to prevent further crisis, the assessment of the cyber assets follows different methods, to distinguish its strengths and weaknesses, and in turn achieve cyber resiliency. The work focuses on assessments of cyber resilience in field hospitals with trends growing in both the field hospital and the health sector in general. This creates opportunities for the adverse attackers and the response improvement objectives for attaining cyber resilience, as the assessments allow users and stakeholders to know the level of risks with regards to its cyber assets. Thus, the purpose is to show the possible threat vectors which open up opportunities, with contrast to current trends in the assessment of the mobile field hospitals’ cyber assets.

• Nasir Baba Ahmed
• Nicolas Daclin
• Marc Olivaux
• Gilles Dusserre

• Assessment framework
• cyber resilience
• cyber security
• Mobile Field Hospital.

[1] Finkle, J. (2019). FBI warns healthcare firms they are targeted by hackers. (online) U.S. Available at: https://www.reuters.com/article/us-cybersecurity-healthcare-fbi/fbi-warns-healthcare-firms-they-are-targeted -by-hackers-idUSKBN0GK24U20140820 (Accessed 4 Nov. 2019).
[2] PAHO, WHO, (2003). WHO-PAHO Guidelines for the Use of Foreign Field Hospitals in the Aftermath of Sudden-Impact Disasters. In Hospitals in Disaster - Handle with Care. San Salvador, El Salvador, 8-10 July 2003
[3] Infosec Resources. (2019). Top Cyber Security Risks in Healthcare. (online) Available at: https://resources.infosecinstitute.com/category/healthcare-information-security/healthcare-cyber-threat-landscape/top-cyber-security-risks-in-healthcare/#gref (Accessed 25 Nov. 2019).
[4] Cyber security and resilience for Smart Hospitals, https://www.enisa.europa.eu/publications/cyber-security-and-resilience-for-smart-hospitals (Accessed 20 Nov. 2019).
[5] Wold, G. (2017). Cybersecurity resilience planning handbook. Matthew Bender.
[6] Bodeau, Deborah, and Richard Graubart, “Cyber Resiliency Engineering Framework”. MITRE Report. Pg. 37 (2011).
[7] HIPAA Journal. (2019). Healthcare Data Breach Statistics. (online) Available at: https://www.hipaajournal.com/healthcare-data-breach-statistics/ (Accessed 24 Nov. 2019).
[8] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG
[9] Dimensional Research, Trends in Security Framework Adoption: A Survey of IT and Security Professionals, Sunnyvale, California (static.tenable.com/marketing/tenable-csf-report.pdf), 2016.
[10] U.S Food and Drug Administration, Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff, Silver Spring, Maryland (www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm356190.pdf), 2014.
[11] U.S Food and Drug Administration, Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff, Silver Spring, Maryland (www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm482022.pdf), 2016.
[12] Allport, M. (2019). ISO 27001 vs NIST Cybersecurity Framework. (online) Blog.compliancecouncil.com.au. Available at: https://blog.compliancecouncil.com.au/blog/iso-27001-vs-nist-cybersecurity-framework (Accessed 25 Nov. 2019).
[13] Dionach. (2019). What is the difference between ISO 27001 and ISO 27002?. (online) Available at: https://www.dionach.com/blog/what-is-the-difference-between-iso-27001-and-iso-27002 (Accessed 25 Nov. 2019).
[14] Iso27001security.com. (2019). ISO 27799 ISMS for healthcare. (online) Available at: https://www.iso27001security.com/html/27799.html (Accessed 25 Nov. 2019).
[15] Ffiec.gov. (2019). FFIEC Cybersecurity Awareness. (online) Available at: https://www.ffiec.gov/cyberassessmenttool.htm (Accessed 25 Nov. 2019).
[16] ANSSI. (2019). The French CIIP Framework. (online) Available at: https://www.ssi.gouv.fr/en/cybersecurity-in-france/ciip-in-france/ (Accessed 25 Nov. 2019).
[17] Enisa.europa.eu. (2019). CSIRT Maturity - Self-assessment Tool. (online) Available at: https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-capabilities/csirt-maturity/csirt-maturity-self-assessment-survey (Accessed 25 Nov. 2019).
[18] Healthit.gov. (2019). Security Risk Assessment Tool | HealthIT.gov. (online) Available at: https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool (Accessed 25 Nov. 2019).
[19] Us-cert.gov. (2019). ICS-CERT Landing | CISA. (online) Available at: https://www.us-cert.gov/ics (Accessed 20 Nov. 2019).
[20] Gurudutt, K. (2019). Cyber Security Framework for Healthcare (online) SogetiLabs. Available at: https://labs.sogeti.com/cyber-security-framework-healthcare/ (Accessed 20 Nov. 2019).
[21] General Data Protection Regulation (GDPR). (2020). General Data Protection Regulation (GDPR) – Official Legal Text. (online) Available at: https://gdpr-info.eu (Accessed 7 Jan. 2020).