Cybersecurity and Information Assurance for the Clinical Laboratory

Background: Network-connected medical devices have rapidly proliferated in the wake of recent global catalysts, leaving clinical laboratories and healthcare organizations vulnerable to malicious actors seeking to ransom sensitive healthcare information. As organizations become increasingly dependent on integrated systems and data-driven patient care operations, a sudden cyberattack and the associated downtime can have a devastating impact on patient care and the institution as a whole. Cybersecurity, information security, and information assurance principles are, therefore, vital for clinical laboratories to fully prepare for what has now become inevitable, future cyberattacks. Content: This review aims to provide a basic understanding of cybersecurity, information security, and information assurance principles as they relate to healthcare and the clinical laboratories. Common cybersecurity risks and threats are defined in addition to current proactive and reactive cybersecurity controls. Information assurance strategies are reviewed, including traditional castle-and-moat and zero-trust security models. Finally, ways in which clinical laboratories can prepare for an eventual cyberattack with extended downtime are discussed. Summary: The future of healthcare is intimately tied to technology, interoperability, and data to deliver the highest quality of patient care. Understanding cybersecurity and information assurance is just the first preparative step for clinical laboratories as they ensure the protection of patient data and the continuity of their operations.