|
|
| (179 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| From law firms<ref name="SobowaleLaw17">{{cite web |url=http://www.abajournal.com/magazine/article/managing_cybersecurity_risk/ |title=Law firms must manage cybersecurity risks |author=Sobowale, J. |work=ABA Journal |publisher=American Bar Association |date=01 March 2017 |accessdate=18 November 2021}}</ref> to automotive manufacturers<ref name="WatneyAddress17">{{cite web |url=https://www.rstreet.org/wp-content/uploads/2018/04/118-1.pdf |format=PDF |title=Addressing new challenges in automotive cybersecurity |author=Watney, C.; Draffin, C. |work=R Street Policy Study No. 118 |publisher=R Street Institute |date=November 2017 |accessdate=18 November 2021}}</ref>, the need to address cybersecurity is increasingly apparent. In 2018, the Center for Strategic & International Studies estimated that cybercrime causes close to $600 billion in damages to the global economy every year<ref name="LewisEcon18">{{cite web |url=https://www.csis.org/analysis/economic-impact-cybercrime |title=Economic Impact of Cybercrime |author=Lewis, J.A. |publisher=Center for Strategic & International Studies |date=21 February 2018 |accessdate=18 November 2021}}</ref>, though due to underreporting of crimes, that number may be much higher. That number also likely doesn't take into account lost business, fines, litigation, and intangible losses<ref name="SBDCC_BlogCost17">{{cite web |url=https://www.virginiasbdc.org/blog-cost-of-cyber-crime-to-small-businesses/ |archiveurl=https://web.archive.org/web/20200705061737/https://www.virginiasbdc.org/blog-cost-of-cyber-crime-to-small-businesses/ |title=BLOG: Cost of Cyber Crime to Small Businesses |work=Virginia SBDC Blog |publisher=Virginia SBDC |date=30 May 2017 |archivedate=05 July 2020 |accessdate=18 November 2021}}</ref> In the end, businesses of all sizes average about $200,000 in losses due to a cybersecurity incident<ref name="HiscoxHiscox19"">{{cite web |url=https://www.hiscox.com/documents/2019-Hiscox-Cyber-Readiness-Report.pdf |format=PDF |title=Hiscox Cyber Readiness Report 2019 |publisher=Hiscox Ltd |date=April 2019 |accessdate=18 November 2021}}</ref>, and nearly 60 percent of small and midsize businesses go bankrupt within six months because of it.<ref name="Galvin60_18">{{cite web |url=https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html |title=60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here's How to Protect Yourself |author=Galvin, J. |work=Inc.com |date=07 May 2018 |accessdate=18 November 2021}}</ref>
| | {{Saved book |
| | |title=Introduction to Quality and Quality Management Systems |
| | |subtitle= |
| | |cover-image=Time-Quality-Money.png |
| | |cover-color=#fffccc |
| | | setting-papersize = A4 |
| | | setting-showtoc = 1 |
| | | setting-columns = 1 |
| | }} |
|
| |
|
| Medical diagnostic and research laboratories are no exception, regardless of business size. Even tiny labs whose primary digital footprint is a WordPress website advertising their lab are at risk, as hackers could still spread malware, steal user data, add the website to a bot network, hack the site for the learning experience, or even hack it just for fun.<ref name="GrimaTop19">{{cite web |url=https://www.wpwhitesecurity.com/why-malicious-hacker-target-wordpress/ |title=Top reasons why WordPress websites get hacked (and how you can stop it) |author=Grima, M. |publisher=WP White Security |date=14 November 2019 |accessdate=18 November 2021}}</ref><ref name="MoenWhatHack16">{{cite web |url=https://www.wordfence.com/blog/2016/04/hackers-compromised-wordpress-sites/ |title=What Hackers Do With Compromised WordPress Sites |author=Moen, D. |work=Wordfence Blog |publisher=Defiant, Inc |date=19 April 2016 |accessdate=18 November 2021}}</ref><ref name="TalalevWebsite19">{{cite web |url=https://patchstack.com/website-hacking-statistics/ |title=Website Hacking Statistics You Should Know in 2021 |author=Talaleve, A. |publisher=Patchstack |date=22 February 2021 |accessdate=18 November 2021}}</ref> Even more importantly are those labs performing digital data management tasks that handle sensitive patient and proprietary data, requiring additional cybersecurity considerations.
| | ==''Introduction to Quality and Quality Management Systems''== |
| | {{ombox |
| | | type = content |
| | | style = width: 500px; |
| | | text = This book should not be considered complete until this message box has been removed. This is a work in progress. |
| | }} |
| | The goal of this short volume is to act as an introduction to the quality management system. It collects several articles related to quality, quality management, and associated systems. |
|
| |
|
| A laboratory can integrate cybersecurity thinking into its laboratory informatics product selection in several ways. First, the lab should have a cybersecurity plan in place, or if not, it should be on the radar. This is a good resource to tap into in regards to deciding what cybersecurity considerations should be made for the software. Can the software help your lab meet your cybersecurity goals? What regulatory requirements for your lab are or are not covered by the software?<ref name="DouglasComp20">{{cite web |title=[[LII:Comprehensive Guide to Developing and Implementing a Cybersecurity Plan|''Comprehensive Guide to Developing and Implementing a Cybersecurity Plan'']] |author=Douglas, S.E. |work=LIMSwiki |date=July 2020 |accessdate=18 November 2021}}</ref> Another tool to consider—which may have been used in any prior cybersecurity planning efforts—is a cybersecurity framework. Many, but not all, cybersecurity frameworks include a catalog of security controls. Each control is "a safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements."<ref name="NISTSecurity19">{{cite web |url=https://csrc.nist.gov/glossary/term/security_control |title=security control |work=Computer Security Resource Center |publisher=National Institute of Standards and Technology |date=2019 |accessdate=18 November 2021}}</ref> These controls give the implementing organization a concrete set of configurable goals to apply to their overall cybersecurity strategy. Other frameworks may be less oriented to security controls and more program-based or risk-based. Choosing the best frameworks will likely depend on multiple factors, including the organization's industry type, the amount of technical expertise within the organization, the budget, the organizational goals, the amount of buy-in from key organizational stakeholders, and those stakeholders' preferred approach.<ref name="DouglasComp20" />
| | ;1. What is quality? |
| | :''Key terms'' |
| | :[[Quality (business)|Quality]] |
| | :[[Quality assurance]] |
| | :[[Quality control]] |
| | :''The rest'' |
| | :[[Data quality]] |
| | :[[Information quality]] |
| | :[[Nonconformity (quality)|Nonconformity]] |
| | :[[Service quality]] |
| | ;2. Processes and improvement |
| | :[[Business process]] |
| | :[[Process capability]] |
| | :[[Risk management]] |
| | :[[Workflow]] |
| | ;3. Mechanisms for quality |
| | :[[Acceptance testing]] |
| | :[[Conformance testing]] |
| | :[[Clinical quality management system]] |
| | :[[Continual improvement process]] |
| | :[[Corrective and preventive action]] |
| | :[[Good manufacturing practice]] |
| | :[[Malcolm Baldrige National Quality Improvement Act of 1987]] |
| | :[[Quality management]] |
| | :[[Quality management system]] |
| | :[[Total quality management]] |
| | ;4. Quality standards |
| | :[[ISO 9000]] |
| | :[[ISO 13485]] |
| | :[[ISO 14000|ISO 14001]] |
| | :[[ISO 15189]] |
| | :[[ISO/IEC 17025]] |
| | :[[ISO/TS 16949]] |
| | ;5. Quality in software |
| | :[[Software quality]] |
| | :[[Software quality assurance]] |
| | :[[Software quality management]] |
|
| |
|
| Finally, having a cybersecurity plan that incorporates one or more cybersecurity frameworks gives the laboratory ample opportunity to apply stated goals and chosen security controls to the evaluation and selection process. In particular, a user requirements specification (URS) that incorporates cybersecurity considerations will certainly help a laboratory with meeting regulatory requirements while also protecting its data systems. A USR that is pre-built with cybersecurity controls in mind—such as [[Book:LIMSpec 2019 R1|LIMSpec]], discussed later—makes the evaluation process even easier.
| | <!--Place all category tags here--> |
| | |
| ==References==
| |
| {{Reflist|colwidth=30em}}
| |
