Yurcik, WilliamSchick, AndreasNorth, StephenGastner, Michael T.FABIO ROBERTO DE MIRANDARODOLFO DA SILVA AVELINOANDRE FILIPE DE MORAES BATISTAPluta, GregoryBrooks, Ian2024-11-222024-11-222024https://repositorio.insper.edu.br/handle/11224/7238Workshop on Cybersecurity in HealthcareIn October 2024, there are two defining characteristics of a healthcare provider: (1) geographic location and services available at their physical structure and (2) Internet connectivity and services available via their virtual presence. For previous centuries we focused on the first defining characteristic and now we need to shift to understand and address issues that may arise from the new second defining characteristic. In this paper we address issues related to Internet connectivity and virtual presence of USA healthcare providers, especially hospitals, when ransomware cyberattacks resulting in service outages occur. We show the cybersecurity posture of a large critical national infrastructure (USA healthcare) can be measured, mapped, and quantitatively baselined. Empirical results reveal systemic issues in USA healthcare presenting "magnified vulnerabilities" in that a single exploit can have an outsized impact on an entire nationwide infrastructure. As the initial step toward addressing this issue, we document for the first time the magnified cybersecurity vulnerability of USA healthcare to shared IT infrastructure, market concentration, and the geographical distribution of hospitals.Digitalp. 45 - 52InglêsCybersecurity ratingsHospital cybersecurityRansomwareconference paper10.1145/3689942.3694754