A New Model to Protect Healthcare Systems from Cyber Threats - Express Healthcare Management
2023-09-29 08:29 (EST) - Sandeep Kunchikor
Indian Institute of Management Lucknow, led by Prof. Arunabha Mukhopadhyay, has developed a groundbreaking model to safeguard healthcare systems from cyber threats. The “Healthcare Cyber Risk Assessment Model” evaluates and mitigates the risks of cyberattacks, ensuring the security of patient data and the uninterrupted provision of digital healthcare services.
The healthcare sector has become increasingly vulnerable to cyberattacks due to the growing complexity and sensitivity of data, particularly exacerbated by the reliance on digital data during the COVID-19 pandemic. Cybercriminals exploit this vulnerability by targeting healthcare organizations that lack adequate cybersecurity measures, accessing personal information such as government IDs, medical histories, and financial details for illegal purposes like identity theft and fraud.
To address this pressing issue, the IIML research team analyzed the weak points in healthcare data security that hackers exploit. Their investigation identified low levels of cybersecurity training among healthcare staff and ineffective implementation of IT governance and security technology as key contributing factors to the susceptibility of healthcare organizations to cyberattacks.
The Healthcare Cyber Risk Assessment Model has three primary features. Firstly, it assists Chief Information Officers (CIOs) in evaluating the vulnerability of healthcare institutions to cyberattacks. Secondly, it employs Collective Risk Modeling to assess the potential severity of cyberattacks, enabling hospitals to predict and prepare for the impact. Finally, the model provides actionable recommendations to mitigate and prevent cyberattacks.
The recommendations are guided by Rational Choice Theory and the standards set by the National Institute of Standards and Technology (NIST). They emphasize the prioritization of cybersecurity measures including firewalls, antivirus software, and staff training. For healthcare organizations in high-risk quadrants, the model proposes additional safeguards such as data backup, anti-phishing training, senior management engagement, advocacy for cybersecurity laws, and investments in advanced cybersecurity technologies.
The research, funded by the Cyber Security Division of the Ministry of Electronics and Information Technology, Government of India, has been published in the Journal of Organizational Computing and Electronic Commerce. The paper, co-authored by Prof. Arunabha Mukhopadhyay, Ms. Swati Jain, and Ms. Saloni Jain, can be accessed at the following link [source].
With the implementation of the Healthcare Cyber Risk Assessment Model, healthcare organizations globally can strengthen their cybersecurity measures, protecting patient data and ensuring the uninterrupted delivery of digital healthcare services.
