IIM Lucknow’s new model to mitigate cybersecurity risk in healthcare


Lucknow, Sep 2 (IANS): A team of researchers at the Indian Institute of Management (IIM) Lucknow have developed a model to protect healthcare systems globally from cyber threats.

Their ‘Healthcare Cyber Risk Assessment model’ evaluates and mitigates risks of cyberattacks, thereby ensuring the security of patient data and the continuity of digital healthcare services for healthcare institutions.

The increasing complexity and sensitivity of data in healthcare organisations have heightened their susceptibility to cyberattacks, especially as the healthcare sector's reliance on digital data has grown during the Covid-19 pandemic.

Digital health records contain sensitive personal information like government IDs (e.g., Aadhaar), medical histories, finances, and insurance details, which cybercriminals can use for identity theft and fraud. Unfortunately, many healthcare organisations all over the world lack cybersecurity measures, making them easy targets for cybercriminals.

The team aimed to tackle this issue by investigating the weak points in healthcare data security that hackers exploit. They proposed that cyber threats become more likely when the healthcare staff lacks training to counter tactics like phishing, and when IT governance and security technology are not effectively implemented.

“Our risk assessment and quantification models have helped us group 1,788 US healthcare firms on a ‘heat matrix’ that shows the likelihood of a cyberattack and its potential severity. This gives us a clear picture of how ready the firms are to tackle cyber threats. We also propose a plan to tackle the risks, which is customised according to the position of the firm in the matrix,” said Prof. Arunabha Mukhopadhyay, from IIM-L, who led the research, in a statement.

The model, which can be extended to the Indian healthcare sector, can assist Chief Information Officers (CIOs) of healthcare institutions in determining the vulnerability of the healthcare institution to cyberattacks. It employs collective risk modelling to assess the potential severity of cyberattacks, which can help hospitals predict the impact and also offers recommendations on how to mitigate and prevent these cyberattacks.

The recommendations are derived from Rational Choice Theory and the standards outlined by the National Institute of Standards and Technology (NIST). They include prioritising cybersecurity measures such as firewalls, and antivirus solutions.The model also offers practical cyberattack safeguards for healthcare firms in high-risk quadrants of the heat matrix.

It also includes data backup, staff anti-phishing training, senior management engagement, advocating cybersecurity laws, and investments in cybersecurity technologies like endpoint detection and response (EDR), extended detection and response (XDR), next generation firewall (NGFW), antivirus, security incident and event management (SIEM), and security orchestration, automation and response (SOAR).

 

  

Top Stories


Leave a Comment

Title: IIM Lucknow’s new model to mitigate cybersecurity risk in healthcare



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.