IIM Lucknow Develops A Model To Reduce Cybersecurity Threats In Healthcare Industry

Lucknow: The Research Team at the Indian Institute of Management Lucknow, under the leadership of Prof. Arunabha Mukhopadhyay, introduces a global safeguard against cyber threats in healthcare systems. Their 'Healthcare Cyber Risk Assessment Model' effectively assesses and mitigates the vulnerabilities to cyberattacks, guaranteeing the safety of patient information and the uninterrupted provision of digital healthcare services for medical institutions worldwide.

The increasing complexity and sensitivity of data in healthcare organizations have heightened their susceptibility to cyberattacks, especially as the healthcare sector's reliance on digital data has grown during the COVID-19 pandemic. Digital health records contain sensitive personal information like Government IDs (e.g., Aadhaar), medical histories, finances, and insurance details, which cybercriminals can use for identity theft and fraud. Unfortunately, many healthcare organizations all over the world lack cybersecurity measures, making them easy targets for cybercriminals.

The IIML team aims to tackle this issue by investigating the weak points in healthcare data security that hackers exploit. They propose that cyber threats become more likely when the healthcare staff lacks training to counter tactics like phishing, and when IT governance and security technology are not effectively implemented.

Explaining the details of the Healthcare Cyber Risk Assessment Model, Prof. Mukhopadhyay, said, “Our risk assessment and quantification models have helped us group 1788 US healthcare firms on a ‘heat matrix’ that shows the likelihood of a cyberattack and its potential severity. This gives us a clear picture of how ready the firms are to tackle cyber threats. We also propose a plan to tackle the risks, which is customized according to the position of the firm in the matrix.”

The model, which can be extended to the Indian healthcare sector, has three main features:

• First, it assists Chief Information Officers (CIOs) of healthcare institutions in determining the vulnerability of the healthcare institution to cyberattacks.
• Secondly, it employs Collective Risk Modelling to assess the potential severity of cyberattacks, which can help hospitals predict the impact.
• Finally, it offers recommendations on how to mitigate and prevent these cyberattacks.

The recommendations are derived from Rational Choice Theory and the standards outlined by the National Institute of Standards and Technology (NIST). They include prioritizing cybersecurity measures such as firewalls, and antivirus solutions.  The model also offers practical cyberattack safeguards for healthcare firms in high-risk quadrants of the heat matrix.

Recommendations include data backup, staff anti-phishing training, senior management engagement, advocating cybersecurity laws, and investments in cybersecurity technologies like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Next Generation Firewall (NGFW), Antivirus (AV), Security Incident and Event Management (SIEM), and Security Orchestration, Automation and Response (SOAR). Regular Vulnerability Assessment and Penetration Testing (VAPT) and threat intelligence integration boost proactive threat response. The option of obtaining insurance coverage to mitigate potential financial impacts is also presented.

Also Read: OSSC JE Main Final Answer Key 2023 Released On ossc.gov.in, Check Direct Link

The research funded by the Cyber Security Division of the Ministry of Electronics and Information Technology, Government of India, has been published in the Journal of Organizational Computing and Electronic Commerce (ABDC A category). 

Education Loan Information:
Calculate Education Loan EMI