IIM-Lucknow develops model to protect healthcare system from cyber threats
Lucknow: A research team of the Indian Institute of Management, Lucknow (IIM-L), has developed a model to protect healthcare systems globally from cyber threats.
The research titled ‘Healthcare Cyber Risk Assessment Model’ evaluates and mitigates risks of cyberattacks thereby ensuring the security of patient data and the continuity of digital healthcare services for healthcare institutions.
The team led by Prof. Arunabha Mukhopadhyay aims to tackle this issue by investigating the weak points in healthcare data security that hackers exploit.
They propose that cyber threats become more likely when the healthcare staff lacks training to counter tactics like phishing and when IT governance and security technology are not effectively implemented.
The research funded by the cybersecurity division of the Union Ministry of Electronics and Information Technology (MeitY), has been published in the ‘Journal of Organisational Computing and Electronic Commerce’ (ABDC A category).
The paper has been co-authored by Mukhopadhyay, along with his research scholars Swati Jain and Saloni Jain.
Explaining the details of the model, Mukhopadhyay said: “Our risk assessment and quantification models have helped us group 1788 US healthcare firms on a ‘heat matrix’ that shows the likelihood of a cyberattack and its potential severity. This gives us a clear picture of how ready the firms are to tackle cyber threats. We also propose a plan to tackle the risks, which is customised according to the position of the firm in the matrix.”
The model, which can be extended to Indian healthcare sector, has three main features.
First, it assists chief information officers (CIOs) of healthcare institutions in determining the vulnerability of the healthcare institution to cyberattacks. Secondly, it employs collective risk modelling to assess the potential severity of cyberattacks, which can help hospitals predict the impact.
The recommendations are derived from rational choice theory and the standards outlined by the National Institute of Standards and Technology (NIST).
They include prioritising cybersecurity measures such as firewalls and antivirus solutions. The model also offers practical cyberattack safeguards for healthcare firms in high-risk quadrants of the heat matrix.
Recommendations include data backup, staff anti-phishing training, senior management engagement, advocating cybersecurity laws and investments in cybersecurity technologies, regular Vulnerability Assessment and Penetration Testing (VAPT) and threat intelligence integration boost proactive threat response.