IIM Lucknow research team developed a model to protect healthcare systems globally from cyber threats. Their ‘Healthcare Cyber Risk Assessment model’ evaluates and mitigates risks of cyberattacks, thereby ensuring the security of patient data and the continuity of digital healthcare services for healthcare institutions.
Prof Arunabha Mukhopadhyay led the IIM Lucknow research team. The increasing complexity and sensitivity of data in healthcare organizations have heightened their susceptibility to cyberattacks, especially as the healthcare sector’s reliance on digital data has grown during the COVID-19 pandemic, says IIM Lucknow research team.
Digital health records contain sensitive personal information like Government IDs (e.g., Aadhaar), medical histories, finances, and insurance details, which cybercriminals can use for identity theft and fraud, say IIM Lucknow research team.
Unfortunately, many healthcare organizations all over the world lack cybersecurity measures, making them easy targets for cybercriminals, says IIM Lucknow research team.
The IIM Lucknow team aims to tackle this issue by investigating the weak points in healthcare data security that hackers exploit. They propose that cyber threats become more likely when the healthcare staff lacks training to counter tactics like phishing, and when IT governance and security technology are not effectively implemented, says IIM Lucknow team.
Explaining the details of the Healthcare Cyber Risk Assessment Model, Prof. Mukhopadhyay who led the IIM Lucknow research team said their risk assessment and quantification models have helped them group 1788 US healthcare firms on a ‘heat matrix’ that shows the likelihood of a cyberattack and its potential severity.
‘This gives us a clear picture of how ready the firms are to tackle cyber threats. We also propose a plan to tackle the risks, which is customized according to the position of the firm in the matrix,’ said Prof Mukhopadhyay who led IIM Lucknow research team.
The model, which can be extended to the Indian healthcare sector, has three main features.
Ø First, it assists Chief Information Officers (CIOs) of healthcare institutions in determining the vulnerability of the healthcare institution to cyberattacks
Also read – Mahatma Gandhiji’s 10 Core Principles for Values Driven Education
Ø Secondly, it employs collective risk modelling to assess the potential severity of cyberattacks, which can help hospitals predict the impact
Ø Finally, it offers recommendations on how to mitigate and prevent these cyberattacks
The recommendations are derived from Rational Choice Theory and the standards outlined by the National Institute of Standards and Technology (NIST), say IIM Lucknow research team.
They include prioritizing cybersecurity measures such as firewalls, and antivirus solutions. The model also offers practical cyberattack safeguards for healthcare firms in high-risk quadrants of the heat matrix, says IIM Lucknow research team.
Recommendations include data backup, staff anti-phishing training, senior management engagement, advocating cybersecurity laws, and investments in cybersecurity technologies like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Next Generation Firewall (NGFW), Antivirus (AV), Security Incident and Event Management (SIEM), and Security Orchestration, Automation and Response (SOAR).
Regular Vulnerability Assessment and Penetration Testing (VAPT) and threat intelligence integration boost proactive threat response. The option of obtaining insurance coverage to mitigate potential financial impacts is also presented, says IIM Lucknow research team.
The research funded by the Cyber Security Division of the Ministry of Electronics and Information Technology, Government of India, has been published in the Journal of Organizational Computing and Electronic Commerce (ABDC A category).
The paper has been co-authored by Prof. Arunabha Mukhopadhyay, along with his research scholars Ms. Swati Jain and Ms. Saloni Jain. The paper may be accessed at https://www.tandfonline.com/loi/hoce20.
About IIM Lucknow
Indian Institute of Management Lucknow, established in 1984, is the fourth in the prestigious IIM family of management schools to be established in India after IIM Calcutta, IIM Ahmedabad and IIM Bangalore.
In 2005, IIM Lucknow expanded its area of influence in the realm of management education by becoming the first IIM to set up a satellite campus exclusively for Executive Education at NOIDA in Delhi NCR region.
IIM Lucknow is accredited by AACSB and AMBA while its EQUIS Accreditation is ongoing. The institute features in the prestigious FT -100 Top Global Business schools for both the 2-year Flagship PGP program and One-year IPMX Program.
It is also consistently ranked amongst top business schools in the NIRF Rankings. IIM Lucknow was the first IIM to start a 2-yar full time MBA program in Sustainable Management 8 years back. It also has a long-standing full-time MBA program in Agri Business Management.