1 / 6100%
Healthcare Information Security Risk Analysis
University of Phoenix
CMGT/559: Managing Risk And Security Vs Opportunity
March 28, 2022
Healthcare Information Security Risk Analysis
Risk 1:
Ransomware
Risk 2:
Distributed
Denial of Service
Risk 3:
Data Breaches.
Risk 4:
Insider threats
Risk 5:
Cloud threats
Risk Rank Extremely
disastrous
Critical Moderately
Catastrophic
Marginal Marginal
Risk Description Ransomware
targets a
company's
critical.files and
systems until a
fee is paid.
It is an attempt to
overwhelm the
hospital network
to the extent that
it can no longer
function
normally.
It relates to
unauthorized
access to patient
information
like.prescriptions,
Social Security
numbers, and test
results.
Employees sell
sensitive,
protected patient
information on
the illicit market.
The majority of
cloud-based
solutions are non-
compliant with
HIPPA
regulations,
making them a
prime target for
hackers.
Source, Threat
or Risk driver
Organized Crime
groups
Bot Network
Operators/
Spammers
Hackers Employees of
hospitals and
vendors of
outsourced
services
Malicious
Insiders
Likelihood Very likely Possible Certain Possible Unlikely
Organization
Impact
It hinders
the.healthcare
institution's
ability to contain
COVID-19.since
vital.systems must
be shut down.
It hinders
the.healthcare
institution's
ability to contain
COVID-19.since
vital.systems must
be shut down.
It undermines
hospitals'
reputations and
causes problems
for patients.
The employees
with access codes
expose the
organization to a
series of threats.
The patient's
privacy is
violated, and the
hospital may face
legal
consequences.
Risk Response Ensure company
continuity by data
backup installing
preventative and
detection
measures.
To isolate
network traffic,
use network
segmentation.
Create guidelines
for working
remotely in the
aftermath of
COVID 19.
Device a positive
hospital
environment to
inspire employee
behavior.
Implement
general
technological
security
safeguards such
as authentication,
encryption, and
authorization.
Owner Hospital
Managers
IT managers Operational
Managers
Human Resource
Managers
IT Managers
Opportunity Opportunity to
establish a
security culture.
Opportunity to
establish a
security culture
Possibility to
implement
preventive
measures that
ensure
information
security.
Possibility to use
data encryption to
handle data
distribution and
patient
information
storage across the
Possibility to do a
risk assessment
on the
implications of
patient privacy on
the health care
Risk 1:
Ransomware
Risk 2:
Distributed
Denial of Service
Risk 3:
Data Breaches.
Risk 4:
Insider threats
Risk 5:
Cloud threats
systems. business.
Key Risk
Indicators
System Failure System Failure IT security
Breach
Low employee
satisfaction
Regulatory
Changes
The Narrative
Over the last few years, the healthcare industry.has seen an increase in cyber security
issues. According to the risk register analysis, the main difficulties for the health industry during
the COVID-19 pandemic safety assurance for those working remotely, inadequate response
cyber security incidents, inadequate business continuity plans, endpoint system
management,.improper incidence response, vulnerable systems, and constraints in.budget and
important.resources. According to He et al. (2021), these problems include cyber threats as well
as intrinsic security problems that attackers may leverage during the pandemic. Healthcare
organizations should recognize these hazards and devise mitigation strategies (Glasberg et al.,
2014).
Cyber Threat Rank Justification
Ransomware is by far the most prevalent attack vector used by attackers specializing.in
healthcare systems. Only between July 1 and September 30 did the cyber security analysts report
68 ransomware incidents, as per data from the National Health Information and Analysis Center.
According to Glasberg et al. (2014) statistics, 60% of such assaults took place in the United
States. After ransomware, data breaches are placed second. Sun, Lo, & Lo (2021) indicated that
the health industry experienced a lot of data breaches than external threats combined.
Furthermore, DDoS is common in healthcare organizational networks and systems, although not
as much as the level of.ransomware and data breaches.
Resources and Relationships
In a constantly evolving universe of cyberattacks, deploying particular security measures to
bolster the safety of health systems and networks during the breakout period of the COVID-19
pandemic can be economically draining (Sun, Lo, & Lo, 2021). As a result, administering
becomes difficult unless there are additional resources to sustain the software up to date and safe.
A valuation framework that measures and evaluates the advantages and risks of security
mechanisms, confidentiality, and technology adoption is required ("SecurityScorecard," 2021).
Recommendations
To begin, the application of.homomorphic encryption is believed to be able to offer strong
security and privacy assurance. Next, technical safeguards, including authentication,
authorization, and encryption, are applied to the patient database (Glasberg et al., 2014). There is
also the.partitioning of the network system into smaller manageable modules.in order to decrease
network traffic and also minimize losses during DoS occurrence. Finally, policies and
regulations.to counteract medical cyber-physical systems must be implemented.
Risk Opportunities
First, such developments present the.opportunity to establish an organization-wide
security culture. Furthermore, it enables the possibility of controlling the network and.physical
access to health data. Finally, there is an opportunity to implement cyber security measures that
address data exchange and storage of patient information across health institutions.
Summary Findings
We can conclude from the study's results that perhaps the key cyber risks encountered by
healthcare systems and networks, especially during the pandemic, comprise ransomware, cloud
threats, insider threats, DDoS assaults, and data breaches. The COVID-19 epidemic has altered
people's working habits, increasing their dependency on distant labor. As a result, the health
information system has become vulnerable to cyber-attacks.
References
Glasberg, R., Hartmann, M., Draheim, M., Tamm, G., & Hessel, F. (2014). Risks and Crises for
Healthcare Providers: The Impact of Cloud Computing. The Scientific World Journal,
20(14), 1-7. https://doi.org/10.1155/2014/524659
"SecurityScorecard". (2021). Cybersecurity Challenges in the Healthcare Industry | Secure.
SecurityScorecard. Retrieved March 21, 2022, from
https://securityscorecard.com/blog/top-cybersecurity-challenges-in-healthcare-industry.
Sun, Y., Lo, F. P. W., & Lo, B. (2021). Security and privacy for the internet of medical things
enabled healthcare systems during Covi-19 pandemic: A survey. IEEE Access, 7,
183339-183355.
Students also viewed