Jun 04, 2021
According to Becker’s Hospital Review, cyber security data breaches results in an approximate loss of 5.6 billion annually and has adversely affected 27 million patient records (Thompsons & Marys, 2016). These attacks threatens the patient’s finances, wellbeing, identity, and lastly impede health organizations’ operations; thus, the importance of identifying, averting, and mitigating these technological attacks. The data threats include external attackers, employee breaches, inadequate firewalls, medical device insecurity, malware infecting systems, compromise of patient privacy, and aging IT hardware. The information systems can be utilized by criminals to access personal health data contained in medical records such as insurance details, date of birth, genetic information, and health provider data. The operational issues include delaying of treatment schedules and rerouting ambulances (Thompsons & Marys, 2016). Preventing cyber security attacks can be achieved in the following ways: constant software updates, regular risk assessments, effective data recovery protocols, application of multiple passwords, cyber security training of stuff etc.
The following risk assessment criteria are necessary to protect data against cyber security threats. First is the characterization of the informational systems utilized in these organizations i.e. financial information systems, admission systems etc. The basis should include the usage frequency, data flow, the users, and devices utilized (Thompsons & Marys, 2016). Second, there is threat identification i.e. unauthorized hacking through direct hacking, misuse of information from authorized individuals involving unapproved utilization and alterations of information, etc Thirdly, there is the determination of inherent risk and impact ranging from high, medium, and low aspect. Fourth, there is assessment of the control environment through the identification of threat prevention, detection, and compensation i.e. user authentication controls, administrative controls, data center physical and environmental security controls, etc (Thompsons & Marys, 2016). These can be categorized as either inadequate, in need of improvement or satisfactory. Fifth, there is likelihood determination and lastly the calculation of risk rating. An example of a summarized table:
Threat |
Impact |
Likelihood |
Value |
Risk Calculation |
Unauthorized access |
High |
High |
100 |
Severe |
Data Loss |
High |
Low |
10 |
Normal |
Information Misuse |
High |
Medium |
50 |
High |
Failed Processes |
High |
Low |
10 |
Normal |
Data Leakage |
High |
Medium |
50 |
High |
Disruption of Productivity or Service |
High |
Low |
10 |
Normal |
Data Loss |
High |
Low |
10 |
Normal |
Thompsons, P., & Marys, C. (2016). TRENDS AND PREVENTIVE STRATEGIES FOR MITIGATING CYBERSECURITY BREACHES IN ORGANIZATIONS. Issues In Information Systems.