Cyber Security In Healthcare Organizations Sample Paper

 

 

 

Cyber Security In Healthcare Organizations

According to Becker’s Hospital Review, cyber security data breaches results in an approximate loss of 5.6 billion annually and has adversely affected 27 million patient records (Thompsons & Marys, 2016). These attacks threatens the patient’s finances, wellbeing, identity, and lastly impede health organizations’ operations; thus, the importance of identifying, averting, and mitigating these technological attacks. The data threats include external attackers, employee breaches, inadequate firewalls, medical device insecurity, malware infecting systems, compromise of patient privacy, and aging IT hardware. The information systems can be utilized by criminals to access personal health data contained in medical records such as insurance details, date of birth, genetic information, and health provider data. The operational issues include delaying of treatment schedules and rerouting ambulances (Thompsons & Marys, 2016). Preventing cyber security attacks can be achieved in the following ways: constant software updates, regular risk assessments, effective data recovery protocols, application of multiple passwords, cyber security training of stuff etc.

The following risk assessment criteria are necessary to protect data against cyber security threats. First is the characterization of the informational systems utilized in these organizations i.e. financial information systems, admission systems etc. The basis should include the usage frequency, data flow, the users, and devices utilized (Thompsons & Marys, 2016). Second, there is threat identification i.e. unauthorized hacking through direct hacking, misuse of information from authorized individuals involving unapproved utilization and alterations of information, etc Thirdly, there is the determination of inherent risk and impact ranging from high, medium, and low aspect. Fourth, there is assessment of the control environment through the identification of threat prevention, detection, and compensation i.e. user authentication controls, administrative controls, data center physical and environmental security controls, etc (Thompsons & Marys, 2016). These can be categorized as either inadequate, in need of improvement or satisfactory. Fifth, there is likelihood determination and lastly the calculation of risk rating. An example of a summarized table:

Threat

Impact

Likelihood

Value

Risk Calculation

Unauthorized access

High

High

100

Severe

Data Loss

High

Low

10

Normal

Information Misuse

High

Medium

50

High

Failed Processes

High

Low

10

Normal

Data Leakage

High

Medium

50

High

Disruption of Productivity or Service

High

Low

10

Normal

Data Loss

High

Low

10

Normal

 

 

References

Thompsons, P., & Marys, C. (2016). TRENDS AND PREVENTIVE STRATEGIES FOR MITIGATING CYBERSECURITY BREACHES IN ORGANIZATIONS. Issues In Information Systems.

Interested in our services?