Hospitals have hundreds—even thousands—of workers using countless electronic devices that are vulnerable to security breaches, data thefts and ransomware attacks. Health care data breaches are a growing threat to the health care industry, causing data loss and monetary theft but also attack on medical devices and infrastructure. Hospital data security breaches in particular have the potential to cost a single hospital a lot of money, including fines, litigation, and damaged reputation. Meanwhile, the health care industry must invest considerable capital and effort in protecting their systems.
Mohammad Jalali and Jessica Parker from the Massachusetts Institute of Technology interviewed chief information officers (CIOs), chief information security officers (CISOs), and health care cybersecurity experts at hospitals in order to develop a system dynamics model to study the dynamics of implementation and maintenance of cybersecurity capabilities in hospitals.
The interviews covered five theme to describe the dynamics of the cyber capability development in hospitals: uncertainty in resource availability (net revenues and talent availability), external pressures (reporting to the board, public and the media and accountability towards regulation), end point complexity (numerous devices used by administrators, medical staff, patients, and their visitors), internal stakeholder alignment (no single point of decision making) and cybercriminal activity.
The authors then used the interview data to develop a model to illustrate how the different themes might influence each other and can distinguish more resilient hospitals from less resilient ones. The model showed that to enhance cybersecurity capabilities at hospitals, the main focus of chief information officers and chief information security officers should be on reducing end point complexity and improving internal stakeholder alignment.
This study helps health care leaders reduce hospital vulnerabilities by detailing the outcomes resulting from strategic decisions of cybersecurity development. It also aids cybersecurity professionals in understanding the complexities of cybersecurity capability development in hospitals.
Cite: Jalali, M. S., & Kaiser, J. P. (2018). Cybersecurity in Hospitals: A Systematic, Organizational Perspective. Journal of medical Internet research, 20(5), e10059. doi:10.2196/10059