154. Quantitatively measuring cyber risk in healthcare
Invited abstract in session TA-2: EMS and cyber attacks, stream Sessions.
Tuesday, 9:00-10:30Room: NTNU, Realfagbygget R8
Authors (first author is the speaker)
| 1. | Aiman Zainab
|
| Operations of Critical Infrastructure, Karlsruhe Institute of Technology | |
| 2. | Emilia Grass
|
Abstract
Cyber attacks in healthcare are increasing rapidly, posing serious risks to patient safety and data security. Although numerous works are offering qualitative assessments of cyber risk, quantitative models remain rather under-researched. This work aims to cover the gap by using the FAIR model to assess cyber risk in healthcare with sector-specific risk scenarios quantitatively. However, as healthcare sector faces dynamic and unique loss, FAIR needs to be modified from its static loss nature to adapt to dynamic healthcare-specific losses such as patient trust loss, reputational damage and other operational damage alongside direct financial losses. Among various risk assessment frameworks, the FAIR model offers a consistent approach to estimating cyber risk in financial terms that makes it an appropriate foundation for the purpose capable of extension. It also breaks risk into factors such as type of threat, vulnerabilities, and impacts that allow threat-specific modifications without breaking its logical framework. This feature of the model is suitable, particularly for healthcare where threats and impacts require individualized treatment and investment decisions are high priority. In addition, it emphasizes the estimation of the frequency of loss events, which is crucial to determine the overall cyber risk incurred due to a cyber attack in healthcare, enhancing predictive power and decision-making accuracy.
Keywords
- Data analysis and risk management
- Decision support
- Cost effectiveness and health economics
Status: accepted
Back to the list of papers