2167. Quantitatively measuring cyber risk in healthcare
Invited abstract in session WB-8: Vulnerable Healthcare Systems, stream Health Care Management.
Wednesday, 10:45-12:15Room: H8
Authors (first author is the speaker)
| 1. | Aiman Zainab
|
| Operations of Critical Infrastructure, Karlsruhe Institute of Technology | |
| 2. | Emilia Grass
|
Abstract
Cyber attacks in healthcare are increasing rapidly, posing serious risks to patient safety and data security. Although numerous works are offering qualitative assessments of cyber risk, quantitative models remain rather under-researched. This work aims to cover the gap by using the FAIR model to assess cyber risk in healthcare with sector-specific risk scenarios quantitatively. However, as healthcare sector faces dynamic and unique loss, FAIR needs to be modified from its static loss nature to adapt to healthcare specific losses and operations. Among various risk assessment frameworks, the FAIR model offers a consistent approach to estimating cyber risk in financial terms that makes it an appropriate foundation for the purpose capable of extension. It also breaks risk into factors such as type of threat, vulnerabilities, and impacts that allow threat-specific modifications without breaking its logical framework. This feature of the model is suitable, particularly for healthcare where threats and impacts require individualized treatment and investment decisions are high priority. The study extends the implementation by incorporating dynamic intangible losses such as reputational damage, patient trust loss, and other operational damages
alongside direct financial losses. In addition, it emphasizes the estimation of the frequency of loss events, which is crucial to determine the overall cyber risk incurred due to a cyber attack in healthcare, enhancing predictive power and decision-making accuracy. The sector-specific threat model framework will provide a more actionable overview of cyber risk, ultimately filling the void between cybersecurity measures and strategic risk management, and fostering resilience in highly sensitive sectors
Keywords
- Economic Modeling
- Health Care
- Risk Analysis and Management
Status: accepted
Back to the list of papers