Skip to main content
SpringerLink
Log in

Classifying Healthcare and Social Organizations in Cybersecurity Profiles

  • Conference paper
  • First Online:
Research Challenges in Information Science (RCIS 2024)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 513))

Included in the following conference series:

  • 51 Accesses

Abstract

While cybersecurity is of high relevance for all organizations, special care is needed in the healthcare and social realm when coping with sensitive patient data. This study contributes to this under-investigated yet relevant field by examining how cybersecurity measures have been implemented within healthcare and social organizations. We rely on a combination of clustering analysis, discriminant analysis, and Tukey HSD testing to analyze survey data on 265 organizations in Flanders, Belgium. The resulting five clusters unveil five distinct approaches or organizational profiles and three major differentiators. The data suggests that the extent to which training, regular software updates, and data backup are implemented best describes the underlying cybersecurity profiles. Our findings reveal that a significant majority of surveyed organizations are situated in the lower echelons of the cybersecurity implementation differentiators, while only a minority of organizations demonstrate commendable levels of implementation. By enriching cybersecurity insights within the healthcare and social domain, our findings and their implications could resonate deeply, urging researchers to expand their research to bolster cyber resilience in specific sectors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Giansanti, D.: Cybersecurity and the digital-health: The challenge of this millennium. Healthcare (Switzerland) 9(1) (2021). https://doi.org/10.3390/HEALTHCARE9010062

  2. Hospital in Brussels latest victim in spate of European healthcare cyberattacks. Accessed 11 Dec 2023. https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre

  3. Chenthara, S., Ahmed, K., Wang, H., Whittaker, F.: Security and privacy-preserving challenges of e-health solutions in cloud computing. IEEE Access 7, 74361–74382 (2019). https://doi.org/10.1109/ACCESS.2019.2919982

    Article  Google Scholar 

  4. Abrar, H., et al.: Risk analysis of cloud sourcing in healthcare and public health industry. IEEE Access 6, 19140–19150 (2018). https://doi.org/10.1109/ACCESS.2018.2805919

    Article  Google Scholar 

  5. McConomy, B.C., Leber, D.E.: Cybersecurity in healthcare. In:Clinical Informatics Study Guide, pp. 241–253 (2022). https://doi.org/10.1007/978-3-030-93765-2_17

  6. Coronado, A.J., Wong, T.L.: Healthcare cybersecurity risk management: keys to an effective plan. Biomed. Instrum. Technol. 48(HORIZONS SPRING), 26–30 (2014). https://doi.org/10.2345/0899-8205-48.S1.26

    Article  Google Scholar 

  7. Busdicker, M., Upendra, P.: The role of healthcare technology management in facilitating medical device cybersecurity. Biomed. Instrum. Technol. 51(Horizons), 19–25 (2017). https://doi.org/10.2345/0899-8205-51.S6.19

    Article  Google Scholar 

  8. Tervoort, T., De Oliveira, M.T., Pieters, W., Van Gelder, P., Olabarriaga, S.D., Marquering, H.: Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: a scoping review. IEEE Access 8, 84352–84361 (2020). https://doi.org/10.1109/ACCESS.2020.2984376

    Article  Google Scholar 

  9. Adopting the NIST Cybersecurity Framework in Healthcare. Accessed 28 May 2021. https://www.esecurityplanet.com/network-security/healthcare-industry-hit-most-frequently-by-cyber-attacks.html

  10. ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements. Accessed 17 Mar 2024. https://www.iso.org/standard/27001

  11. Dias, F.M., Martens, M.L., de P. Monken, S.F., da Silva, L.F., Santibanez-Gonzalez, E.D.R.: Risk management focusing on the best practices of data security systems for healthcare. Int. J. Innov. 9(1), 45–78 (2021). https://doi.org/10.5585/IJI.V9I1.18246

    Article  Google Scholar 

  12. Frumento, E.: Cybersecurity and the evolutions of healthcare: Challenges and threats behind its evolution. In: Andreoni, G., Perego, P., Frumento, E. (eds.) M_Health Current and Future Applications. EICC, pp. 35–69. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-02182-5_4

    Chapter  Google Scholar 

  13. Black, P.E., Scarfone, K., Souppaya, M.: Cyber security metrics and measures (2008)

    Google Scholar 

  14. Schatz, D., Bashroush, R., Wall, J.: Towards a more representative definition of cyber security. J. Dig. Forensics Secur. Law 12(2), 8 (2017). https://doi.org/10.15394/jdfsl.2017.1476

  15. Stouffer, K., Zimmerman, T., Tang, C., Lubell, J., Cichonski, J., Mccarthy, J.: NISTIR 8183 cybersecurity framework manufacturing profile (2019). https://doi.org/10.6028/NIST.IR.8183

  16. Chang, S.E., Ho, C.B.: Organizational factors to the effectiveness of implementing information security management. Ind. Manag. Data Syst. 106(3), 345–361 (2006). https://doi.org/10.1108/02635570610653498

    Article  Google Scholar 

  17. Ahouanmenou, S., Van Looy, A., Poels, G.: Information security and privacy in hospitals: a literature mapping and review of research gaps. Inf. Health Soc. Care 48(1), 30–46 (2023). https://doi.org/10.1080/17538157.2022.2049274

    Article  Google Scholar 

  18. Aman, W., Al Shukaili, J.: A classification of essential factors for the development and implementation of cyber security strategy in public sector organizations. Int. J. Adv. Comput. Sci. Appl. 12(8), 2021 (2021). https://doi.org/10.14569/IJACSA.2021.0120820

  19. Atoum, I., Otoom, A.A., Otoom, A.: A classification scheme for cybersecurity models. Int. J. Secur. Appl. 11(1), 109–120 (2017). https://doi.org/10.14257/ijsia.2017.11.1.10

  20. Nieto, A., Rios, R.: Cybersecurity profiles based on human-centric IoT devices. Hum.-centric Comput. Inf. Sci. 9(1), 1–23 (2019). https://doi.org/10.1186/S13673-019-0200-Y/FIGURES/10

    Article  Google Scholar 

  21. Soumelidou, A., Tsohou, A.: Towards the creation of a profile of the information privacy aware user through a systematic literature review of information privacy awareness. Telemat. Inf. 61, 101592 (2021). https://doi.org/10.1016/j.tele.2021.101592

    Article  Google Scholar 

  22. Zamfirescu, R.G., Rughinis, C., Hosszu, A., Cristea, D.: Cyber-security profiles of European users: a survey. In: Proceedings - 2019 22nd International Conference on Control Systems and Computer Science, CSCS 2019, pp. 438–442 (2019). https://doi.org/10.1109/CSCS.2019.00080

  23. Majkowski, G., Feldman, S.S.: Getting in Front of Cybersecurity Frameworks with a Cyber Vulnerability Profile: Assessing Risk from a Different Perspective. Accessed 18 Jan 2024. https://www.forbes.com/sites/thomasbrewster/2016/02/18/ransomware-hollywood-payment-locky-28

  24. On-line tool for the security of personal data processing—ENISA. Accessed 17 Mar 2024. https://www.enisa.europa.eu/risk-level-tool/assessment

  25. Cybersecurity Maturity Assessment for Small and Medium Enterprises—ENISA. Accessed 17 Mar 2024. https://www.enisa.europa.eu/cybersecurity-maturity-assessment-for-small-and-medium-enterprises#//

  26. Gutierrez, C.M., Jeffrey, W.: FIPS PUB 200 Minimum Security Requirements for Federal Information and Information Systems (2006)

    Google Scholar 

  27. Colan, S.D.: The why and how of Z scores. J. Am. Soc. Echocardiogr. 26(1), 38–40 (2013). https://doi.org/10.1016/j.echo.2012.11.005

    Article  Google Scholar 

  28. Everitt, B. S., Landau, S., Leese, M., Stahl, D.: Cluster Analysis, 5th edn., pp. 1–330 (2011). https://doi.org/10.1002/9780470977811

  29. Blashfield, R.K.: The growth of cluster analysis: Tryon, ward, and johnson. Multivar. Behav. Res. 15(4), 439–458 (1980). https://doi.org/10.1207/S15327906MBR1504_4

    Article  Google Scholar 

  30. Brown, M.T., Tinsley, H.E.A.: Discriminant analysis (leisure research). J. Leis. Res. 15(4), 290–310 (1983). https://doi.org/10.1080/00222216.1983.11969564

    Article  Google Scholar 

  31. Chmiel, D., Wallan, S., Haberland, M.: tukey_hsd: an accurate implementation of the tukey honestly significant difference test in python. J. Open Source Softw. 7(75), 4383 (2022). https://doi.org/10.21105/joss.04383

  32. Prasad Kumar Mahapatra, A., et al.: Multiple comparison test by Tukey’s honestly significant difference (HSD): do the confident level control type I error. Int. J. Stat. Appl. Math. 6(1), 59–65 (2021). https://doi.org/10.22271/maths.2021.v6.i1a.636

  33. Wu, J.: Cluster Analysis and K-means Clustering: An Introduction, pp. 1–16 (2012). https://doi.org/10.1007/978-3-642-29807-3_1

  34. Blashfield, R.K., Albenderfer, M.S.: The literature on cluster analysis. Multivar. Behav. Res. 13(3), 271–295 (1978). https://doi.org/10.1207/S15327906MBR1303_2

    Article  Google Scholar 

  35. CSA Cyber Trust mark Certification | TÃœV SÃœD PSB. Accessed 20 Dec 2023. https://www.tuvsud.com/en-sg/services/cyber-security/csa-cyber-trust-mark

  36. CyFun Self-assessment Tool | CCB Safeonweb. Accessed 11 Dec 2023. https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework/cyfun-self-assessment-tool

  37. Tully, J., Selzer, J., Phillips, J.P., O’Connor, P., Dameff, C.: Healthcare challenges in the era of cybersecurity. Health Secur. 18(3), 228–231 (2020). https://doi.org/10.1089/HS.2019.0123

    Article  Google Scholar 

  38. Shingari, N., Verma, S., Mago, B., Javeid, M.S.: A review of cybersecurity challenges and recommendations in the healthcare sector. In: 2023 International Conference on Business Analytics for Technology and Security (ICBATS), pp. 1–8. IEEE (2023). https://doi.org/10.1109/ICBATS57792.2023.10111096

  39. CSA. Accessed 17 Mar 2024. https://cloudsecurityalliance.org/research/cloud-controls-matrix

Download references

Acknowledgments

This work has (partly) been made possible by the financial support of the Flemish government to the Center for R&D Monitoring (ECOOM). Any opinions expressed in this paper are the authors.

Author information

Authors and Affiliations

  1. Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, Belgium

    Steve Ahouanmenou, Amy Van Looy & Geert Poels

  2. Faculty of Economics and Business Administration, Department of Marketing, Innovation and Organization, Ghent University, Ghent, Belgium

    Petra Andries & Thomas Standaert

  3. CVAMO Core Lab, Flanders Make @UGent, Ghent, Belgium

    Geert Poels

Authors
  1. Steve Ahouanmenou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amy Van Looy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Geert Poels
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Petra Andries
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Thomas Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

The authors have no competing interests to declare.

Corresponding author

Correspondence to Steve Ahouanmenou .

Editor information

Editors and Affiliations

  1. NOVA University Lisbon, Caparica, Portugal

    João Araújo

  2. University of Castilla La Mancha, Albacete, Albacete, Spain

    Jose Luis de la Vara

  3. University of Minho, Guimarães, Portugal

    Maribel Yasmina Santos

  4. Institut Mines-Télécom Business School, Evry, France

    Saïd Assar

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ahouanmenou, S., Van Looy, A., Poels, G., Andries, P., Standaert, T. (2024). Classifying Healthcare and Social Organizations in Cybersecurity Profiles. In: Araújo, J., de la Vara, J.L., Santos, M.Y., Assar, S. (eds) Research Challenges in Information Science. RCIS 2024. Lecture Notes in Business Information Processing, vol 513. Springer, Cham. https://doi.org/10.1007/978-3-031-59465-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-59465-6_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-59464-9

  • Online ISBN: 978-3-031-59465-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation