Abstract
While cybersecurity is of high relevance for all organizations, special care is needed in the healthcare and social realm when coping with sensitive patient data. This study contributes to this under-investigated yet relevant field by examining how cybersecurity measures have been implemented within healthcare and social organizations. We rely on a combination of clustering analysis, discriminant analysis, and Tukey HSD testing to analyze survey data on 265 organizations in Flanders, Belgium. The resulting five clusters unveil five distinct approaches or organizational profiles and three major differentiators. The data suggests that the extent to which training, regular software updates, and data backup are implemented best describes the underlying cybersecurity profiles. Our findings reveal that a significant majority of surveyed organizations are situated in the lower echelons of the cybersecurity implementation differentiators, while only a minority of organizations demonstrate commendable levels of implementation. By enriching cybersecurity insights within the healthcare and social domain, our findings and their implications could resonate deeply, urging researchers to expand their research to bolster cyber resilience in specific sectors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Giansanti, D.: Cybersecurity and the digital-health: The challenge of this millennium. Healthcare (Switzerland) 9(1) (2021). https://doi.org/10.3390/HEALTHCARE9010062
Hospital in Brussels latest victim in spate of European healthcare cyberattacks. Accessed 11 Dec 2023. https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre
Chenthara, S., Ahmed, K., Wang, H., Whittaker, F.: Security and privacy-preserving challenges of e-health solutions in cloud computing. IEEE Access 7, 74361–74382 (2019). https://doi.org/10.1109/ACCESS.2019.2919982
Abrar, H., et al.: Risk analysis of cloud sourcing in healthcare and public health industry. IEEE Access 6, 19140–19150 (2018). https://doi.org/10.1109/ACCESS.2018.2805919
McConomy, B.C., Leber, D.E.: Cybersecurity in healthcare. In:Clinical Informatics Study Guide, pp. 241–253 (2022). https://doi.org/10.1007/978-3-030-93765-2_17
Coronado, A.J., Wong, T.L.: Healthcare cybersecurity risk management: keys to an effective plan. Biomed. Instrum. Technol. 48(HORIZONS SPRING), 26–30 (2014). https://doi.org/10.2345/0899-8205-48.S1.26
Busdicker, M., Upendra, P.: The role of healthcare technology management in facilitating medical device cybersecurity. Biomed. Instrum. Technol. 51(Horizons), 19–25 (2017). https://doi.org/10.2345/0899-8205-51.S6.19
Tervoort, T., De Oliveira, M.T., Pieters, W., Van Gelder, P., Olabarriaga, S.D., Marquering, H.: Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: a scoping review. IEEE Access 8, 84352–84361 (2020). https://doi.org/10.1109/ACCESS.2020.2984376
Adopting the NIST Cybersecurity Framework in Healthcare. Accessed 28 May 2021. https://www.esecurityplanet.com/network-security/healthcare-industry-hit-most-frequently-by-cyber-attacks.html
ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements. Accessed 17 Mar 2024. https://www.iso.org/standard/27001
Dias, F.M., Martens, M.L., de P. Monken, S.F., da Silva, L.F., Santibanez-Gonzalez, E.D.R.: Risk management focusing on the best practices of data security systems for healthcare. Int. J. Innov. 9(1), 45–78 (2021). https://doi.org/10.5585/IJI.V9I1.18246
Frumento, E.: Cybersecurity and the evolutions of healthcare: Challenges and threats behind its evolution. In: Andreoni, G., Perego, P., Frumento, E. (eds.) M_Health Current and Future Applications. EICC, pp. 35–69. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-02182-5_4
Black, P.E., Scarfone, K., Souppaya, M.: Cyber security metrics and measures (2008)
Schatz, D., Bashroush, R., Wall, J.: Towards a more representative definition of cyber security. J. Dig. Forensics Secur. Law 12(2), 8 (2017). https://doi.org/10.15394/jdfsl.2017.1476
Stouffer, K., Zimmerman, T., Tang, C., Lubell, J., Cichonski, J., Mccarthy, J.: NISTIR 8183 cybersecurity framework manufacturing profile (2019). https://doi.org/10.6028/NIST.IR.8183
Chang, S.E., Ho, C.B.: Organizational factors to the effectiveness of implementing information security management. Ind. Manag. Data Syst. 106(3), 345–361 (2006). https://doi.org/10.1108/02635570610653498
Ahouanmenou, S., Van Looy, A., Poels, G.: Information security and privacy in hospitals: a literature mapping and review of research gaps. Inf. Health Soc. Care 48(1), 30–46 (2023). https://doi.org/10.1080/17538157.2022.2049274
Aman, W., Al Shukaili, J.: A classification of essential factors for the development and implementation of cyber security strategy in public sector organizations. Int. J. Adv. Comput. Sci. Appl. 12(8), 2021 (2021). https://doi.org/10.14569/IJACSA.2021.0120820
Atoum, I., Otoom, A.A., Otoom, A.: A classification scheme for cybersecurity models. Int. J. Secur. Appl. 11(1), 109–120 (2017). https://doi.org/10.14257/ijsia.2017.11.1.10
Nieto, A., Rios, R.: Cybersecurity profiles based on human-centric IoT devices. Hum.-centric Comput. Inf. Sci. 9(1), 1–23 (2019). https://doi.org/10.1186/S13673-019-0200-Y/FIGURES/10
Soumelidou, A., Tsohou, A.: Towards the creation of a profile of the information privacy aware user through a systematic literature review of information privacy awareness. Telemat. Inf. 61, 101592 (2021). https://doi.org/10.1016/j.tele.2021.101592
Zamfirescu, R.G., Rughinis, C., Hosszu, A., Cristea, D.: Cyber-security profiles of European users: a survey. In: Proceedings - 2019 22nd International Conference on Control Systems and Computer Science, CSCS 2019, pp. 438–442 (2019). https://doi.org/10.1109/CSCS.2019.00080
Majkowski, G., Feldman, S.S.: Getting in Front of Cybersecurity Frameworks with a Cyber Vulnerability Profile: Assessing Risk from a Different Perspective. Accessed 18 Jan 2024. https://www.forbes.com/sites/thomasbrewster/2016/02/18/ransomware-hollywood-payment-locky-28
On-line tool for the security of personal data processing—ENISA. Accessed 17 Mar 2024. https://www.enisa.europa.eu/risk-level-tool/assessment
Cybersecurity Maturity Assessment for Small and Medium Enterprises—ENISA. Accessed 17 Mar 2024. https://www.enisa.europa.eu/cybersecurity-maturity-assessment-for-small-and-medium-enterprises#//
Gutierrez, C.M., Jeffrey, W.: FIPS PUB 200 Minimum Security Requirements for Federal Information and Information Systems (2006)
Colan, S.D.: The why and how of Z scores. J. Am. Soc. Echocardiogr. 26(1), 38–40 (2013). https://doi.org/10.1016/j.echo.2012.11.005
Everitt, B. S., Landau, S., Leese, M., Stahl, D.: Cluster Analysis, 5th edn., pp. 1–330 (2011). https://doi.org/10.1002/9780470977811
Blashfield, R.K.: The growth of cluster analysis: Tryon, ward, and johnson. Multivar. Behav. Res. 15(4), 439–458 (1980). https://doi.org/10.1207/S15327906MBR1504_4
Brown, M.T., Tinsley, H.E.A.: Discriminant analysis (leisure research). J. Leis. Res. 15(4), 290–310 (1983). https://doi.org/10.1080/00222216.1983.11969564
Chmiel, D., Wallan, S., Haberland, M.: tukey_hsd: an accurate implementation of the tukey honestly significant difference test in python. J. Open Source Softw. 7(75), 4383 (2022). https://doi.org/10.21105/joss.04383
Prasad Kumar Mahapatra, A., et al.: Multiple comparison test by Tukey’s honestly significant difference (HSD): do the confident level control type I error. Int. J. Stat. Appl. Math. 6(1), 59–65 (2021). https://doi.org/10.22271/maths.2021.v6.i1a.636
Wu, J.: Cluster Analysis and K-means Clustering: An Introduction, pp. 1–16 (2012). https://doi.org/10.1007/978-3-642-29807-3_1
Blashfield, R.K., Albenderfer, M.S.: The literature on cluster analysis. Multivar. Behav. Res. 13(3), 271–295 (1978). https://doi.org/10.1207/S15327906MBR1303_2
CSA Cyber Trust mark Certification | TÃœV SÃœD PSB. Accessed 20 Dec 2023. https://www.tuvsud.com/en-sg/services/cyber-security/csa-cyber-trust-mark
CyFun Self-assessment Tool | CCB Safeonweb. Accessed 11 Dec 2023. https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework/cyfun-self-assessment-tool
Tully, J., Selzer, J., Phillips, J.P., O’Connor, P., Dameff, C.: Healthcare challenges in the era of cybersecurity. Health Secur. 18(3), 228–231 (2020). https://doi.org/10.1089/HS.2019.0123
Shingari, N., Verma, S., Mago, B., Javeid, M.S.: A review of cybersecurity challenges and recommendations in the healthcare sector. In: 2023 International Conference on Business Analytics for Technology and Security (ICBATS), pp. 1–8. IEEE (2023). https://doi.org/10.1109/ICBATS57792.2023.10111096
CSA. Accessed 17 Mar 2024. https://cloudsecurityalliance.org/research/cloud-controls-matrix
Acknowledgments
This work has (partly) been made possible by the financial support of the Flemish government to the Center for R&D Monitoring (ECOOM). Any opinions expressed in this paper are the authors.
Author information
Authors and Affiliations
Contributions
The authors have no competing interests to declare.
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ahouanmenou, S., Van Looy, A., Poels, G., Andries, P., Standaert, T. (2024). Classifying Healthcare and Social Organizations in Cybersecurity Profiles. In: Araújo, J., de la Vara, J.L., Santos, M.Y., Assar, S. (eds) Research Challenges in Information Science. RCIS 2024. Lecture Notes in Business Information Processing, vol 513. Springer, Cham. https://doi.org/10.1007/978-3-031-59465-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-031-59465-6_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-59464-9
Online ISBN: 978-3-031-59465-6
eBook Packages: Computer ScienceComputer Science (R0)