IIM Lucknow team develops model to mitigate cyberattacks in healthcare

NEW DELHI: A research team of Indian Institute of Management (IIM Lucknow) has developed a model to protect healthcare systems from cyberattacks. The ‘Healthcare cyber risk assessment model’, which is developed by the team led by IIM Lucknow professor Arunabha Mukhopadhyay, will ensure security of patient data and the continuity of digital healthcare services for healthcare institutions.

The team has tackled the issue of cyberattacks on health institutions by investigating the weak points in data security systems. The has proposed that cybersecurity can become an issue if the healthcare staff lacks training to mitigate malpractices such as phishing, and when IT governance and security technology are not effectively implemented.

Mukhopadhyay, said, “Our risk assessment and quantification models have helped us group 1,788 US healthcare firms on a ‘heat matrix’ that shows the likelihood of a cyberattack and its potential severity. This gives us a clear picture of how ready the firms are to tackle cyber threats. We also propose a plan to tackle the risks, which is customized according to the position of the firm in the matrix.”

Features of model

The model assists chief information officers (CIOs) of healthcare institutions in determining the vulnerability of the healthcare institution to cyberattacks. It also employs collective risk modelling to assess the potential severity of cyberattacks. The model also offers recommendations on how to mitigate and prevent the potential cyberattacks.

Also Read | IIM Lucknow, Imarticus Learning launch executive programme in AI for business

The research was funded by the cyber security division of the ministry of electronics and information technology. It has been published in the Journal of Organisational Computing and Electronic Commerce. The paper has been co-authored by Arunabha Mukhopadhyay, along with his research scholars Swati Jain and Saloni Jain.

The IIM Lucknow said the increasing complexity and sensitivity of data in healthcare organisations have heightened their susceptibility to cyberattacks, especially as the healthcare sector's reliance on digital data has grown during the COVID-19 pandemic. Digital health records contain sensitive personal information like Government IDs, medical histories, finances, and insurance details, which cybercriminals can use for identity theft and fraud, it added.