Almost everyone at some point in their life has a need to go to a hospital or medical care facility. In most cases, before the care can be administered or the issue(s) documented in a patient record, personally identifiable information provided by the patient is collected and expected to be properly stored so that it can be used to verify the patient’s identity. I will be conducting an article review of a study completed by Yashna Praveen, Mijin Kim, & Kyung-Shick Choi, who investigated the surprisingly common occurrence of victimization in the healthcare industry and what they believe are the leading motivations for its prevalence and the steps that let the organization to having been compromised. 

Relation to Principles of Social Sciences

The study was able to apply the principle of parsimony by focusing on specific factors that can explain how the cybercrimes happened without any unneeded complexity. Some of the factors mentioned are motivated offenders or suitable targets. The principle of determinism can be seen as well through identifiable patterns of behavior, such as the continued use of outdated infrastructure. Ethical Neutrality is seen throughout as no single strategy is being advocated for more intensely than another.

Research Questions & Hypotheses

The study questions “what the primary motivations are for Advanced Persistent Threats (APTs) to target the healthcare industry” (Praveen, Y et al., 2024), as well as asking “what common characteristics of APT groups target the healthcare industry” (Praveen, Y et al., 2024). With these questions, they hypothesize that healthcare organizations have an increased vulnerability from having medical data, which is thought to be valuable for criminals, and they do not have proper measures in place to protect the prized commodity.

Research Methods

Methods used during the course of the study include categorizing different cyber attacks based on target industry, motivation, or outcome. Praveen, Y et al. also utilized the Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-RAT) to evaluate enabling conditions for cyber victimization.

Data & Analysis

“The healthcare systems handle vast amounts of sensitive patient information, making their security paramount” (Praveen, Y et al., 2024). The study was able to analyze 1138 cyber attack cases that spanned 5 years (18’-23’).  With this information, analyses are able to gather attack trends and how often they happen, vulnerabilities, and other valuable information.

Relation to CYSE201S

A concept the I recognize is mentioned in this study and in class is the use of social engineering to gain access to an unauthorized network. Another concept is the notion that other nations gather information on separate nations to potentially exploit them.

Challenges/Concerns

Cyber-attacks disproportionately affect marginalized communities of people, more specifically those that would rely on the public health system for their care. “While convenient for providers and patients, this interconnectedness also creates opportunities for cybercriminals, who need only exploit a single weak entry point to compromise an entire system” (Praveen, Y et al., 2024).

Societal Contributions

This study can help raise awareness to teach cyber professionals to look out for the types of attacks that are present and identify who is initiating the attack, why the attack was conducted and hopefully be able to minimize the impact it has on patients and organizations alike.

In conclusion with technology only increasing in its usage, the healthcare industry desperately needs to catch up with the times if they hope to limit the amount of data breaches that occur. New frameworks need to be implemented to strengthen defenses and organizations build infrastructure with security in mind.