Cybersecurity in Hospitals: A Systematic, Organizational Perspective

Jalali, Mohammad S.; Kaiser, Jessica P.

doi:10.2139/ssrn.3100364

Cited by 24 publications

(25 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…From a resource-based perspective, Bharadwaj [26] developed the concept of IT as an organizational capability. Here, we consider cybersecurity capability as an organizational capability (similar to [27]) and focus on its development challenges within organizations-driven from managers' perceptions and understanding of the complexities of capability development.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment

Jalali

Siegel

Madnick

2019

The Journal of Strategic Information Systems

View full text Add to dashboard Cite

We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals with those of an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects; however, experienced subjects were better able to learn the need for proactive decision-making through an iterative process. Both groups exhibited similar errors when dealing with the uncertainty of cyber incidents. Our findings highlight the importance of training for decision-makers with a focus on systems thinking skills, and lay the groundwork for future research on uncovering mental biases about the complexities of cybersecurity. development. albeit inadvertently-introduce new, more subtle vulnerabilities. Research also suggests that attackers in cyberspace are not only rational and motivated by economic incentives [6], but also act strategically in identifying targets and approaches [7]-in other words, "The good guys are getting better, but the bad guys are getting badder faster" [8]. Perhaps there was a time a decade ago when cybersecurity was only a matter of "if" an organization was going to be compromised, but today it has become a question of "when," and "at what level."Despite the proliferation of cyberattack capabilities and their potential implications, many organizations still perform poorly with respect to cybersecurity management. These companies ignore or underestimate cyber risks, or rely solely on generic off-the-shelf cybersecurity solutions. A mere 19% of chief information security officers (CISOs) are confident that their companies can effectively address a cybersecurity incident [9]. In May 2017, the WannaCry ransomware attack-a type of malware that blocks access to computer systems until a ransom is paid-affected companies worldwide, even though a patch for the exploited Windows vulnerabilities had been made available by Microsoft months earlier in March 2017 [10]. As data grows in size and value, the increase of cyber risks and escalation of privacy concerns demand that managers improve their approach to cybersecurity capability development-interventions to build such capabilities typically include improvements to technology already in place, in addition to the purchase of new technology, talent acquisition, and training, among other activities. Research objective and approachThe importance of being proactive in cybersecurity capability development is well understoodit is more cost effective than taking a reactionary approach and reduces failure rates [11].Although many executives and decision-makers are becoming aware of the significance of cybersecurity, a major question remains unanswered: Are experienced managers more proactive than inexperienced individuals in building cybersecurity capabilities? F...

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%

Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment

Jalali

Siegel

Madnick

2019

The Journal of Strategic Information Systems

View full text Add to dashboard Cite

show abstract

“…Moreover, given the need to adhere to privacy laws and prevent the loss of data, the EMR system provides the necessary security against cyberattacks. 20,21 REDCap is a parallel system embedded within the EMR data with stringent security measures including password protection, limited access, user-authentication, HIPAA compliance, and an auditing trail of usage, hence ensuring a regulated safe data storage environment. 22 We also posit that if this system was widely adopted, it could be imported into other EMR systems, allowing for possible cross-institutional comparisons if required.…”

Section: Discussionmentioning

confidence: 99%

Electronic tumor board presentations as the basis for the development of a head and neck cancer database

Rangabashyam

Wee

Wang

et al. 2020

Laryngoscope Investig Oto

View full text Add to dashboard Cite

Background Multidisciplinary team meetings or tumor boards (TBs) form a pivotal component of oncology practice. The crux of a TB revolves around making treatment decisions based on succinct head and neck cancer (HNC) patient data presentations, which can be challenging and complex. Apart from meticulous TB presentations, discussions and treatment plan documentation is equally important. The aim of this study was to structure an electronic synoptic TB data presentation to address all these areas. The overarching benefits of systematic TB data collection include facilitating audits and research. Methods We utilized a secure web‐based tool that was used for common scientific research purposes but customized to store HNC patient data. The data points were tabulated across eight TB pages: (a) TB scheduling, (b) patient biodata, (c) diagnosis details, (d) index presentation, (e) images, (f) management and histopathology, (g) TB presentation, and (h) TB discussion and decisions. Each data point leads to additional fields by branching logic to permit further relevant data entry. This was integrated within the patient electronic medical records allowing for a direct internal trajectory to recall TB data. Results From October 2015 to October 2018, we recorded over 2000 presentations for 1279 individual patients. This is a quality improvement initiative, and hence, the results are more of a broad analysis of our TB presentation process. The most common cancers were squamous cell (523, 41%), thyroid (207, 16%), and nasopharyngeal (139, 11%) carcinomas. Importantly, this system has formed the basis for a number of clinical and translational research projects and audit outcomes. Conclusion Despite TBs being vital to oncologic practice, little attempt has been made to report TB data management. In this study, we present an efficient system that permits the integration of dual functions: TB data presentation and oncologic data collection for research, recall, and audit purposes.

show abstract

“…Cyber security in hospitals was studied from an organisational perspective by Jalali et al [18] in 2018. One of their main findings is that reducing the end point complexity increases the security, mainly because the complex IT environment in a hospital is vulnerable for exploitation by cybercriminals.…”

Section: Healthcare Data Securitymentioning

confidence: 99%

Measuring Cyber Security Awareness within Groups of Medical Professionals in Poland

Hyla¹,

Fabisiak²

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

The goal of this study is to measure the cyber security awareness of medical professionals in Poland, i.e. to verify whether healthcare specialists have knowledge and understanding of basic cyber security threats. This survey was based on the cyber security recommendations from the European Union Agency for Network and Information Security and the U.S. Department of Health and Human Services. The survey consisted of 23 single and multiple-choice questions divided into four parts. The results categorized the respondents and measured the level of cyber security awareness. Among the 620 persons invited to participate in the survey, 300 (48.39%) responded and answered all of the questions. The results show a an unsatisfactory level of knowledge regarding information security in Poland. The main conclusion drawn from the survey is that the quality of cyber security training among medical professionals should be improved and frequency of the trainings should be increased.

show abstract

Cybersecurity in Hospitals: A Systematic, Organizational Perspective

Abstract: The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters.

Cited by 24 publications

References 16 publications

Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment

Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment

Electronic tumor board presentations as the basis for the development of a head and neck cancer database

Measuring Cyber Security Awareness within Groups of Medical Professionals in Poland

Contact Info

Product

Resources

About