Cybersecurity & Social Science Article Review #2

Posted by cpola006 on

Summary of the article

            The article I chose to review, “Cyber Victimization in the Healthcare Industry: Analyzing Offender Motivations and Target Characteristics through Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-RAT)”, at its simplest, looks at cyber-attacks in healthcare industry. More specifically it applies the RAT (Routine Activities Theory) and CRAT (Cyber Routine Activities Theory) to the subject (Praveen et al., 2024).

            The article relates to the principles of the social sciences: Relativism and Determinism. The hypothesis of the article is that as the healthcare industry gets more and more reliant on technology, the more and more vulnerable it seems to have become to cybercriminals. This was most noticeable during the COVID-19 Pandemic, where the study noted that new technology and programs were rolled out with zero care for making sure the security of the systems was up to par (Praveen et al., 2024). It is also noticeable in the outdated technology that the healthcare industry clings to, which gets more and more vulnerable the longer it remains in use, which was clearly seen in the damage done by the WannaCry ransomware on the British healthcare system, where the exploit that the attack used had been patched a month before the attacks began but they had not applied the patches to their systems.

            The study was done by applying the RAT and CRAT to previous cases of cyberattacks on the healthcare industry, looking into the motivations behind those who committed the attacks. The study also looked into the vulnerabilities that make the healthcare industry so vulnerable to these cyberattacks. (Praveen et al., 2024)

            The data that was taken for the study consisted of past studies into various cyber-attacks on the healthcare industry, which generally provided the types of cybercriminal actors, the common methods they use to target the healthcare industry, the primary cause of the vulnerabilities in their systems, and why the cybercriminals had target their systems. The final amount of past cases that they looked over for the making of this paper was 1138 cases (Praveen et al., 2024).

            The analysis of the data showed that financial gain was a main reasoning behind the hacking, but was also spurred on the offenders being simply motivated by the easy to infect with ransomware or hack systems the healthcare industry is still using. They also note that due to a lack of training of workers, along with a lack of cybersecurity resources, in the field leads it to be vulnerable to phishing. (Praveen et al., 2024). The authors suggest the usual need for a strong cybersecurity policy as well as working with outside cybersecurity companies to help better secure the vulnerable industry from being easy pickings for hackers.

Conclusion

            I am going to take a fairly negative position against this article and its potential effects on the healthcare industry. I feel like it is highly unlike to have any effect, even if people from the industry read it. I remember when WannaCry happened in 2017. I had a Windows XP computer still and was fearful of getting infected. Of course I wasn’t obviously the intended target on the ransomware, but it still put enough fear into me to upgrade to a more modern operating system finally after being stubborn for years. Hearing that seven years later, the healthcare industry is still facing the exact same issues it was in 2017 due to their general refusal to upgrade and patch systems is frustrating and makes it hard to believe a single paper will have much of an effect. At least in the United States, the government is making a large push to bring all of our healthcare providers up to some form of standard (USPHS , 2023), but even still I remain skeptical that it will work out.

References

            Praveen, Y., Kim, M., & Choi, K.-S. (n.d.). Cyber victimization in the healthcare industry: Analyzing offender motivations and target characteristics through routine activities theory (RAT) and cyber-routine activities theory (Cyber-RAT). Virtual Commons – Bridgewater State University. https://vc.bridgew.edu/ijcic/vol7/iss2/2/

            United States Public Health Service. (2023). Healthcare sector cybersecurity – ASPR – hhs.gov. Administration for Strategic Preparedness and Response. https://aspr.hhs.gov/cyber/Documents/Health-Care-Sector-Cybersecurity-Dec2023-508.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *