ARTICLE 1: Routine Activities Theory, and its Relationship with Cybercrime in the Healthcare Industry

Introduction

In an age where malicious users desire to illegally obtain data from users and companies, it would be only natural that the healthcare industry would also be at risk. The healthcare industry in the United States has an enormous amount of personal identifiable information (PII), that malicious users desire to obtain for a variety of reasons. For example, in February 2024, cyber criminals targeted systems that control the largest billing and payment system in the United States. This then led to those dependent on the healthcare system for services and pharmaceuticals having to wait through delays. These delays could be potentially life threatening if the treatment or drugs they are receiving are vital for their life. It is true that healthcare companies are investing financial assets into fortifying their information; approximately 65 billion dollars went into the US healthcare system alone in 2022 to attempt and dissuade cyber crime. Evidently, this is not enough though as these companies, and in turn their dependents, are still at huge risk of compromise.

Understanding the R.A.T Theory, and how it Explains Cyber Crime against Healthcare.

When one attempts to understand cyber crime, it’s important to keep in mind that the individual behind the screen is human too, and that he/she will have a variety of beliefs and justifications as to why they are performing illicit activities. R.A.T theory provides a guideline that explains the concepts behind why malicious users may want to target the healthcare industry. R.A.T stands for “Routine Activities Theory,” and states that three main factors can lead to crime. These three factors are the individuals behind the crime having motivation to do so, the ability for these bad actors to find a suitable target, and a lack of preventative factors that would deter the crime from happening. With these three parameters, we can apply this directly to a cyber criminal’s justification for targeting the healthcare system. Motivated cyber criminals can find motivation from many different factors. In terms of attacks against the healthcare system, it can be said that financial gain is by far the largest motivating factor. In the studies performed in the article, over 94% of all cyberattacks in the United States were for financial gain. Motivating these malicious users to try and breach systems would be the rise of AI and machine learning. These tools allow cyber criminals to streamline their workload, find a system’s vulnerabilities quicker, and perform ransomware attacks. Healthcare Institutions can prove to be the perfect target for a malicious user seeking financial gain. These institutions store countless records of PII. This information is extremely valuable and can be treated as a commodity to sell on the black market if illegally obtained. Finally, the absence of limiting factors makes compromising a healthcare institution even more appealing than stated previously. Many devices and electronic medical equipment found in healthcare institutions simply are not secure enough for the modern cybersecurity landscape. For example, the IoT is a rapidly adopted technology that seeks to give ordinary appliances connection to wireless communication as a means for those tools to communicate with a centralized node or increase the device’s function. If this is not being regularly patched, cyber criminals can target vulnerabilities in these devices to potentially compromise a network.

Conclusion

Through reading the article, it is a glaring fact that US healthcare cybersecurity is unacceptably weak. Hundreds of millions of people are put at risk when healthcare companies cannot secure client’s PII, which can be then stolen and sold to organized crime vindicates. With that being said, the R.A.T method does provide valuable insight into the reasoning behind why cyber criminals treat the healthcare industry like a goldmine. Hopefully, cybersecurity specialist can synthesize the findings of the R.A.T method into practices to protect the United States Healthcare System.

References

Praveen, Y., Kim, M., & Choi, K.-S. (2024, September 16). Cyber victimization in the healthcare industry: Analyzing offender motivations and target characteristics through

ARTICLE 2: Identifying the Prevalence of Cybercrime in Indonesian Corporations: A Corporate Legislation Perspective

Indonesia’s Relation To Cybercrime

            In recent years, Indonesia has seen a dramatic increase in cybercrime. This can be accredited largely to an increase in availability of technology to citizens, laws enforcing cybercrime not being in place, and the fact that cybercrime can be extremely profitable. The nation of Indonesia has been rated as the riskiest nation in the world in terms of the rate of cybercrime. The nation, in 2019 alone, lost approximately 34.2 billion USD due to cybercrime. Interestingly, much of Indonesia’s cybercrime is corporate, meaning that employees of a company are launching cyberattacks against their own companies.

Propositions to Solve the Problem

            While it is obvious that Indonesia does have a cybersecurity problem, there are many avenues that companies and lawmakers can delve into to address the problem. The article suggest that the Government of Indonesia should create cybersecurity-specific laws that emphasize the importance of protecting individual’s data, their privacy to that data, and their financial transactions. In addition to that, this law or bill should set specific guidelines of what can be considered as corporate cybercrime. If corporate cybercrime is defined, then it can be penalized, hopefully to a more severe penalty than is currently in place.

            The article also promotes that businesses have some responsibility to bear in falling victim to corporate cybercrime. Businesses likely should consider investing in greater detection methods of incoming cyberattacks, as well as adhering to globally accepted cybersecurity protocols and practices. These two concepts likely will lead to the formation of a culture that is more inductive to safe cybersecurity practices.

            In the article, it mentions that specific laws should be amended to better reflect modern security risks, chiefly the “Electronic Information and Transactions (ITE),” law, and the “Indonesian Criminal Code (KUHP),” law. These laws should incorporate safeguards on client’s confidential information, as well as emphasize telecommunication laws to prevent cyber-criminals attempting to deface a corporation.

Conclusion

            With the growing trend of corporate cybercrime in Indonesia, it’s important to remember that in the scale of the rest of the world, Indonesia’s mass adoption of modern technology is relatively recent. With that being said, changes must be made to Indonesian legal code to protect clients and customers from fraud. Constant risk of cyberattacks de-credits the legitimacy of Indonesian business, as client’s are putting their personal data at risk, and international companies will look elsewhere to nations that take have more effective policies in place. Ultimately, it would be in Indonesia’s best interest to tackle their problem with corporate cyberattacks to benefit both economic and social factors.