Article Review #2

Darrian Taylor

April 4, 2025


Cyber Victimization in the Healthcare Industry

Intro

The healthcare sector has become a major target for cybercriminals due to its reliance on digital systems and sensitive data. In the article “Cyber Victimization in the Healthcare Industry”, authors Praveen, Kim, and Choi (2024) analyze how and why these institutions are frequently victimized. They use Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-RAT) to study several cyberattacks involving healthcare organizations. Their goal is to better understand offender behavior, institutional vulnerabilities, and how both theories explain patterns in digital victimization. This review summarizes the article’s research focus, methods, and findings, and connects its content to broader social science and cybersecurity themes discussed in class.

Relation to Social Sciences

This study directly relates to social science principles, particularly those found in criminology. Routine Activities Theory (RAT) and its cyber-focused extension, Cyber-RAT, explore how criminal behavior is influenced by the availability of targets, the presence of offenders, and the absence of protective measures. These ideas are widely used in social science research on crime prevention, victimization, and institutional risk. By applying these theories to cybercrime in healthcare, the study connects technical aspects of cybersecurity with broader societal concerns, such as infrastructure security and public policy.

Research Questions and Hypotheses

The study seeks to address key concerns regarding the frequency and nature of cyberattacks on healthcare institutions. It explores questions such as:
• Why are healthcare organizations frequently targeted by cybercriminals?
• What characteristics make these institutions more vulnerable to cyber threats?

Although the authors do not explicitly outline formal hypotheses, their research is guided by the assumption that structural and operational vulnerabilities within healthcare systems contribute to the increased risk of cyber victimization.

Research Methods

The study relies on qualitative research methods, specifically content analysis of documented cyberattacks in the healthcare sector. The authors review case studies from publicly available reports, forensic investigations, and breach disclosures. By applying Routine Activities Theory and Cyber-RAT, they categorize these incidents to identify recurring patterns in attack methods and institutional weaknesses.

Data and Analysis

The study gathers data from cybersecurity reports, law enforcement records, and academic literature on healthcare-related cybercrime. The analysis focuses on categorizing cyber incidents based on their alignment with RAT and Cyber-RAT principles. Attacks involving ransomware, phishing schemes, and data breaches are evaluated to determine how the absence of security measures contributes to their success.

Connection to Course Concepts

The findings in this article align with key cybersecurity principles discussed in class, particularly those related to risk management, digital forensics, and the human element in cyber threats. The PowerPoint topics covering social engineering, threat modeling, and critical infrastructure vulnerabilities closely relate to the study’s exploration of attacker behavior and institutional weaknesses. The application of criminological theories to cybersecurity further reinforces the interdisciplinary nature of the field.

Impact on Marginalized Groups

Healthcare organizations serve diverse populations, including many individuals who are socially and economically disadvantaged. When these institutions experience cyberattacks, the impact is disproportionately severe for marginalized communities. Limited access to alternative healthcare options, financial constraints, and a lack of digital literacy can leave these individuals more vulnerable to the consequences of data breaches and system disruptions. The study highlights the need for stronger security measures to protect sensitive patient information and ensure equitable healthcare access.

Contributions to Society

This research offers valuable insights into the cybersecurity challenges facing the healthcare sector. By applying criminological theories to cyber victimization, the authors provide a framework for understanding offender motivations and institutional vulnerabilities. The study emphasizes the importance of proactive security policies, increased awareness, and improved technological safeguards. Its findings contribute to the ongoing efforts to enhance cybersecurity resilience in critical industries and protect vulnerable populations from digital threats.

Conclusion

The article by Praveen, Kim, and Choi (2024) offers a comprehensive analysis of cyber victimization in the healthcare industry, demonstrating how RAT and Cyber-RAT can be used to explain patterns of cybercrime. The study highlights the risks faced by healthcare institutions and underscores the need for stronger security measures. Its findings have significant implications for policymakers, cybersecurity professionals, and public health officials seeking to mitigate cyber threats in essential services.

References

Praveen, Y., Kim, M., & Choi, K.-S. (2024). Cyber Victimization in the Healthcare Industry: Analyzing Offender Motivations and Target Characteristics through Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-RAT). International Journal of Cybersecurity Intelligence and Cybercrime, 7(2). https://vc.bridgew.edu/ijcic/vol7/iss2/2