Article Review #2 – Cyber Victimization in the Healthcare Industry: Analyzing Offender
Motivations and Target Characteristics through Routine Activities Theory (RAT) and
Motivations and Target Characteristics through Routine Activities Theory (RAT) and
Cyber-Routine Activities Theory (Cyber-RAT)
Kaedon Denton
03-27-2025
03-27-2025
Introduction and Understanding the Threat
Technology today stands as a backbone of not only our society in how we may gather and
take in information or interact with each other, but it is more importantly entwined with our
workforce now more than ever. There are multiple fields of work in today’s age that rely on
technology and the systems they provide; this technology and their systems are strengthened by
their cybersecurity professionals enlisted to make sure that their systems cannot be compromised
or if they are it is minimal with a plan to recover. Everyday a company or an individual with an
online presence, especially those that handle digital data have a chance of being a victim of
cybercrime, but this is significantly more prevalent in the healthcare industry. While the
technological innovations in healthcare have improved the quality and accessibility of patient
care, it does pose a big threat for them to become a cybercrime victim. Since It Is not just
personal information that can be stolen but as well as the billing system that is used being
disrupted, as seen in a cyberattack that occurred in February 2024, the cyberattack targeted one
of the largest U.S. billing and payment system which not only disrupted the processing of
millions of patients but also delayed them access to essential medications and care (Praveen,
Kim, & Choi, 2024). These attacks that take place on the Healthcare system are some of the
most consequential threats to the industry, while these attacks do not just greatly affect the
billing systems in place, they can also affect staff not being able to access critical data, as well as
with all the personal information that is held in their systems, a compromised system can have
patient data stolen and or lost. As these cyber threats become more common and sophisticated,
the healthcare industry is still behind in their infrastructure in developing plans to protect,
respond to, and recover from cyberattacks (Praveen, Kim, & Choi, 2024). This article proposes
using three specialized frameworks (Digital Capable Guardianship Framework, Online Lifestyle
Awareness Framework, and Policy Framework) based on Routine Activity Theory (RAT) as
preventive measures to be implemented into healthcare systems and to analyze cyber
victimization in healthcare.
take in information or interact with each other, but it is more importantly entwined with our
workforce now more than ever. There are multiple fields of work in today’s age that rely on
technology and the systems they provide; this technology and their systems are strengthened by
their cybersecurity professionals enlisted to make sure that their systems cannot be compromised
or if they are it is minimal with a plan to recover. Everyday a company or an individual with an
online presence, especially those that handle digital data have a chance of being a victim of
cybercrime, but this is significantly more prevalent in the healthcare industry. While the
technological innovations in healthcare have improved the quality and accessibility of patient
care, it does pose a big threat for them to become a cybercrime victim. Since It Is not just
personal information that can be stolen but as well as the billing system that is used being
disrupted, as seen in a cyberattack that occurred in February 2024, the cyberattack targeted one
of the largest U.S. billing and payment system which not only disrupted the processing of
millions of patients but also delayed them access to essential medications and care (Praveen,
Kim, & Choi, 2024). These attacks that take place on the Healthcare system are some of the
most consequential threats to the industry, while these attacks do not just greatly affect the
billing systems in place, they can also affect staff not being able to access critical data, as well as
with all the personal information that is held in their systems, a compromised system can have
patient data stolen and or lost. As these cyber threats become more common and sophisticated,
the healthcare industry is still behind in their infrastructure in developing plans to protect,
respond to, and recover from cyberattacks (Praveen, Kim, & Choi, 2024). This article proposes
using three specialized frameworks (Digital Capable Guardianship Framework, Online Lifestyle
Awareness Framework, and Policy Framework) based on Routine Activity Theory (RAT) as
preventive measures to be implemented into healthcare systems and to analyze cyber
victimization in healthcare.
Research Findings
The research done and recorded in this article set to address two research questions: (1)
What are the primary motivations driving Advanced Persistent Threats to target the healthcare industry? (2) What are the common characteristics and behaviors of APT groups that target
What are the primary motivations driving Advanced Persistent Threats to target the healthcare industry? (2) What are the common characteristics and behaviors of APT groups that target
healthcare institutions (Praveen, Kim, & Choi, 2024)? The type of analysis that was used to
examine the association between the motivation behind cyberattacks on the healthcare sector,
whether the attacks are state-sponsored, and the attack methods used. Starting with the attack
methods used there was a varied array of different attack methods, with malicious software
deployment being the most prevalent in Critical Care and Patient Services (83.0%), followed by
Unauthorized Access and Control (75.9%) and Deception methods such as phishing (70.0%).
What was found as the most significant association between the cyberattacks on healthcare
systems, was financial gain as the most predominant motive across all the segments especially in
Critical Care and Patient Services (80.1%). There was as well Intellectual Property/Patient data
theft, but it was more prominent in High-value Data and Innovation Targets (37.5%) (Praveen,
Kim, & Choi, 2024). Lastly when state sponsored attacks were examined the analysis showed a
non-significant association between state sponsorship and the targeted healthcare system
(Praveen, Kim, & Choi, 2024). But what was identified as state sponsored attacks they were
most prevalent in Critical Care and Patient Services and in High-Value Date and Innovative
Targets, the origin of these cyberattacks did show a significant association with Russia being the
most frequent country of origin.
examine the association between the motivation behind cyberattacks on the healthcare sector,
whether the attacks are state-sponsored, and the attack methods used. Starting with the attack
methods used there was a varied array of different attack methods, with malicious software
deployment being the most prevalent in Critical Care and Patient Services (83.0%), followed by
Unauthorized Access and Control (75.9%) and Deception methods such as phishing (70.0%).
What was found as the most significant association between the cyberattacks on healthcare
systems, was financial gain as the most predominant motive across all the segments especially in
Critical Care and Patient Services (80.1%). There was as well Intellectual Property/Patient data
theft, but it was more prominent in High-value Data and Innovation Targets (37.5%) (Praveen,
Kim, & Choi, 2024). Lastly when state sponsored attacks were examined the analysis showed a
non-significant association between state sponsorship and the targeted healthcare system
(Praveen, Kim, & Choi, 2024). But what was identified as state sponsored attacks they were
most prevalent in Critical Care and Patient Services and in High-Value Date and Innovative
Targets, the origin of these cyberattacks did show a significant association with Russia being the
most frequent country of origin.
Routine Activity Theory
The Routine Activity theory states that crime will likely occur when three key elements
are present those elements being, motivated offenders, suitable targets, and the absence of
capable guardians. Starting the first element “Motivated Offenders” they are what is posing a
threat to the healthcare industry, since they posses the intent and capabilities to engage in
cybercrime. Second is “Suitable Targets” and in regards to how it is applied here is by
“Cybersecurity Vulnerabilities” and with so much of healthcare being digitized it is a target for
cyber attacks due to the amount of personal identifiable information that is held. Lastly there is
“Absence of Capable Guardians” which in this article does address not being able to directly see
these institutions cyber security policy set in place, they instead opted to give another statement
which is having proper education, simulation, and collaboration to help the workers identify and
mitigate future cyberthreats (Praveen, Kim, & Choi, 2024).
are present those elements being, motivated offenders, suitable targets, and the absence of
capable guardians. Starting the first element “Motivated Offenders” they are what is posing a
threat to the healthcare industry, since they posses the intent and capabilities to engage in
cybercrime. Second is “Suitable Targets” and in regards to how it is applied here is by
“Cybersecurity Vulnerabilities” and with so much of healthcare being digitized it is a target for
cyber attacks due to the amount of personal identifiable information that is held. Lastly there is
“Absence of Capable Guardians” which in this article does address not being able to directly see
these institutions cyber security policy set in place, they instead opted to give another statement
which is having proper education, simulation, and collaboration to help the workers identify and
mitigate future cyberthreats (Praveen, Kim, & Choi, 2024).
Conclusion
To conclude this article was able to layout their proposition of what should be done for
healthcare institutions systems going forward, providing in-depth data of their findings. As well
as not only providing data from what was captured from their analysis but also being able to take
that information gathered and apply RAT to it to help in justification of implementing
frameworks based off of RAT and making it Cyber-RAT. The contributions that this article can
healthcare institutions systems going forward, providing in-depth data of their findings. As well
as not only providing data from what was captured from their analysis but also being able to take
that information gathered and apply RAT to it to help in justification of implementing
frameworks based off of RAT and making it Cyber-RAT. The contributions that this article can
provide is that of mass amount of data that was collected and the analyzed to help push for
healthcare systems to be strengthened at large, so that in the case of a cyberattack on their
systems a healthcare institution does not have to shut out appointments or delay in helping
someone who might need urgent care. If frameworks like these were implemented it would not
only benefit the institutions but also society for the long term.
systems a healthcare institution does not have to shut out appointments or delay in helping
someone who might need urgent care. If frameworks like these were implemented it would not
only benefit the institutions but also society for the long term.
References
Praveen, Y. , Kim, M. & Choi, K. (2024). Cyber Victimization in the Healthcare
Industry: Analyzing Offender Motivations and Target Characteristics through
Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-
RAT) . International Journal of Cybersecurity Intelligence & Cybercrime, 7(2), – .
DOI: https://doi.org/10.52306/2578-3289.1186
Available at: https://vc.bridgew.edu/ijcic/vol7/iss2/2