{"id":234,"date":"2025-04-25T17:49:21","date_gmt":"2025-04-25T17:49:21","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/kdent006\/?page_id=234"},"modified":"2025-04-25T17:49:21","modified_gmt":"2025-04-25T17:49:21","slug":"article-review-2","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/kdent006\/article-review-2\/","title":{"rendered":"Article Review 2"},"content":{"rendered":"
\n
\n
\n
\n
Article Review #2 \u2013 Cyber Victimization in the Healthcare Industry: Analyzing Offender<\/span><\/strong>
Motivations and Target Characteristics through Routine Activities Theory (RAT) and<\/span><\/strong><\/div>\n
Cyber-Routine Activities Theory (Cyber-RAT)<\/span><\/strong><\/div>\n
<\/div>\n
Kaedon Denton<\/span>
03-27-2025<\/span><\/div>\n
<\/div>\n
Introduction and Understanding the Threat<\/span><\/strong><\/div>\n
<\/div>\n
Technology today stands as a backbone of not only our society in how we may gather and<\/span>
take in information or interact with each other, but it is more importantly entwined with our<\/span>
workforce now more than ever. There are multiple fields of work in today\u2019s age that rely on<\/span>
technology and the systems they provide; this technology and their systems are strengthened by<\/span>
their cybersecurity professionals enlisted to make sure that their systems cannot be compromised<\/span>
or if they are it is minimal with a plan to recover. Everyday a company or an individual with an<\/span>
online presence, especially those that handle digital data have a chance of being a victim of<\/span>
cybercrime, but this is significantly more prevalent in the healthcare industry. While the<\/span>
technological innovations in healthcare have improved the quality and accessibility of patient<\/span>
care, it does pose a big threat for them to become a cybercrime victim. Since It Is not just<\/span>
personal information that can be stolen but as well as the billing system that is used being<\/span>
disrupted, as seen in a cyberattack that occurred in February 2024, the cyberattack targeted one<\/span>
of the largest U.S. billing and payment system which not only disrupted the processing of<\/span>
millions of patients but also delayed them access to essential medications and care (Praveen,<\/span>
Kim, & Choi, 2024). These attacks that take place on the Healthcare system are some of the<\/span>
most consequential threats to the industry, while these attacks do not just greatly affect the<\/span>
billing systems in place, they can also affect staff not being able to access critical data, as well as<\/span>
with all the personal information that is held in their systems, a compromised system can have<\/span>
patient data stolen and or lost. As these cyber threats become more common and sophisticated,<\/span>
the healthcare industry is still behind in their infrastructure in developing plans to protect,<\/span>
respond to, and recover from cyberattacks (Praveen, Kim, & Choi, 2024). This article proposes<\/span>
using three specialized frameworks (Digital Capable Guardianship Framework, Online Lifestyle<\/span>
Awareness Framework, and Policy Framework) based on Routine Activity Theory (RAT) as<\/span>
preventive measures to be implemented into healthcare systems and to analyze cyber<\/span>
victimization in healthcare.<\/span><\/div>\n
<\/div>\n
Research Findings<\/span><\/strong><\/div>\n
<\/div>\n
The research done and recorded in this article set to address two research questions: (1)<\/span>
What are the primary motivations driving Advanced Persistent Threats to target the healthcare <\/span>industry? (2) What are the common characteristics and behaviors of APT groups that target<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
healthcare institutions (Praveen, Kim, & Choi, 2024)? The type of analysis that was used to<\/span>
examine the association between the motivation behind cyberattacks on the healthcare sector,<\/span>
whether the attacks are state-sponsored, and the attack methods used. Starting with the attack<\/span>
methods used there was a varied array of different attack methods, with malicious software<\/span>
deployment being the most prevalent in Critical Care and Patient Services (83.0%), followed by<\/span>
Unauthorized Access and Control (75.9%) and Deception methods such as phishing (70.0%).<\/span>
What was found as the most significant association between the cyberattacks on healthcare<\/span>
systems, was financial gain as the most predominant motive across all the segments especially in<\/span>
Critical Care and Patient Services (80.1%). There was as well Intellectual Property\/Patient data<\/span>
theft, but it was more prominent in High-value Data and Innovation Targets (37.5%) (Praveen,<\/span>
Kim, & Choi, 2024). Lastly when state sponsored attacks were examined the analysis showed a<\/span>
non-significant association between state sponsorship and the targeted healthcare system<\/span>
(Praveen, Kim, & Choi, 2024). But what was identified as state sponsored attacks they were<\/span>
most prevalent in Critical Care and Patient Services and in High-Value Date and Innovative<\/span>
Targets, the origin of these cyberattacks did show a significant association with Russia being the<\/span>
most frequent country of origin.<\/span><\/div>\n
<\/div>\n
Routine Activity Theory<\/span><\/strong><\/div>\n
<\/div>\n
The Routine Activity theory states that crime will likely occur when three key elements<\/span>
are present those elements being, motivated offenders, suitable targets, and the absence of<\/span>
capable guardians. Starting the first element \u201cMotivated Offenders\u201d they are what is posing a<\/span>
threat to the healthcare industry, since they posses the intent and capabilities to engage in<\/span>
cybercrime. Second is \u201cSuitable Targets\u201d and in regards to how it is applied here is by<\/span>
\u201cCybersecurity Vulnerabilities\u201d and with so much of healthcare being digitized it is a target for<\/span>
cyber attacks due to the amount of personal identifiable information that is held. Lastly there is<\/span>
\u201cAbsence of Capable Guardians\u201d which in this article does address not being able to directly see<\/span>
these institutions cyber security policy set in place, they instead opted to give another statement<\/span>
which is having proper education, simulation, and collaboration to help the workers identify and<\/span>
mitigate future cyberthreats (Praveen, Kim, & Choi, 2024).<\/span><\/div>\n
<\/div>\n
Conclusion<\/span><\/strong><\/div>\n
<\/div>\n
To conclude this article was able to layout their proposition of what should be done for<\/span>
healthcare institutions systems going forward, providing in-depth data of their findings. As well<\/span>
as not only providing data from what was captured from their analysis but also being able to take<\/span>
that information gathered and apply RAT to it to help in justification of implementing<\/span>
frameworks based off of RAT and making it Cyber-RAT. The contributions that this article can<\/span><\/div>\n<\/div>\n
provide is that of mass amount of data that was collected and the analyzed to help push for<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
healthcare systems to be strengthened at large, so that in the case of a cyberattack on their<\/span>
systems a healthcare institution does not have to shut out appointments or delay in helping<\/span>
someone who might need urgent care. If frameworks like these were implemented it would not<\/span>
only benefit the institutions but also society for the long term.<\/span><\/div>\n
<\/div>\n
<\/div>\n
References<\/span><\/strong><\/div>\n

Praveen, Y. , Kim, M. & Choi, K. (2024). Cyber Victimization in the Healthcare<\/span>
Industry: Analyzing Offender Motivations and Target Characteristics through<\/span>
Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-<\/span>
RAT) .<\/span> International Journal of Cybersecurity Intelligence & Cybercrime, 7(2)<\/span>, – .<\/span>
DOI: https:\/\/doi.org\/10.52306\/2578-3289.1186<\/span>
Available at: https:\/\/vc.bridgew.edu\/ijcic\/vol7\/iss2\/2<\/span><\/div>\n<\/div>\n
\n
<\/div>\n<\/div>\n
<\/div>\n<\/div>\n<\/div>\n
\n
<\/div>\n
<\/div>\n
\n
\n
<\/div>\n<\/div>\n<\/div>\n
<\/div>\n<\/div>\n<\/div>\n
<\/div>\n","protected":false},"excerpt":{"rendered":"

Article Review #2 \u2013 Cyber Victimization in the Healthcare Industry: Analyzing OffenderMotivations and Target Characteristics through Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-RAT) Kaedon Denton03-27-2025 Introduction and Understanding the Threat Technology today stands as a backbone of not only our society in how we may gather andtake in information or interact with each… <\/p>\n

Read More<\/a><\/div>\n","protected":false},"author":30384,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/kdent006\/wp-json\/wp\/v2\/pages\/234"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/kdent006\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/kdent006\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/kdent006\/wp-json\/wp\/v2\/users\/30384"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/kdent006\/wp-json\/wp\/v2\/comments?post=234"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/kdent006\/wp-json\/wp\/v2\/pages\/234\/revisions"}],"predecessor-version":[{"id":235,"href":"https:\/\/sites.wp.odu.edu\/kdent006\/wp-json\/wp\/v2\/pages\/234\/revisions\/235"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/kdent006\/wp-json\/wp\/v2\/media?parent=234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}