Sofia J., Reyes-Villanueva

School of Cybersecurity 

International Journal of Cybersecurity Intelligence and Cybercrime

CYSE 201S

Diwakar Yalpi

11, 17, 2024

I pledge to support the honor system of Old Dominion University. I will refrain from any form of academic dishonesty or deception, such as cheating or plagiarism. I am aware that as a member of the academic community, it is my responsibility to turn in all suspected violations of the Honor Code.

Introduction and the research questions. 

From the title of the article being “Cyber Victimization in the Healthcare Industry” (International Journal of Cybersecurity Intelligence and Cyber Crime), we can already infer that one of the principles mentioned in this journal is relativism, the meaning that all things are connected. In this article it would be the healthcare industry and how it is very reliable on their technology, along with how it connects to the cybersecurity practices and needs that a company needs to have. According to the article, it is stated that “despite healthcare institutions investing 65 billion dollars in cyber protection many remain inadequately equipped to counter these threats effectively(Protect Harbour, 2022/ Cyber Victimization in the Healthcare Industry)” . The industry lags behind other critical infrastructure areas and their understandings in these risks and developing plans on how to respond and recover from any type of cyberattack, due to their inaccuracy and challenges in keeping up with new types of cyberattacks, leading to a concerning rising number and data breaches and their magnitude. Routine Activities Theory (RAT) was introduced by Cohen and Felson in 1979, in posits that crime will likely occur with three key elements: motivated offenders, suitables targets, and the absence of capable guardians (Cyber Victimization in the Healthcare Industry), suggesting the principle of determinism and motivates will be explained further in this article review. RAT highlights the situational conditions in which crimes can occur, as well as the routines of possible victims, which I think can fall under the umbrella of victimization. With the help of RAT, scientists can investigate the motivations behind cyber attackers and identify vulnerabilities within the healthcare system, which help form the research questions for this article: “What are the primary motivations driving Advanced Persistent threats to target the healthcare industry” and “What are the common characteristics and behaviors of APT groups (whether state-sponsored or cybercriminal) that target healthcare instuitions (Cyber Victimization in the Healthcare Industry)” . These questions can help prevent and mitigate strategies for enhancing cybersecurity in the healthcare industry. There was also some policy implications like robust cybersecurity strategy centers, and the Policy Framework that integrates cybersecurity info the organization’s mission. There is also clear delineation of roles and responsibilities along with leadership and responsibility. Ethical Neutrality plays a role in this part of the article since the scientists must adhere to ethical standards and the policies the company may have. 

Types of Research and Methods used.

While conducting their research, Praveen, Y., and Choi, K. used archived data from past victimization cases from the Hackmageddon, from the healthcare industry from 2018 to 2023 (Cyber Victimization in the Healthcare Industry), which can be part of historical research since they used data from past events. The way their data is analyzed is by detailing the incident entries and identifying the key vulnerabilities such as the attack type, target, and the motivation. A topic we covered in class that related to the analyzed data is individual motives. There were different motives we discussed in class such as entertainment, politics, revenge, boredom, recognition, for money, etc. Based on the tables in the article, some of the (assumed to be or real) motives listed for past attacks have been financial gain, ideological motivations, research and intellectual property/patent data theft (Table 2, Table 4, Cyber Victimization in the Healthcare industry). In my opinion, the motives individuals have also relate to determinism, meaning that individuals should be held accountable for their behaviors, especially if it’s taking part in anything that breaks the cyberlaw. When it comes to their motivations, parsimony can also have a role in this article due to the “self-control theory”. Especially if the motivation has to do with financial gain, since they are choosing the wrong way to earn money and most people are greedy for money, and would do anything for it. The different tables with data presented in the article are:

1. Coding Scheme for Targeted Healthcare Organizations
2. Coding description for Independent Variables
3. Descriptive Statistics on the Types of Target Healthcare Organizations.
4. Descriptive Statistics on Cyber Attack Dynamics in Healthcare. 
5. Crosstabulation of Cyberattack Characteristics in Healthcare Entity Categories.

(Cyber Victimization in the Healthcare industry)

Conclusion: Overall contributions of the studies, and relates to the challenges, concerns, and contributions of marginalized groups. 

This study used the RAT framework to understand the key motives driving cyber-attacks on healthcare and help explain why the healthcare industry is a large and attractive target for cybercriminals. Although, this method did come with some limitations such as “the data used in this research was sourced from secondary databases, which may not capture all instances of cybercrime in the healthcare sector (Cyber Victimization in the Healthcare industry). This can cause or lead to biases and underreporting/selective reporting, not having all of the information nor experiencing it in real time. Another limitation mentioned in the article is the use of highly reliable open-source data, offering extensive coverage of incidents across various regions and organizations and encompassing a broad spectrum of cyberattack scenarios(Cyber Victimization in the Healthcare industry). Meaning the results for the behavior, motivation, and reason why the healthcare industry is such a big target may differ from countries, which can be a big point, since the cybercriminal could be from a different country causing there to be different behavioral patters then the most common one in the country were the attack took place. 

References

Author Last Name, Middle Initial. First Name. (Year of Publication). Title of journal. Publisher. 

Link/DOI