Systematic Review of Current Risk Management Methods in Cybersecurity for Healthcare

Abstract

Presented systematic review is analyzing cyber risk management, more specifically economic aspect of the measures resulting from the risk analysis, through search of Web of Science and Scopus databases. The article questions the current scientific knowledge in the field of applicability of quantitative methods on measuring of the negative impact of successful cyberattacks. The purpose of the article is to define how these shall be improved for real application in the environment of healthcare, being specific not only by operating with sensitive patient data, but also by the urgency with which system malfunctions must be dealt with in order to prevent threatening the health and lives of patients (the fact that is providing the attacker with a unique position of privilege). While it is apparently necessary to invest more resources into the cybersecurity in healthcare, it is at the same time essential to ensure that these measures are profitable and the resources for them are spent economically. While cost of human life cannot easily be quantified, it is now time to search for methods on how to define an appropriate cybersecurity investment as opposed to the costs of a potential cyberattack.Presented systematic review is analyzing cyber risk management, more specifically economic aspect of the measures resulting from the risk analysis, through search of Web of Science and Scopus databases. The article questions the current scientific knowledge in the field of applicability of quantitative methods on measuring of the negative impact of successful cyberattacks. The purpose of the article is to define how these shall be improved for real application in the environment of healthcare, being specific not only by operating with sensitive patient data, but also by the urgency with which system malfunctions must be dealt with in order to prevent threatening the health and lives of patients (the fact that is providing the attacker with a unique position of privilege). While it is apparently necessary to invest more resources into the cybersecurity in healthcare, it is at the same time essential to ensure that these measures are profitable and the resources for them are spent economically. While cost of human life cannot easily be quantified, it is now time to search for methods on how to define an appropriate cybersecurity investment as opposed to the costs of a potential cyberattack.