A stochastic optimisation model to support cybersecurity within the UK national health service

Abstract

Listen

Translate article

Over the past decade, the adoption of new digital technologies in healthcare has surged, significantly enhancing care delivery and accessibility. However, this digital transformation has been accompanied by a sharp increase in cyber-attacks, posing severe risks to hospital functionality and patient safety. To address the challenge of planning for uncertain future cyber incidents, we propose a two-stage stochastic model designed to bolster the cyber resilience of healthcare providers by selecting optimal countermeasures in preparation for upcoming cyber incidents. Numerical tests demonstrate the model’s effectiveness, with the Value of the Stochastic Solution showing a 21% improvement over a deterministic approach. To be optimally equipped even for low-probability high-impact attacks we incorporate the risk measure Conditional Value-at-Risk. The corresponding countermeasure solution led to 44% fewer rejected patients in a worst-case scenario. The robustness of the proposed solution is underscored by its consistent performance across various scenarios, budget levels, and risk preferences, making it a reliable tool for enhancing cybersecurity in healthcare. These results highlight the importance of tailored, robust cybersecurity strategies in healthcare, ensuring preparedness for a wide range of potential threats.