Impact of Cyber Maturity Level on Health Sector

Abstract

The development of technology has accelerated the digital transformation in the health sector. As a result of digitization, the increasing network connections of devices and the transport of health data between different environments can leave medical devices and data vulnerable to new cybersecurity vulnerabilities. As cyber attacks to be carried out using these vulnerabilities may cause consequences that may threaten human life, the implementation of an effective cyber security is of critical importance in the health sector, as in other sectors. The fact that the focus of the institutions / organizations in the health sector is on the treatment of patients causes the necessary investment in cyber security to not be provided. In this case, it is unclear what the information security / cyber security risks in health systems are, what can be done to reduce these risks, how health data should be protected or how it can affect the institution when exposed to a cyber attack, and how much the existing security measures will protect the institution / organization. For this reason, institutions/organizations should be aware of their cyber security levels and increase their resilience against these attacks in order to minimize the impact of cyber security attacks on their institutions. In this paper, the Cyber Maturity Level Determination Method, which is a method that institutions/organizations can apply to increase their cyber security resilience, is recommended. In accordance with this method, institutions/organizations should measure their current cyber maturity level and increase their maturity by taking effective security measures. The Cyber Maturity Level Determination Method offers a method by which each institution/organization can determine and increase their maturity with a unique configuration by considering all of them without focusing on any of the good practices.