Abstract

ABSTRACT This paper introduces a novel cyber incident cost estimation methodology, applicable to large Australian healthcare providers. A review demonstrates the poor utility of current risk estimation approaches and the vulnerability of healthcare networks is evaluated using Leibniz’s law of indiscernibles, and Evans’ theory of vague objects. Finally, a quantitative cost calculation method is proposed, merging temporal and impact variables with service data from the Australian Institute of Health and Welfare. This research demonstrates that existing attempts to measure cyber incident risk produces vague results. This is evidenced by 929 Australian healthcare data breaches recorded over 5 years, a AU$0.6bn annual national risk exposure, and low levels of healthcare cyber maturity across three states. The likelihood of data breaches is reported as 99.4%, with known ICT vulnerabilities exceeding 207,000. After logically concluding that healthcare networks are fundamentally insecure, an ‘operational shock’ calculation method is modelled against the AIHW data, to illustrate realistic cyber incident costs. This returns an exposure across Australia’s acute care hospital network of AU$148.1 m from a single incident that takes 1 week to resolve. In considering this quantum, risk transfer options using cyber insurance and improved agency cyber risk programs are required to mitigate significant financial risks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.