Abstract
Organizational and end user data breaches are highly implicated by the role of information security conscious care behavior in respective incident responses. This research study draws upon the literature in the areas of information security, incident response, theory of planned behaviour, and protection motivation theory to expand and empirically validate a modified framework of information security conscious care behaviour formation. The applicability of the theoretical framework is shown through a case study labelled as a cyber-attack of unprecedented scale and sophistication in Singapore’s history to-date, the 2018 SingHealth data breach. The single in-depth case study observed information security awareness, policy, experience, attitude, subjective norms, perceived behavioral control, threat appraisal and self-efficacy as emerging prominently in the framework’s applicability in incident handling. The data analysis did not support threat severity relationship with conscious care behaviour. The findings from the above-mentioned observations are presented as possible key drivers in the shaping information security conscious care behaviour in real-world cyber incident management.
Highlights
The patient electronic medical records are stored in the SingHealth Sunrise Clinical Manager (“SCM”) database
At the time of the occurrence, SingHealth was the owner of the SCM system and Integrated Health Information Systems Private Limited (“IHiS”) was in charge of managing the system
IHiS was responsible for executing cybersecurity measures, and security incident response and reporting
Summary
The data breach resulted in almost 1.5 million patient personal demographics being exfiltrated to a suspect nation state actor in which 159,000 outpatient medication details were accessed. The country’s Prime Minister’s personal and outpatient medication data was targeted and repeatedly accessed. The breach at JP Morgan Chase (a major U.S financial services provider) in 2014 resulted in the compromise of personally identifiable information, while the 2011 Sony incident resulted in the leakage of both personal and financial data. In both incidents, over 70 million users were impacted [9,10].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.