The healthcare industry security breaches
Between July 2018 and July 2019, the healthcare industry experienced over a 29% increase of security
breaches than that of the previous year as hackers determined to obtain sensitive patient information have
gained momentum exploiting various healthcare-related vulnerabilities (HHS, 2019).
Data breaches, malicious activities resulting in a multibillion-dollar range of annual losses, involve incidents
that derive from unauthorized access and subsequent compromise to the confidentiality, availability, and
integrity of sensitive data. Contributing to the compounded risks which developed from enhanced threats and
expanding threat exposure, the rapid growth of cybersecurity incidents and data security breaches affecting the
healthcare industry have become an increasing concern for information security professionals worldwide.
Although the healthcare sector is vulnerable to cyber-attacks targeted at infrastructure, services, and
interconnected devices, the impact of healthcare data breaches may be more profound than threat vectors
experienced with other prominent industries when accounting for risks to patient safety and wellbeing (Ahmed,
Naqvi, & Josephs, 2019).
Researchers founded risk-based models such as the Risk Management Framework (RMF) on the premise of
mitigating risks inherent within the information technology (IT) enterprise architecture and system development
lifecycle (SDLC) and reducing security breaches. Such frameworks usually combine security and risk
management functions into a tri-tiered risk management approach assessing the organization, business
processes, and the environment of operation (NIST, 2018). Adopting risk-based models such as the RMF
model within the organization provides information security managers in the healthcare sector the capability to
integrate enterprise-level cybersecurity and enhance the risk management experience through defined roles
and responsibilities.
As we discuss contingency planning, risk assessment, and risk control this week, let's reflect on the similarities
and differences of other risk-based models like the RMF.
What are some other risk-based models and how can they be implemented in the organization you chose?
Sample Solution
War contributed greatly to Roman expansion and the territory they accumulated as a result. It has been suggested that the Romans actively sought war as a way of conquering new territory and expanding their empire. However, it seems more likely that for the most part the Romans did not make war frivolously. War was seen as an honorable and sacred act, proven by the temples built to celebrate victory and the accumulation of new gods from places they conquered. All of these traditions support the idea that Romans held war in high regard and would typically need a purpose before going to war. Their commitment to the army was so ingrained and the fear of punishment so severe that soldiers would not abandon their group even when death was certain. Polybius writes, “Men in covering forces often choose certain death, refusing to leave their ranks even when vastly outnumbered, owing to dread of punishment they would later face.” (Polybius 376) Soldiers were also a valuable asset to Rome, the power and size of the army gave Rome legitimacy to deter foreign powers from invasion but also gain support from the people of Rome. Often when a new territory was conquered their taxation would be in the form of able men to act as soldiers in the Roman army. Using the time of a valuable general or losing soldiers lives without a worthy cause would have not made sense, and therefore pointless war is an unworthy expense. This idea is supported by the rigorous requirements that go into war preparation as well as the general disposition of the Romans. Polybius says about the Romans, “they do not want them to make attacks or initiate hostilities as much as to be ready and willing, when the battle is going against them and they are being hard pressed, to stand their ground and die on behalf of their country.” (Polybius 369) This gives one a good sense that Rome by no means was a victim but also cannot be considered an active aggressor or bully.