{"title":"医疗保健公司的网络风险可以投保吗?一个多项逻辑回归模型","authors":"Swati Jain, Arunabha Mukhopadhyay, Saloni Jain","doi":"10.1080/10919392.2023.2244386","DOIUrl":null,"url":null,"abstract":"ABSTRACT The healthcare sector is prone to Distributed Denial-of-Service and Ransomware attacks owing to unsecured networks and software. This results in stalling of outpatient and inpatient operations of a hospital. In this study, we propose an H-CRAM model that computes the risk of a cyber-attack based on the threat appraisal component of the Protection Motivation Theory (PMT) using multinomial logistic regression. We also hypothesize that training the healthcare staff, implementing IT governance, and intervening technology will decrease the probability of the occurrence of a cyber threat. The severity of the risk is computed using Collective Risk Modelling. Next, based on the coping appraisal component of PMT, Rational Choice Theory, and NIST guidelines, we propose that the CIO of a healthcare firm should first reduce the cyber-risk by investing in encrypting Electronic Health Records, Security Incident and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) tools. Then pass the residual cyber risk to a cyber insurer.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"33 1","pages":"41 - 69"},"PeriodicalIF":2.0000,"publicationDate":"2023-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"CAN CYBER RISK OF HEALTH CARE FIRMS BE INSURED? A MULTINOMIAL LOGISTIC REGRESSION MODEL\",\"authors\":\"Swati Jain, Arunabha Mukhopadhyay, Saloni Jain\",\"doi\":\"10.1080/10919392.2023.2244386\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT The healthcare sector is prone to Distributed Denial-of-Service and Ransomware attacks owing to unsecured networks and software. This results in stalling of outpatient and inpatient operations of a hospital. In this study, we propose an H-CRAM model that computes the risk of a cyber-attack based on the threat appraisal component of the Protection Motivation Theory (PMT) using multinomial logistic regression. We also hypothesize that training the healthcare staff, implementing IT governance, and intervening technology will decrease the probability of the occurrence of a cyber threat. The severity of the risk is computed using Collective Risk Modelling. Next, based on the coping appraisal component of PMT, Rational Choice Theory, and NIST guidelines, we propose that the CIO of a healthcare firm should first reduce the cyber-risk by investing in encrypting Electronic Health Records, Security Incident and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) tools. Then pass the residual cyber risk to a cyber insurer.\",\"PeriodicalId\":54777,\"journal\":{\"name\":\"Journal of Organizational Computing and Electronic Commerce\",\"volume\":\"33 1\",\"pages\":\"41 - 69\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2023-04-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Organizational Computing and Electronic Commerce\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1080/10919392.2023.2244386\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2023.2244386","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
CAN CYBER RISK OF HEALTH CARE FIRMS BE INSURED? A MULTINOMIAL LOGISTIC REGRESSION MODEL
ABSTRACT The healthcare sector is prone to Distributed Denial-of-Service and Ransomware attacks owing to unsecured networks and software. This results in stalling of outpatient and inpatient operations of a hospital. In this study, we propose an H-CRAM model that computes the risk of a cyber-attack based on the threat appraisal component of the Protection Motivation Theory (PMT) using multinomial logistic regression. We also hypothesize that training the healthcare staff, implementing IT governance, and intervening technology will decrease the probability of the occurrence of a cyber threat. The severity of the risk is computed using Collective Risk Modelling. Next, based on the coping appraisal component of PMT, Rational Choice Theory, and NIST guidelines, we propose that the CIO of a healthcare firm should first reduce the cyber-risk by investing in encrypting Electronic Health Records, Security Incident and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) tools. Then pass the residual cyber risk to a cyber insurer.
期刊介绍:
The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas.
JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business.
Theoretical, experimental, survey, and design science research are all welcome and might look at:
• E-commerce
• Collaborative commerce
• Interorganizational systems
• Enterprise systems
• Supply chain technologies
• Computer-supported cooperative work
• Computer-aided coordination
• Economics of organizational computing
• Technologies for organizational learning
• Behavioral aspects of organizational computing.