Managing Security Risk: Modeling the Root Causes of Data Breaches

For-profit versus non-profit cybersecurity posture: breach types and locations in healthcare organisations

BACKGROUND

The implementation of emerging technologies has resulted in an increase of data breaches in healthcare organisations, especially during the COVID-19 pandemic. Health information and cybersecurity managers need to understand if, and to what extent, breach types and locations are associated with their organisation's business type.

OBJECTIVE

To investigate if breach type and breach location are associated with business type, and if so, investigate how these factors affect information systems and protected health information in for-profit versus non-profit organisations.

METHOD

The quantitative study was performed using chi-square tests for association and post-hoc comparison of column proportions analysis on an archival data set of reported healthcare data breaches from 2020 to 2022. Data from the Department of Health and Human Services website was retrieved and each organisation classified as for-profit or non-profit.

RESULTS

For-profit organisations experienced a significantly higher number of breaches due to theft, and non-profit organisations experienced a significantly higher number of breaches due to unauthorised access. Furthermore, the number of breaches that occurred on laptops and paper/films was significantly higher in for-profit organisations.

CONCLUSION

While the threat level of hacking techniques is the same in for-profit and non-profit organisations, certain breach types are more likely to occur within specific breach locations based on the organisation's business type. To protect the privacy and security of medical information, health information and cybersecurity managers need to align with industry-leading frameworks and controls to prevent specific breach types that occur in specific locations within their environments.

Data security crisis in universities: identification of key factors affecting data breach incidents

The extremely complex and dynamic digital environments of universities make them highly vulnerable to the risk of data breaches. This study empirically investigated the factors influencing data breach risks in the context of higher education, according to crime opportunity theory and routine activity theory. The data consisted of university samples from China and were collected mainly from the Chinese Education Industry Vulnerability Reporting Platform. After applying Poisson regression for the estimation, increased public disclosure of vulnerabilities was found to escalate the frequency of data breaches, whereas cross-border data flow decreased the number of data breaches. Furthermore, the mechanism by which academic strength affects data breaches was examined through the two mediators of cross-border data flow and vulnerability disclosure. In addition, cloud adoption reduced data breaches, and public clouds were determined to be relatively more secure than private clouds. Cloud adoption also acted as a moderator between the negative impact of vulnerabilities and the positive impact of cross-border data flow on data breaches. The estimation and robustness findings revealed the underlying mechanisms that impacted university data security, clarifying the understanding of data breaches and suggesting practical implications for universities and other institutes to improve information security. The findings of this study provide insights and directions for future research.

Factors Associated with Information Breach in Healthcare Facilities: A Systematic Literature Review

This systematic review aimed to identify the factors associated with information breaches in healthcare settings. We searched electronic databases, including PubMed, Embase, Scopus, and Wiley, for all publications until March 6, 2022 (no start date restriction) and outlined the eligibility criteria framework using Population, Concept, and Context (PCC). Our search strategies yielded 2,156 results, with nine studies included in the final review. We grouped the factors attributed to data breaches into four categories: organizational, information technology (IT), professionals/employees, and clients/patients. Hospital type, hospital size (more beds), higher operationalexpenses and revenue, higher admissions and discharges, and higher Electronic Medical Record (EMR) use, being at earlier phases of EMR adoption, were associated with higher information breaches. Professional factors such as the type of personnel involved and the hospital area can potentially impact the breaches' frequency and magnitude. Patients' sociodemographic, clinical, and behavioral characteristics, such as gender and educational attainment, appear to influence the perceived breach of confidentiality in healthcare settings. Identifying different factors contributing to health information breaches is crucial to protecting healthcare organizations and patients from the devastating consequences of data breaches.

Healthcare Breaches During COVID-19: The Effect of the Healthcare Entity Type on the Number of Impacted Individuals

The COVID-19 pandemic led to an increase in cybersecurity attacks on organizations operating in the healthcare industry. Health information professionals and health executives are unable to limit the impact of data breaches on records their organizations handle. While current research focuses on prevention strategies and the understanding of the causes of data breaches, it failed to address how to mitigate the impact of successful cybersecurity attacks. This quantitative research paper examined the effect the healthcare entity type has on the number of impacted individuals for healthcare data breaches that occurred during the pandemic. Health information professionals will be able to mitigate the number of breached records based on their organizational type. Some of this paper's findings include the call for implementation of organizational frameworks aimed to protect patient information, and the call for further research to understand how other factors might affect the impact of healthcare data breaches.

An evidence-based review of the scope and potential ethical concerns of teleorthodontics

PURPOSE

The aim was to evaluate the scope and potential ethical concerns related to the use of teledentistry in clinical orthodontics.

METHODS

Indexed databases were searched up to and including October 2020. The eligibility criteria were as follows: (a) original clinical studies, and (b) case reports/series. Historic reviews, commentaries, experimental studies, and letters to the editor, were excluded. The pattern of the present review was customized to summarize the relevant information.

RESULTS

A total of 4 clinical studies (out of 1016) were included in the present evidence-based review. Three studies reported that teledentistry is useful in clinical orthodontics. In 1 study, a clear conclusion could not be derived regarding the benefits of teledentistry in clinical orthodontics. Two out of 4 studies did not obtain prior approval from an Institutional Review Board or Ethical Committee. Three studies did not report any measures that were undertaken to safeguard the electronic transfer of patient-related health information.

CONCLUSIONS

Teleorthodontics facilitates treatment planning/monitoring by sharing orthodontics-based patient records among oral healthcare providers; however, the importance of direct patient supervision and routine follow-ups during orthodontic therapy cannot be overlooked. Further studies are needed to establish ethical guidelines and a standard of care in this emerging field.