JOURNAL ARTICLE

Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach.

  • Published In: Risk Analysis: An International Journal, 2023, v. 43, n. 12. P. 2450 1 of 3

  • Database: Business Source Ultimate 2 of 3

  • Authored By: Chiaradonna, Stefano; Jevtić, Petar; Lanchier, Nicolas 3 of 3

Abstract

Networks like those of healthcare infrastructure have been a primary target of cyberattacks for over a decade. From just a single cyberattack, a healthcare facility would expect to see millions of dollars in losses from legal fines, business interruption, and loss of revenue. As more medical devices become interconnected, more cyber vulnerabilities emerge, resulting in more potential exploitation that may disrupt patient care and give rise to catastrophic financial losses. In this paper, we propose a structural model of an aggregate loss distribution across multiple cyberattacks on a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient‐monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. Our framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. To our knowledge, there exist no other models of an aggregate loss distribution for cyber risk in this setting. We contextualize the problem in the probabilistic graph‐theoretical framework using a percolation model and combinatorial techniques to compute the mean and variance of the loss distribution for a mixed random network with associated random costs that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. By characterizing this distribution, we allow for the further utility of pricing cyber risk. [ABSTRACT FROM AUTHOR]

Additional Information

  • Source:Risk Analysis: An International Journal. 2023/12, Vol. 43, Issue 12, p2450
  • Document Type:Article
  • Subject Area:Business and Management
  • Publication Date:2023
  • ISSN:0272-4332
  • DOI:10.1111/risa.14127
  • Accession Number:174109151
  • Copyright Statement:Copyright of Risk Analysis: An International Journal is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Looking to go deeper into this topic? Look for more articles on EBSCOhost.