Cyber Security in Healthcare Organisations

The aim of the research described in this paper was to develop a cyber security survey for the purpose of assessing the state of cyber security controls in a selection of healthcare organisations in South Australia. To achieve this aim, a gap analysis was conducted, using the collected data, that identified cyber security controls which had not been implemented satisfactorily, according to management. An acceptable level of cyber security is dependent on a specific set of controls that should have been implemented in order to maintain the Confidentiality, Integrity and Availability (CIA) of digital healthcare data and the risk appetite of the organisations. Specifically, in this case, healthcare management was concerned about the increasing number of cyber threats to Patient Health Information (PHI). In this era of a connected world, information is highly sought after and vulnerable to cyber security breaches. In this context, cyber security can be seen to be very similar to personal hygiene, such that, personal hygiene is only achieved if the appropriate practices, routines, actions, and behaviours are in place.