Decision support for healthcare cyber security

The pandemic has demonstrated that healthcare systems are prime targets for attackers. Finding an optimal security control set is a constant challenge for health organizations, where cost is a major consideration. The purpose of this paper is to demonstrate a healthcare cost optimization system as well as a case study based on two IT setup configurations that have been evaluated by medical experts as well as IT experts. These configurations would aid in conveying the complexity of the decision parameters and demonstrating how CySecTool handles this difficulty. In the study, 64 different security controls were linked to 70 vulnerabilities that could occur at any level of a hospital system dealing with both internal and external attacks/risks. The study also includes a novel visualization scheme that allows for the observation of vulnerabilities and also their subcategories based on Microsoft's STRIDE categorization.