Content area
Recent cyber-attacks targeting healthcare organizations underscore the growing prevalence of the sector as a prime target for malicious activities. As healthcare systems manage and store sensitive personal health information, the imperative for robust cyber security and privacy protocols becomes increasingly evident. Consequently, healthcare institutions are compelled to actively address the intricate cyber security risks inherent in their digital ecosystems. In response, we present RAMA, a risk assessment solution designed to evaluate the security status of cyber systems within critical domain, such as the healthcare one. By leveraging RAMA, both local stakeholders, such as the hospital’s IT personnel, and global actors, including external parties, can assess their organization’s cyber risk profile. Notably, RAMA goes beyond risk quantification; it facilitates a comparative analysis by enabling organizations to measure their performance against average aggregated mean scores, fostering a culture of continuous improvement in cyber security practices. The practical efficacy of RAMA is demonstrated through its deployment across four real-world healthcare IT infrastructures. This study not only underscores the significance of addressing cyber security risks within healthcare but also highlights the value of innovative solutions like RAMA in safeguarding sensitive health information and enhancing the sector’s overall cyber resilience.
Details
; Floros, Evangelos 2 ; Basdekis, Ioannis 3 ; Prelipcean, Dumitru-Bogdan 4 ; Sotiropoulos, Aristeidis 5 ; Debar, Herve 6 ; Zarras, Apostolis 7
; Spanoudakis, George 3
1 SPHYNX Technology Solutions AG, Zug, Switzerland (GRID:grid.519511.8); City University of London, Department of Computer Science, London, UK (GRID:grid.28577.3f) (ISNI:0000 0004 1936 8497)
2 University General Hospital of Heraklion, Crete, Hellas (GRID:grid.412481.a) (ISNI:0000 0004 0576 5678)
3 SPHYNX Technology Solutions AG, Zug, Switzerland (GRID:grid.519511.8)
4 Bitdefender, Bucharest, Romania (GRID:grid.519511.8); Alexandru Ioan Cuza University, Iaşi, Romania (GRID:grid.8168.7) (ISNI:0000 0004 1937 1784); Paris-Est Créteil University, Créteil, France (GRID:grid.410511.0) (ISNI:0000 0004 9512 4013)
5 AEGIS IT Research, Braunschweig, Germany (GRID:grid.410511.0)
6 Institut Polytechnique de Paris, SAMOVAR, Télécom SudParis, Palaiseau, France (GRID:grid.508893.f)
7 Foundation for Research and Technology, Crete, Hellas (GRID:grid.4834.b) (ISNI:0000 0004 0635 685X); University of Piraeus, Piraeus, Greece (GRID:grid.4463.5) (ISNI:0000 0001 0558 8585)