Applying systems thinking to healthcare data cybersecurity
DownloadFull printable version (9.496Mb)
Other Contributors
System Design and Management Program.
Advisor
Patrick Hale.
Terms of use
Metadata
Show full item recordAbstract
Since the HITECH Act of 2009, adoption of Electronic Health Record (EHR) systems in US healthcare organizations has increased significantly. Along with the rapid increase in usage of EHR, cybercrimes are on the rise as well. Two recent cybercrime cases from early 2015, the Anthem and Premera breaches, are examples of the alarming increase of cybercrimes in this domain. Although modem Information Technology (IT) systems have evolved to become very complex and dynamic, cybersecurity strategies have remained static. Cyber attackers are now adopting more adaptive, sophisticated tactics, yet the cybersecurity counter tactics have proven to be inadequate and ineffective. The objective of this thesis is to analyze the recent Anthem security breach to assess the vulnerabilities of Anthem's data systems using current cybersecurity frameworks and guidelines and the Systems-Theoretic Accident Model and Process (STAMP) method. The STAMP analysis revealed Anthem's cybersecurity strategy needs to be reassessed and redesigned from a systems perspective using a holistic approach. Unless our society and government understand cybersecurity from a sociotechnical perspective, we will never be equipped to protect valuable information and will always lose this battle.
Description
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, Engineering Systems Division, 2015. Cataloged from PDF version of thesis. Includes bibliographical references (pages 85-90).
Date issued
2015Department
System Design and Management Program.; Massachusetts Institute of Technology. Engineering Systems DivisionPublisher
Massachusetts Institute of Technology
Keywords
Engineering Systems Division., System Design and Management Program.