Download Our DHN Survey Result 2024
Realize your Healthcare’s Digital Transformation journey with ScaleHealthTech Learn More

IIM Lucknow Develops Healthcare Cyber Risk Assessment Model to Safeguard Patient Data

Written by : Aishwarya Sarthe

October 3, 2023

Category Img

The model evaluates and mitigates the risks associated with cyberattacks, ensuring the security of patient data and the uninterrupted provision of digital healthcare services for healthcare institutions.

The research team at the Indian Institute of Management Lucknow, led by Prof Arunabha Mukhopadhyay, has developed a Healthcare Cyber Risk Assessment model to strengthen global healthcare systems against threats posed by cybercrime.

The model evaluates and mitigates the risks associated with cyberattacks, ensuring security of patient data and the uninterrupted provision of digital healthcare services for healthcare institutions.

The model critically supports Chief Information Officers (CIOs) in assessing risks and formulating tailored mitigation plans. Recommendations drawn from Rational Choice Theory and NIST standards encompass essential cybersecurity measures like firewalls, antivirus software, and comprehensive staff training. 

Additionally, the model includes vulnerability assessments, threat intelligence integration, and cyber insurance options to combat cyber threats effectively.

In an era where the healthcare sector increasingly relies on digital data, the vulnerability to cyberattacks has surged, especially during the COVID-19 pandemic. 

Digital health records house sensitive personal information, including government IDs (e.g., Aadhaar), medical histories, financial data, and insurance details, making healthcare organisations prime targets for cybercriminals.

The IIM Lucknow team has identified critical lapses in healthcare data security that cybercriminals exploit. They underlined that cyber threats are exacerbated when healthcare staff lack training to counter tactics like phishing and when IT governance and security technology are inadequately implemented.

Prof Mukhopadhyay elaborated on the Healthcare Cyber Risk Assessment Model, stating, "Our risk assessment and quantification models have allowed us to categorize 1788 US healthcare firms on a 'heat matrix,' showcasing the likelihood and potential severity of a cyberattack. This enables a clear understanding of the firm's preparedness to combat cyber threats. We also propose a customized plan to mitigate these risks based on the firm's position in the matrix."

The model, extendable to the Indian healthcare sector, features three primary components. Firstly, it aids CIOs in healthcare institutions to determine vulnerability to cyberattacks.

Secondly, it employs Collective Risk Modelling to assess the potential severity of cyberattacks, enabling hospitals to predict their impact. 

Finally, the model provides recommendations on how to mitigate and prevent cyberattacks.

Based on Rational Choice Theory and NIST standards, the recommendations advocate prioritising cybersecurity measures such as firewalls and antivirus solutions. 

For healthcare firms in high-risk quadrants of the heat matrix, practical cyberattack safeguards are suggested. These include data backup, staff anti-phishing training, senior management engagement, advocacy for cybersecurity laws, and investments in various cybersecurity technologies. 

Additionally, proactive threat response is facilitated through regular Vulnerability Assessment and Penetration Testing (VAPT) and threat intelligence integration. Obtaining insurance coverage to mitigate potential financial impacts is also presented.

This research, funded by the Cyber Security Division of the Ministry of Electronics and Information Technology, Government of India, has been published in the Journal of Organizational Computing and Electronic Commerce (ABDC A category). 

Co-authored by Prof Arunabha Mukhopadhyay and his research scholars, Swati Jain and Saloni Jain, the paper provides valuable insights into securing healthcare data. 

In parallel efforts toward ensuring the security of patient data and protecting against cyber threats, the Union Health Ministry of India has taken several significant steps in collaboration with the Indian Computer Emergency Response Team (CERT-In). 

This scheme was initiated in response to escalating concerns regarding data breaches and privacy violations in healthcare.

About Chime India

The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving senior digital health leaders. CHIME includes more than 5,000 members in 56 countries and two US territories and partners with over 150 healthcare IT businesses and professional services firms. CHIME enables its members and business partners to collaborate, exchange ideas, develop professionally and advocate the effective use of information management to improve the health and care throughout the communities they serve. CHIME's members are chief information officers (CIOs), chief medical information officers (CMIOs), chief nursing information officers (CNIOs), chief innovation officers (CIOs), chief digital officers (CDOs), and other senior healthcare leaders. The CHIME India Chapter became the first international chapter outside North America in 2016 and is now a community of over 70+ members in India. For more information, please visit


Digital Health News ( DHN) is India’s first dedicated digital health news platform launched by Industry recognized HealthTech Leaders. DHN Is Industry’s Leading Source Of HealthTech Business, Insights, Trends And Policy News.

DHN Provides In-Depth Data Analysis And Covers Most Impactful News As They Happen Across Entire Ecosystem Including Emerging Technology Trends And Innovations, Digital Health Startups, Hospitals, Health Insurance, Govt. Agencies & Policies, Pharmaceuticals And Biotech.


© Digital Health News 2024