The Evolving Cyberthreat to Privacy

THaW’s A.J. Burns and Eric Johnson recently published a piece in IT Professional:

ABSTRACT: Cyberthreats create unique risks for organizations and individuals, especially regarding breaches of personally identifiable information (PII). However, relatively little research has examined hackings distinct impact on privacy. The authors analyze cyber breaches of PII and found that they are significantly larger compared to other breaches, showing that past breaches are useful for predicting future breaches.
Issue No. 03 – May./Jun. (2018 vol. 20)

Hospitals Must Develop IT Security Plans To Avoid Target’s Fate

In a recent study examining data from 243 hospitals, THaW researcher Eric Johnson found that while compliance with state and federal IT security mandates like HIPAA helps the worst hospitals protect patient information better, organizations that maintain and regularly update a security plan get far more from their security investments. Eric defines these organizations as “operationally mature.” These strategic plans — along with periodic reviews — enable organizations to learn of potential new risks and evaluate their own security posture. As a consequence, organizations’ security resources are better targeted to address their specific needs and the environments in which they operate. Eric’s results show that the impact of security investments varies depending on the operational maturity of the organization.

Read more about this study and its results in Eric’s blog. The study was funded by an earlier NSF grant on Trustworthy Information Systems for Healthcare.