%0 Journal Article
%T A Comparative Analysis of Cybersecurity Threat Taxonomies for Healthcare Organizations
%A Mahima Jaikanth
%A Vijay K. Madisetti
%J Journal of Software Engineering and Applications
%P 359-377
%@ 1945-3124
%D 2024
%I Scientific Research Publishing
%R 10.4236/jsea.2024.175020
%X Information technology is critical in coordinating patient records, smart devices, operations, and critical infrastructure in healthcare organizations, and their constantly changing digital environment, including suppliers, doctors, insurance providers, and regulatory agencies. This dependence on interdependent systems makes this sector vulnerable to various information technology risks. Such threats include common cybersecurity risks such as data breaches and malware attacks, unique problems occurring in healthcare settings such as unauthorized access to patient records, disruptions in services provided at medical facilities, and potential harm caused to patients due to the compromise of medical devices. The threat taxonomies, such as the Open Threat Taxonomy, NIST, or ENISA, are foundational frameworks for grasping and categorizing IT threats. However, these taxonomies were not specifically designed to deal with the complexities of the healthcare industry. The problem arises from the gap between these taxonomies’ general nature and the industry-specific threats and vulnerabilities that affect healthcare organizations. As a result, many healthcare institutions fail to holistically address and eliminate the unique risks related to confidentiality, integrity, and availability of patients’ data as well as critical systems used in healthcare. This paper aims to narrow this gap by carefully assessing these taxonomies to determine the frame-work best suited for addressing the threat environment in the healthcare sector.
%K Threat Taxonomies
%K Open Threat Taxonomy (OTT)
%U http://www.scirp.org/journal/PaperInformation.aspx?PaperID=133504