Date of Award

2019

Embargo Period

8-1-2024

Document Type

Dissertation

Degree Name

Doctor of Health Administration

College

College of Health Professions

First Advisor

Jillian Harvey

Second Advisor

Kit N. Simpson

Third Advisor

Cedric Truss

Abstract

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was released the same year the term “phishing” was coined. The Act provided administrative, physical, and technical safeguards to implement for security standards with “required” and “addressable” implementation specifications. Since that time, the healthcare technology landscape has tremendously changed. This study explores four questions: What is the observed (reported) trajectory (frequency) of cases of ransomware attacks compared to other types of data breaches? What are examples of ransomware cases that are not reportable based on HIPAA regulations? What are the examples of the “worst-case” consequences of inadequate protection against ransomware attacks? Which HIPAA regulations should be changed or updated to protect against ransomware? The data shows a significant increase by year in ransomware p<.026, malware p<.006, phishing p<.008, unauthorized access p<.000 and hacking incidents p<.000. Also, 24% of the National Institute of Standards and Technology (NIST)1.1. Cybersecurity Framework did not map to HIPAA Security. The study suggests that healthcare organizations should adopt and implement a cybersecurity framework, and the United States Department of Health & Human Services (HHS) should consider an update to the HIPAA Security standards.

Rights

All rights reserved. Copyright is held by the author.

Download

Share

COinS