References
- ABC News. Healthcare industry continues to be main target of data breaches, with 79 reported in six months. 2022. https://www.abc.net.au/news/science/2022-11-10/data-breach-medibank-healthcare-system/101612056.
- Australian cyber security magazine. Cyberattacks on Australian healthcare Doubles. Australian Cyber Security Magazine. 2022. https://australiancybersecuritymagazine.com.au/cyberattacks-on-australian-healthcare-doubles/.
- Landi H Relentless cyberattacks are putting financial pressure on hospitals: fitch ratings, https://www.fiercehealthcare.com/tech/relentless-cyber-attacks-are-putting-pressure-hospital-finances-fitch-ratings (2022).
- Healthcare IT News. Medical records at victorian hospital get hacked, https://www.healthcareitnews.com/news/anz/medical-records-victorian-hospital-get-hacked (2019).
- Petkauskas V Hackers were interested in Australia long before medibank and optus breaches, https://cybernews.com/security/hackers-australia-medibank-optus/(2022).
- Clarke P Significant data breach from ambulance tasmania through interception of its paging service with data of patients who contact ambulances published on line, http://www.peteraclarke.com.au/2021/01/08/significant-data-breach-from-ambulance-tasmania-through-interception-of-its-paging-service-with-data-of-patients-who-contact-ambulances-published-on-line/(2021).
- Courtney RH Jr Security risk assessment in electronic data processing systems. In: Proceedings of the June 13-16, 1977, national computer conference 1977, pp.97–104.
- Therapeutic Goods Administration (Australia). Medical device cyber security guidance for industry. Version 1.2 ed; 2021.
- Aziz Al Kabir M, Elmedany W, Sharif MS. Securing IoT devices against emerging security threats: challenges and mitigation techniques. J Cyber Secur. 2023;7(4):199–223. doi: 10.1080/23742917.2023.2228053
- Zou M, Fragonara LZ, Qiu S, et al. Uncertainty quantification of multi-scale resilience in networked systems with nonlinear dynamics using arbitrary polynomial chaos. Sci Rep. 2023;13:488. doi: 10.1038/s41598-022-27025-w
- Office of the Australian Information Commissioner (OAIC). Notifiable data breaches publications, https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications (2023, accessed 14/08/2023).
- Australian Cyber Security Centre (ACSC). ACSC Annual Cyber Threat Report July 2021 to June. 2022.
- Australian Digital Health Agency (ADHA). Cyber security strategy 2022-2025. 2022.
- Auditor General’s Department (Western Australia). Audit results report – annual 2020-21 financial audits of state government entities. 2021.
- Audit Office of New South Wales. Compliance with the NSW cyber security policy. 2021.
- Australian Cyber Security Centre (ACSC). Essential eight maturity model. 2022.
- Victorian Auditor General’s Office. Security of Patients’ Hospital Data. 2019.
- Australian Government. Security Legislation Amendment (Critical Infrastructure) Act.2021.
- Australian Government. Security Legislation Amendment (Critical Infrastructure Protection) Act. 2022
- U.S. Government Printing Office. Sarbanes-Oxley Act. 2002.
- Department of Health and Human Services. Standards for Privacy of Individually Identifiable Health Information. United States. 2002
- European Parliament. General Data Protection Regulation (GDPR). 2016.
- Ransbotham S, Mitra S. Choice and chance: a conceptual model of paths to Information security compromise. Inf Syst Res. 2009;20(1):121–139. doi: 10.1287/isre.1080.0174
- ISO/IEC 27000. Information technology — security techniques — Information security management systems — overview and vocabulary.
- National Institute for Standards and Technology (NIST). Framework for Improving Critical Infrastructure Cybersecurity. United States. 2018.
- Australian Cyber Security Centre (ACSC). Information Security Manual (December2022). 2022.
- Williams PA. Making research real: is action research a suitable methodology for medical Information security investigations? In: 4th Australian Information Security Management Conference, School of Computer and Information Science, Edith Cowan University, Perth, Western Australia. 2006. doi: 10.4225/75/57b66e3834779
- Goethals PL, Hunt ME. A review of scientific research in defensive cyberspace operation tools and technologies. J Cyber Secur. 2019;3(1):1–46. doi: 10.1080/23742917.2019.1601889
- Jalali MS, Razak S, Gordon W, et al. Health care and cybersecurity: bibliometric analysis of the literature. J Med Internet Res. 2019;21(2):e12644. doi: 10.2196/12644
- Yeng PK, Fauzi MA, Yang B. A comprehensive assessment of human factors in relation to cyber security compliance of healthcare staff in a paperless hospital. 2022. doi: 10.20944/preprints202203.0247.v1
- Fauzi MA, Yeng P, Yang B, et al. Examining the link between stress level and cybersecurity practices of hospital staff in Indonesia. In: Proceedings of the 16th International Conference on Availability, Reliability and Security, Vienna, Austria. 2021, pp.1–8.
- Security Scorecard. CVE Details, https://www.cvedetails.com/(2023).
- Arefin MT, Ali MH, Haque AF. Wireless body area network: an overview and various applications. J Comput Commun. 2017;5(7):53–64. doi: 10.4236/jcc.2017.57006
- Asam M, Jamal T, Adeel M, et al. Challenges in wireless body area network. Int J Adv Comput Sci Appl. 2019;10(11):10. doi: 10.14569/IJACSA.2019.0101147
- Sethuraman SC, Vijayakumar V, Walczak S. Cyber attacks on healthcare devices using unmanned aerial vehicles. J Med Syst. 2020;44(1):29. doi: 10.1007/s10916-019-1489-9
- Coventry L, Branley D. Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas. 2018;113:48–52. doi: 10.1016/j.maturitas.2018.04.008
- Therapeutic Goods Administration (Australia). Actual and potential harm caused by medical software. 2020.
- Edwards B, Hofmeyr S, Forrest S. Hype and heavy tails: a closer look at data breaches. J Cybersecur. 2016;2(1):3–14. doi: 10.1093/cybsec/tyw003
- Indianapolis Business Journal. Insurer Anthem agrees to pay record $16M for massive data breach, https://www.ibj.com/articles/70905-insurer-anthem-agrees-to-pay-record-16m-for-massive-data-breach (2018, accessed 14/05/2019 2019).
- Nadeem D. Anthem to pay nearly $40 million to settle data breach probe by U.S. states. Reuters. 2020.
- Freeman L. Anthem settles a security breach lawsuit affecting 80M. USA Today. 2017.
- British Broadcasting Corporation (BBC). NHS ‘could have prevented’ WannaCry ransomware attack. 2017 https://www.bbc.com/news/technology-41753022.
- Hughes O. Government puts cost of WannaCry to NHS at £92m. Digital Health. 2018. https://www.digitalhealth.net/2018/10/dhsc-puts-cost-wannacry-nhs-92m/.
- Davis J. UHS ransomware attack cost $67M in lost revenue, recovery efforts. Health IT Security. 2021. https://healthitsecurity.com/news/uhs-ransomware-attack-cost-67-million-in-recovery-lost-revenue.
- King R. May cyberattack cost Scripps nearly $113M in lost revenue, more costs. Fierce Healthcare. 2021. https://www.fiercehealthcare.com/hospitals/may-cyber-attack-cost-scripps-nearly-113m-lost-revenue-more-costs.
- European Data Protection Board. Dutch DPA fines OLVG hospital for inadequate protection of medical records. 2021. https://edpb.europa.eu/news/national-news/2021/dutch-dpa-fines-olvg-hospital-inadequate-protection-medical-records_en.
- Pascoe, R. Amsterdam hospital fined €440,000 for breaches of patient privacy. Dutch News. 2021 https://www.dutchnews.nl/2021/02/amsterdam-hospital-fined-e440000-for-breaches-of-patient-privacy/.
- Health Service Executive. Conti Cyber-Attack On The HSE Independent Post Incident Review. 2021.
- Nyland POR, Eilish. HSE cyber attack cost taxpayers at least €101m, with a further €657m to be spent safeguarding against repeat attacks. The Irish Independent. 2022.
- Arghire I. Data breach at Australian Health insurer impacts 4 million customers; could cost $35M. SecurityWeek. 2022.
- Braithwaite S. The need for a corporate strategy on risk management and risk transfer. Eur Manage J. 1989;7(4):467–482. doi: 10.1016/0263-2373(89)90085-6
- Ruan K. Introducing cybernomics: a unifying economic framework for measuring cyber risk. Computers & Security. 2017;65:77–89. doi: 10.1016/j.cose.2016.10.009
- Jain S, Mukhopadhyay A, Jain S. Can cyber risk of Health care firms be insured? A multinomial logistic regression model. J Organ Comput Electron Commer. 2023;33(1–2):41–69. doi: 10.1080/10919392.2023.2244386
- Kahneman D, Tversky A. Prospect theory: an analysis of decision under risk. handbook of the fundamentals of financial decision making: part I. World Scientific; 2013. pp. 99–127.
- Böhme R, Laube S, Riek M. A fundamental approach to cyber risk analysis. Variance. 2019;12:161–185.
- Liang L, Xue X. Avoidance of information technology threats: a theoretical perspective. MIS Quarterly. 2009;33(1):71–90. doi: 10.2307/20650279
- National Bureau of Standards (US). Guideline for automatic data processing risk analysis. 1979.
- Hopkin P, Of Risk M I. Fundamentals of risk management : understanding, evaluating and implementing effective risk management. London, UNITED KINGDOM: Kogan Page; 2014.
- Hubbard DW, Seiersen R. How to measure anything in cybersecurity risk. John Wiley & Sons; 2023.
- Böhme R, Schwartz G. Modeling cyber-insurance: towards a unifying framework. WEIS. 2010.
- Kaplan S, Garrick BJ. On the quantitative definition of risk. Risk Analysis. 1981;1(1):11–27. doi: 10.1111/j.1539-6924.1981.tb01350.x
- Wang Z, Lu Y, Li J Network security risk assessment based on node correlation. In: Journal of Physics: Conference Series 2018, p.012073. IOP Publishing.
- Wang L, Jones R. Data analytics for network intrusion detection. J Cyber Secur. 2020;4(2):106–123. doi: 10.1080/23742917.2019.1703525
- Parliament of Australia. Security legislation amendment (Critical Infrastructure) bill 2020. Explanatory Memorandum. 2021.
- Shin J, Son H, Heo G. Development of a cyber security risk model using Bayesian networks. Reliab Eng Syst Saf. 2015;134:208–217. doi: 10.1016/j.ress.2014.10.006
- Zhang Q, Zhou C, Tian Y-C, et al. A fuzzy probability Bayesian network approach for dynamic cybersecurity risk assessment in industrial control systems. IEEE Trans Ind Inform. 2017;14(6):2497–2506. doi: 10.1109/TII.2017.2768998
- Gai K, Qiu M, Hassan H. Secure cyber incident analytics framework using Monte Carlo simulations for financial cybersecurity insurance in cloud computing. Concurr Comput Pract Exp. 2017;29(7):e3856. doi: 10.1002/cpe.3856
- Erola A, Agrafiotis I, Nurse Jason R.C., et al. A system to calculate Cyber Value-at-Risk. Computers & Security. 2022;113:102545. doi: 10.1016/j.cose.2021.102545
- Paté-Cornell M-E, Kuypers MA. A probabilistic analysis of cyber risks. IEEE Trans Eng Manage. 2023;70(1):3–13. doi: 10.1109/TEM.2020.3028526
- Evans G. Can there be vague objects. Analysis. 1978;38(4):208. doi: 10.1093/analys/38.4.208
- Gordon LA, Loeb MP, Lucyshyn W, et al. CSI/FBI computer crime and security survey. Computer Security Journal. 2006;22:1.
- Computer Economics. Annual worldwide economic damages from malware Exceed $13 billion. Avasant; 2007.
- Khey DN, Sainato VA. Examining the correlates and spatial distribution of organizational data breaches in the United States. Secur J. 2013;26(4):367–382. doi: 10.1057/sj.2013.24
- Maass P, Rajagopalan M. Does cybercrime really cost $1 Trillion? ProPublica. 2012.
- Rogin J. NSA chief: cybercrime constitutes the “greatest transfer of wealth in history”. Foreign Policy. 2012.
- Eling M, Schnell W. What do we know about cyber risk and cyber risk insurance? JRF. 2016;17(5):474–491. doi: 10.1108/JRF-09-2016-0122
- McAfee. New McAfee Report Estimates Global Cybercrime Losses to Exceed $1 Trillion, https://www.mcafee.com/el-gr/consumer-corporate/newsroom/press-releases/press-release.html?news_id=6859bd8c-9304-4147-bdab-32b35457e629&virus_k=98318 (2020, accessed 1/1/2023).
- Hackett R. The hotly disputed black magic of data breach cost estimates. Fortune. 2015.
- Hendee LA. The data breach epidemic: a modern legal analysis. Journal Of Technology Law & Policy. 2021;24:3.
- Alazab M, Hong S-H, Ng J. Louder bark with no bite: privacy protection through the regulation of mandatory data breach notification in Australia. Future Gener Comput Syst. 2021;116:22–29. doi: 10.1016/j.future.2020.10.017
- Almulihi AH, Alassery F, Khan AI, et al. Analyzing the implications of healthcare data breaches through computational technique. Intelligent Automation & Soft Computing. 2022;32(3):1763–1779. doi: 10.32604/iasc.2022.023460
- Burdon M, Lane B, Von Nessen P. The mandatory notification of data breaches: issues arising for Australian and EU legal developments. Comput Law Secur Rev. 2010;26(2):115–129. doi: 10.1016/j.clsr.2010.01.006
- Chernyshev M, Zeadally S, Baig Z. Healthcare data breaches: implications for digital forensic readiness. J Med Syst. 2019;43(1):7. doi: 10.1007/s10916-018-1123-2
- Collins JD, Sainato VA, Khey DN. Organizational data breaches 2005-2010: applying SCP to the healthcare and education sectors. Inter J Of Cyber Crimin. 2011;5:794–810.
- Fleury-Charles A, Chowdhury MM, Rifat N. Data Breaches: Vulnerable Privacy. In: 2022 IEEE International Conference on Electro Information Technology (eIT) Minnesota State University, USA, 2022, pp.538–543. IEEE.
- Hammouchi H, Cherqi O, Mezzour G, et al. Digging deeper into data breaches: an exploratory data analysis of hacking breaches over time. Procedia Comput Sci. 2019;151:1004–1009. doi: 10.1016/j.procs.2019.04.141
- Seh AH, Zarour M, Alenezi M, et al. Healthcare. In: Healthcare data breaches: insights and implications. MDPI, 2020p. 133.
- Layton R, Watters PA. A methodology for estimating the tangible cost of data breaches. J Inf Secur Appl. 2014;19(6):321–330. doi: 10.1016/j.jisa.2014.10.012
- Algarni AM, Malaiya YK A consolidated approach for estimation of data security breach costs. In: 2016 2nd International Conference on Information Management (ICIM) 2016, pp.26–39. IEEE.
- Australian Government. Security Of Critical Infrastructure Act 2018. 2022.
- Australian Institute of Health and Welfare (AIHW). Hospital resources 2021–22 data tables, https://www.aihw.gov.au/reports-data/myhospitals/content/data-downloads (2023).
- Australian Institute of Health and Welfare (AIHW). Health expenditure Australia 2021-22, https://www.aihw.gov.au/reports/health-welfare-expenditure/health-expenditure-australia-2021-22/data (2023).
- Australian Prudential and Regulation Authority (APRA). APRA takes action against medibank Private in relation to cyber incident. 2023.
- Reuters. Australia’s medibank faces fourth class-action lawsuit over cyberattack, https://www.nasdaq.com/articles/australias-medibank-faces-fourth-class-action-lawsuit-over-cyberattack (2023).
- Taylor J. Medibank cyber-attack: should the health insurer pay a ransom for its customers’ data? Guardian. 2022.
- Insurance Council of Australia (ICA). Cyber risk, https://insurancecouncil.com.au/issues-in-focus/cyber-risk/(2023).
- icare NSW. Treasury managed fund, https://www.icare.nsw.gov.au/government-agencies/our-funds-and-schemes/treasury-managed-fund (2023).
- icare NSW. Treasury managed fund 2021 statement of cover. 2021.
- Azmi R. Revisiting cyber definition. European Conference on Information Warfare and Security (ECCWS); Reading, UK; 2019 July 22–30; 2019.
- Schatz D, Bashroush R, Wall J. Towards a more representative definition of cyber security. JDFSL. 2017;12:66. doi: 10.15394/jdfsl.2017.1476
- Hatzivasilis G, Chatziadam P, Petroulakis N, et al. Cyber insurance of information systems: security and privacy cyber insurance contracts for ICT and helathcare organizations. IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD). IEEE; 2019, pp.1–6.
- Mott G, Turner S, Nurse Jason R.C., et al. Between a rock and a hard (ening) place: cyber insurance in the ransomware era. Computers & Security. 2023;128:103162. doi: 10.1016/j.cose.2023.103162