CYBER-AIDD: A novel approach to implementing improved cyber security resilience for large Australian healthcare providers using a unified modelling language ontology

Authors

Martin Dart, Edith Cowan UniversityFollow
Mohiuddin Ahmed, Edith Cowan UniversityFollow

Document Type

Journal Article

Publication Title

Digital Health

Publisher

SAGE

School

School of Science

RAS ID

60294

Comments

Dart, M., & Ahmed, M. (2023). CYBER-AIDD: A novel approach to implementing improved cyber security resilience for large Australian healthcare providers using a unified modelling language ontology. Digital Health, 9, 1-15. https://doi.org/10.1177/20552076231191095

Abstract

Purpose: This paper proposes a novel cyber security risk governance framework and ontology for large Australian healthcare providers, using the structure and simplicity of the Unified Modelling Language (UML). This framework is intended to mitigate impacts from the risk areas of: (1) cyber-attacks, (2) incidents, (3) data breaches, and (4) data disclosures. Methods Using a mixed-methods approach comprised of empirical evidence discovery and phenomenological review, existing literature is sourced to confirm baseline ontological definitions. These are supplemented with Australian government reports, professional standards publications and legislation covering cyber security, data breach reporting and healthcare governance. Historical examples of healthcare cyber security incidents are reviewed, and a cyber risk governance UML presented to manage the defined problem areas via a single, simplified ontological diagram. Results A clear definition of ‘cyber security’ is generated, along with the ‘CYBER-AIDD’ risk model. Specific examples of cyber security incidents impacting Australian healthcare are confirmed as N = 929 over 5 years, with human factors the largest contributor. The CYBER-AIDD UML model presents a workflow across four defined classes, providing a clear approach to implementing the controls required to mitigate risks against verified threats. Conclusions The governance of cyber security in healthcare is complex, in part due to a lack of clarity around key terms and risks, and this is contributing to consistently poor operational outcomes. A focus on the most essential avenues of risk, using a simple UML model, is beneficial in describing these risks and designing governance controls around them.

DOI

10.1177/20552076231191095

Related Publications

Dart, M. J. (2024). Cyber security risk management in large Australian healthcare systems - a mixed methods study. Edith Cowan University. Retrieved from https://ro.ecu.edu.au/theses/2756

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License