IIM Lucknow develops model to mitigate cybersecurity risk in healthcare sector


A research team at the Indian Institute of Management Lucknow (IIML), led by Prof. Arunabha Mukhopadhyay, has developed a model to protect healthcare systems globally from cyber threats.

Their ‘Healthcare Cyber Risk Assessment model’ evaluates and mitigates risks of cyberattacks, thereby ensuring the security of patient data and the continuity of digital healthcare services for healthcare institutions.

The increasing complexity and sensitivity of data in healthcare organisations have heightened their susceptibility to cyberattacks, especially as the healthcare sector’s reliance on digital data has grown during the COVID-19 pandemic. Digital health records contain sensitive personal information like Government IDs (e.g., Aadhaar), medical histories, finances, and insurance details, which cybercriminals can use for identity theft and fraud.

The IIML team aims to tackle this issue by investigating the weak points in healthcare data security that hackers exploit. They propose that cyber threats become more likely when the healthcare staff lacks training to counter tactics like phishing, and when IT governance and security technology are not effectively implemented.

The model, which can be extended to the Indian healthcare sector, has three main features.

  • First, it assists Chief Information Officers (CIOs) of healthcare institutions in determining the vulnerability of the healthcare institution to cyberattacks
  • Secondly, it employs Collective Risk Modelling to assess the potential severity of cyberattacks, which can help hospitals predict the impact
  • Finally, it offers recommendations on how to mitigate and prevent these cyberattacks


The recommendations are derived from Rational Choice Theory and the standards outlined by the National Institute of Standards and Technology (NIST). The model also offers practical cyberattack safeguards for healthcare firms in high-risk quadrants of the heat matrix.