A Stochastic Optimisation Model to Support Cybersecurity within the UK National Health Service
28 Pages Posted: 6 Apr 2022
Date Written: February 23, 2022
Abstract
Over the past decade there has been a surge of new digital technologies being used in healthcare to help improve the delivery and access of care. At the same time the number of cyber-attacks on healthcare has significantly increased, especially during the current COVID-19 pandemic, posing a threat to the functionality of hospitals and the safety of patients. Therefore, it is vital to be as prepared as possible for the ever evolving cyber threats. The inherent uncertainty makes it very difficult to plan for future cyber incidents. Stochastic programming can efficiently support decision making by taking uncertainties into account. We propose a two-stage stochastic model to improve the cyber resilience of a healthcare provider by selecting a set of efficient countermeasures in preparation for upcoming cyber incidents. To be optimally equipped even for low-probability high-impact attacks we propose a second optimisation model incorporating the risk measure Conditional Value-at-Risk. Numerical tests highlight the importance of both modeling approaches and reveal what types of countermeasures are most important to increase cybersecurity in the healthcare sector.
Keywords: stochastic programming; cybersecurity; risk measure CVaR; health services; NHS
Suggested Citation: Suggested Citation