R. Mensah, L. Okafor, E. Vasquez
Healthcare organizations in the United States now defend patient records, networked medical devices, and shared clinical platforms against a steady stream of cyber threats. Even with greater spending on perimeter controls, breach notifications submitted to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) have continued to rise. This article examines the organizational and human factors that weaken cybersecurity resilience in clinical environments in the mid-Atlantic region. Using a qualitative exploratory design based on secondary data, the researchers reviewed 762 breach notification records submitted to the OCR breach portal from January 2019 through December 2021. The sample was limited to incidents classified as hacking or information technology (IT) disruptions in the District of Columbia, Maryland, and Virginia. Interpretive thematic coding produced 68 initial codes, which were consolidated into 58 frequency-based categories and three main themes: (1) weak security governance and leadership accountability, (2) supply-chain and third-party data handling vulnerabilities, and (3) persistent gaps in workforce cybersecurity awareness. The analysis is interpreted through Routine Activity Theory, the Swiss Cheese Model of accident causation, and Deterrence Theory. The recommendations emphasize role-based access governance, continuing security education, and enforceable cybersecurity requirements for business associates. Overall, the study shows how organizational, behavioral, and structural weaknesses combine to create exploitable attack surfaces in clinical settings.
Pearl Academic Publishing. All rights reserved.
Content is licensed under a Creative Commons Attribution 4.0 License (CC-BY).
Privacy Policy | Terms of Service