Document Type

Closed Project

Publication Date

Winter 2022


Tugrul Daim

Course Title

Decision Making

Course Number

ETM 530


In the era of technology and an increasingly interconnected environment, information security has become more important and challenging. Information security is necessary for organizations to protect their valuable and sensitive data from internal and external threats [1]. In the healthcare industry, which will be the focus of this project, the adoption and integration of healthcare technology has increased over the last decade. Healthcare organizations implement new technology such as medical devices, IT systems, and Electronic Health Record (EHR) which are the driving force behind providing better quality healthcare [2][3]. In 2020, 89% of hospitals and 95% of critical access hospitals in the USA have implemented an EHR system [4]. With that increase of technology adoption, integration, and dependency, the vulnerability of healthcare organizations increases to cyber threats. In 2021, Civil Rights’ breach portal of The Department of Health and Human Services’ Office shows that there were 686 healthcare data breaches of 500 or more records which is worse than the previous year. Moreover, across 686 healthcare data breaches, more than 44 million healthcare records have been exposed or stolen [5]. Therefore, it is extremely crucial for healthcare organizations to assess and improve their information security to mitigate risk of cyberthreat.


In Copyright. URI: This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).


This project is only available to students, staff, and faculty of Portland State University

Persistent Identifier