Illegal Cybersecurity Threats Created by Organizational Arsonists in Healthcare Organizations

Laura Ann Jones; Darrell Norman Burrell

doi:10.30560/les.v1n1p93

Laura Ann Jones Dissertation Faculty, Capitol Technology University, Laurel, MD, United States http://orcid.org/0000-0002-0299-370X
Darrell Norman Burrell Associate Ethics Fellow, Marymount University, Arlington, VA, United States http://orcid.org/0000-0002-4675-9544

DOI: https://doi.org/10.30560/les.v1n1p93

Keywords: insider cybersecurity threats, healthcare cybersecurity, healthcare administration, organizational arsonists, cybersecurity risk management, insider threat detection, organizational behavior, organizational culture

Abstract

Insider cybersecurity threats in healthcare, often overlooked or narrowly defined as technical vulnerabilities, can be more accurately described as acts of organizational arson, representing deliberate, malicious acts designed to ignite chaos within digital ecosystems. Like physical arsonists who destroy property through fire, insider actors exploit their privileged access to organizational systems, causing financial devastation, operational disruption, and severe damage to organizational morale and stability. Insider incidents cost organizations millions annually, with cybersecurity teams dedicating significant time and resources to crisis management rather than strategic planning. This commentary-style paper reframes insider cybersecurity threats using the metaphor of organizational arsonists, offering a unique and powerful framework for understanding these complex risks. By integrating cybersecurity, law, and organizational psychology insights, the paper presents a comprehensive approach to mitigating insider threats that extend beyond technical defenses. It emphasizes the necessity of human-centric strategies, ethical accountability, and legal compliance, calling for organizations to adopt a holistic defense posture that addresses both technological vulnerabilities and behavioral risks. The paper's originality lies in bridging multiple disciplines and framing insider threats as technical challenges and full-scale organizational crises. Combining advanced technologies such as artificial intelligence with human behavior analysis provides actionable strategies for organizations to combat their own digital arsonists. This interdisciplinary approach encourages cybersecurity professionals, legal scholars, and organizational leaders to rethink insider threat management, creating a more resilient and secure organizational environment.

References

Burrell, D. N. (2023). Cybersecurity in healthcare through the 7-S model strategy. Scientific Bulletin, 28(1), 26-35.
Burrell, D. N. (2024). Understanding healthcare cybersecurity risk management complexity. Land Forces Academy Review, 29(1), 38-49. https://doi.org/10.1108/ijse11-2022-0719
Burrell, D. N., Aridi, A. S., McLester, Q., Shufutinsky, A., Nobles, C., Dawson, M., & Muller, S. R. (2021). Exploring system thinking leadership approaches to the healthcare cybersecurity environment. International Journal of Extreme Automation and Connectivity in Healthcare (IJEACH), 3(2), 20-32.
Burrell, D. N., Courtney-Dattola, A., Burton, S. L., Nobles, C., Springs, D., & Dawson, M. E. (2020). Improving the quality of "The Internet of Things" instruction in technology management, cybersecurity, and computer science. International Journal of Information and Communication Technology Education (IJICTE), 16(2), 59-70.
Burrell, D. N., Nobles, C., Cusak, A., Jones, L. A., Wright, J. B., Mingo, H. C., & Richardson, K. (2023). Cybersecurity and cyberbiosecurity insider threat risk management. In Handbook of Research on Cybersecurity Risk in Contemporary Business Systems (pp. 121-136). IGI Global.
Burrell, D. N., Nobles, C., Cusak, A., Omar, M., & Gillesania, L. (2022). Cybercrime and the nature of insider threat complexities in healthcare and biotechnology engineering organizations. Journal of Crime and Criminal Behavior, 2(2), 131-144.
Burton, S. L. (2023). Cybersecurity risk: The business significance of ongoing tracking. In Transformational Interventions for Business, Technology, and Healthcare (pp. 245-268). IGI Global.
Burton, S. L., Burrell, D. N., & Nobles, C. (2023). Adapting to the cyber-driven workforce: A battle for the discouraged worker. In Real-World Solutions for Diversity, Strategic Change, and Organizational Development: Perspectives in Healthcare, Education, Business, and Technology (pp. 130-152). IGI Global.
Burton, S. L., Burrell, D. N., Nobles, C., Jones, L. A., White, Y. W., Bessette, D. I., & Aridi, A. (2024). Cyber leadership excellence: Bridging knowledge gaps, maximizing returns. In Evolution of Cross-Sector Cyber Intelligent Markets (pp. 184-199). IGI Global.
Cohen, L. E., & Felson, M. (2010). Social change and crime rate trends: A routine activity approach (1979). In Classics in environmental criminology (pp. 203-232). Routledge.
Espinoza, M. D. (2023). Cybercrime and insider threats in healthcare organizations: Motive, prevention, and mitigation. In Transformational Interventions for Business, Technology, and Healthcare (pp. 1-15). IGI Global.
Georgiadou, A., Mouzakitis, S., & Askounis, D. (2021). Detecting insider threat via a cybersecurity culture framework. Journal of Computer Information Systems, 62(4), 706-716. https://doi.org/10.1080/08874417.2021.1903367
Gheyas, I. A., & Abdallah, A. E. (2016). Detection and prediction of insider threats to cyber security: A systematic literature review and meta-analysis. Big Data Analytics, 1(1), 1-29. https://bdataanalytics.biomedcentral.com/articles/10.1186/s41044-016-0006-0
Jones, L. A. (2021). A content analysis review of literature to create a usable framework for reputation risk management. Handbook of Research on Multidisciplinary Perspectives on Managerial and Leadership Psychology, 91-133.
Jones, L. A. (2024). Unveiling human factors: Aligning facets of cybersecurity leadership, insider threats, and arsonist attributes to reduce cyber risk. SocioEconomic Challenges, 8(2), 43-63. https://doi.org/10.61093/sec.8(2).44-63.2024
Jones, L. A., Burrell, D. N., Nobles, C., Richardson, K., Hines, A., Kemp, R., Mingo, H. C., Ferreras-Perez, J., & Khanta, K. (2023). Real estate cybersecurity, adaptive management strategy, and risk management in the age of COVID-19. In Handbook of Research on Cybersecurity Risk in Contemporary Business Systems (pp. 305-324). IGI Global.
Khaliq, S., Tariq, Z. U. A., & Masood, A. (2020). Role of user and entity behavior analytics in detecting insider attacks. In 2020 International Conference on Cyber Warfare and Security (ICCWS) (pp. 1-6). IEEE.
Labree, W., Nijman, H., Van Marle, H., & Rassin, E. (2010). Backgrounds and characteristics of arsonists. International Journal of Law and Psychiatry, 33(3), 149-153.
Lewis, E., Burrell, D. N., Nobles, C., Ferreras-Perez, J., Richardson, K., Jones, A. J., & Jones, L. A. (2023). Cybercrime and cybersecurity challenges in the automotive industry utilizing agent-based modeling (ABM). In Transformational Interventions for Business, Technology, and Healthcare (pp. 134-159). IGI Global.
Mojtahedi, D., Prince, R. J., & Ryan, S. (2017). Making an arsonist: A psychological approach to understanding expressive arson. EC Psychology and Psychiatry, 4(3), 94-99.
Nobles, C. (2018). Botching human factors in cybersecurity in business organizations. HOLISTICA–Journal of Business and Public Administration, 9(3), 71-88.
Nobles, C. (2019). Establishing human factors programs to mitigate blind spots in cybersecurity. MWAIS 2019 Proceedings, 22.
Nobles, C. (2022). Stress, burnout, and security fatigue in cybersecurity: A human factors problem. HOLISTICA–Journal of Business and Public Administration, 13(1), 49-72.
Nobles, C., Robinson, N., Cunningham, M., Robinson, N., Cunningham, M., & Cunningham, M. (2022). Straight from the human factors professionals’ mouth: The need to teach human factors in cybersecurity. In Proceedings of the 23rd Annual Conference on Information Technology Education (pp. 157-158).
Rich, M. S., & Aiken, M. P. (2024). An interdisciplinary approach to enhancing cyber threat prediction utilizing forensic cyberpsychology and digital forensics. Forensic Sciences, 4(1), 110-151.
Staff, S. (2024, March 6). Insider-driven data loss incidents cost an average of $15 million. Retrieved from: https://www.securitymagazine.com/articles/100483-insider-driven-data-loss-incidents-cost-an-average-of-15-million
Wright, J. (2023). Healthcare cybersecurity and cybercrime supply chain risk management. Health Economics and Management Review, 4(4), 17-27. https://doi.org/10.61093/hem.2023.4-02.