Analysis of personal health data breaches: prioritization with BWM approach

The aim of this study is to identify the factors that cause personal health data breaches, prioritize these factors with the BWM (Best Worst Method) approach, and propose solutions to improve health data security in line with the priorities obtained. As a result of the literature review, 8 criteria were identified for the evaluation of personal health data breaches: data leakage, human errors, malware, security level (encryption), cyber-attacks, unauthorized access, privilege abuse and inappropriate data destruction policies. The criteria were analyzed using the BMW method, a multi-criteria decision-making approach. The evaluation was conducted by 6 different experts with at least 7 years of academic or professional experience in the fields of health management and health law. According to the findings of the analysis; the most important (best) criterion causing personal health data breaches was determined as “Cyber Attacks†with a weight score of 16.95%. This is followed by “Data Leaks†(16.77%), “Privilege Abuse†(15.10%) and “Malicious Software†(15.07%). “Inappropriate Data Destruction Policies†was identified as the least important (worst) criterion with a weight of 5.01%. As a result, multifaceted strategies need to be developed for preventing health data breaches and effective data security management. Methods such as advanced security measures, regular security audits and network segmentation are recommended against cyber-attacks. Patient identity; privacy can be protected by using a number of methods such as anonymization, clustering of data sets or blurring technique instead of real patient identity. To mitigate the effects of privilege abuse, methods such as role-based access control, monitoring of user activities and regular access audits should be implemented.