An Attack-Centric Approach to Security, Privacy, and Legal Challenges in Virtual Healthcare

Author

Suvineetha Herath

Date of Award

Fall 12-2025

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Defense (PhDCD)

First Advisor

John Hastings

Second Advisor

Yong Wang

Third Advisor

Varghese Vaidyan

Abstract

As the U.S. healthcare sector continues to evolve, the adoption of virtual care delivery systems has expanded rapidly. This digital transformation has intensified concerns regarding the security and privacy of Protected Health Information (PHI). To address these challenges, this study employed a sequential, exploratory mixed-methods approach to examine the evolving threat landscape and to develop an attack-centric threat model for virtual healthcare environments. In the first phase, a qualitative analysis of regulatory enforcement and legal effectiveness was conducted to examine compliance gaps, privacy risks, and legal consequences within virtual healthcare systems. Building on the qualitative findings, the second phase quantitatively analyzed healthcare data breaches reported to the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) from 2009 to 2025, identifying trends in frequency, severity, and causes of breaches involving protected health information (PHI). The findings revealed that hacking and ITrelated incidents accounted for nearly half of all reported breaches and more than 90% of compromised PHI records. Healthcare providers were the most affected entities (73.6%), followed by business associates (14.0%) and health plans (12.2%). These results highlight persistent vulnerabilities across administrative, technical, and legal safeguards, despite regulatory frameworks such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR). Based on these insights, this study introduces the Attack-Centric Approach (ACA) Model, a unified framework that integrates security, privacy, and legal compliance requirements. The model strengthens system resilience, promotes accountability and trust, and ensures regulatory alignment across virtual healthcare delivery environments.

Recommended Citation

Herath, Suvineetha, "An Attack-Centric Approach to Security, Privacy, and Legal Challenges in Virtual Healthcare" (2025). Masters Theses & Doctoral Dissertations. 505.
https://scholar.dsu.edu/theses/505