Purdue University Graduate School
Thesis_Gaurav_Sachdev.pdf (841.34 kB)

Ranking Social Engineering Attack Vectors in The Healthcare and Public Health Sector

Download (841.34 kB)
posted on 2023-02-06, 19:53 authored by Gaurav SachdevGaurav Sachdev

The National Institute of Standards and Technology defines social engineering as an attack vector that deceives an individual into divulging confidential information or performing unwanted actions. Different methods of social engineering include phishing, pretexting, tailgating, baiting, vishing, SMSishing, and quid pro quo. These attacks can have devastating effects, especially in the healthcare sector, where there are budgetary and time constraints. To address these issues, this study aimed to use cybersecurity experts to identify the most important social engineering attacks to the healthcare sector and rank the underlying factors in terms of cost, success rate, and data breach. By creating a ranking that can be updated constantly, organizations can provide more effective training to users and reduce the overall risk of a successful attack. This study identified phishing attacks via email, voice and SMS to be the most important to defend against primarily due to the number of attacks. Baiting and quid pro quo consistently ranked as lower in priority and ranking.


Degree Type

  • Master of Science


  • Computer and Information Technology

Campus location

  • West Lafayette

Advisor/Supervisor/Committee Chair

Dr. J. Eric Dietz

Advisor/Supervisor/Committee co-chair

Dr. Tatiana Ringenberg

Additional Committee Member 2

Dr. Julia Taylor Rayz

Additional Committee Member 3

Dr. John A Springer

Usage metrics



    Ref. manager