Michail Smyrlis,Evangelos Floros,Ioannis Basdekis,Dumitru-Bogdan Prelipcean,Aristeidis Sotiropoulos,Herve Debar,Apostolis Zarras,George Spanoudakis

DOI: https://doi.org/10.1007/s10207-024-00820-4

2024-03-03

International Journal of Information Security

Abstract:Recent cyber-attacks targeting healthcare organizations underscore the growing prevalence of the sector as a prime target for malicious activities. As healthcare systems manage and store sensitive personal health information, the imperative for robust cyber security and privacy protocols becomes increasingly evident. Consequently, healthcare institutions are compelled to actively address the intricate cyber security risks inherent in their digital ecosystems. In response, we present RAMA, a risk assessment solution designed to evaluate the security status of cyber systems within critical domain, such as the healthcare one. By leveraging RAMA, both local stakeholders, such as the hospital's IT personnel, and global actors, including external parties, can assess their organization's cyber risk profile. Notably, RAMA goes beyond risk quantification; it facilitates a comparative analysis by enabling organizations to measure their performance against average aggregated mean scores, fostering a culture of continuous improvement in cyber security practices. The practical efficacy of RAMA is demonstrated through its deployment across four real-world healthcare IT infrastructures. This study not only underscores the significance of addressing cyber security risks within healthcare but also highlights the value of innovative solutions like RAMA in safeguarding sensitive health information and enhancing the sector's overall cyber resilience.

computer science, information systems, theory & methods, software engineering

Fatama Tuz Johora,Md Shahedul Islam Khan,Esrath Kanon,Mohammad Abu Tareq Rony,Md Zubair,Iqbal H. Sarker

2024-03-28

Abstract:Cyber risk refers to the risk of defacing reputation, monetary losses, or disruption of an organization or individuals, and this situation usually occurs by the unconscious use of cyber systems. The cyber risk is unhurriedly increasing day by day and it is right now a global threat. Developing countries like Bangladesh face major cyber risk challenges. The growing cyber threat worldwide focuses on the need for effective modeling to predict and manage the associated risk. This paper exhibits a Machine Learning(ML) based model for predicting individuals who may be victims of cyber attacks by analyzing socioeconomic factors. We collected the dataset from victims and non-victims of cyberattacks based on socio-demographic features. The study involved the development of a questionnaire to gather data, which was then used to measure the significance of features. Through data augmentation, the dataset was expanded to encompass 3286 entries, setting the stage for our investigation and modeling. Among several ML models with 19, 20, 21, and 26 features, we proposed a novel Pertinent Features Random Forest (RF) model, which achieved maximum accuracy with 20 features (95.95\%) and also demonstrated the association among the selected features using the Apriori algorithm with Confidence (above 80\%) according to the victim. We generated 10 important association rules and presented the framework that is rigorously evaluated on real-world datasets, demonstrating its potential to predict cyberattacks and associated risk factors effectively. Looking ahead, future efforts will be directed toward refining the predictive model's precision and delving into additional risk factors, to fortify the proposed framework's efficacy in navigating the complex terrain of cybersecurity threats.

Cryptography and Security,Machine Learning

Matteo Malavasi,Gareth W. Peters,Pavel V. Shevchenko,Stefan Trück,Jiwook Jang,Georgy Sofronov

DOI: https://doi.org/10.1016/j.insmatheco.2022.05.003

2022-09-01

Insurance: Mathematics and Economics

Abstract:In this study an exploration of insurance risk transfer is undertaken for the cyber insurance industry in the United States of America, based on the leading industry dataset of cyber events provided by Advisen. We seek to address two core unresolved questions. First, what factors are the most significant covariates that may explain the frequency and severity of cyber loss events and are they heterogeneous over cyber risk categories? Second, is cyber risk insurable in regards to the required premiums, risk pool sizes and how would this decision vary with the insured companies industry sector and size? We address these questions through a combination of regression models based on the class of Generalized Additive Models for Location Shape and Scale (GAMLSS) and a class of ordinal regressions. These models will then form the basis for our analysis of frequency and severity of cyber risk loss processes. We investigate the viability of insurance for cyber risk using a utility modeling framework with premiums calculated by classical certainty equivalence analysis utilizing the developed regression models. Our results provide several new key insights into the nature of insurability of cyber risk and rigorously address the two insurance questions posed in a real data driven case study analysis.

English Else

Ranjan Pal

DOI: https://doi.org/10.48550/arXiv.1202.0884

2012-02-04

Cryptography and Security

Abstract:Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as \emph{self-defense} mechanisms. However, according to security experts, such software (and their subsequent advancements) will not completely eliminate risk. Recent research efforts have considered the problem of residual risk elimination by proposing the idea of \emph{cyber-insurance}. In this regard, an important research problem is resolving information asymmetry issues associated with cyber-insurance contracts. In this paper we propose \emph{three} mechanisms to resolve information asymmetry in cyber-insurance. Our mechanisms are based on the \emph{Principal-Agent} (PA) model in microeconomic theory. We show that (1) optimal cyber-insurance contracts induced by our mechanisms only provide partial coverage to the insureds. This ensures greater self-defense efforts on the part of the latter to protect their computing systems, which in turn increases overall network security, (2) the level of deductible per network user contract increases in a concave manner with the topological degree of the user, and (3) a market for cyber-insurance can be made to exist in the presence of monopolistic insurers under effective mechanism design. Our methodology is applicable to any distributed network scenario in which a framework for cyber-insurance can be implemented.

Raul Luna,Emily Rhine,Matthew Myhra,Ross Sullivan,Clemens Scott Kruse

DOI: https://doi.org/10.3233/THC-151102

Abstract:Background: Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. Objective: The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. Methods: The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Results: Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. Conclusions: The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

Stefano Chiaradonna,Petar Jevtić,Nicolas Lanchier

DOI: https://doi.org/10.1111/risa.14127

Abstract:Networks like those of healthcare infrastructure have been a primary target of cyberattacks for over a decade. From just a single cyberattack, a healthcare facility would expect to see millions of dollars in losses from legal fines, business interruption, and loss of revenue. As more medical devices become interconnected, more cyber vulnerabilities emerge, resulting in more potential exploitation that may disrupt patient care and give rise to catastrophic financial losses. In this paper, we propose a structural model of an aggregate loss distribution across multiple cyberattacks on a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient-monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. Our framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. To our knowledge, there exist no other models of an aggregate loss distribution for cyber risk in this setting. We contextualize the problem in the probabilistic graph-theoretical framework using a percolation model and combinatorial techniques to compute the mean and variance of the loss distribution for a mixed random network with associated random costs that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. By characterizing this distribution, we allow for the further utility of pricing cyber risk.

Hüseyin Ünözkan,Mehmet Ertem,Salaheddine Bendak

DOI: https://doi.org/10.1007/s13721-022-00391-1

Abstract:Cyber security encompasses a variety of financial, political, and social aspects with significant implications for the safety of individuals and organisations. Hospitals are among the least secure and most vulnerable organisations in terms of cybersecurity. Protecting medical records from cyberattacks is critical for protecting personal and financial records of those involved in medical institutions. Attack graphs, like in other systems, can be used to protect medical and hospital records from cyberattacks. In the current study, a total of 352 real-life cyberattacks on healthcare institutions using common vulnerability scoring system (CVSS) data were statistically examined to determine important trends and specifications in regard to those attacks. Following that, several machine learning techniques and an artificial neural network model were used to model industrial control systems (ICS) vulnerability data of those attacks. The average vulnerability score for attacks on healthcare IT systems was found to be very high. Moreover, this score was found to be higher in healthcare institutions which have experienced cyberattacks in the past and no mitigation actions were implemented. Using Python programming software, the most successful model that can be used in modelling cyberattacks on IT systems of healthcare institutions was found to be the K-nearest neighbours (KNN) algorithm. The model was then enhanced further and then it was tried to make predictions for future cyberattacks on IT systems of healthcare institutions. Results indicate that the overall score is critical indicating that medical records are, in general, at high risk and that there is a high risk of cyberattacks on medical records in healthcare institutions. It is recommended, therefore, that those institutions should take urgent precautionary measures to mitigate such a high risk of cyberattacks and to make them more secure, reliable, and robust.

Clemens Scott Kruse,Benjamin Frederick,Taylor Jacobson,D Kyle Monticone

DOI: https://doi.org/10.3233/THC-161263

Abstract:Background: The adoption of healthcare technology is arduous, and it requires planning and implementation time. Healthcare organizations are vulnerable to modern trends and threats because it has not kept up with threats. Objective: The objective of this systematic review is to identify cybersecurity trends, including ransomware, and identify possible solutions by querying academic literature. Methods: The reviewers conducted three separate searches through the CINAHL and PubMed (MEDLINE) and the Nursing and Allied Health Source via ProQuest databases. Using key words with Boolean operators, database filters, and hand screening, we identified 31 articles that met the objective of the review. Results: The analysis of 31 articles showed the healthcare industry lags behind in security. Like other industries, healthcare should clearly define cybersecurity duties, establish clear procedures for upgrading software and handling a data breach, use VLANs and deauthentication and cloud-based computing, and to train their users not to open suspicious code. Conclusions: The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It is imperative that time and funding is invested in maintaining and ensuring the protection of healthcare technology and the confidentially of patient information from unauthorized access.

D.A. Kurmanova,D.R. Sultangareev,L.R. Khabibullina,,,

DOI: https://doi.org/10.17122/2541-8904-2020-2-32-82-91

2020-01-01

Bulletin USPTU Science education economy Series economy

Abstract:Cyber incidents continue to move up in the rating of possible threats and occupy the second position in the ranking of risks in the activities of companies (40 %). Five years ago, they were on the fifteenth line. Like a natural disaster or pandemic, a cyber attack can have a negative impact on hundreds of companies, and the number of such incidents is growing. So-called "cyber incidents",when hackers interfere with the activities of a large number of companies, using the dependencies of their shared Internet infrastructure, occur more often. This reflects the fact that today's world of risk management is more volatile than ever. At the same time, with the upcoming entry into force of the General data protection regulation (GDPR), which has been in effect throughout Europe since may 2018, the prospects of imposing more and larger fines on companies that do not comply with it have already become real. Actions taken by the company in light of a data integrity violation directly affect the final cost of such a violation. Reputational damage is inevitable if the response to a cyber incident is inadequate. New risks require new tools to respond to their potential impacts and mitigate them. This article discusses the possible risks of financial technologies, draws attention to cyber threats, the frequency of which is increasing, and offers a model for identifying and evaluating cyber risks.

Rajesh Keshavrao Deshmukh,Mohit Shrivastav

DOI: https://doi.org/10.70135/seejph.vi.769

2024-09-02

Abstract:India and other Asian nations are seeing an unparalleled pace of advancement in the modernisation of their healthcare systems. In this endeavour, information technology is crucial. Though the healthcare industry has made great progress, information security is still lagging behind the protection requirements attained in technologically developed nations such as the United States and the United Kingdom. This study is an honest attempt to pinpoint vulnerabilities and dangers in the field of cybersecurity and offers a few targeted remedies in three main domains: risks, vulnerabilities, and IoMT. Using a qualitative research methodology, this research culminates in the creation of a security maturity model for Indian healthcare. Furthermore, in light of these attacks, the well-known National Institute of Standards and Technology (NIST) risk assessment system and its guiding principles are examined. Evaluating the risks intrinsic to these hacks analytically becomes crucial given the comparatively low information risk management maturity levels in Asian healthcare organisations. While several nations in Asia and throughout the world are battling the COVID-19 outbreak, cybercriminals have been attempting to spread misinformation about vaccines. Additionally, some people and organisations are attempting to undermine specific vaccines in order to promote their COVID-19 treatments. Hacking research data, virus testing, and clinical studies that reveal side effects or possible issues are of particular interest to profit-seeking businesses. The secure methodology for identifying network attacks is suggested by this study.

Martin Dart,Mohiuddin Ahmed

DOI: https://doi.org/10.1177/20552076231191095

2023-01-01

Digital Health

Abstract:Purpose This paper proposes a novel cyber security risk governance framework and ontology for large Australian healthcare providers, using the structure and simplicity of the Unified Modelling Language (UML). This framework is intended to mitigate impacts from the risk areas of: (1) cyber-attacks, (2) incidents, (3) data breaches, and (4) data disclosures. Methods Using a mixed-methods approach comprised of empirical evidence discovery and phenomenological review, existing literature is sourced to confirm baseline ontological definitions. These are supplemented with Australian government reports, professional standards publications and legislation covering cyber security, data breach reporting and healthcare governance. Historical examples of healthcare cyber security incidents are reviewed, and a cyber risk governance UML presented to manage the defined problem areas via a single, simplified ontological diagram. Results A clear definition of ‘cyber security’ is generated, along with the ‘CYBER-AIDD’ risk model. Specific examples of cyber security incidents impacting Australian healthcare are confirmed as N = 929 over 5 years, with human factors the largest contributor. The CYBER-AIDD UML model presents a workflow across four defined classes, providing a clear approach to implementing the controls required to mitigate risks against verified threats. Conclusions The governance of cyber security in healthcare is complex, in part due to a lack of clarity around key terms and risks, and this is contributing to consistently poor operational outcomes. A focus on the most essential avenues of risk, using a simple UML model, is beneficial in describing these risks and designing governance controls around them.

public, environmental & occupational health,health care sciences & services,medical informatics,health policy & services

Jitendranath Palem -,Sivaprakash Palaniswamy -

DOI: https://doi.org/10.36948/ijfmr.2023.v05i04.4446

2023-07-17

International Journal For Multidisciplinary Research

Abstract:This paper focuses on demonstrating a fundamental prediction model based on ordinal logistic regression technique for creating an awareness and the importance a holistic cybersecurity product and services based on Cyberpsychology. This is helpful for the universities and also the industries to integrate cyberpsychology into an AI-based cybersecurity product or services and that will be a powerful combination and may effectively prevent malicious internal attacks.

Oluomachi Ejiofor,Ahmed Akinsola

DOI: https://doi.org/10.5121/csit.2024.141303

2024-07-23

Abstract:The increasing importance of data in the healthcare sector has led to a rise in cybercrime targeting patient information. Data breaches pose significant financial and reputational risks to many healthcare organizations including clinics and hospitals. This study aims to propose the ideal approach to developing a defense system that ensures that patient data is protected from the insidious acts of healthcare data threat actors. Using a gradientboosting classifier machine learning model, the study predicts the severity of healthcare data breaches. Secondary data was collected from the U.S. Department of Health and Human Services Portal with key indicators. Also, the study gathers key cyber-security data from Kaggle, which was utilized for the study. The findings revealed that hacking and IT incidents are the most common type of breaches in the healthcare industry, with network servers being targeted in most cases. The model evaluation showed that the gradient boosting algorithm performs well. Therefore, the study recommends that organizations implement comprehensive security protocols, particularly focusing on robust network security to protect servers

Computers and Society,Cryptography and Security,Networking and Internet Architecture

Ahmad Ali AlZubi,Mohammed Al-Maitah,Abdulaziz Alarifi

DOI: https://doi.org/10.1007/s00500-021-05926-8

IF: 3.732

2021-06-26

Soft Computing

Abstract:Cyber-physical systems have been extensively utilized in healthcare domains to deliver high-quality patient treatment in multifaceted clinical scenarios. The medical device’ heterogeneity involved in these systems (mobile devices and body sensor nodes) introduces enormous attack surfaces and therefore necessitates effective security solutions for these complex environments. Hence, in this study, the cognitive machine learning assisted Attack Detection Framework has been proposed to share healthcare data securely. The Healthcare Cyber-Physical Systems will be proficient in spreading the collected data to cloud storage. Machine learning models predict cyber-attack behavior, and processing this data can offer healthcare specialists decision support. This proposed approach is based on a patient-centric design that safeguards the information on a trusted device like the end-users mobile phones and end-user control data sharing access. Experimental results demonstrate that our suggested model achieves an attack prediction ratio of 96.5%, an accuracy ratio of 98.2%, an efficiency ratio of 97.8%, less delay of 21.3%, and a communication cost of 18.9% to other existing models.

computer science, artificial intelligence, interdisciplinary applications

Sakshyam Panda,Emmanouil Panaousis,George Loukas,Christos Laoudias

DOI: https://doi.org/10.48550/arXiv.2001.03782

2020-01-11

Cryptography and Security

Abstract:Cyber hygiene measures are often recommended for strengthening an organization's security posture, especially for protecting against social engineering attacks that target the human element. However, the related recommendations are typically the same for all organizations and their employees, regardless of the nature and the level of risk for different groups of users. Building upon an existing cybersecurity investment model, this paper presents a tool for optimal selection of cyber hygiene safeguards, which we refer as the Optimal Safeguards Tool. The model combines game theory and combinatorial optimization taking into account the probability of each user group to being attacked, the value of assets accessible by each group, and the efficacy of each control for a particular group. The model considers indirect cost as the time employees could require for learning and training against an implemented control. Utilizing a game-theoretic framework to support the Knapsack optimization problem permits us to optimally select safeguards' application levels minimizing the aggregated expected damage within a security investment budget. We evaluate OST in a healthcare domain use case. The Critical Internet Security Control group 17 for implementing security awareness and training programs for employees belonging to the ICT, clinical and administration personnel of a hospital. We compare the strategies implemented by OST against alternative common-sense defending approaches for three different types of attackers: Nash, Weighted and Opportunistic. Nash defending strategies are consistently better than the competing strategies for all attacker types with a minor exception where the Nash defending strategy performs at least as good as other common-sense approaches.

Martin Eling,Werner Schnell

DOI: https://doi.org/10.1080/10920277.2019.1641416

2019-10-30

North American Actuarial Journal

Abstract:Cyber risk is becoming more significant for insurance companies in both underwriting and operational risk terms, but the characteristics of cyber risk are still not yet well understood. We contribute to the literature by analyzing the role of cyber risk in insurance regulation frameworks. The aggregated cyber risk exposure of an insurer is estimated by fitting different marginal distributions and dependence models to historical cyber losses. This aggregated cyber exposure allows us to derive the insurer's survival probability and compare it with the goals of regulatory frameworks, such as the U.S. Risk Based Capital (RBC) or Solvency II (SII). Our findings indicate that regulatory models underestimate the potential risks associated with cyber threats. This is especially true for small cyber insurance portfolios, which are predominant in practice today. Regulatory models should be adapted to account for the heavy tails and dependence structure specific to cyber risks, instead of assuming "one size fits all."

English Else

Yang Lu,Jinggong Zhang,Wenjun Zhu

DOI: https://doi.org/10.1080/03461238.2023.2289374

IF: 1.7821

2024-01-04

Scandinavian Actuarial Journal

Abstract:In the past decade, cyber risk has raised much interest in the economy, and cyber risk has evolved from a type of pure operational risk to both operational and liability risk. However, the modeling of cyber risk is still in its infancy. Compared with other financial risks, cyber risk has some unique features. In particular, discrete variables regularly arise both in the frequency component (e.g. number of events per unit time), and the severity component (e.g. the number of data breaches for each cyber event). In addition, the modeling of these count variables are further complicated by nonstandard properties such as zero inflation, serial and cross-sectional correlations, as well as heavy tails. Previous cyber risk models have largely focused on continuous models that are incompatible with many of these characteristics. This paper introduces a new count-based frequency-severity framework to model cyber risk, with a dynamic multivariate negative binomial autoregressive process for the frequency component, and the generalized Poisson inverse-Gaussian distribution for the severity component. We unify these new modeling tools by proposing a tractable Generalized Method of Moments for their estimation and applying them to the Privacy Rights Clearinghouse (PRC) dataset.

social sciences, mathematical methods,mathematics, interdisciplinary applications,statistics & probability

Rui Zhang,Quanyan Zhu

DOI: https://doi.org/10.1109/tcss.2021.3117905

2021-01-01

IEEE Transactions on Computational Social Systems

Abstract:With the recent growing number of cyberattacks and the constant lack of effective defense methods, cyber risks have become ubiquitous in enterprise networks, manufacturing plants, and government computer systems. Cyber insurance provides a valuable approach to transfer the cyber risks to insurance companies and further improve the security status of the insured. The designation of effective cyber-insurance contracts requires considerations from both the insurance market and the dynamic properties of the cyber risks. To capture the interactions between the users and the insurers, we present a dynamic moral-hazard type of principal–agent model incorporated with Markov decision processes, which are used to capture the dynamics and correlations of the cyber risks as well as the user's decisions on the protections. We study and fully analyze a case with a two-state two-action user under linear coverage insurance and further show the risk compensation, Peltzman effect, linear insurance contract principle, and zero-operating profit principle in this case. Numerical experiments are provided to verify our conclusions and further extend to cases of a four-state three-action user under linear coverage insurance and threshold coverage insurance.

English Else

Daniel Celeny,Loïc Maréchal

2024-03-05

Abstract:We extract firms' cyber risk with a machine learning algorithm measuring the proximity between their disclosures and a dedicated cyber corpus. Our approach outperforms dictionary methods, uses full disclosure and not devoted-only sections, and generates a cyber risk measure uncorrelated with other firms' characteristics. We find that a portfolio of US-listed stocks in the high cyber risk quantile generates an excess return of 18.72% p.a. Moreover, a long-short cyber risk portfolio has a significant and positive risk premium of 6.93% p.a., robust to all factors' benchmarks. Finally, using a Bayesian asset pricing method, we show that our cyber risk factor is the essential feature that allows any multi-factor model to price the cross-section of stock returns.

Portfolio Management

SATHWIK RAO NADIPELLI -,NANTHITHA VIJAYAN -,SAYALI SHELKE -,DEEPTI AGRAWAL -,ANIL YADAV -

DOI: https://doi.org/10.36948/ijfmr.2023.v05i05.6904

2023-09-26

International Journal For Multidisciplinary Research

Abstract:Insurance is vital in today's society because it provides a critical financial safety net for individuals, families, organizations, and even governments. Based to the Global Insurance Market Analysis report, the global life insurance market was worth more than $3 trillion in 2019. It is critical in limiting the financial risks associated with unanticipated catastrophes, ensuring stability and peace of mind. In our Study, we embarked on an ambitious project to use machine learning to anticipate medical insurance expenses. Our mission began with a large dataset containing the health and demographic information of over 18,000 people, methodically obtained from Kaggle. This dataset included a plethora of variables such as age, gender, BMI, number of children, area, and, most importantly, medical charges. Our adventure progressed through numerous crucial stages. It all began with an essential component of uploading the dataset to Google Colab, which set the tone for the computational magic to follow. Preprocessing followed suit, with us dealing with missing data and unnecessary columns. To fill these gaps, we used a variety of strategies, including imputing missing values with averages or the most frequent values. In our pursuit of an optimum dataset, we meticulously changed discrete variables to continuous variables. We separated our dataset into separate subsets for training and testing using a 66:34 split ratio and used 5-fold cross-validation during the primary data analysis to enable model evaluation. Meticulous examination and citations to research publications led the important juncture of model selection. Our regression model lineup included Neural Networks, AdaBoost, Random Forest, and Gradient Boosting. The results were clear-cut, with the Neural Network coming out on top in terms of predicted performance. AdaBoost, Random Forest, and Gradient Boosting were close behind. We experimented with data visualization to better comprehend the data and the performance of the models. Sieve diagrams, bar plots, and line graphs shed light on the complexities of the dataset and the predictions of our models. Our future goal includes improving the application's accuracy and user interface, as well as assuring accessibility across all age groups. Furthermore, Our Study represents the promise as well as the potential of machine learning in the field of healthcare finance, revealing insights that have the potential to transform insurance cost estimation.