Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Mar 3, 2023
Date Accepted: Mar 8, 2024
Vulnerabilities, Cyberattacks and Socio-technical Solutions in Healthcare Systems: Systematic Review
ABSTRACT
Background:
Healthcare organisations worldwide are faced with an increasing number of cyberattacks and threats to their critical infrastructure. These cyberattacks cause significant data breaches in digital health information systems, which threaten patient safety and privacy.
Objective:
From a socio-technical perspective, this paper explores why digital healthcare systems are vulnerable to cyberattacks and provides socio-technical solutions through a systematic literature review (SLR).
Methods:
An SLR using Preferred Reporting Items for Systematic Reviews and Meta-analyses (PRISMA) was conducted by searching six databases (PubMed, Web of Science [WoS], ScienceDirect, Scopus, Institute of Electrical and Electronics Engineers (IEEE), Springer ) and a journal (Management Information Systems Quarterly (MISQ) for articles published between 2012 and 2022 and indexed using the keyword ‘(cybersecurity OR cybercrime OR ransomware) AND (healthcare) OR (cybersecurity in healthcare)’. Reports, review articles and industry white papers that focused on cybersecurity and healthcare challenges and solutions were included. Only articles published in English were selected for the review.
Results:
Five themes were identified: human error, lack of investment, complex network-connected endpoint devices, old legacy systems and technology advancement (digitalisation). We also found that intervention studies and knowledge applications for solving healthcare vulnerabilities during the past 11 years are inconsistent with the number of studies and the solutions presented in the results.
Conclusions:
This SLR provides a clear understanding of why healthcare systems are vulnerable to cyberattacks and proposes interventions from a new socio-technical perspective. These solutions can serve as a guide for healthcare organisations in their efforts to prevent breaches and address vulnerabilities. To bridge the gap, we recommend that healthcare organisations, in partnership with educational institutions, develop and implement a cybersecurity curriculum for healthcare and intelligence information sharing through collaborations, training, awareness campaigns and knowledge application areas, such as secure design processes, phase-out legacy systems and improved investments. Additional studies are needed to create a socio-technical framework that will support cybersecurity in healthcare systems and connect technology, people and processes in an integrated manner.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.