Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Mar 3, 2023
Date Accepted: Mar 8, 2024
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Cybersecurity in Healthcare Systems from a Social-technical Viewpoint:Systematic Review
ABSTRACT
Background:
Healthcare organizations worldwide are faced with an increasing number of cyber-attacks and threats to their critical infrastructure.These attacks lead to significant data breaches in digital health information systems, which threaten patient safety and privacy.
Objective:
This paper seeks to explore from a social-technical approach the reasons why digital healthcare systems are vulnerable to attacks through a systematic review of the literature.
Methods:
A systematic literature review using PRISMA was conducted by searching through nine databases for articles published between 2012-2022 and indexed in PubMed (Medline), Web of Science (WOS), ScienceDirect, Scopus, ProQuest, IEEE, MIS Quarterly, Springer, and Google scholar, using the keyword “(Cybersecurity AND Healthcare) OR Electronic Health Record AND Medical device).” Reports, review articles and industry white papers were included which focuses on cybersecurity and healthcare challenges and solutions. Only articles published in English was selected for the review.
Results:
The results of the thematic analysis of the five (5) categorized themes derived from the review, identify five (5) themes as the cause of data breaches and why healthcare is vulnerable to cyber-attacks.The themes identified are human error, lack of investment, complex network connected endpoint devices, old legacy systems, and technology advancement (Digitalisation).We also found that Intervention studies and knowledge applications to solve healthcare vulnerabilities for the past 11 years are inconsistent with the number of studies and solutions presented in the result.
Conclusions:
This systematic review provides clear understandings on why healthcare is vulnerable to attacks through a helpful insight and we offer interventions from a new lens of a social technical viewpoint as solution and guide for healthcare organization breaches and vulnerabilities. We recommend that healthcare organisation in partnership with educational institution need to develop and implement a cybersecurity curriculum for healthcare, intelligence information sharing through collaborations, training, awareness campaigns and knowledge application areas, such as secure design process, phase out legacy systems, improve investment to bridge the gap. Future studies are required to create a social technical framework that will support cybersecurity in healthcare and connect technology, people, and processes in an integrated manner.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.