Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Mar 15, 2023
Date Accepted: Sep 7, 2024
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Cybersecurity interventions in low- and middle-income country healthcare organizations: A scoping review
ABSTRACT
Background:
Healthcare organizations globally have seen a significant increase in the frequency of cyber-attacks in recent years. Cyber-attacks cause massive disruption to health service delivery and directly impact patient safety through disruption and treatment delays. Given increasing cyber-attacks in low- and middle-income countries (LMICs), there is a need to explore the interventions put in place to plan for cyber-attacks and develop cyber-resilience.
Objective:
To describe cybersecurity interventions implemented in LMICs to date and to evaluate their impact on the likelihood and impact of attacks. Secondary objective was to describe the main barriers and facilitators for the implementation of such interventions, where reported.
Methods:
A systematic search of the literature published between January 2017 and September 2022 was performed on Ovid Medline, Embase, Global Health and Scopus, using a combination of controlled terms and free text. A search of grey literature within the same time parameters was undertaken on the websites of relevant stakeholder organizations to identify possible additional studies that meet the inclusion criteria. Findings from included papers were mapped against dimension areas of the Essentials of Cybersecurity for Healthcare Organizations (ECHO framework) and presented as a narrative synthesis.
Results:
Seventeen studies were included in this review. The sample size of the majority of studies (58.8%) was 1-5 facilities and the studies were conducted in 13 countries. Studies were categorized into the thematic dimensions of the ECHO framework, including Context; Governance; Organizational strategy; Risk management; Awareness, education, and training; and Technical capabilities. Few studies (29.4%) discussed cybersecurity intervention(s) as the primary focus of the paper and so information on intervention(s) implemented had to be deduced. There was no attempt to report on the impact and outcomes in all but one paper. Facilitators and barriers identified were grouped and presented across national/regional, organizational, and individual staff levels.
Conclusions:
The scoping review findings highlight the limited body of research published on cybersecurity interventions implemented in healthcare organizations in LMICs and large heterogeneity across existing studies in interventions, research objectives, methods, and outcome measures used. The impact of cybersecurity interventions on likelihood and impact of cyber-attacks remains unclear. Future research should specifically focus on the evaluation of cybersecurity interventions and objectively evaluate their impact to build a robust evidence base to inform evidence-based policy and practice.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.