Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Apr 7, 2025
Date Accepted: Aug 8, 2025
Date Submitted to PubMed: Aug 21, 2025
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Sociotechnical Cybersecurity Framework for securing Health Care from Vulnerabilities and Cyberattacks: Scoping Review
ABSTRACT
Background:
The vulnerability of health care systems to various cyberattacks and breaches of health information globally is on the rise. Considering the increasing rate of reported cyber incidence and its risk to patient safety, privacy and financial losses, it is appropriate to examine the way cybersecurity is conceptualized in health care organizations factoring technology, human and process.
Objective:
This study examined the dynamics of the factors of vulnerabilities and cyberattacks in the context of sociotechnical systems theory underlying human, technology and process and developed a sociotechnical cybersecurity conceptual framework for preventing vulnerabilities, and responding to cyberattacks and threats in health care systems.
Methods:
A scoping review was conducted to search extant literature in three databases (Web of Science, PubMed (Medline) and Scopus). Using a search strategy “(cybersecurity OR "cyber threats" OR "cyberattacks" OR ransomware) AND (health care OR "health care data breaches”), a total number of 451 articles were retrieved from the period of 2012-2024. Finally, 65 articles in the domain of health care and cybersecurity were reviewed and analyzed. Original research articles and review articles were included. Only English language published articles were included to focus on contemporary issues, challenges and solutions.
Results:
The result showed that the factors of vulnerabilities to cyberattacks comprises of eleven sub-factors in health care systems. The study found that process involve both technology and human relatively to the unit factors of vulnerabilities to cyberattacks. There is a sociotechnical interplay across the factors of vulnerabilities. The conceptual sociotechnical cybersecurity framework provides a comprehensive and explicit dimension of the sociotechnical underpinning and joint optimization for cybersecurity progression towards achieving sustainable health care systems.
Conclusions:
The conceptual framework of sociotechnical cybersecurity provides a contemporary foundation and deeper insights for identifying and preventing vulnerabilities, and responding to cyberattacks in health care systems. There is limited study of cybersecurity from the sociotechnical lens in health care domain. Further studies is needed in cybersecurity incidence management. Health Care organizations should leverage the strength of cybersecurity through the implementation of risk assessment and incident response plan.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.