Cyber Security and Applications 1 (2023) 100016

Contents lists available at ScienceDirect

Cyber Security and Applications

journal homepage: http://www.keaipublishing.com/en/journals/cyber-security-and-applications/

Towards insighting cybersecurity for healthcare domains: A comprehensive

review of recent practices and trends
Mohd Javaid a,∗, Abid Haleem a, Ravi Pratap Singh b, Rajiv Suman c
a
Department of Mechanical Engineering, Jamia Millia Islamia, New Delhi, India
b
Department of Mechanical Engineering, National Institute of Technology, Kurukshetra, Haryana, India
c
Department of Industrial & Production Engineering, G.B. Pant University of Agriculture & Technology, Pantnagar, Uttarakhand, India

a r t i c l e i n f o a b s t r a c t

Keywords: Healthcare information security is becoming a significant responsibility for all healthcare organisations and indi-
Applications viduals. Innovative medical equipment and healthcare apps are vital to patient care, yet they are often the target
Cybersecurity in healthcare of hackers. Moreover, attackers are silently working against healthcare data. Once a hacker has gained access to
Healthcare
a network, they might install ransomware to lock down essential services or encrypt files until a specified ransom
Healthcare information
is paid. Businesses are frequently compelled to pay the ransom, hoping the money is eventually recovered since
Patient data
the healthcare sector is time-sensitive. Although less common, network-connected devices can be taken over and
used to distribute incorrect medications or alter a machine’s functionality. So, there is a need to implement cyber
security in healthcare to protect all information. In comparison to other industries, security duties in the health-
care industry are particularly broad and new. This is especially true given that data is accumulated and accessed
from various destinations. Data on a specific patient is gathered from various sources, including hospital and lab
records, insurance records, fitness apps, trackers and gadgets, health portals, and many more. It can be easily
protected by using cybersecurity technology. This paper briefs about cybersecurity and its need in healthcare.
Several tools, traits and roles of cybersecurity in the Healthcare Sector are studied. Finally, we identified and stud-
ied the applications of cybersecurity in healthcare. For hackers, a patient’s aggregated data might be regarded
as a goldmine, providing them with a detailed biography of an individual, including basic information, health
trends, family history, and financial details. The importance of Data access in the healthcare sector emerges from
numerous endpoints, which can be regarded as the weak spots of the healthcare data management system and
can also open up an infringement in the medical data management infrastructure.

1. Introduction tain a broad network in which vast amounts of data are constantly ex-
changed [3–5].
The importance of cybersecurity in medical organisations is more The knowledge that hackers are one step ahead of corporations is
significant than ever. Health departments, community and aged care the most challenging in Cybersecurity. They hunt for security weak-
providers, diagnostic service providers, research and academic enter- nesses that someone working for the firm is likely to ignore. In addi-
prises, healthcare consultancies, and primary healthcare practices are tion, new technologies, notably cloud and mobile, are developing at
just a few of the places where there are opportunities for data theft, an exponential and ultra-rapid rate. Hackers are fast to learn how to
identity theft, and holding systems hostage for ransom. [1,2]. The like- utilise new technology to their advantage, and cybersecurity specialists
lihood of a breach is minimised by implementing security measures that must stay up, attempting to foresee and thwart their attempts. Most of
use powerful authentication mechanisms in conjunction with staff train- the security solutions are centred on recognising malware and avoid-
ing, a critical follow-up activity that some businesses prefer to overlook, ing penetration. As a result, instead of acting, they will respond to the
risking becoming a headline in Cybersecurity. One aspect of healthcare current and impending threat. This passive threat-response technique,
is especially vulnerable to cyberattacks, and thieves frequently utilise it amongst other things, needs regular updates, and more than its usage
to create a weak point in the company’s supply chain. Because health is required. Artificial Intelligence can help with a more complex cyber
organisations rely on various suppliers and external services, they main- solution. Machines have the energy and tenacity required to combat cy-

∗
Corresponding author.
E-mail addresses: [email protected] (M. Javaid), [email protected] (A. Haleem), [email protected] (R.P. Singh), [email protected] (R. Suman).

https://doi.org/10.1016/j.csa.2023.100016
Received 30 August 2022; Received in revised form 4 February 2023; Accepted 6 March 2023
Available online 11 March 2023
2772-9184/© 2023 The Authors. Published by Elsevier B.V. on behalf of KeAi Communications Co., Ltd. This is an open access article under the CC BY license
(http://creativecommons.org/licenses/by/4.0/)
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

ber threats, and they are the favoured weapons of senior cybersecurity on tablets, smartphones, and other devices using mobile device man-
specialists [6–8]. agement (MDM) software, preventing employees from breaking crucial
The risk of cybercrime increases as the healthcare industry becomes rules and maintaining data security [23–25].
technologically connected. The two types of theft are external theft and
internal theft. Hackers not affiliated with the healthcare industry break 3. Need for cybersecurity in healthcare
into the patient and medical systems to steal and collect data, usually for
financial gain. They could use patients’ private data to submit fictitious Technology advancements enable medical institutions to treat pa-
insurance claims. External theft can also entail hackers demanding a tients, access shared data, and communicate with patients and work-
ransom payment from healthcare businesses to recover patient data sys- ers via linked devices. However, all of the talents mentioned above are
tems. Sophisticated malware and phishing methods that install harmful risky. A dependable and experienced partner aware of compliance min-
programmes or steal login credentials on a machine may compromise a imises that risk significantly. Malicious hackers are particularly inter-
whole system. One of the most challenging aspects of dealing with mal- ested in the healthcare business. Cybersecurity in healthcare is critical,
ware is that it just takes one seemingly legitimate link to inject a mali- from contact information and personal data to social security numbers
cious cyber presence into the network. It is critical to teach employees and banking information, because fraudsters always look for weaknesses
to spot joint phishing efforts [9–10]. in healthcare systems [26–28]. Many healthcare institutions, research
Healthcare providers sometimes collaborate with suppliers without centres, and hospitals have become susceptible due to the pandemic. As
first analysing the associated risk. Hospital employees may acquire com- a result, enterprises should implement a challenging yet current cyber-
puter access if the facility contracts a cleaning business. While it is essen- security plan. As a result of digital transformation, the healthcare sector
tial to protect patient information from the average employee, it may be is confronting new cybersecurity risks. Many significant participants in
challenging to do so because upkeep and cleaning are crucial to main- the healthcare industry are beginning to rely on a broader spectrum of
taining a safe working environment [11]. The cost of upgrading to a technology, such as mobile apps and public cloud services. While the
new system includes paying technicians’ wages and new technology. It benefits are apparent, the rising complexity of the computing environ-
could also suggest downtime, which reduces a hospital’s capacity to gen- ment is resulting in new cybersecurity vulnerabilities. Information secu-
erate cash. Completing the new technology and equipment certification rity events involving sensitive health data and ransomware attacks on
processes might take a while [12,13]. life-critical services pose a significant potential danger. [29,30].
The healthcare business should prioritise data security and be mind- Medical personnel have easy access to the patient’s information.
ful of the implications of the information gathered about individuals Criminals can mishandle stolen information in a variety of ways. They
during their medical treatments. However, the sector’s difficulty is pri- can use this information to commit identity theft, make false transac-
marily due to the abundance of entry and access points, which makes tions, or blackmail victims. These can infiltrate a computer and install
it impossible for a single business to create an effective data security malicious software or steal sign-in credentials. As a result, the entire
system. Profile-based secure access to business applications and data is network suffers. One of the most frequent malware techniques is ask-
required in the healthcare industry [14,15]. The main aim of this paper ing for sign-in information from websites via email. The key to gain-
is to study the potential applications of Cybersecurity in the healthcare ing patient confidence is guaranteeing the security of EHR and personal
field. health information (PHI) during a medical encounter with a healthcare
practitioner. It guarantees the trustworthiness and reliability of next-
2. Understanding cybersecurity generation healthcare delivery systems such as robots, patient care an-
alytics, and telemedicine. As the incidence of cyberattacks and data
Cybersecurity safeguards computer systems and networks against in- breaches in healthcare grows, rules are anticipated to become stricter,
formation leakage, data theft, or damage to their hardware, software, increasing the healthcare demand to defend their companies from cyber
or electronic data and interruption or misdirection of their services. Cy- threats [31–33].
bersecurity is one of the most pressing challenges in practically every
4. Objectives of the research
company that works with digital data. Regrettably, the healthcare busi-
ness was one of the primary targets of cybercrime. Many hospitals do
Cybercriminals frequently target the healthcare industry. The inter-
not adequately track, report, and manage risks because they seldom log
net is filled with priceless personal information, and technological ad-
network or system events or monitor assaults to detect cyber intrusions
vancements have only made it easier for individuals with malicious in-
[16,17]. The ability to evaluate and understand threat data might assist
tentions to obtain this data. While out-of-date documentation is trans-
them in reducing damages and identifying flaws. One of the most sig-
ferred to databases and the cloud, which benefits patients and their doc-
nificant hazards to the healthcare industry is healthcare cybersecurity.
tors, there is also an increase in connectivity and the convenience of
Information technology (IT) must continually handle healthcare data se-
remote access and data exchange. According to healthcare executives,
curity concerns due to the requirements to assist patients and the harm
external hackers are the industry’s most significant data security con-
that healthcare security breaches may do to their lives. [18–20].
cern, rather than shared data, wireless computing, or weak firewalls.
Medical provider networks may include critical financial data. Al-
They are understandably concerned about malware infiltrating com-
most everyone’s personal information is accessible since very few peo-
puters and compromising the entire network. Cybersecurity, like many
ple avoid going to healthcare providers. Hackers can access data ob-
other medical device-related concerns, begins with risk management.
tained under patients’ names for years since Electronic Health Records
To correctly plan and execute the appropriate activities, it is essential
(EHRs) are connected. Sharing medical data is essential to provide pa-
to comprehend the notion of risk and the distinction between safety and
tients with the best treatment possible and make networks desirable tar-
security threats [34–36]. The primary research objectives of this article
gets. Healthcare industries are not the only ones attempting to safeguard
are as under:
themselves online. Small firms have worked for years to find answers to
cybersecurity issues, and one of the most successful strategies is to in- RO1: - To explore Cybersecurity and its need in healthcare;
volve all employees in maintaining the network’s security. [21,22]. A RO2: - to discuss significant tools and traits of Cybersecurity for the
recognised security culture is promoted by assisting personnel in under- Healthcare sector;
standing their role in Cybersecurity and its potential effects on patients’ RO3: - to explore different roles of Cybersecurity in the Healthcare
lives. Healthcare organisations should set strict guidelines for mobile domain;
device usage and disposal of equipment that has previously held pri- RO4: - to identify significant applications of Cybersecurity in Health-
vate data. IT administrators may safeguard, control, and enforce policies care.

2
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

Fig. 1. Various Tools of Cybersecurity in the Healthcare Do-

main.

5. Significant tools and traits of cybersecurity for the healthcare around patient information, many healthcare providers are shifting to
sector cloud-based data storage solutions [45–47].
Companies must encrypt data and put other security measures in
Fig. 1 explores the various tools and traits of Cybersecurity in the place as the healthcare sector becomes more technologically advanced
healthcare domain. These tools and traits include anti-theft devices and and dependant on tablets and mobile devices. Antivirus software can
their applications, the creation of complete digitalisation in the forensic help maintain network security generally, but these systems need to be
field, performing penetration testing, vulnerability scan trials, data loss regularly updated. Anti-virus software must be updated often due to the
prevention, etc. The primary focus and target of these assistances in continuously evolving cyber threat techniques to ensure the healthcare
Cybersecurity are to offer more impactful and fruitful services in more organisation is continually protected and guarded against the most re-
needy sectors such as; the healthcare domain [37–39]. cent danger initiatives [48–50]. The experts that operate on the front
Cybersecurity safeguards medical data, patient information, and as- lines of healthcare cybersecurity are employed in the health informa-
sets from illegal access, disclosure, and usage. The number of possible tion management industry. The accuracy, security, and privacy of pa-
digital gateways for cybercrime grows as technology advances. Regard- tient records are the responsibility of health information management.
ing tracking patients’ health, the Internet of Things (IoT), in conjunction As more hospitals transition to electronic health records and health sys-
with the cloud and big data, has opened up a new world of possibil- tems, experts must deal with and secure this information.
ities. In reality, the healthcare business is one of the fastest-growing Backups are essential components of any security response and re-
areas in IoT device usage. As more healthcare organisations are forced covery strategy. Backups provide a dilemma in that they might dissem-
to outsource certain aspects of their service delivery to third-party sup- inate sensitive data, including patient information, via other systems,
pliers, a slew of security issues arises. They may hire a contact centre introducing additional risks and concerns. Patient information some-
for patient assistance, as well as different sanitation service providers times protected health information under the Health Insurance Portabil-
and outside caterers. Each new entity raises the danger of a protected ity and Accountability Act, is amongst the most sensitive data currently
health information breach. The healthcare industry, like most others, available and one of the targets of hostile attacks frequently. In most
employs linked networks to increase efficiency and exploit data. How- healthcare institutions, physical access to the hospital network is rela-
ever, with increased connectedness comes a significant danger of cyber- tively straightforward [51,52]. Most hospitals have WiFi, and patient
attacks [40–42]. rooms have open ports for networking medical devices. Additionally,
Hospitals can effectively defend their electronic infrastructure from old technology and gadgets with unneeded internet access increase the
hostile assaults by implementing a comprehensive cyber security strat- danger. As a result, hackers can utilise these network entry points to
egy. This entails more than just safeguarding hospitals’ PCs and iPads. obtain hospital data. Rapid digitisation has resulted in substantial ad-
This begins with approaching hospital planning with the awareness that vancements in the healthcare business [53,54]. The whole industry has
creating information technology, building systems, and clinical equip- become progressively interconnected under the e-health banner, the in-
ment can no longer be done in silos [43,44]. As providers roll out new ternet of medical things, electronic health records, telemedicine, and
systems, Cybersecurity is routinely overlooked at the board level. How- the application of artificial intelligence. As a result, developments in
ever, non-technical healthcare executives may need to pay more atten- automation and interoperability have increased the risk of cyber catas-
tion to the relevance of Cybersecurity. One of the specific cybersecurity trophes.
themes of the COVID-19 pandemic has been the considerable increase in Integrating the IoT with operational technologies (OTs) introduces
phishing attacks across all sectors. On the other hand, healthcare insti- additional standardisation issues. Previously, standardisation processes
tutions are particularly vulnerable to these assaults due to their contin- dealt with both IoT and OTs independently. As a result, integrating many
uously changing operating environment and sometimes overstressed IT types of goods introduced new cybersecurity concerns. As a result, new
workers. Because of the ease of data retrieval and the increased security kinds of governance are required to meet and address the new diffi-

3
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

Fig. 2. Distinct Roles and Trends of Cybersecurity for Healthcare.

culties connected with the rapidly changing digital world—most data businesses are desirable to cybercriminals because they have informa-
privacy breaches in healthcare result from employee error and unau- tion with a high monetary value. In recent decades, the healthcare busi-
thorised disclosure. Unsurprisingly, cyber security is not top of mind for ness has increased its use of modern technology, such as software for
most hospital employees in an already overburdened environment. Re- managing patient profiles, cloud storage of healthcare data, advanced
garding fundamental cyber security, the healthcare business falls behind medical equipment, and other tools. These technological innovations
other industries, such as banking and manufacturing, which frequently have facilitated healthcare practitioners’ jobs and resulted in a paper-
design their infrastructure with data protection. It is challenging, given less atmosphere. However, the risk of cyber assaults and data breaches
how lucrative healthcare breaches may be for hackers [55–57]. has grown [66–68].
The Internet of Medical Things (IoMT) includes all mobile devices With the linked nature of IT, IoT and IoMT devices, augmented
and related systems that store patient information and medical data. reality, robots, and other technologies, it is evident that the existing
Along with sensitive health information, there is also priceless intellec- perimeter-based security approach used by most healthcare companies
tual property that is highly prized by essential stakeholders and, more will no longer be successful in protecting against sophisticated threats.
worrisomely, by cyber theft. With healthcare cybercrime increasing and To remain ahead of these trends, healthcare companies must continue to
medical records selling for exorbitant prices, more and more money is invest in the fundamentals while transitioning from a perimeter-based
being spent on correcting the damage caused by the loss of such crucial security paradigm. It is appropriate for all healthcare institutions to ad-
data [58,59]. The necessity that vital healthcare staff employees pos- dress flaws as soon as feasible [69,70]. Employs an automated technol-
sess cyber security skills is equally important. Surprisingly more so than ogy that ensures their clients’ safety because the virus is harmful due
senior-level workers, doctors and administrative staff are amongst the to unpatched vulnerabilities. It is critical to stop the malware when-
most commonly targeted healthcare professionals. Hackers are cunning ever it reactivates. Otherwise, software patches are only effective if IT
and know how to exploit the human element in the medical industry. solutions keep current applications up to date via installed patches as
Cybercriminals perform research on how to target their attacks, prey- they are produced. Despite updated software and suitable device and
ing on time-crunched doctors, intrinsic curiosity, and a constant need to network security operation, complicated IT systems must consider how
improve the well-being of others [60,61]. to deal with the aftereffects of an attack. For this reason, complete data
backups that include all software and stored data must be a standard
6. Different roles of cybersecurity in the healthcare domain component of all managed IT systems [71,72].
Organisations that have access to a copy of their information can
There are various qualitative and essential roles of Cybersecurity in upload it and resume normal operations more quickly. In addition to
healthcare. Fig. 2 elaborates on the various roles and trends of Cyber- out-of-date and susceptible software, employees can serve as a doorway
security in the healthcare domain. The principal highlighted roles are for malicious programmes to infect both functional machines and net-
as; data protection, numerous devices and services for the betterment of works. Many healthcare facilities supply equipment to caregivers and
healthcare activities, overall risk management and its analysis, security other non-staff people. Devices may be lost or stolen as a result of this.
training, complete security of patient data and past details, etc. These Criminals can acquire lost or stolen items in this manner [73,74]. In this
roles and attainments are essential, especially in healthcare [62,63]. case, limiting the device’s accessibility is appropriate to avoid a data
Patient data consists of personally identifiable information as well as leak. Furthermore, several options are available, such as GPS position
medical information. A data breach can harm both physicians’ and pa- tracking, remote wiping and locking, and so on. Patient information can
tients’ reputations. Improving the security of IT systems that store and be obtained from the server over wireless networks. Cybercriminals can
process medical records lowers the danger of cyber assaults. Laws enact readily obtain information if it is not secured. As a result, it is critical
safeguards for patient data and healthcare institutions, setting security to describe the device that will communicate with the server to retrieve
requirements to safeguard medical information. Because of the complex the data. It aids in detecting and limiting leakage while also providing
matrix of technology, applications, devices, and regulatory compliance, dependable information protection to assure compliance [75–77].
Cybersecurity in healthcare is a difficult task that necessitates specific People commonly believe that cost reduction is the most difficult
understanding [64,65]. Cybersecurity will play an increasingly signif- challenge for medical organisations. However, protecting patient data
icant role as more technologies are utilised in healthcare. Healthcare is more vital and challenging than cost savings. It is general knowledge

4
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

that the majority of effective cyber assaults make use of known vul- breaches, and other cyber security threat-related occurrences [90–92].
nerabilities. These flaws can also be fixed with simple changes. How- Table 1 discusses the applications of Cybersecurity in healthcare.
ever, most users fail to update their computers with the most recent Computer systems in the healthcare industry hold sensitive data and
security updates, creating vulnerabilities for hackers to exploit. Critical assist businesses in providing quality patient services, making them a
patient data is stored in healthcare and cybersecurity systems. Hack- prominent target for extortion efforts. Phishing is a frequent attack in
ers can use this information to make money. Cyberattacks on health- which a cybercriminal acts on a reputable business or individual to
care systems can result in diverging ambulances, cancelled operations gain confidence. Emails have long been a potential entrance point, with
and appointments, and even deaths in rare situations. The advice pro- phone files and connections to false websites. Email breaches are espe-
vided above will assist cybersecurity workers in healthcare organisa- cially concerning in healthcare, as personnel often exchanges sensitive
tions to keep their systems secure. Hospitals, physician offices, clinics, data through email. As a result, the security concepts and approaches
and other healthcare providers must offer high-quality treatment while that apply to e-health are similar to those addressed by providers of es-
keeping patients and staff as safe as possible [78–80]. amongst the data sential linked systems [178–180]. The primary distinction is that medi-
sets targeted are those containing protected health information (PHI) cal gadgets handle health data, which is extremely valuable to hackers.
about patients, financial data (such as credit card and bank account Personal medical records are subject to stringent laws. Such restrictions
numbers), personally identifiable information (PII) (such as Social Se- impose additional safeguards to ensure the integrity of the patient’s pri-
curity numbers), and intellectual property related to medical research vacy. A breach of security is highly costly to healthcare organisations. In
and innovation. Cyberattacks on other systems and electronic health this critical setting, the health industry must be aware of and prepared
records put patient privacy at risk because they allow hackers access to do all possible to safeguard its health apps and data banks, including
to PHI and other sensitive data [81,82]. Medical practitioners must fre- allocating sufficient technological and financial resources to them. Data
quently collaborate with various suppliers without being aware of the gathered in the health industry is susceptible since most records become
hazards. A firewall is critical for safeguarding computers from danger- a substantial burden when corrupted. Healthcare firms are prominent
ous attacks from the outside world. It inspects all communications from targets for cybercriminals looking to steal vital information by exploit-
outside sources and prevents harmful code from infiltrating. A firewall ing flaws in security systems [181–183].
can be set up in both hardware and software. Installing excellent an- The healthcare personnel must be capable of accessing and utilis-
tivirus software, like a firewall, is vital for keeping computers safe and ing the available technologies. The end-user might become a weak link
secure information stored on them. An antivirus programme detects and in an otherwise strong cybersecurity system. Employees are potentially
eliminates any harmful code. After saving the medical documents, it is targeted by phishing and spoofing attacks. The ideal method is to use
critical to install antivirus software [83,84]. real-life hacking and phishing scenarios. Employees must also be in-
It is also necessary to update the programme regularly in order for formed of the reporting mechanism for questionable activity. It is criti-
it to run error-free. Most antivirus software displays reminders for such cal to educate and teach employees how technologies function and how
updates, and some are set to update automatically. Important health- to use them effectively while securing their network [184–186]. Em-
care details should be safeguarded against unforeseen occurrences like ployees should have a clear grasp of their function in the security net-
natural disasters, fire, etc. An essential aspect of this practice is mak- work of the firm. The healthcare sector may benefit from using anti-theft
ing backups of the details and having a recovery plan. Keeping backups devices, business continuity, disaster recovery plans, digital forensics,
is critical for data security and swiftly and accurately recovering data multi-factor authentication, network fragmentation, login testing, infor-
when needed. Cloud computing is a popular backup solution since it re- mation exchange, and risk scanning. One of the industries with the most
quires no hardware investment and little technical knowledge. Health- regulations and oversight worldwide is healthcare. Due to law, legisla-
care businesses may use this functionality to block users from perform- tion, and policy, healthcare providers and payers are held to strict stan-
ing specific actions such as uploading data to the internet, engaging dards and obligations. Furthermore, cyber healthcare risks have been a
in unlawful email conversations, transferring data to an external hard significant issue for many years due to various variables [187–189].
disc, and printing, amongst others. Furthermore, data discovery and cat-
egorisation may be used with data usage management to guarantee that 8. Harmful threats of cybersecurity for healthcare
sensitive material is recognised and not misused [85–87].
Cybersecurity has a significant problem in healthcare, and businesses
are wrestling with the vulnerabilities and ways in which patient data
7. Cybersecurity applications in healthcare may be utilised against patients and organisations. Medical documents,
such as medical history, prescription records, payment cards, date of
Healthcare firms are especially vulnerable to cyberattacks because birth, social security number, and other information, can assist in con-
they have a large volume of data that attackers value highly in terms structing a complete personal profile. Furthermore, the value of the data
of both monetary and intelligence value. Critical and confidential data improves if it has been validated by completing a transaction. When
includes, but is not limited to, financial information, the patient has these documents are sold on the dark web, they may be utilised several
protected health history and information, social security numbers, and times before the patient realises their information has been unlawfully
data relevant to research and innovation. Hospitals rely on an intri- disclosed. In the case of the health industry, these cyberattacks can have
cate network of gadgets using Cybersecurity to meet their demands and disastrous effects on public health and safety. As a result, the ramifica-
handle vast volumes of data and equipment [88,89]. Large organisa- tions transcend beyond just having an economic impact or posing a dan-
tions are almost certainly to have an extensive network connected to ger to national security. Cyberattacks have far-reaching consequences
servers that contain vital information. MRI equipment is usually linked for human well-being, putting people’s lives in jeopardy at times [190–
to several workstations that allow operators to manipulate MRI images. 194]. The major harmful threats of Cybersecurity for the health sector
These devices can serve as possible entry points for hackers looking are discussed in Table 2.
to access information-storage systems on the network. Sensitive data Several cybersecurity-related problems afflict the healthcare sec-
can, of course, be partially encrypted or partially exposed. Clinicians tor. These problems vary from distributed denial of service (DDoS) as-
use pseudonymisation to clarify illnesses or medical treatment methods saults that impair hospitals’ capacity to deliver patient care to malware
when communicating with their patients. Doctors also use anonymi- that compromises the security of systems and the privacy of patients.
sation when it comes to data that is part of statistics or a strategy to While other critical infrastructure sectors are subject to similar assaults,
improve a particular service. Healthcare businesses should ensure ro- the goal of the healthcare sector presents particular difficulties. Cyber-
bust security measures to reduce the risk of email account compromise, attacks may affect the healthcare industry in ways that go beyond mon-

5
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

Table 1
Applications of Cybersecurity in healthcare.

S No Applications Description References

1. Protection of Cybersecurity can help detect, evaluate, and respond to cyber-attacks faster than humans. It increases efficiency and strengthens the [93–95]
healthcare protection of information technology for businesses restricted by time and financial or human resources. It may have a significant
information influence on the processing of data across apps. Robotics rapidly analyses enormous amounts of data to detect abnormalities or warn
of possible risks with the help of Cybersecurity. Machines learn from a growing amount of data and become increasingly accurate at
recognising anomalies over time. Healthcare’s priority is the patient’s health, which is increasingly dependant on medical technology
and processes. The likelihood of a positive outcome increases the faster a patient obtains adequate care in the ideal environment with
the right technologies. Patient safety and privacy are also at risk from cyberattacks on programmes that use Personal Identification
Information (PII), Protected Health Information (PHI), and other data. Loss of access to medical equipment and records can encrypt
and hold files hostage, similar to a ransomware attack. A hacker may access a patient’s computer and take private data. Furthermore,
the attacker may purposefully or inadvertently modify the patient’s data, causing substantial harm to the patient’s health.
Cybersecurity helps to fulfil these challenges.
2. Safeguarding Medical equipment must be safeguarded and their data encrypted wherever feasible, and they must undertake their vulnerability [96–99]
medical evaluation of the software that is installed on these devices. Cybersecurity dangers are constantly evolving. Because of this, software
equipment developers provide frequent updates for their products because no system is flawless. In terms of security, healthcare institutions
have long been amongst the most popular targets of cyberattacks, and the transition to telecommuting has further exacerbated this
long-standing issue. As the medical device business evolves, implanted devices rely more on software to save countless lives.
Naturally, once the programme is out, hackers will attack it using any corrupted version of the protocol they can find to cause an
application issue. They may discover a way to trip up the programme and generate a buffer overflow, the most commonly leveraged
design fault, by pushing at the application’s entry points or fuzzing the communication.
3. Tackling The relevance of Cybersecurity in healthcare is immense, and it can tackle complex treatment with excellent patient care. In today’s [100–103]
complex increased technology adoption, several cybersecurity benefits are available to combat dangerous agents and create a clean and safe
treatments with atmosphere for healthcare workers to carry out their jobs. In recent years, the healthcare business has experienced a surge in
excellent patient digitalisation. Cybersecurity is one of the essential parts of the healthcare industry since it safeguards valuable insights, healthcare
care data, and patients’ personal information. Cybersecurity is not just a feature that can be added to the system; it is an emergent
attribute of a well-designed system. Furthermore, manufacturers and firms working with medical devices must begin implementing
security procedures from the device’s conception to its commercialisation. Building Cybersecurity into devices from the outset
reduces risks and costs associated with security compliance. The hazards constantly offset the benefits of linked medical equipment,
and ethical hackers are working hard to ensure that the connected medical gadgets on the market are trustworthy.
4. Securing and Cybersecurity training and proper instruction are required for all incharges securing patient data. Healthcare cybersecurity is [104–107]
protecting improved by using fundamental security measures like anti-virus, backup, data recovery, data loss prevention, email gateway, event and 140 to
patient databank response system, same encryption, firewall, intrusion detection, policies, mobile device management, security awareness, patch 144
management, web gateway, and others. Compassionate patient data might have a significant monetary value, attracting the attention
of attackers. This business has become even more susceptible as a result of COVID-19. Physicians and non-clinical employees now
provide more patient care services remotely, increasing their vulnerability to cyber risks. Current compliance mechanisms to protect
medical records and data are primarily reactive, chastising healthcare organisations for data breaches after they have occurred.
Cybersecurity was only sometimes at the forefront of designers’ concerns when many IoT devices were built. Because IoT devices in
healthcare use ordinary web browsers and operating systems, they are highly susceptible. Furthermore, many IoT devices are used by
healthcare organisations, like digital diagnostic testing equipment, heart monitors, and ultrasound sensors. Healthcare organisations
typically have small IT teams; Specific equipment may be overseen by the facilities team, while clinical departments may oversee
others. As a result, the secure upkeep of healthcare technology might require some clarification. IT technical support and
maintenance services enable organisations in the healthcare industry and elsewhere to recover from an IT system failure swiftly.
5. Taking control Cybersecurity provides an appealing and feasible commercial opportunity, and the healthcare industry is becoming a key target for [108–111]
of linked cyber-criminals. Cyber-attackers can take control of linked medical devices, causing disruptions in healthcare systems. Healthcare
medical devices data breaches can be either unintentional or purposeful. Healthcare data leakage can occur when hospitals and healthcare providers
fail to adopt reasonable and suitable security measures, which implies that the healthcare provider is responsible for securing patient
information and maintaining the confidentiality of such information. Healthcare businesses have implemented a cloud-based solution
for medical software, which shows that they are already concerned about upcoming technological challenges. Now is the time to take
the required precautions to safeguard the sensitive data that creates, retained, and updated for all patients. Healthcare cybersecurity
is one of the most critical concerns that employees must handle. Ongoing training for all of the employees will assist in building
Cybersecurity. Cybersecurity specialists are in charge of safeguarding our personal information as well as the networks and systems
we use. Technology is continuously developing, as are cybercriminal techniques.
6. Securing Robust authentication techniques while securing access to application systems and data, continuous communication with staff and [112–115]
healthcare other key stakeholders, including reminders of safety behaviours and obligatory steps in the event of a safety failure. Cybercriminals
access by can access a target by exploiting any weak link in the supply chain. Strong ties between corporations within a healthcare ecosystem
stakeholders can jeopardise the entire ecosystem. Healthcare institutions frequently utilise a collection of proprietary apps and systems that must
be integrated into an IT security framework. Improving healthcare cybersecurity has become a critical component in today’s world
since hackers are continually attacking businesses. The preceding talk has provided a thorough understanding of cyber threats and
the potential hazards that a healthcare business may face. It also aids in the preparation of defence against cybercriminals.
Unauthorised access can have dire repercussions for service providers. It is critical to secure any devices used in or outside of
healthcare with passwords and biometrics. An effective lock mechanism will prevent unauthorised access to healthcare data. The
danger of incursion can be reduced by evaluating cutting-edge mHealth apps.
7. Undertaking a They need to do a risk analysis and put security measures in place to lessen the risks associated with cyber healthcare. Conduct [116–118]
risk assessment regular penetration testing, vulnerability assessments, and cyber-risk analysis audit to evaluate our security procedures’ efficacy. This
of healthcare also involves logging and monitoring, incident response, and continuous cyber development. Healthcare providers must take
system adequate precautions to safeguard patient data from cyber-attacks. Work with a healthcare software vendor who has proven the
capacity and commitment to upgrade its programme regularly. Plan how the company will respond in the sad event that information
is compromised. The healthcare sector is a common target for medical information theft because it needs to catch up to other top
sectors in protecting crucial data. Time and money must be committed today to secure healthcare technology and patient
information confidentially. Healthcare organisations may define, operationalise, and enforce the best data security and management
practices by leveraging automated data intelligence platforms, deep machine learning, and extensible app frameworks. Proactively
identify and protect patient and essential data; eliminate redundant, outdated, or trivial data to reduce risk; and identify data with
legal holds to ensure compliance with regulatory standards using this technology.
(continued on next page)

6
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

Table 1 (continued)

S No Applications Description References

8. Improving Cybersecurity makes offering patient care more accessible and efficient while improving healthcare outcomes. The advent of digital [119–121]
healthcare technology and the rising interconnection of various healthcare systems has increased healthcare cybersecurity vulnerabilities. The
outcomes security of healthcare systems is a significant challenge for healthcare cybersecurity. These systems include EHRs, health monitoring
tools, medical gear, and software used in healthcare administration and delivery. As overburdened staff and IT teams balance shifting
priorities, basic cybersecurity principles can easily slip, jeopardising medical information and, increasingly, patient health. With
customers growing more aware of vulnerabilities such as phishing attempts, portal issues, and outdated browser usage, healthcare
companies that suffer network breaches will likely lose client confidence quickly. Cybercriminals have long found the healthcare
business to be an exciting target. They are trying newer methods to exploit healthcare cybersecurity policies, from high-value patient
data to a low tolerance for downtime that might interrupt patient care.
9. Preventing Healthcare cybersecurity focuses on preventing attacks by securing systems against unauthorised patient data access, use, and [122–124]
attacks disclosure. The security and integrity of crucial patient data, which, if compromised, might jeopardise patient lives. Cyberattacks take
many forms, ranging from ransomware to the theft of personal information. The severity of an assault depends on the scale of the
facility. Cybercriminals’ advances will soon be able to disrupt the technology that healthcare companies now use. To thrive, hospital
IT teams must build and implement modern, integrated security technologies. Fortunately, automation may assist both the healthcare
business and criminals. As security automation advances, healthcare security professionals can keep up with the escalating assault of
malware threats aimed exclusively at their industry. Cybersecurity is more critical than ever for providers with remote treatment,
linked devices, and more efficient data utilisation digitising healthcare delivery. Despite the benefits to patient care, there are still
some critical gaps for physicians to fill. With healthcare under constant attack from threat actors, new vulnerabilities will develop,
and current cybersecurity flaws will become more crucial as providers increasingly rely on digital technology.
10. Assisting This technology helps keep healthcare security breaches at bay in various ways. To begin with, service providers can analyse their [125–128]
security teams network environment, detect possible vulnerabilities, and even assist security teams in ensuring compliance with legislation such as
the Healthcare Identifiers Act. A robust security system entails more than hiring a creative IT specialist. It involves frequent audits to
ensure data security is not compromised and to detect weak infrastructure linkages. In addition, a proactive strategy to control
security systems and data access points is required. Globally, there is a disaster of cyberattacks, which has destroyed companies and
debilitated customers, notably in the case of the healthcare industry, which has been subjected to a torrential shower of cyberattacks.
The sensitive nature of information and a "resource-rich environment" due to the information stored by healthcare providers: family
history, medical history, and financial information, makes healthcare a desirable field for hackers. Traditional security software, such
as antivirus must be phased out in favour of more advanced security solutions in the healthcare industry.
11. Safe More hospitals are adopting cloud-based storage as the secure connection of devices and products in their facilities improves by [129–131]
connectivity utilising this technology. Few hospital systems can match the degree of data protection achieved by moving hospital servers and
sensitive medical data to a cloud provider with solid cyber-security capabilities. Additionally, any intrusion that happens via a device
on the Internet of Behaviours at the local level would be prohibited from obtaining crucial patient data thanks to improved network
segmentation. Cyberattacks have become more sophisticated and frequent. One such attack strategy shifts through Big Data using
tools that include automated front ends that mine for information and flaws and analyses based on artificial intelligence. Additionally,
hackers can employ machine learning to modify code on the fly in response to what is discovered, making these penetration tools
more evasive and challenging to find. The healthcare sector increasingly relies on technology to manage day-to-day operations,
raising cybersecurity concerns. Understanding these issues can help safeguard the business from current and upcoming dangers.
12. Coordinating This makes it possible for insurance companies, doctors, and other healthcare providers to communicate vital information. This [132–135]
treatment makes it easy to coordinate the treatment process and deal with insurance issues. Hospital network security is a significant IT
process challenge because electronic health records include sensitive information about individuals’ medical histories. Never before have
medical professionals been able to collaborate creatively to meet patients’ needs. However, the integrated architecture of modern
healthcare raises concerns about IT security, primarily because pooling so much essential data in a location that practically everyone
accesses makes it an obvious target for thieves and hackers. There has never been a time when data security in healthcare was more
important. More than ever, medical organisations need to be careful when creating safeguards against online threats, which is why it
is essential to have a thorough understanding of the threats and defences available. Employees have easy access to patient files. Even
if most people will not abuse this power, there is no way to ensure that someone will not take crucial information. This information
can be used by criminals to steal identities, but it can also be used to threaten or extort victims. Employees can steal documents in
several ways. In rare circumstances, employees may access patients’ credit card information and use it to make several fraudulent
purchases.
13. Securing With the possibility of physicians and doctors accessing data, the security of healthcare networks via various devices becomes [136–142]
healthcare imperative. Moreover, there involve vulnerabilities in data security for hackers to exploit. Data gathering methods have improved to
network the point where they can store and record data on a cloud-based server. Unfortunately, with the demand to restrict access from
internal representatives and external specialists and the endpoint’s access allowed business partner resources, the access points have
become a vulnerable zone for data theft and loss. Hospitals, more than any other type of facility, offer many potential smart devices,
building systems, clinical equipment, and other cutting-edge technology that can be linked, allowing limitless workflow and systems
to be more efficient and readily controlled. Everything from window shades to thermostats may coexist technologically on a single
unified network with building systems, information technology systems, and healthcare systems. From the standpoint of cyber
security, any device linked to a network represents a possible point of intrusion. IT department may need to be made aware of the
network access points produced by less-technical gadgets that do not come under their jurisdiction.
14. Checks and In the healthcare business, network-related dangers are on the rise, and to prevent this, a well-thought-out cybersecurity plan will [143–148]
controls the enable organisations to implement checks and controls treatment proven at multiple points throughout the network to restrict users,
treatment applications, and data flow, as well as more rapidly identify and isolate security risks. In terms of network visibility, healthcare
process organisations want increased visibility across the network, including the cloud. Hospitals and other healthcare providers improve
their cybersecurity hygiene. Thus, to begin with, it is critical to measure the organisation’s total risk and review and monitor its
cyber-health regularly. The speed and completeness of software patching and discovering flaws in the healthcare business are
substantially lower. Policymakers can encourage proactive behaviour by providing corporations with matching cash so they may
engage in risk-based planning and align their operations with state and federal regulations. Legislators may also make the legislative
framework for healthcare security simpler and better to give a more comprehensive and uniform set of requirements that healthcare
organisations may quickly follow. In order to develop thorough contingency plans in the case of a serious cyber disaster, federal
agencies must continue to collaborate with partners in the healthcare sector.
(continued on next page)

7
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

Table 1 (continued)

S No Applications Description References

15. Improving Healthcare IT teams may also employ Cybersecurity to enhance or replace routine security responsibilities, such as monitoring and [149–153]
day-to-day patching medical devices and configuring security and network equipment. A temporary measure until a patch is available may also
healthcare tasks be used to identify device vulnerabilities and apply or update security protocols or an intrusion prevention system policy. It may also
instantly alter policies and protocols in response to recently discovered threats or intrusions. A healthcare data hack might jeopardise
more than just patient trust. Theft of protected healthcare information or holding medical devices hostage in the case of a
ransomware attack could impair a medical institution’s capacity to care for its patients, putting vulnerable individuals in a
life-or-death situation. As a result, with more data access points available than at any previous moment, healthcare organisations
actively collaborate with suppliers of skilled cybersecurity services to keep patients secure and their reputations intact.
16. Providing Digital speeds require security to operate, automating security responses and utilising intelligence with self-learning technologies to [154–157]
practical and allow networks to make efficient and autonomous decisions. Healthcare organisations will need to replace organically developed,
autonomous "accidental" network architectures with an intentional design that integrates automation and AI into an expert system that generates
judgement actionable intelligence to withstand the current sophisticated, increasingly intelligent, and autonomous attacks being developed. In
this way, healthcare professionals can identify and resist significant ongoing dangers. As the number of linked devices has increased
and the network perimeter has extended, digital transformation has radically altered healthcare providers’ cybersecurity
expectations. Moreover, this digitisation is accelerating. The demand for Cybersecurity has grown within hospitals, and the transition
to teleworking for certain medical workers has exacerbated the problem.
17. Maintaining a While some cybersecurity activities can aid in maintaining a secure network, the continuously shifting threat environment against [158–160]
healthcare healthcare can be challenging to monitor without further assistance. Security Scorecard Healthcare Solutions enable healthcare
network businesses to enhance and monitor their whole ecosystem’s cyber health while protecting patient privacy and health provider
infrastructure. Furthermore, services support organisations in achieving and maintaining compliance, managing and monitoring all
areas of third-party risk, and providing professional guidance. The rising use of new technologies by institutions and patients, such as
cloud, mobile, linked home products, Big Data, and sophisticated analytics, is introducing new risks. Healthcare businesses are
becoming more open to exchanges with the larger ecosystem, which includes patients, partners, payers, health authorities and other
providers, as their digital transformation accelerates. Network users are progressively gaining access to resources beyond the
network’s perimeter.
18. High-quality The goal of the healthcare sector has always been to provide patients with high-quality treatment. Healthcare organisations have [161–163]
patient care invested in state-of-the-art equipment and highly skilled personnel, but many in the industry still need to invest in efficient
information security management procedures. Almost every day. The modern healthcare industry would only exist with
technological advancements, from artificial hearts to smartphone applications. The attack surface grows when new technology is
introduced into a system, and new threats must be considered. Beyond the technology utilised in hospitals and other healthcare
facilities, medical manufacturers must also consider the cyber risks associated with their products. Money also had an essential role
in the evolution of cybersecurity techniques. Many smaller medical facilities lack the funds to build a cutting-edge security system,
and thieves are fully aware of this. As a result, smaller businesses tend to have more excellent targets on their backs, as hackers know
their defences will be weaker and simpler to breach. Understanding the most critical components of the healthcare data security
jigsaw can help institutions and their patients have a more secure future.
19. Safeguarding Cybersecurity in healthcare safeguards electronic data and assets against unauthorised access, use, loss, and disclosure. Its mission is [164–166]
unauthorised to protect classified information’s confidentiality, integrity, and availability. It is becoming increasingly crucial as remote working
accesses becomes more prevalent, bringing a new set of security dangers. Patient data that has been digitised guarantees that information is
constantly accessible, up to date, and readily disseminated. However, it also makes this data a more appealing target for fraudsters.
Medical gadgets are becoming more linked to the internet. Doctors and nurses use these to monitor patient health and as diagnostic
companions. All connected gadget provides a new point of entry for hackers. Teleconsultation, telemonitoring, interdisciplinary
conferences, medical appointment scheduling, and teleworking for some personnel have all grown in popularity throughout the
epidemic. In addition to enhancing the security of IT equipment and infrastructure, digital age networking for digital transformation
also helps healthcare facilities secure patient data. Digital Age Networking controls user and device access safely. It divides the IT
infrastructure into virtual subnets to lessen vulnerabilities by IoT, mobile devices, and network hardware. It stops a potential breach
from acting as an attack vector and spreading throughout the healthcare ecosystem.
20. Identifying any When analysing healthcare security systems, the cyber security team will first undertake a network audit to identify any points of [167–170]
point of network vulnerability and network visibility. This is also true for any medical equipment connected to the network since they provide a
visibility logistical headache. Devices are sometimes difficult to determine, making it difficult to establish who is using any given tool at any
given moment and the information required to protect it appropriately. Attacks that start social engineering plans on healthcare
organisations’ confidence in their staff and patients are typically in the healthcare sector. A classic phishing attempt includes
healthcare staff getting emails that appear to be from healthcare companies and asking them to click on links or open attachments.
This action can potentially result in the disclosure of sensitive healthcare data and healthcare cyber-attacks. Attacks that start social
engineering plans to interrupt healthcare organisations’ confidence in their staff and patients are typically in the healthcare sector.
21. Preventing The healthcare industry must be vigilant about cyber security to avoid legal repercussions, medical fraud, and brand damage from [171–173]
medical fraud sensitive patient data. In order to safeguard the industry as a whole, it is essential to implement suitable security measures and
provide all personnel with cybersecurity training to educate them on the importance of security. Healthcare delivery businesses
should safeguard older systems, demand robust authentication, and implement strategies to limit the risks. Employees are allowed to
access security features and data with caution. Attackers utilise authorised users’ credentials to gain access to organisation systems.
Access to the system should be restricted. A database of one’s employees and job functions will assist in mapping their demands, after
which they may be granted access as needed. A pharmaceutical employee does not require access to a patient’s medical history to do
their work. Limiting access thoughtfully and reasonably will improve the organisation’s overall security.
22. Protecting daily Healthcare needs data protection and cybersecurity technologies and safeguards. Hospitals can protect their gadgets and daily [174–177]
operations from operations from cybercriminal threats. However, Cybersecurity can include low-cost solutions. Healthcare organisations can use
cyber-criminal low-cost data security solutions, tools, programmes, or measures to avoid breaches and other cyber risks. In other situations, hackers
threats may disable the operation of essential life-saving devices, resulting in an even greater cost to human life. Healthcare is a highly
collaborative workplace, with employees accessing data remotely, exacerbating data breach concerns. Even as medical technology
evolves, not all healthcare organisations can accept and stay up. Hospital systems must issue updates for all software to be updated to
the most recent version. However, once the software becomes outdated, companies will quickly provide updates. Even when medical
organisations transition to contemporary ways, personnel need help to absorb newer technology.

8
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

Table 2
- Harmful threats of Cybersecurity for healthcare.

S. No Harmful threats Description

1 Phishing Phishing attacks aim to trick users into disclosing their passwords or other personal information that attackers may use against them. Most
of these phishing attempts use social engineering and are discovered via messages or emails. The hacker may send a message stating that
the password is invalid and provide a link to reset it. Any ordinary user will change the password provided to the attacker without realising
that the page is not genuine but has been crafted. Attackers may quickly get into the account and take essential data.
2 Internal Threats Healthcare has a significant cybersecurity risk due to staff members or other users with harmful goals separate from those of the healthcare
provider. They threaten the security and integrity of essential data and systems. Because they are not subject to the same security
procedures as external threats, these inside actors are more hazardous. They already have access to the systems and can quickly get greater
access than outsiders. By enhancing other users’ capacity to recognise and guard against suspicious or anomalous behaviour, Security
Awareness Training may reduce the risk presented by nefarious insiders in combination with tightened Access Control.
3 Breach of data Data breaches may not necessarily be the consequence of the risks, although they may be if malware, compromised company emails, or
insider attacks are involved. Due to the high demand for health information by financially motivated thieves, it has been said before that
the health sector is the most often penetrated. Data encryption and data backup are advised.
4 Ransomware This particular kind of virus disables devices and encrypts data. It makes managing patients and carrying out care procedures challenging.
It is simple to instal and often spreads to devices via phishing emails that include harmful files or links. It is advised to instal email gateway
security and to inform users of the best practices for email security.
5 DDoS attacks A distributed denial-of-service (DDoS) attack involves flooding a targeted server with bogus connection requests to take it down. This
coordinated assault uses many endpoints and IoT devices that have been forcibly recruited into a botnet through malware infection. DDoS
assaults have the same operational disruption impacts as ransomware attacks but do not carry the same data exfiltration threats. DDoS
assaults overload the network and stop or damage essential services. Like ransomware operations, these assaults are often simple to launch
as a service and are frequently driven by political or ideological ideals. DDoS assaults often make accessing vital records difficult, making
medical treatment impossible.
6 Lack of Every healthcare institution has to establish governance procedures and has written cybersecurity policies. Every healthcare provider
documented should also keep track of the previous six years’ worth of documents about security policies, necessary actions, completed tasks, and
Cybersecurity security testing evaluations. Healthcare organisations need to take more time to establish these processes and provide reliable
documentation. They believe it wastes valuable time and lowers productivity.
7 Lack of security Users are less likely to abide by security policy and act securely when they are not informed about security best practices. The danger to
awareness healthcare facilities’ cyber security is thereby heightened. As their final line of defence, healthcare institutions may be particularly
vulnerable to the aforementioned external dangers. Technical investments and security awareness work together to strengthen defences.
8 Vulnerability of A modernised ecology should take the place of outdated systems. Many healthcare institutions, nevertheless, are apprehensive about change
legacy systems and unwilling to abandon their established practices. Additionally, it increases the possibility of a significant cyberattack since outdated
systems are unprotected against current viruses and malware. Lack of funding, the expense of upskilling employees, regulatory obligations,
and complacency are reasons IT infrastructure needs to be upgraded, leaving most cybercriminals open to frequent backdoor infiltration.
9 Unsecured medical Hospitals in the modern-day house a vast amount of medical data. To treat patients, all healthcare providers use linked medical equipment.
equipment and Given their regular usage, safe access to such medical tools and equipment is essential. Unfortunately, most hospitals do not emphasise this
apparatus factor sufficiently, which may lead to a significant cyberattack.
10 Cloud-based Most healthcare firms are transferring to the cloud to store and manage petabytes of sensitive data. The cloud architecture, which allows
threats access at any time and from any location, explains why this is the case. As a result, a centralised server receives interactions from millions
of users. The likelihood of a cybersecurity attack increases as more people use websites.

etary loss and privacy violations. For hospitals, ransomware is a heinous employ well-developed cybersecurity technology recommended by cy-
virus since losing patient data may endanger lives. bersecurity specialists. Thus, it is critical to utilise validated measures
and goods to reduce the risks of breaches, bugs, and malfunctions. Cy-
9. Discussion bersecurity approaches should act as a security filter rather than adding
to the problem as inconvenient and unreliable. By minimising disrup-
Inadequate security in the healthcare system forces patients and clin- tions that might harm clinical results, aligning Cybersecurity and pa-
icians to worry about information breaches while attempting to ad- tient safety programmes will help businesses safeguard patient safety
dress more critical issues, such as treating the sick. Companies in the and privacy and maintain the continuity of effective, high-quality care
healthcare industry must implement a management and response plan delivery.
for document access. In the case of e-health, all existing vulnerabili- Healthcare businesses are particularly vulnerable to being targeted
ties and potential medical data leaks must be eliminated. The integrity by cyberattacks because they contain a wealth of information with sig-
of private data might be jeopardised by data protection. Sensitive in- nificant monetary and intelligence value to cyber criminals and nation-
formation might move over several communication channels and be state actors. The healthcare and pharmaceutical sectors aim to save lives
susceptible to a breach. Data integrity may be momentarily compro- and keep people healthy. It is a noble task. However, they also handle
mised via a data communication channel. Despite the security-laden personal and sensitive data, which is becoming increasingly comput-
non-disclosure agreement signed by both parties, doctor-patient com- erised. On the one hand, digitisation makes data more accessible, but
munication is subject to data breaches. Human error, as in any sec- on the other side, this ease of access attracts wrongdoers. Reaching a
tor, is another risk that must be addressed. Incorrect information dis- middle ground is more complex since it requires breaking several knots
semination and improper treatment of sensitive data put our firm in while keeping the ship in one piece and afloat. As a result of the rise
danger of data loss. It is no longer a secret that one of the most crit- in cyber dangers and data breaches, rules are expanding and forcing
ical difficulties in business is guaranteeing the security of information healthcare institutions to handle issues other than patient ailments. They
systems. prioritise healthcare information security, as they are also accountable
The more advanced cybersecurity safeguards and technologies de- for protecting their data.
velop, the more sophisticated the assaults become, so it is only necessary Insiders conduct cyber-attacks against their companies either freely
to assume that a breach has already occurred. This will enable health- or under duress. In both scenarios, an insider possesses the requisite cre-
care organisations to be prepared for a breach and have a complete dentials to perpetrate a healthcare data breach or other cyber healthcare
plan, recovery mode of action, and countermeasures to recover from it. risks. An insider threat is a disgruntled employee who steals PHI from
Mobile phones and other portable gadgets have created a slew of new his employer’s network and posts it online to exact revenge on his for-
opportunities for both healthcare providers and hackers. It is critical to mer employer, regardless of whether he acted alone, with employees

9
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

from another organisation, or as part of a criminal group. Connected perimeter, must be safeguarded. Because of the rapid evolution of cyber-
technologies are required to get the benefits, but they are also targets attacks, it is hard to predict the risks that may emerge in the future.
for cyberattacks and data breaches. Even though external breaches out- Because we can never really foresee how someone would attempt to
number internal abuse as the leading source of security risk, internal access the network, applying an adequate level of security throughout
misuse is more prevalent in the healthcare business than in other indus- the whole system is critical. While disruptive, the surge in cyber as-
tries. Medical IoT devices are appealing targets for cybercriminals seek- saults during the epidemic helped us gather much-needed insights on
ing valuable protected health information. To keep patients and their healthcare-related cybersecurity vulnerabilities. Employees will be more
data safe, manufacturers must integrate security by design. cautious about the validity of any electronic messages they receive due
There are various security techniques that medical institutions to cybersecurity training. It will also assist them in instilling better secu-
should consider, and they are all affordable. Multi-factor authentication rity practices and taking actions to reduce the incidence of human error
will offer an extra layer of security to sensitive data and anything outside they witness.
the enterprise. Protected health information is some of the most sensi-
tive data floating on the internet, and its volume and complexity have Conclusion
increased as healthcare has become more digitised. With each improve-
ment in automation and data analytics, the potential for compromise Cybercrime affects various industries, including IT, legal, education,
increases. As a result, the significance of data protection and Cybersecu- manufacturing, and finance. Healthcare is one of the most targeted in-
rity in healthcare must be balanced. Healthcare organisations that allow dustries because it relies on continuously transmitting large amounts
mobile logins may only sometimes demand secure equipment. The or- of essential data. The pace of rising cyber threats and data breaches has
ganisation’s networks are vulnerable to viruses and hackers since none been alarmingly high. As cyber rules evolve, healthcare institutions must
of its planning or security measures addresses staff communication de- handle more than simply the patient’s ailments. They prioritise health-
vices. The issue is made worse when staff disposes of equipment during care information security, as they are also accountable for protecting
an upgrade since network information or passwords can still be avail- their data. In healthcare, Cybersecurity entails safeguarding data and
able. Employers may only be able to do a little if the business imposes electronic assets against unwanted access, use, or disclosure. Despite
tight limitations or outright forbids using user devices. the increase in cyberattacks, most healthcare organisations still invest a
Because of their typically lax security, medical equipment web- small fraction of their IT budget in Cybersecurity. These assaults impact
sites make excellent targets for hackers. Information is only transmitted the delivery of patient care in healthcare institutions. Aside from the
through infusion pumps to the concerned doctor and patient. However, fact that sensitive private data is exposed and might be abused, these
these devices are made to interface with the outside world and export occurrences can affect patients since tampering with records can result
data to external sources as the IoMT develops and grows. There might be in incorrect diagnoses or treatment delays. Medical device security best
various issues if this data is intercepted or altered. In addition, hackers practices are followed to guarantee that cybersecurity measures oper-
might gain access to most network-connected devices, including the op- ate holistically. Use inventory data to verify that one has identified all
eration of the equipment. Thousands of healthcare patients are affected devices throughout the estate. With much focus and money focused on
by data breaches every week, and many of these incidents are the result Cybersecurity in the healthcare business, dissatisfied personnel may de-
of human error, like falling for phishing scams. Because the healthcare cide to reveal patient information out of spite intentionally or to profit
business relies on people to deliver excellent patient care, the danger of from black-market demand for protected health information. In future,
a data breach or security event increases, so developing and executing this technology will play an influential role in healthcare.
a solid information security management programme should be priori-
tised. Hospitals, doctor’s offices, and clinics have all been targeted by Declaration of Competing Interests
cyber security risks that can have serious consequences. When a med-
ical organisation’s system is penetrated, generally due to an employee The authors declare that they have no conflict of interest.
clicking a link in a suspicious email, all patient files are kept hostage.
References
Computer viruses can be delivered by email, text messaging, and web-
sites targeting naive and unskilled end users. [1] J. Tully, J. Selzer, J.P. Phillips, P. O’Connor, C. Dameff, Healthcare challenges in
the era of cybersecurity, Health Secur. 18 (3) (2020) 228–231.
[2] A.J. Coronado, T.L. Wong, Healthcare cybersecurity risk management: keys to an
10. Future scope
effective plan, Biomed. Instrum. Technol. 48 (s1) (2014) 26–30.
[3] C. Abraham, D. Chatterjee, R.R. Sims, Muddling through cybersecurity: insights
The future of Cybersecurity is about accepting and inventing to form from the US healthcare industry, Bus. Horiz. 62 (4) (2019) 539–548.
a relationship between man and machine to help each other battle hack- [4] A. Strielkina, O. Illiashenko, M. Zhydenko, D. Uzun, Cybersecurity of health-
care IoT-based systems: regulation and case-oriented assessment, in: 2018 IEEE
ers. Companies will have a better chance of surviving complicated, so- 9th International Conference on Dependable Systems, Services and Technologies
phisticated, and multi-vector attacks in this manner. Thus by combin- (DESSERT), IEEE, 2018, pp. 67–73.
ing educated security professionals with adaptive ones, this self-learning [5] C.S. Kruse, B. Frederick, T. Jacobson, D.K. Monticone, Cybersecurity in healthcare:
a systematic review of modern threats and trends, Technol. Health Care 25 (1)
technology provides proponents with a competitive advantage that has (2017) 1–10.
hitherto needed to be improved in most cybersecurity systems. AI is [6] G. Martin, P. Martin, C. Hankin, A. Darzi, J. Kinross, Cybersecurity and healthcare:
entering the realm of Cybersecurity due to its ability to analyse vast how safe are we? BMJ (2017) 358.
[7] L. Coventry, D. Branley, Cybersecurity in healthcare: a narrative review of trends,
amounts of data, its analytical abilities, and its ability to anticipate. threats, and ways forward, Maturitas 113 (2018) 48–52.
Healthcare businesses decide to fix a problem after harm has been done [8] D. Branley-Bell, L. Coventry, E. Sillence, S. Magalini, P. Mari, A. Magkanaraki,
due to a system failure or hack. Future problems can be avoided with K. Anastasopoulou, Your hospital needs you: eliciting positive cybersecurity be-
haviours from healthcare staff, Ann. Dis. Risk Sci.: ADRS 3 (1) (2020).
a proactive replacement strategy for outdated systems. The increasing
[9] S.T. Argaw, J.R. Troncoso-Pastoriza, D. Lacey, M.V. Florin, F. Calcavecchia, D. An-
use of information technology in healthcare has produced advantages, derson, A. Flahault, Cybersecurity of Hospitals: discussing the challenges and work-
including increased doctor-patient communication, the automation of ing towards mitigating the risks, BMC Med. Inform. Decis. Mak. 20 (1) (2020) 1–10.
[10] S.J. Choi, M.E. Johnson, The relationship between cybersecurity ratings and
manual tasks, and improved communication amongst clinicians treat-
the risk of hospital data breaches, J. Am. Med. Inform. Assoc. 28 (10) (2021)
ing the same patients. 2085–2092.
Patients are now more able to access health-related information be- [11] A.J. Askar, Healthcare management system and cybersecurity, Int. J. Recent Tech-
cause of EHRs and patient portals, allowing them to make better deci- nol. Eng. (2019) 237–248.
[12] M. Pears, J. Henderson, S.T. Konstantinidis, Repurposing case-based learning to a
sions about their care. The most significant conclusion for healthcare conversational agent for healthcare cybersecurity, in: Public Health and Informat-
institutions is that every portion of the network, not just the outside ics, IOS Press, 2021, pp. 1066–1070.

10
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

[13] M. Javaid, A. Haleem, R.P. Singh, R. Suman, Dentistry 4.0 technologies applications [45] J. Pridmore, T.A. Oomen, A practice-based approach to security management: ma-
for dentistry during COVID-19 pandemic, Sustain. Oper. Comput. 2 (2021) 87–96. terials, meaning and competence for trainers of healthcare cybersecurity, in: Inter-
[14] A. Turransky, M.H. Amini, Artificial intelligence and cybersecurity: tale of health- national Security Management, Springer, Cham, 2021, pp. 357–369.
care applications, Cyberphys. Smart Cities Infrastruct.: Optim. Oper. Intell. Decis. [46] S.S. Bhuyan, U.Y. Kabir, J.M. Escareno, K. Ector, S. Palakodeti, D. Wyant,
Mak. (2022) 1–11. A. Dobalian, Transforming healthcare cybersecurity from reactive to proactive: cur-
[15] K. Anastasopoulou, P. Mari, A. Magkanaraki, E.G. Spanakis, M. Merialdo, rent status and future recommendations, J. Med. Syst. 44 (5) (2020) 1–9.
V. Sakkalis, S. Magalini, Public and private healthcare organisations: a socio-tech- [47] S. Conaty-Buck, Cybersecurity and healthcare records, Am. Nurse Today 12 (9)
nical model for identifying cybersecurity aspects, in: Proceedings of the 13th In- (2017) 62–64.
ternational Conference on Theory and Practice of Electronic Governance, 2020, [48] S. Murphy, Is cybersecurity possible in healthcare, Natl. Cybersecur. Inst. J. 1 (3)
pp. 168–175. (2015) 49–63.
[16] E. Tomaiko, M.S. Zawaneh, Cybersecurity threats to cardiac implantable devices: [49] Y. Ahmed, S. Naqvi, M. Josephs, Cybersecurity metrics for enhanced protection of
room for improvement, Curr. Opin. Cardiol. 36 (1) (2021) 1–4. healthcare IT systems, in: 2019 13th International Symposium on Medical Infor-
[17] M. Pears, S.T. Konstantinidis, Cybersecurity training in the healthcare workforce–u- mation and Communication Technology (ISMICT), IEEE, 2019, pp. 1–9.
tilization of the ADDIE model, in: 2021 IEEE Global Engineering Education Con- [50] A.G. Sreedevi, T.N. Harshitha, V. Sugumaran, P. Shankar, Application of cognitive
ference (EDUCON), IEEE, 2021, pp. 1674–1681. computing in healthcare, cybersecurity, big data, and IoT: a literature review, Inf.
[18] H. Alami, M.P. Gagnon, M.A.A. Ahmed, J.P. Fortin, Digital health: cybersecurity is Process. Manag. 59 (2) (2022) 102888.
a value creation lever, not only a source of expenditure, Health Policy Technol. 8 [51] H. Abie, Cognitive cybersecurity for CPS-IoT enabled healthcare ecosystems, in:
(4) (2019) 319–321. 2019 13th International Symposium on Medical Information and Communication
[19] J.A. Chua, C. PMP, Cybersecurity in the healthcare industry, J. Med. Pract. Manag.: Technology (ISMICT), IEEE, 2019, pp. 1–6.
MPM 36 (4) (2021) 229–231. [52] K.L. Offner, E. Sitnikova, K. Joiner, C.R. MacIntyre, Towards understanding cyber-
[20] F. Luh, Y. Yen, Cybersecurity in science and medicine: threats and challenges, security capability in Australian healthcare organisations: a systematic review of
Trends Biotechnol. 38 (8) (2020) 825–828. recent trends, threats and mitigation, Intell. Natl. Secur. 35 (4) (2020) 556–585.
[21] F. Gioulekas, E. Stamatiadis, A. Tzikas, K. Gounaris, A. Georgiadou, A. Michalit- [53] D.M.R. Mariani, S. Mohammed, S. Mohammed, Cybersecurity challenges and com-
si-Psarrou, C. Ntanos, A cybersecurity culture survey targeting healthcare critical pliance issues within the US healthcare sector, Int. J. Bus. Soc. Res 5 (2015) 55–56.
infrastructures, Healthcare 10 (2) (2022) 327 MDPI. [54] Y. Li, J. Yang, Z. Zhang, J. Wen, P. Kumar, Healthcare data quality assessment for
[22] C. Smith, Cybersecurity implications in an interconnected healthcare system, Front. cybersecurity intelligence, IEEE Trans. Ind. Inf. (2022).
Health Serv. Manage. 35 (1) (2018) 37–40. [55] S. Boudko, H. Abie, Adaptive cybersecurity framework for healthcare internet of
[23] P. Soni, J. Pradhan, A.K. Pal, S.H. Islam, Cybersecurity Attack-resilience Authenti- things, in: 2019 13th International Symposium on Medical Information and Com-
cation Mechanism for Intelligent Healthcare System, IEEE Trans. Ind. Inf. (2022). munication Technology (ISMICT), IEEE, 2019, pp. 1–6.
[24] S.A.E. Hoffman, Cybersecurity threats in healthcare organizations: exposing vul- [56] P. Nunes, M. Antunes, C. Silva, Evaluating cybersecurity attitudes and behav-
nerabilities in the healthcare information infrastructure, World Libr. (1) (2020) iors in Portuguese healthcare institutions, Procedia Comput. Sci. 181 (2021)
24. 173–181.
[25] M. Sills, P. Ranade, S. Mittal, Cybersecurity threat intelligence augmentation and [57] J. Al-Muhtadi, B. Shahzad, K. Saleem, W. Jameel, M.A. Orgun, Cybersecurity and
embedding improvement-a healthcare usecase, in: 2020 IEEE International Confer- privacy issues for socially integrated mobile healthcare applications operating in a
ence on Intelligence and Security Informatics (ISI), IEEE, 2020, pp. 1–6. multi-cloud environment, Health Informat. J. 25 (2) (2019) 315–329.
[26] D.N. Burrell, A.S. Aridi, Q. McLester, A. Shufutinsky, C. Nobles, M. Dawson, [58] L. Wang, R. Jones, Big data, cybersecurity, and challenges in healthcare, 2019
S.R. Muller, Exploring system thinking leadership approaches to the healthcare SoutheastCon (2019) 1–6 IEEE.
cybersecurity environment, Int. J. Extreme Autom. Connect. Healthc. (IJEACH) 3 [59] L. Gupta, T. Salman, A. Ghubaish, D. Unal, A.K. Al-Ali, R. Jain, Cybersecurity of
(2) (2021) 20–32. multi-cloud healthcare systems: a hierarchical deep learning approach, Appl. Soft.
[27] D.K. Wyant, P. Bingi, J.R. Knight, A. Rangarajan, Deter framework: a novel Comput. 118 (2022) 108439.
paradigm for addressing cybersecurity concerns in mobile healthcare, Res. Anthol. [60] A. Haleem, M. Javaid, R.P. Singh, R. Suman, Medical 4.0 technologies for health-
Secur. Med. Syst. Rec. (2022) 381–407. care: features, capabilities, and applications, Internet of Things and Cyber-Physical
[28] W. Burke, T. Oseni, A. Jolfaei, I. Gondal, Cybersecurity indexes for eHealth, in: Systems, 2022.
Proceedings of the Australasian Computer Science Week Multiconference, 2019, [61] R. Koppel, S. Smith, J. Blythe, V. Kothari, Workarounds to computer access in
pp. 1–8. healthcare organizations: you want my password or a dead patient? in: Driving
[29] M.J. Reagin, M.V. Gentry, Enterprise Cybersecurity: building a successful defense Quality in Informatics: Fulfilling the Promise, IOS Press, 2015, pp. 215–220.
program, Front. Health Serv. Manag. 35 (1) (2018) 13–22. [62] M.S. Jalali, J.P. Kaiser, Cybersecurity in hospitals: a systematic, organizational per-
[30] G. Martin, J. Kinross, C. Hankin, Effective cybersecurity is fundamental to patient spective, J. Med. Internet Res. 20 (5) (2018) e10059.
safety, BMJ (2017) 357. [63] J. Ross, Cybersecurity: a real threat to patient safety, J. Perianesth. Nurs. 32 (4)
[31] B. Rios, Cybersecurity expert: medical devices have a long way to go, Biomed. (2017) 370–372.
Instrum. Technol. 49 (3) (2015) 197–200. [64] T. Poleto, V.D.H.D. Carvalho, A.L.B.D. Silva, T.R.N. Clemente, M.M. Silva,
[32] S.J. Shackelford, M. Mattioli, S. Myers, A. Brady, Y. Wang, S. Wong, Securing the A.P.H.D. Gusmão, T.C.C. Nepomuceno, Fuzzy cognitive scenario mapping for
Internet of healthcare, Minn. JL Sci. & Tech 19 (2018) 405. causes of cybersecurity in telehealth services, Healthcare 9 (11) (2021) 1504.
[33] S. Schwartz, A. Ross, S. Carmody, P. Chase, S.C. Coley, J. Connolly, M. Zuk, The [65] M.S. Jalali, B. Russell, S. Razak, W.J. Gordon, EARS to cyber incidents in health
evolving state of medical device cybersecurity, Biomed. Instrum. Technol. 52 (2) care, J. Am. Med. Inform. Assoc. 26 (1) (2019) 81–90.
(2018) 103–111. [66] A.V. Minbaleev, K.Y. Nikolskaia, V.M. Zhernova, Legal enforcement of cyberse-
[34] A. Wirth, The economics of cybersecurity, Biomed. Instrum. Technol. 51 (s6) curity of wearable mobile devices in healthcare, in: 2nd International Scientific
(2017) 52–59. and Practical Conference on Digital Economy (ISCDE 2020), Atlantis Press, 2020,
[35] L. Kim, Cybersecurity awareness: protecting data and patients, Nurs. Manag. 48 (4) pp. 674–678.
(2017) 16–19. [67] A.R. Ravi, R.R. Nair, Cybersecurity threats and solutions in the current e-healthcare
[36] M. Javaid, A. Haleem, Industry 4.0 applications in medical field: a brief review, environment: a situational analysis, Med.-Legal Update 19 (2) (2019) 141–144.
Curr. Med. Res. Pract. 9 (3) (2019) 102–109. [68] N. O’Brien, S. Ghafur, M. Durkin, Cybersecurity in health is an urgent patient safety
[37] S. Nifakos, K. Chandramouli, C.K. Nikolaou, P. Papachristou, S. Koch, E. Panaousis, concern: we can learn from existing patient safety improvement strategies to ad-
S. Bonacina, Influence of human factors on cyber security within healthcare organ- dress it, J. Patient Saf. Risk Manag. 26 (1) (2021) 5–10.
isations: a systematic review, Sensors 21 (15) (2021) 5119. [69] L. Coventry, D. Branley-Bell, E. Sillence, S. Magalini, P. Mari, A. Magkanaraki,
[38] M. Zaki, V. Sivakumar, S. Shrivastava, K. Gaurav, Cybersecurity framework for K. Anastasopoulou, Cyber-risk in healthcare: exploring facilitators and barriers to
healthcare industry using NGFW, in: 2021 Third International Conference on Intel- secure behaviour, in: International Conference on Human-Computer Interaction,
ligent Communication Technologies and Virtual Mobile Networks (ICICV), IEEE, Springer, Cham, 2020, pp. 105–122.
2021, pp. 196–200. [70] F. Wu, S. Eagles, Cybersecurity for medical device manufacturers: ensuring safety
[39] P. Radanliev, D. De Roure, Advancing the cybersecurity of the healthcare system and functionality, Biomed. Instrum. Technol. 50 (1) (2016) 23–34.
with self-optimising and self-adaptative artificial intelligence (part 2), Health Tech- [71] S. Mierzwa, S. RamaRao, J.A. Yun, B.G. Jeong, Proposal for the development and
nol. (Berl.) (2022) 1–7. addition of a cybersecurity assessment section into technology involving global
[40] D. Akarca, P.Y. Xiu, D. Ebbitt, B. Mustafa, H. Al-Ramadhani, A. Albeyatti, public health, Int. J. Cybersecur. Intell. Cybercrime 3 (2) (2020) 48–61.
Blockchain secured electronic health records: patient rights, privacy and cyber- [72] D. Klonoff, J. Han, The first recall of a diabetes device because of cybersecurity
security, in: 2019 10th International Conference on Dependable Systems, Services risks, J. Diabetes Sci. Technol. 13 (5) (2019) 817–820.
and Technologies (DESSERT), IEEE, 2019, pp. 108–111. [73] A.D. Stern, W.J. Gordon, A.B. Landman, D.B. Kramer, Cybersecurity features of
[41] D. Branley-Bell, L. Coventry, E. Sillence, Promoting cybersecurity culture change in digital medical devices: an analysis of FDA product summaries, BMJ Open 9 (6)
healthcare, in: The 14th PErvasive Technologies Related to Assistive Environments (2019) e025374.
Conference, 2021, pp. 544–549. [74] M. Parker, Healthcare regulations, threats, and their impact on cybersecurity,
[42] T. Andre, Cybersecurity an enterprise risk issue, Healthc. Financ. Manage. 71 (2) in: Cybersecurity for Information Professionals, Auerbach Publications, 2020,
(2017) 40–46. pp. 173–202.
[43] E. Fosch-Villaronga, T. Mahler, Cybersecurity, safety, and robots: strengthening the [75] M.T. Quasim, A.A.E. Radwan, G.M.M. Alshmrani, M. Meraj, A blockchain frame-
link between cybersecurity and safety in the context of care robots, Comput. Law work for secure electronic health records in the healthcare industry, in: 2020 In-
Secur. Rev. 41 (2021) 105528. ternational Conference on Smart Technologies in Computing, Electrical and Elec-
[44] S.P. Murphy, A holistic approach to cybersecurity starts at the top, Front. Health tronics (ICSTCEE), IEEE, 2020, pp. 605–609.
Serv Manage 35 (1) (2018) 30–36. [76] J. Rajamäki, Ethics of cybersecurity in digital healthcare and well-being of elderly

11
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

at home, Proceeding of the 20th European Conference on Cyber Warfare and Security [109] P.A. Williams, A.J. Woodward, Cybersecurity vulnerabilities in medical devices:
ECCWS 2021. Academic Conferences International, 2021. a complex environment and multifaceted problem, Med. Dev. (Auckland, NZ) 8
[77] D.C. Peterson, A. Adams, S. Sanders, B. Sanford, Assessing and addressing threats (2015) 305.
and risks to cybersecurity, Front. Health Serv. Manag. 35 (1) (2018) 23–29. [110] A. Strielkina, V. Kharchenko, D. Uzun, Availability models for healthcare IoT sys-
[78] D. Giansanti, Cybersecurity and the digital-health: the challenge of this millennium, tems: classification and research considering attacks on vulnerabilities, in: 2018
Healthcare 2021, 9 (2021) 62. IEEE 9th International Conference on Dependable Systems, Services and Technolo-
[79] J. Rajamäki, J. Nevmerzhitskaya, C. Virág, Cybersecurity education and train- gies (DESSERT), IEEE, 2018, pp. 58–62.
ing in hospitals: proactive resilience educational framework (Prosilience EF), in: [111] P. Radoglou-Grammatikis, P. Sarigiannidis, G. Efstathopoulos, T. Lagkas, G. Frag-
2018 IEEE Global Engineering Education Conference (EDUCON), IEEE, 2018, ulis, A. Sarigiannidis, A self-learning approach for detecting intrusions in health-
pp. 2042–2046. care systems, in: ICC2021-IEEE International Conference on Communications,
[80] A. Bicak, X.M. Liu, D. Murphy, Cybersecurity curriculum development: introducing IEEE, 2021, pp. 1–6.
specialties in a graduate program, Inf. Syst. Educ. J. 13 (3) (2015) 99. [112] A. Aliyu, L. Maglaras, Y. He, I. Yevseyeva, E. Boiten, A. Cook, H. Janicke, A holistic
[81] D.N. Burrell, A.S. Sabie-Aridi, A. Shufutinsky, J.B. Wright, C. Nobles, M. Dawson, cybersecurity maturity assessment framework for higher education institutions in
Exploring holistic managerial thinking to better manage healthcare cybersecurity, the United Kingdom, Appl. Sci. 10 (10) (2020) 3660.
Int. J. Health Syst. Transl. Med. (IJHSTM) 2 (1) (2022) 1–13. [113] S. Safavi, A.M. Meer, E.K.J. Melanie, Z. Shukur, Cyber vulnerabilities on smart
[82] L.H. Yeo, J. Banfield, Human factors in electronic health records cybersecurity healthcare, review and solutions, in: 2018 Cyber Resilience Conference (CRC),
breach: an exploratory analysis, Perspect. Health Inf. Manag. 19 (2022) Spring. IEEE, 2018, pp. 1–5.
[83] F. Capelão, H. Barbosa, Cybersecurity in healthcare: risk analysis in a health insti- [114] A. Razaque, F. Amsaad, M.J. Khan, S. Hariri, S. Chen, C. Siting, X. Ji, Survey:
tution in Portugal, Int. J. Res. Dev. Technol. 9 (3) (2018) 2349–3585. cybersecurity vulnerabilities, attacks and solutions in the medical domain, IEEE
[84] T. Tervoort, M.T. De Oliveira, W. Pieters, P. Van Gelder, S.D. Olabarriaga, H. Mar- Access 7 (2019) 168774–168797.
quering, Solutions for mitigating cybersecurity risks caused by legacy software in [115] S.S. Gopalan, A. Raza, W. Almobaideen, IoT security in healthcare using AI: a sur-
medical devices: a scoping review, IEEE Access 8 (2020) 84352–84361. vey, in: 2020 International Conference on Communications, Signal Processing, and
[85] S. Thomas, L. Ngalamou, The Impact of Cybersecurity on Healthcare, in: Proceed- their Applications (ICCSPA), IEEE, 2021, pp. 1–6.
ings of the Future Technologies Conference, Springer, Cham, 2021, pp. 680–689. [116] C. Thyagarajan, S. Suresh, N. Sathish, S. Suthir, Typical analysis and survey on
[86] E. Markakis, Y. Nikoloudakis, E. Pallis, M. Manso, Security assessment as a service cyber healthcare security, Int. J. Sci. Technol. Res. 9 (3) (2020) 3267–3270.
cross-layered system for the adoption of digital, personalised and trusted health- [117] M. Eichelberg, K. Kleber, M. Kämmerer, Cybersecurity in PACS and medical imag-
care, in: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), IEEE, 2019, ing: an overview, J. Digit. Imaging 33 (6) (2020) 1527–1542.
pp. 91–94. [118] S. Helser, Healthcare in the balance: a consequence of cybersecurity, J. Colloquium
[87] D.K. Alferidah, N.Z. Jhanjhi, Cybersecurity impact over big data and IoT growth, in: Inf. Syst. Secur. Educ. 9 (1) (2022) 5 -5.
2020 International Conference on Computational Intelligence (ICCI), IEEE, 2020, [119] L. Hoffman, D. Burley, C. Toregas, Holistically building the cybersecurity work-
pp. 103–108. force, IEEE Secur. Priv. 10 (2) (2011) 33–39.
[88] E. Frumento, Cybersecurity and the evolutions of healthcare: challenges and threats [120] A. Pollini, T.C. Callari, A. Tedeschi, D. Ruscio, L. Save, F. Chiarugi, D. Guerri, Lever-
behind its evolution, in: M_Health Current and Future Applications, Springer, aging human factors in cybersecurity: an integrated methodological approach, Cog-
Cham, 2019, pp. 35–69. nit., Technol. Work 24 (2) (2022) 371–390.
[89] Anderson Jr, R. E, low-cost strategies to strengthen cybersecurity: low-cost strate- [121] P. Radoglou-Grammatikis, K. Rompolos, P. Sarigiannidis, V. Argyriou, T. Lagkas,
gies can help healthcare organizations avoid the high price of a data breach, A. Sarigiannidis, S. Wan, Modeling, detecting, and mitigating threats against indus-
Healthc. Financ. Manage. 72 (3) (2018) 60–64. trial healthcare systems: a combined software-defined networking and reinforce-
[90] S. Yusif, A. Hafeez-Baig, A conceptual model for cybersecurity governance, J. Appl. ment learning approach, IEEE Trans. Ind. Inf. 18 (3) (2021) 2041–2052.
Secur. Res. 16 (4) (2021) 490–513. [122] M.F.M. Sam, A.F.M.F. Ismail, K.A. Bakar, A. Ahamat, M.I. Qureshi, The effective-
[91] R. Aljuraid, T. Justinia, Classification of challenges and threats in healthcare cyber- ness of IoT-based wearable devices and potential cybersecurity risks: a systematic
security: a systematic review, Stud. Health Technol. Inform. 295 (2022) 362–365. literature review from the last decade, Int. J. Online Biomed. Eng. 18 (9) (2022).
[92] M. Evans, L.A. Maglaras, Y. He, H. Janicke, in: Human Behavior as an Aspect [123] I.M. Abdelwahed, N. Ramadan, H.A. Hefny, Cybersecurity risks of blockchain tech-
of Cybersecurity Assurance, 9, Security and Communication Networks, 2016, nology, Int. J. Comput. Appl. (42) (2020) 177.
pp. 4667–4679. [124] S. Magalini, D. Gui, P. Mari, M. Merialdo, E. Spanakis, V. Sakkalis, S. Bonomi,
[93] M.T. Quasim, F. Algarni, A.A.E. Radwan, G.M.M Alshmrani, A blockchain-based se- Cyberthreats to hospitals: panacea, a toolkit for people-centric cybersecurity, J.
cured healthcare framework, in: 2020 International Conference on Computational Strat. Innov. Sustain. 16 (3) (2021) 185–191.
Performance Evaluation (ComPE), IEEE, 2020, pp. 386–391. [125] S. Nasiri, F. Sadoughi, M.H. Tadayon, A. Dehnad, Security requirements of inter-
[94] E. Dullea, C. Budke, P. Enko, Cybersecurity update: recent ransomware attacks net of things-based healthcare system: a survey study, Acta Informat. Med. 27 (4)
against healthcare providers, Mo Med. 117 (6) (2020) 533. (2019) 253.
[95] I.M. Skierka, The governance of safety and security risks in connected healthcare, [126] M.A. Fauzi, P. Yeng, B. Yang, D. Rachmayani, Examining the link between stress
in: Living in the Internet of Things: Cybersecurity of the IoT-2018, 2018, pp. 1–12. level and cybersecurity practices of hospital staff in Indonesia, in: The 16th Inter-
IET. national Conference on Availability, Reliability, and Security, 2021, pp. 1–8.
[96] D.W. Pullin, Cybersecurity: positive changes through processes and team culture, [127] E.G. Spanakis, S. Bonomi, S. Sfakianakis, G. Santucci, S. Lenti, M. Sorella, S. Ma-
Front. Health Serv. Manag. 35 (1) (2018) 3–12. galini, Cyber-attacks and threats for healthcare–a multi-layer thread analysis, in:
[97] S. Loughlin, A roundtable discussion: safeguarding information and resources 2020 42nd Annual International Conference of the IEEE Engineering in Medicine
against emerging cybersecurity threats, Biomed. Instrum. Technol. 48 (2014) 8. & Biology Society (EMBC), IEEE, 2020, pp. 5705–5708.
[98] W. Priestman, T. Anstis, I.G. Sebire, S. Sridharan, N.J. Sebire, Phishing in healthcare [128] D. Kotz, K. Fu, C. Gunter, A. Rubin, Security for mobile and cloud frontiers in
organisations: threats, mitigation and approaches, BMJ Health Care Informat. 26 healthcare, Commun. ACM 58 (8) (2015) 21–23.
(1) (2019). [129] Y. Lu, L. Da Xu, Internet of Things (IoT) cybersecurity research: a review of current
[99] D. Sparrell, Cyber-safety in healthcare IoT, in: 2019 ITU Kaleidoscope: ICT for research topics, IEEE Internet Things J. 6 (2) (2018) 2103–2115.
Health: Networks, Standards, and Innovation (ITU K), IEEE, 2019, pp. 1–8. [130] D.N. Burrell, A.S. Aridi, C. Nobles, K. Richardson, An action research case study
[100] F. Pescador, S.P. Mohanty, Novel cybersecurity paradigms for consumer technol- concerning deaf and hard of hearing diversity and inclusion in healthcare cyber-
ogy, IEEE Consum. Electron. Mag. 10 (1) (2020) 72–73. security consulting organizations, Int. J. Smart Educ. Urban Soc. (IJSEUS) 13 (1)
[101] A. Salam, Internet of things for sustainability: perspectives in privacy, cybersecu- (2022) 1–12.
rity, and future trends, in: Internet of Things for Sustainable Community Develop- [131] A. Medhekar, My health record and emerging cybersecurity challenges in the Aus-
ment, Springer, Cham, 2020, pp. 299–327. tralian digital environment, Res. Anthol. Secur. Med. Syst. Rec. (2022) 428–447.
[102] A.I. Newaz, A.K. Sikder, M.A. Rahman, A.S. Uluagac, Health-guard: a machine [132] L. Wang, C.A. Alexander, Big data analytics in medical engineering and health-
learning-based security framework for smart healthcare systems, in: 2019 Sixth care: methods, advances, and challenges, J. Med. Eng. Technol. 44 (6) (2020) 267–
International Conference on Social Networks Analysis, Management and Security 283.
(SNAMS), IEEE, 2019, pp. 389–396. [133] A. Alvarenga, G. Tanev, A cybersecurity risk assessment framework that integrates
[103] M. Jofre, D. Navarro-Llobet, R. Agulló, J. Puig, G. Gonzalez-Granadillo, J. Mora value-sensitive design, Technol. Innov. Manag. Rev. 7 (4) (2017).
Zamorano, R. Romeu, Cybersecurity and privacy risk assessment of point-of-care [134] R.S.S. Kumar, M. Nyström, J. Lambert, A. Marshall, M. Goertzel, A. Comissoneru,
systems in healthcare—a use case approach, Appl. Sci. 11 (15) (2021) 6699. S. Xia, Adversarial machine learning-industry perspectives, in: 2020 IEEE Security
[104] M. Busdicker, P. Upendra, The role of healthcare technology management in fa- and Privacy Workshops (SPW), IEEE, 2020, pp. 69–75.
cilitating medical device cybersecurity, Biomed. Instrum. Technol. 51 (s6) (2017) [135] H. Suryotrisongko, Y. Musashi, Review of cybersecurity research topics, taxon-
19–25. omy, and challenges: interdisciplinary perspective, in: 2019 IEEE 12th Confer-
[105] W.J. Gordon, A. Wright, R.J. Glynn, J. Kadakia, C. Mazzone, E. Leinbach, A. Land- ence on Service-Oriented Computing and Applications (SOCA), IEEE, 2019, pp.
man, Evaluation of a mandatory phishing training program for high-risk employees 162–167.
at a US healthcare system, J. Am. Med. Inform. Assoc. 26 (6) (2019) 547–552. [136] A.U. Nwosu, S.B. Goyal, P. Bedi, Blockchain transforming cyber-attacks: healthcare
[106] L. Kim, Cybersecurity: ensuring confidentiality, integrity, and availability of infor- industry, in: International Conference on Innovations in Bio-Inspired Computing
mation, in: Nursing Informatics, Springer, Cham, 2022, pp. 391–410. and Applications, Springer, Cham, 2020, pp. 258–266.
[107] L. Nyakasoka, R. Naidoo, Barriers to dynamic cybersecurity capabilities in health- [137] G. Stern, A life cycle approach to medical device cybersecurity, Biomed. Instrum.
care software services, in: Proceedings of 43rd Conference of the South African Technol. 52 (6) (2018) 464–466.
Institute, 85, 2022, pp. 231–242. [138] P.A. Williams, S. Cowley, C. Bolan, K. Fowle, R. Staynings, Working as a health
[108] K. Weber, M. Loi, M. Christen, N. Kleine, Digital medicine, cybersecurity, and cybersecurity specialist, in: The Health Information Workforce, Springer, Cham,
ethics: an uneasy relationship, Am. J. Bioeth. 18 (9) (2018) 52–53. 2021, pp. 225–236.

12
M. Javaid, A. Haleem, R.P. Singh et al. Cyber Security and Applications 1 (2023) 100016

[139] M. Moran Stritch, M. Winterburn, F. Houghton, The Conti ransomware attack on [166] N. Haider, C. Gates, V. Sengupta, S. Qian, Cybersecurity of medical devices:
healthcare in Ireland: exploring the impacts of a cybersecurity breach from a nurs- past, present, and future, in: Deer’s Treatment of Pain, Springer, Cham, 2019,
ing perspective, Can. J. Nurs. Informat. 16 (3–4) (2021). pp. 811–820.
[140] C.A. Alexander, L. Wang, Cybersecurity, information assurance, and big data based [167] J. Lamba, E. Jain, in: Advanced Cyber Security and Internet of Things for Digital
on blockchain, 2019 SoutheastCon (2019) 1–7. Transformations of the Indian Healthcare Sector. Research Anthology On Securing
[141] S. Papastergiou, H. Mouratidis, E.M. Kalogeraki, Handling of advanced persistent Medical Systems and Records, IGI Global, 2022, pp. 204–224.
threats and complex incidents in healthcare, transportation and energy ICT infras- [168] N.S. Abouzakhar, A. Jones, O. Angelopoulou, Internet of things security: a review
tructures, Evolv. Syst. 12 (1) (2021) 91–108. of risks and threats to healthcare sector, in: 2017 IEEE International Conference
[142] A.K. Alharam, W. Elmedany, The effects of cyber-security on healthcare industry, on Internet of Things (iThings) and IEEE Green Computing and Communications
in: 2017 9th IEEE-GCC Conference and Exhibition (GCCCE), IEEE, 2017, pp. 1–9. (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom), and IEEE
[143] J. Kasurinen, Usability issues of virtual reality learning simulator in healthcare and Smart Data (SmartData), IEEE, 2017, pp. 373–378.
cybersecurity, Procedia Comput. Sci. 119 (2017) 341–349. [169] C. Stamatellis, P. Papadopoulos, N. Pitropakis, S. Katsikas, W.J. Buchanan, A pri-
[144] O.O. Akinsanya, M. Papadaki, L. Sun, Current cybersecurity maturity models: how vacy-preserving healthcare framework using hyperledger fabric, Sensors 20 (22)
effective in healthcare cloud? CERC (2019) 211–222. (2020) 6587.
[145] J.L. Kamerer, D. McDermott, Cybersecurity: nurses on the front line of prevention [170] R.J. Raimundo, A.T. Rosário, Cybersecurity in the internet of things in industrial
and education, J. Nurs. Regul. 10 (4) (2020) 48–53. management, Appl. Sci. 12 (3) (2022) 1598.
[146] D. Mohammed, US healthcare industry: cybersecurity regulatory and compliance [171] S. Panda, E. Panaousis, G. Loukas, C. Laoudias, Optimizing investments in cyber
issues, J. Res. Bus., Econ. Manag. 9 (5) (2017) 1771–1776. hygiene for protecting healthcare users, in: From Lambda Calculus to Cybersecurity
[147] M.J. Swede, V. Scovetta, M. Eugene-Colin, Protecting patient data is the new scope Through Program Analysis, Springer, Cham, 2020, pp. 268–291.
of practice: a recommended cybersecurity curricula for healthcare students to pre- [172] J. Schneider, A. Wirth, Balancing patient safety, clinical efficacy, and cybersecurity
pare for this challenge, J. Allied Health 48 (2) (2019) 148–156. with clinician partners, Biomed. Instrum. Technol. 55 (1) (2021) 21–28.
[148] T. Javid, M. Faris, H. Beenish, M. Fahad, Cybersecurity and data privacy in the [173] A.J. Taylor, Recognizing cybersecurity threats in healthcare settings for effective
cloudlet for preliminary healthcare big data analytics, in: 2020 International Con- risk management, in: Mobile Medicine, Productivity Press, 2021, pp. 177–182.
ference on Computing and Information Technology (ICCIT-1441), IEEE, 2020, [174] S. Smagulov, V. Smagulova, Challenges of digital transformation in healthcare,
pp. 1–4. Intellect. Archive 8 (1) (2019) 12–32.
[149] R.J. McFarland, S.B. Olatunbosun, An exploratory study on the use of Inter- [175] I.E. Lamprinos, Trusted digital solutions and cybersecurity in healthcare, in: Health
net_of_Medical_Things (IoMT) in the healthcare industry and their associated cyber- Monitoring Systems, CRC Press, 2019, pp. 213–226.
security risks, in: Proceedings on the International Conference on Internet Comput- [176] E. Biasin, Healthcare critical infrastructures protection and cybersecurity in the
ing (ICOMP), The Steering Committee of The World Congress in Computer Science, EU: regulatory challenges and opportunities, in: Proceedings of the 1st European
Computer Engineering and Applied Computing (WorldCom), 2019, pp. 115–121. Cluster for Securing Critical Infrastructures (ECSCI) Virtual Workshop, 2020.
[150] B.C. McConomy, D.E. Leber, Cybersecurity in healthcare, in: Clinical Informatics [177] A. Ferrara, Cybersecurity in medical imaging, Radiol Technol 90 (6) (2019)
Study Guide, Springer, Cham, 2022, pp. 241–253. 563–575.
[151] S. Tarikere, I. Donner, D. Woods, Diagnosing a healthcare cybersecurity crisis: the [178] G. Pang, L. Cao, C. Aggarwal, Deep learning for anomaly detection: challenges,
impact of IoMT advancements and 5G, Bus. Horiz. 64 (6) (2021) 799–807. methods, and opportunities, in: Proceedings of the 14th ACM International Confer-
[152] A. Le Bris, W. El Asri, State of cybersecurity & cyber threats in healthcare organi- ence on Web Search and Data Mining, 2021, pp. 1127–1130.
zations, ESSEC Bus. School (2016) 12. [179] C.A. Budke, P.J. Enko, Physician practice cybersecurity threats: ransomware, Mo
[153] N. O’Brien, E. Grass, G. Martin, M. Durkin, A. Darzi, S. Ghafur, Developing a glob- Med. 117 (2) (2020) 102.
ally applicable cybersecurity framework for healthcare: a Delphi consensus study, [180] D. Lee, S.N. Yoon, Application of artificial intelligence-based technologies in the
BMJ Innov. 7 (1) (2021). healthcare industry: opportunities and challenges, Int. J. Environ. Res. Public
[154] M.S. Jalali, S. Razak, W. Gordon, E. Perakslis, S. Madnick, Health care and cyber- Health 18 (1) (2021) 271.
security: bibliometric analysis of the literature, J. Med. Internet Res. 21 (2) (2019) [181] M. Meisner, Financial consequences of cyber-attacks leading to data breaches in
e12644. the healthcare sector, Copernican J. Finance Account. 6 (3) (2017) 63–73.
[155] D. Giansanti, R.A. Gulino, The Cybersecurity and the care robots: a viewpoint on [182] K.A. Ali, S. Alyounis, Cybersecurity in healthcare industry, in: 2021 International
the open problems and the perspectives, Healthcare 9 (12) (2021) 1653. Conference on Information Technology (ICIT), IEEE, 2021, pp. 695–701.
[156] S.R. Kessler, S. Pindek, G. Kleinman, S. Andel, P. Spector, Promoting cybersecurity [183] K. Kioskli, T. Fotis, H. Mouratidis, The landscape of cybersecurity vulnerabilities
within healthcare, in: Academy of Management Proceedings, 2016, Academy of and challenges in healthcare: security standards and paradigm shift recommenda-
Management, Briarcliff Manor, NY, 2016, p. 17127. 10510. tions, in: The 16th International Conference on Availability, Reliability, and Secu-
[157] E. Meinert, A. Alturkistani, D. Brindley, P. Knight, G. Wells, N. de Pennington, rity, 2021, pp. 1–9.
Weighing benefits and risks in aspects of security, privacy and adoption of tech- [184] S. Ghafur, E. Grass, N.R. Jennings, A. Darzi, The challenges of cybersecurity in
nology in a value-based healthcare system, BMC Med. Inform. Decis. Mak. 18 (1) health care: the UK National Health Service as a case study, Lancet Digital Health
(2018) 1–4. 1 (1) (2019) e10–e12.
[158] M. Barad, Linking cyber security improvement actions in healthcare systems to [185] D. Giansanti, R.A. Gulino, The cybersecurity and the care robots: a viewpoint on
their strategic improvement needs, Procedia Manuf. 39 (2019) 279–286. the open problems and the perspectives, Rehabil. Robot. (2021) 67.
[159] V. Murthy, Cybersecurity-related regulatory considerations for medical devices, [186] K. Ghosh, Healthcare security: a course engaging females in cybersecurity educa-
Biomed. Instrum. Technol. 53 (4) (2019) 312–314. tion, in: 2015 IEEE Frontiers in Education Conference (FIE), IEEE, 2015, pp. 1–4.
[160] K.M. Besher, Z. Subah, M.Z. Ali, IoT sensor initiated healthcare data security, IEEE [187] N.M. Thomasian, E.Y. Adashi, Cybersecurity in the internet of medical things,
Sens. J. 21 (10) (2020) 11977–11982. Health Policy and Technology 10 (3) (2021) 100549.
[161] S. Walker-Roberts, M. Hammoudeh, A. Dehghantanha, A systematic review of the [188] A.S. Wilner, H. Luce, E. Ouellet, O. Williams, N. Costa, From public health to cyber
availability and efficacy of countermeasures to internal threats in healthcare criti- hygiene: cybersecurity and Canada’s healthcare sector, International Journal 76
cal infrastructure, IEEE Access 6 (2018) 25167–25177. (4) (2021) 522–543.
[162] F.M. Dias, M.L. Martens, S.F. de Paula Monken, L.F. da Silva, E.D.R. Santibanez– [189] K. Fu, J. Blum, Controlling for cybersecurity risks of medical device software,
Gonzalez, Risk management focusing on the best practices of data security systems Biomed. Instrum. Technol. 48 (s1) (2014) 38–41.
for healthcare, Int. J. Innov. 9 (1) (2021) 45–78. [190] E. Kost, Biggest Cyber Threats in Healthcare, 2023 https://www.upguard.com/
[163] A. Poulsen, E. Fosch-Villaronga, O. Burmeister, Cybersecurity considerations for a blog/biggest-cyber-threats-in-healthcare.
code of conduct for developing and using AI and robot technology in healthcare, in: [191] B. Nordsvan, Top Cyber Security Risks in Healthcare, 2020 https://contentsecurity.
8th Conference of the Australasian Institute of Computer Ethics, Deakin University, com.au/cyber-security-concerns-in-healthcare/.
2019, pp. 40–44. [192] H. Shah, Top 10 Cybersecurity Challenges in the Healthcare Industry, 2022
[164] S.W.A. Hamdani, H. Abbas, A.R. Janjua, W.B. Shahid, M.F. Amjad, J. Malik, https://www.globalsign.com/en/blog/10-cybersecurity-challenges-healthcare.
A.W. Khan, Cybersecurity standards in the context of operating system: practical [193] I.F. Kilincer, F. Ertam, A. Sengur, R.S. Tan, U.R. Acharya, Automated detection
aspects, analysis, and comparisons, ACM Comput. Surv. (CSUR) 54 (3) (2021) 1–36. of cybersecurity attacks in healthcare systems with recursive feature elimination
[165] A. Abdullah, R. Hamad, M. Abdulrahman, H. Moala, S. Elkhediri, Cybersecurity: and multilayer perceptron optimization, Biocybernet. Biomed. Eng. 43 (1) (2023)
a review of internet of things (IoT) security issues, challenges, and techniques, 30–41.
in: 2019 2nd International Conference on Computer Applications & Information [194] A. Renee Staton, M Kielty, A lurking threat: counselor practices to guard against
Security (ICCAIS), IEEE, 2019, pp. 1–6. cyber threats, J. Ment. Health Couns. 45 (1) (2023) 20–33.

13