Developing a globally applicable cybersecurity framework for healthcare: a Delphi consensus study

Abstract

BackgroundCybersecurity in healthcare has become increasingly important as the COVID-19 pandemic has increased the use of digital technologies in healthcare provision around the world, while simultaneously encouraged cybercriminals to target healthcare organisations in greater numbers. Despite the threat of cyberattack to patient safety and the provision of healthcare, cybersecurity in the health sector lags behind other industries. Additionally, no adequate cybersecurity framework exists which considers the unique needs of the health sector.MethodsAn online Delphi was carried out to develop a globally relevant and applicable readiness framework to guide cybersecurity planning in healthcare. Experts (n=42) in the areas of cybersecurity, information communications and technology and health informatics were invited to list the components they felt were essential to a framework and subsequently agree with consensus on a final framework based on the identified components.ResultsAfter two rounds, the Essentials of Cybersecurity in Healthcare Organizations (ECHO) framework with 51 components, grouped into six categories, was regarded by the experts as an acceptable planning tool to guide cybersecurity in healthcare at the global level.ConclusionsThe ECHO framework, designed based on components chosen by international experts to meet the challenges of cybersecurity scale-up in the health and care sector globally, can help guide policymakers and health and care organisations in strengthening their cybersecurity infrastructure and deliver safe and effective care.