Cybersecurity in Healthcare Systems from a Social-technical Viewpoint:Systematic Review (Preprint)

Abstract

Healthcare organizations worldwide are faced with an increasing number of cyber-attacks and threats to their critical infrastructure.These attacks lead to significant data breaches in digital health information systems, which threaten patient safety and privacy.

This paper seeks to explore from a social-technical approach the reasons why digital healthcare systems are vulnerable to attacks through a systematic review of the literature.

A systematic literature review using PRISMA was conducted by searching through nine databases for articles published between 2012-2022 and indexed in PubMed (Medline), Web of Science (WOS), ScienceDirect, Scopus, ProQuest, IEEE, MIS Quarterly, Springer, and Google scholar, using the keyword “(Cybersecurity AND Healthcare) OR Electronic Health Record AND Medical device).” Reports, review articles and industry white papers were included which focuses on cybersecurity and healthcare challenges and solutions. Only articles published in English was selected for the review.

The results of the thematic analysis of the five (5) categorized themes derived from the review, identify five (5) themes as the cause of data breaches and why healthcare is vulnerable to cyber-attacks.The themes identified are human error, lack of investment, complex network connected endpoint devices, old legacy systems, and technology advancement (Digitalisation).We also found that Intervention studies and knowledge applications to solve healthcare vulnerabilities for the past 11 years are inconsistent with the number of studies and solutions presented in the result.

This systematic review provides clear understandings on why healthcare is vulnerable to attacks through a helpful insight and we offer interventions from a new lens of a social technical viewpoint as solution and guide for healthcare organization breaches and vulnerabilities. We recommend that healthcare organisation in partnership with educational institution need to develop and implement a cybersecurity curriculum for healthcare, intelligence information sharing through collaborations, training, awareness campaigns and knowledge application areas, such as secure design process, phase out legacy systems, improve investment to bridge the gap. Future studies are required to create a social technical framework that will support cybersecurity in healthcare and connect technology, people, and processes in an integrated manner.