Open Access
EVALUATING AND ENHANCING CYBERSECURITY AND RESILIENCE IN HEALTHCARE: A UNIFIED RISK AND COMPLIANCE FRAMEWORK
4
Faculty of Information Security, Moscow State Technical University, Moscow, Russia
4
College of Information Technology, United Arab Emirates University, Al Ain, UAE
Abstract
The growing digitization of healthcare has introduced complex cybersecurity challenges, making the protection of sensitive patient data and critical infrastructure a top priority. This paper presents a unified risk and compliance framework designed to evaluate and enhance cybersecurity resilience in healthcare systems. By integrating risk assessment methodologies with regulatory compliance standards such as HIPAA, GDPR, and NIST, the framework provides a comprehensive approach to identifying vulnerabilities, managing threats, and ensuring continuous protection. The study analyzes key cybersecurity incidents in the healthcare sector to highlight common weaknesses and evaluates the effectiveness of current security protocols. Recommendations are offered to strengthen resilience through proactive risk management, real-time monitoring, and cross-organizational collaboration. The proposed framework aims to guide healthcare institutions in building robust, compliant, and adaptive cybersecurity infrastructures.
Keywords
Healthcare Cybersecurity,
Risk Management,
Compliance Framework,
Cyber Resilience
References
World Health Organization. (2020). Strengthening health security by implementing the International Health Regulations (2005). WHO.
Kwon, J., & Johnson, M. E. (2013). Health-care security strategies for data protection and risk management. Journal of Healthcare Information Management, 27(4), 56–63.
U.S. Department of Health and Human Services. (2021). Cybersecurity Program Annual Report.
Shah, N., & Mittal, S. (2022). Cyber resilience in smart healthcare systems. Computers & Security, 112, 102527.
Brahmbhatt, R., & Sardana, J. (2025). Empowering patient-centric communication: Integrating quiet hours for healthcare notifications with retail & e-commerce operations strategies. Journal of Information Systems Engineering and Management, 10(23s). https://doi.org/10.52783/jisem.v10i23s.3677
Smith, R., & Lee, D. (2020). Managing risk in the healthcare supply chain: Best practices and tools. Health Systems Management Journal, 45(3), 112–119.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2021). Investing in cybersecurity: Insights from the healthcare industry. MIS Quarterly, 45(2), 805–826.
CISA. (2022). Healthcare and Public Health Sector-Specific Plan. Cybersecurity & Infrastructure Security Agency.
Zhou, X., & Piramuthu, S. (2015). Information security in the Internet of Medical Things (IoMT). Decision Support Systems, 78, 52–62.
Tang, C., & Veelenturf, L. P. (2019). The strategic role of logistics in the industry 4.0 era. Transportation Research Part E, 129, 1–11.
He, Y., & Zhang, J. (2021). Blockchain-based traceability in the medical supply chain. Computers in Industry, 130, 103444.
McKinsey & Company. (2020). Building a resilient health care supply chain.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2022). Conformity assessment frameworks for medical device cybersecurity. Journal of Biomedical Informatics, 128, 104031.
NIST. (2021). NIST Cybersecurity Framework: Improving Critical Infrastructure Cybersecurity.
Lee, H., & Billington, C. (2020). Managing supply chain risk: Integrating cybersecurity into resilience strategies. Supply Chain Management Review, 23(2), 24–31.
Patel, V., & Jain, R. (2021). AI-driven security assessment in digital health systems. Artificial Intelligence in Medicine, 115, 102055.
ISO/IEC. (2018). ISO/IEC 27001: Information security management systems — Requirements.
OECD. (2020). Ensuring supply chain resilience for medical products during public health emergencies.
Kim, D. H., & Garrison, G. (2020). Understanding healthcare cyberattacks: A systems-thinking approach. Health Informatics Journal, 26(3), 1812–1827.
CDC. (2019). Crisis and Emergency Risk Communication (CERC) Manual.
Sardana, J., & Brahmbhatt, R.(2025). Secure Data Exchange between Salesforce Marketing Cloud and Healthcare Platforms. Journal of Information Systems Engineering and Management, 10(23s). https://doi.org/10.52783/jisem.v10i23s.3678
Yang, X., & Liu, Q. (2021). Resilient healthcare logistics: A review and research agenda. International Journal of Production Economics, 239, 108197.
Golan, M. S., & Villa, S. (2018). Managing disruptions in healthcare supply chains. Journal of Operations Management, 57(1), 1–13.
Morrison, K., & Tapia, A. H. (2022). Building cyber resilience in public health agencies. Government Information Quarterly, 39(3), 101752.
Sharma, A., & Shah, R. (2020). Multi-criteria decision making for risk assessment in healthcare logistics. Operations Research for Health Care, 26, 100268.
Johnson, S., & Tien, G. (2019). Risk management in the digital health environment. International Journal of Medical Informatics, 132, 103991.
ECDC. (2021). Risk assessment guidelines for infectious diseases transmitted on aircraft.
Huang, M., & Hu, Q. (2018). Developing a conformity assessment model for medical cybersecurity standards. Health Policy and Technology, 7(4), 383–392.
Xiao, Y., & Watson, M. (2019). Supply chain disruptions in healthcare: Lessons from past pandemics. International Journal of Disaster Risk Reduction, 39, 101247.
Tan, K. S., & Lee, C. Y. (2022). Enhancing cybersecurity maturity in medical supply networks. Computers & Security, 113, 102577.
World Health Organization. (2021). Medical Product Alert: Global medical supply chain vulnerabilities.
Berman, O., & Kim, E. (2020). Modeling the resilience of healthcare supply systems. European Journal of Operational Research, 286(2), 568–582.
Similar Articles
- Dr. Marcus Fletcher, Dr. Elena Novak, ASSESSING AND ENSURING CYBERSECURITY AND RESILIENCE IN HEALTHCARE: A RISK AND CONFORMITY FRAMEWORK , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Alistair C. Finch, From Reactive to Predictive: A Framework for Integrating Threat Intelligence with SIEM for Proactive Threat Hunting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 10 (2025): Volume 02 Issue 10
- Dr. Mateo Alvarez-Ruiz, From Reactive to Predictive Security: Integrating Threat Intelligence with SIEM for Proactive Threat Hunting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 01 (2026): Volume 03 Issue 01
- Dr. Tanvi Das, James D. Walker, A FEDERATED MULTI-MODAL SYSTEM FOR INSIDER THREAT DETECTION IN ENERGY INFRASTRUCTURE USING BIOMETRIC AND CYBER DATA , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 01 (2025): Volume 02 Issue 01
- Dr. Thomas Becker, Kevin Brooks, STRENGTHENING CYBER RESILIENCE: A COMPREHENSIVE EVALUATION OF SOCIAL ENGINEERING AWARENESS PROGRAMS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Rohan Deshmukh, ARCHITECTING A ROBUST CYBER THREAT INTELLIGENCE CAPABILITY: A COMPREHENSIVE FRAMEWORK , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 02 (2025): Volume 02 Issue 02
- Dr. Ahmed N. El-Tayeb, Miguel Ángel Ortega, INTEGRATING CYBER THREAT INTELLIGENCE WITHIN COMMERCIAL ENTERPRISES: A STRATEGIC FRAMEWORK FOR ENHANCED SECURITY POSTURE , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Mariam Al-Falasi, Dr. Tao Zhang, AUGMENTING SIEM WITH THREAT INTELLIGENCE FOR PREDICTIVE CYBER DEFENSE: A PROACTIVE THREAT HUNTING APPROACH , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 03 (2025): Volume 02 Issue 03
- Dr. Wei-Lin Cheng, COLLATERAL EFFECTS AND UNINTENDED REPERCUSSIONS IN OFFENSIVE CYBER OPERATIONS: A SYSTEMATIC LITERATURE REVIEW , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 03 (2025): Volume 02 Issue 03
- Prof. Emily Zhang, Luca Romano, DEFENDING AGAINST EVOLVING CYBER THREATS: A HYBRID FRAMEWORK FOR ATTACK PATTERN ANALYSIS AND INTELLIGENCE INTEGRATION , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 04 (2025): Volume 02 Issue 04
1-10 of 23
Next
You may also start an advanced similarity search for this article.