EVALUATING AND ENHANCING CYBERSECURITY AND RESILIENCE IN HEALTHCARE: A UNIFIED RISK AND COMPLIANCE FRAMEWORK
DOI:
https://doi.org/10.55640/ijctisn-v02i05-01Keywords:
Healthcare Cybersecurity, Risk Management, Compliance Framework, Cyber ResilienceAbstract
The growing digitization of healthcare has introduced complex cybersecurity challenges, making the protection of sensitive patient data and critical infrastructure a top priority. This paper presents a unified risk and compliance framework designed to evaluate and enhance cybersecurity resilience in healthcare systems. By integrating risk assessment methodologies with regulatory compliance standards such as HIPAA, GDPR, and NIST, the framework provides a comprehensive approach to identifying vulnerabilities, managing threats, and ensuring continuous protection. The study analyzes key cybersecurity incidents in the healthcare sector to highlight common weaknesses and evaluates the effectiveness of current security protocols. Recommendations are offered to strengthen resilience through proactive risk management, real-time monitoring, and cross-organizational collaboration. The proposed framework aims to guide healthcare institutions in building robust, compliant, and adaptive cybersecurity infrastructures.
References
World Health Organization. (2020). Strengthening health security by implementing the International Health Regulations (2005). WHO.
Kwon, J., & Johnson, M. E. (2013). Health-care security strategies for data protection and risk management. Journal of Healthcare Information Management, 27(4), 56–63.
U.S. Department of Health and Human Services. (2021). Cybersecurity Program Annual Report.
Shah, N., & Mittal, S. (2022). Cyber resilience in smart healthcare systems. Computers & Security, 112, 102527.
Smith, R., & Lee, D. (2020). Managing risk in the healthcare supply chain: Best practices and tools. Health Systems Management Journal, 45(3), 112–119.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2021). Investing in cybersecurity: Insights from the healthcare industry. MIS Quarterly, 45(2), 805–826.
CISA. (2022). Healthcare and Public Health Sector-Specific Plan. Cybersecurity & Infrastructure Security Agency.
Zhou, X., & Piramuthu, S. (2015). Information security in the Internet of Medical Things (IoMT). Decision Support Systems, 78, 52–62.
Tang, C., & Veelenturf, L. P. (2019). The strategic role of logistics in the industry 4.0 era. Transportation Research Part E, 129, 1–11.
He, Y., & Zhang, J. (2021). Blockchain-based traceability in the medical supply chain. Computers in Industry, 130, 103444.
McKinsey & Company. (2020). Building a resilient health care supply chain.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2022). Conformity assessment frameworks for medical device cybersecurity. Journal of Biomedical Informatics, 128, 104031.
NIST. (2021). NIST Cybersecurity Framework: Improving Critical Infrastructure Cybersecurity.
Lee, H., & Billington, C. (2020). Managing supply chain risk: Integrating cybersecurity into resilience strategies. Supply Chain Management Review, 23(2), 24–31.
Patel, V., & Jain, R. (2021). AI-driven security assessment in digital health systems. Artificial Intelligence in Medicine, 115, 102055.
ISO/IEC. (2018). ISO/IEC 27001: Information security management systems — Requirements.
OECD. (2020). Ensuring supply chain resilience for medical products during public health emergencies.
Kim, D. H., & Garrison, G. (2020). Understanding healthcare cyberattacks: A systems-thinking approach. Health Informatics Journal, 26(3), 1812–1827.
CDC. (2019). Crisis and Emergency Risk Communication (CERC) Manual.
Yang, X., & Liu, Q. (2021). Resilient healthcare logistics: A review and research agenda. International Journal of Production Economics, 239, 108197.
Golan, M. S., & Villa, S. (2018). Managing disruptions in healthcare supply chains. Journal of Operations Management, 57(1), 1–13.
Morrison, K., & Tapia, A. H. (2022). Building cyber resilience in public health agencies. Government Information Quarterly, 39(3), 101752.
Sharma, A., & Shah, R. (2020). Multi-criteria decision making for risk assessment in healthcare logistics. Operations Research for Health Care, 26, 100268.
Johnson, S., & Tien, G. (2019). Risk management in the digital health environment. International Journal of Medical Informatics, 132, 103991.
ECDC. (2021). Risk assessment guidelines for infectious diseases transmitted on aircraft.
Huang, M., & Hu, Q. (2018). Developing a conformity assessment model for medical cybersecurity standards. Health Policy and Technology, 7(4), 383–392.
Xiao, Y., & Watson, M. (2019). Supply chain disruptions in healthcare: Lessons from past pandemics. International Journal of Disaster Risk Reduction, 39, 101247.
Tan, K. S., & Lee, C. Y. (2022). Enhancing cybersecurity maturity in medical supply networks. Computers & Security, 113, 102577.
World Health Organization. (2021). Medical Product Alert: Global medical supply chain vulnerabilities.
Berman, O., & Kim, E. (2020). Modeling the resilience of healthcare supply systems. European Journal of Operational Research, 286(2), 568–582.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Dr. Elena Petrova, Dr. Hassan Al-Mansoori (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain the copyright of their manuscripts, and all Open Access articles are disseminated under the terms of the Creative Commons Attribution License 4.0 (CC-BY), which licenses unrestricted use, distribution, and reproduction in any medium, provided that the original work is appropriately cited. The use of general descriptive names, trade names, trademarks, and so forth in this publication, even if not specifically identified, does not imply that these names are not protected by the relevant laws and regulations.