Open Access
EVALUATING AND ENHANCING CYBERSECURITY AND RESILIENCE IN HEALTHCARE: A UNIFIED RISK AND COMPLIANCE FRAMEWORK
4
Faculty of Information Security, Moscow State Technical University, Moscow, Russia
4
College of Information Technology, United Arab Emirates University, Al Ain, UAE
Abstract
The growing digitization of healthcare has introduced complex cybersecurity challenges, making the protection of sensitive patient data and critical infrastructure a top priority. This paper presents a unified risk and compliance framework designed to evaluate and enhance cybersecurity resilience in healthcare systems. By integrating risk assessment methodologies with regulatory compliance standards such as HIPAA, GDPR, and NIST, the framework provides a comprehensive approach to identifying vulnerabilities, managing threats, and ensuring continuous protection. The study analyzes key cybersecurity incidents in the healthcare sector to highlight common weaknesses and evaluates the effectiveness of current security protocols. Recommendations are offered to strengthen resilience through proactive risk management, real-time monitoring, and cross-organizational collaboration. The proposed framework aims to guide healthcare institutions in building robust, compliant, and adaptive cybersecurity infrastructures.
Keywords
Healthcare Cybersecurity,
Risk Management,
Compliance Framework,
Cyber Resilience
References
World Health Organization. (2020). Strengthening health security by implementing the International Health Regulations (2005). WHO.
Kwon, J., & Johnson, M. E. (2013). Health-care security strategies for data protection and risk management. Journal of Healthcare Information Management, 27(4), 56–63.
U.S. Department of Health and Human Services. (2021). Cybersecurity Program Annual Report.
Shah, N., & Mittal, S. (2022). Cyber resilience in smart healthcare systems. Computers & Security, 112, 102527.
Brahmbhatt, R., & Sardana, J. (2025). Empowering patient-centric communication: Integrating quiet hours for healthcare notifications with retail & e-commerce operations strategies. Journal of Information Systems Engineering and Management, 10(23s). https://doi.org/10.52783/jisem.v10i23s.3677
Smith, R., & Lee, D. (2020). Managing risk in the healthcare supply chain: Best practices and tools. Health Systems Management Journal, 45(3), 112–119.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2021). Investing in cybersecurity: Insights from the healthcare industry. MIS Quarterly, 45(2), 805–826.
CISA. (2022). Healthcare and Public Health Sector-Specific Plan. Cybersecurity & Infrastructure Security Agency.
Zhou, X., & Piramuthu, S. (2015). Information security in the Internet of Medical Things (IoMT). Decision Support Systems, 78, 52–62.
Tang, C., & Veelenturf, L. P. (2019). The strategic role of logistics in the industry 4.0 era. Transportation Research Part E, 129, 1–11.
He, Y., & Zhang, J. (2021). Blockchain-based traceability in the medical supply chain. Computers in Industry, 130, 103444.
McKinsey & Company. (2020). Building a resilient health care supply chain.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2022). Conformity assessment frameworks for medical device cybersecurity. Journal of Biomedical Informatics, 128, 104031.
NIST. (2021). NIST Cybersecurity Framework: Improving Critical Infrastructure Cybersecurity.
Lee, H., & Billington, C. (2020). Managing supply chain risk: Integrating cybersecurity into resilience strategies. Supply Chain Management Review, 23(2), 24–31.
Patel, V., & Jain, R. (2021). AI-driven security assessment in digital health systems. Artificial Intelligence in Medicine, 115, 102055.
ISO/IEC. (2018). ISO/IEC 27001: Information security management systems — Requirements.
OECD. (2020). Ensuring supply chain resilience for medical products during public health emergencies.
Kim, D. H., & Garrison, G. (2020). Understanding healthcare cyberattacks: A systems-thinking approach. Health Informatics Journal, 26(3), 1812–1827.
CDC. (2019). Crisis and Emergency Risk Communication (CERC) Manual.
Sardana, J., & Brahmbhatt, R.(2025). Secure Data Exchange between Salesforce Marketing Cloud and Healthcare Platforms. Journal of Information Systems Engineering and Management, 10(23s). https://doi.org/10.52783/jisem.v10i23s.3678
Yang, X., & Liu, Q. (2021). Resilient healthcare logistics: A review and research agenda. International Journal of Production Economics, 239, 108197.
Golan, M. S., & Villa, S. (2018). Managing disruptions in healthcare supply chains. Journal of Operations Management, 57(1), 1–13.
Morrison, K., & Tapia, A. H. (2022). Building cyber resilience in public health agencies. Government Information Quarterly, 39(3), 101752.
Sharma, A., & Shah, R. (2020). Multi-criteria decision making for risk assessment in healthcare logistics. Operations Research for Health Care, 26, 100268.
Johnson, S., & Tien, G. (2019). Risk management in the digital health environment. International Journal of Medical Informatics, 132, 103991.
ECDC. (2021). Risk assessment guidelines for infectious diseases transmitted on aircraft.
Huang, M., & Hu, Q. (2018). Developing a conformity assessment model for medical cybersecurity standards. Health Policy and Technology, 7(4), 383–392.
Xiao, Y., & Watson, M. (2019). Supply chain disruptions in healthcare: Lessons from past pandemics. International Journal of Disaster Risk Reduction, 39, 101247.
Tan, K. S., & Lee, C. Y. (2022). Enhancing cybersecurity maturity in medical supply networks. Computers & Security, 113, 102577.
World Health Organization. (2021). Medical Product Alert: Global medical supply chain vulnerabilities.
Berman, O., & Kim, E. (2020). Modeling the resilience of healthcare supply systems. European Journal of Operational Research, 286(2), 568–582.
Most read articles by the same author(s)
- Dr. Elena Petrova, Research on Unusual Transmission Pattern Recognition in Telecommunication Infrastructure Using Fuzzy Equation Approach , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
Similar Articles
- Dr. Marcus Fletcher, Dr. Elena Novak, ASSESSING AND ENSURING CYBERSECURITY AND RESILIENCE IN HEALTHCARE: A RISK AND CONFORMITY FRAMEWORK , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Elena Marovic, Dr. Sofia Markovic, Cybersecurity Governance and Resilience in Small and Medium-Sized Enterprises: A Socio-Technical, Resource-Based, and Regulatory Framework for Sustainable Digital Competitiveness , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Julia H. Whitaker, PROACTIVE CYBER THREAT HUNTING AND PREDICTIVE INTELLIGENCE IN CLOUD-ENABLED CRITICAL INFRASTRUCTURE: AN INTEGRATED FRAMEWORK FOR RESILIENT DIGITAL ECOSYSTEMS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 02 (2026): Volume 03 Issue 02
- Dr. Arben Kola, Dr. Elira Hoxha, Dr. Gentian Leka, Study of Threat Evaluation and Forecasting Framework for Communication Infrastructure Using Neural Intelligence Techniques , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Ahmed Saeed Al-Mansoori, Detection of Malicious Query Attack Weaknesses within Online Software Systems Using Byte-Level Pattern Matching , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Nyra Quellin, Strategic Risk-Based Cybersecurity Governance: Integrating Policy Frameworks, Organizational Controls, and Compliance Mechanisms for Contemporary Information Systems , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 01 (2026): Volume 03 Issue 01
- Dr. Alistair C. Finch, From Reactive to Predictive: A Framework for Integrating Threat Intelligence with SIEM for Proactive Threat Hunting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 10 (2025): Volume 02 Issue 10
- Aghasi Gevorgyan, Automation of Compliance Control Processes According to PCI DSS Standards in Hybrid Cloud Environments , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Mateo Alvarez-Ruiz, From Reactive to Predictive Security: Integrating Threat Intelligence with SIEM for Proactive Threat Hunting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 01 (2026): Volume 03 Issue 01
- Dr. Tanvi Das, James D. Walker, A FEDERATED MULTI-MODAL SYSTEM FOR INSIDER THREAT DETECTION IN ENERGY INFRASTRUCTURE USING BIOMETRIC AND CYBER DATA , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 01 (2025): Volume 02 Issue 01
1-10 of 35
Next
You may also start an advanced similarity search for this article.