Health Care and Cybersecurity: Bibliometric Analysis of the Literature.

BACKGROUND: Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery. OBJECTIVE: The objective of this study was to provide an overview of the literature at the intersection of cybersecurity and health care delivery. METHODS: A comprehensive search was conducted using PubMed and Web of Science for English-language peer-reviewed articles. We carried out chronological analysis, domain clustering analysis, and text analysis of the included articles to generate a high-level concept map composed of specific words and the connections between them. RESULTS: Our final sample included 472 English-language journal articles. Our review results revealed that majority of the articles were focused on technology: Technology-focused articles made up more than half of all the clusters, whereas managerial articles accounted for only 32% of all clusters. This finding suggests that nontechnological variables (human-based and organizational aspects, strategy, and management) may be understudied. In addition, Software Development Security, Business Continuity, and Disaster Recovery Planning each accounted for 3% of the studied articles. Our results also showed that publications on Physical Security account for only 1% of the literature, and research in this area is lacking. Cyber vulnerabilities are not all digital; many physical threats contribute to breaches and potentially affect the physical safety of patients. CONCLUSIONS: Our results revealed an overall increase in research on cybersecurity and identified major gaps and opportunities for future work.

EARS to cyber incidents in health care.

Background: Connected medical devices and electronic health records have added important functionality to patient care, but have also introduced a range of cybersecurity concerns. When a healthcare organization suffers from a cybersecurity incident, its incident response strategies are critical to the success of its recovery. Objective: In this article, we identify gaps in research concerning cybersecurity response plans in healthcare. Through a systematic literature review, we develop aggregated strategies that professionals can use to construct better response strategies in their organizations. Methods: We reviewed journal articles on cyber incident response plans in healthcare published in PubMed and Web of Science. We sought to collect articles on the intersection of cybersecurity and healthcare that focused on incident response strategies. Results: We identified and reviewed 13 articles for cybersecurity response recommendations. We then extracted information such as research methods, findings, and implications. Finally, we synthesized the recommendations into a framework of eight aggregated response strategies (EARS) that fall under managerial and technological categories. Conclusions: We conducted a systematic review of the literature on cybersecurity response plans in healthcare and developed a novel framework for response strategies that could be deployed by healthcare organizations. More work is needed to evaluate incident response strategies in healthcare.