“The U.S. Department of Health and Human Services’ Office for Civil Rights” recognized 578 privacy breaches affecting approximately 174 million people as of January 17, 2025, leaving the healthcare sector struggling to protect sensitive information from individuals intentionally seeking to cause harm. According to Health-ISAC’s Annual Threat Report, “Healthcare Cyber Threat Landscape 2025” released in February 2025, several findings were cited as a result of a sur-vey of multiple healthcare organizations among others, related to “the top five cyber threats facing their organizations heading into 2025: (1) Ransomware Deployments; (2) Third-Party Breaches; (3) Data Breaches; (4) Supply Chain At-tacks; and (5) Zero-Day Exploits”. Consequently, intending to diminish risks and alleviate cybersecurity occurrences within the healthcare domain, we undertook a systematic literature review to identify the most pertinent approaches, frameworks, and models about cybersecurity awareness and training. To do so, it was necessary to understand the objectives of these approaches, establish the types of attacks they seek to contain, the security dimension they focus on, whether these approaches are standardized, their effectiveness metrics, and finally, we analyzed the limitations of the proposed frameworks to incorporate emotional states assessments and its application to lead to safe staff behaviors. In conclusion, substantial information was found that could be useful for healthcare and IT personnel to apply to cybersecurity awareness and training to reduce cybersecurity incidents.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Strengthening Healthcare Cybersecurity: Systematic Review of Awareness and Training Approaches

  • Marcel Auz-Torres,
  • Sang Guun Yoo

摘要

“The U.S. Department of Health and Human Services’ Office for Civil Rights” recognized 578 privacy breaches affecting approximately 174 million people as of January 17, 2025, leaving the healthcare sector struggling to protect sensitive information from individuals intentionally seeking to cause harm. According to Health-ISAC’s Annual Threat Report, “Healthcare Cyber Threat Landscape 2025” released in February 2025, several findings were cited as a result of a sur-vey of multiple healthcare organizations among others, related to “the top five cyber threats facing their organizations heading into 2025: (1) Ransomware Deployments; (2) Third-Party Breaches; (3) Data Breaches; (4) Supply Chain At-tacks; and (5) Zero-Day Exploits”. Consequently, intending to diminish risks and alleviate cybersecurity occurrences within the healthcare domain, we undertook a systematic literature review to identify the most pertinent approaches, frameworks, and models about cybersecurity awareness and training. To do so, it was necessary to understand the objectives of these approaches, establish the types of attacks they seek to contain, the security dimension they focus on, whether these approaches are standardized, their effectiveness metrics, and finally, we analyzed the limitations of the proposed frameworks to incorporate emotional states assessments and its application to lead to safe staff behaviors. In conclusion, substantial information was found that could be useful for healthcare and IT personnel to apply to cybersecurity awareness and training to reduce cybersecurity incidents.