Sustainable Cybersecurity in Healthcare An AI-Integrated Risk and Resilience Framework
DOI:
https://doi.org/10.54536/ajmri.v4i4.5086Keywords:
Cybersecurity Framework, Healthcare Resilience, Machine Learning, Risk Management, Vulnerability AssessmentAbstract
As more healthcare systems are digitalized, the quality of patient care and operational efficiency have improved, but at the same time, the modernization of healthcare systems has made healthcare organizations extra vulnerable to serious cybersecurity threats. This paper reveals major gaps and inconsistencies between healthcare business units, including gaps between healthcare organizations, as it inspects existing cybersecurity practices and policies in the healthcare sector. The NIST Cybersecurity Framework along with GDPR and HIPAA have been adopted but ransomware, breaches, and insider incidents remain ongoing threats to healthcare organizations. The study proposes a comprehensive three-layered approach to address the above three challenges: (1) mathematical vulnerability assessment model based on Asset Vulnerability Impact Assessment Model (A-VIAM), (2) integration of advanced technologies such as machine learning for threat detection and response, and (3) development of a sound security management framework tailor-made for healthcare facilities. The contribution of this research is a comprehensive approach for mitigating risk from cyber to a reduced level which is at acceptable level using Hybrid methods such as Content Analysis and Quantitative Modeling with Comparative Analysis. Managers, policy makers and digital security specialists in healthcare will benefit from the research results increasing their knowledge about digital resilience in healthcare.
Downloads
References
Adam Teoh, A., Binti Abdul Ghani, N., Ahmad, M., Jhanjhi, N., A. Alzain, M., & Masud, M. (2022). Organizational Data Breach: Building conscious care behavior in incident response. Computer Systems Science and Engineering, 40(2), 505–515. https://doi.org/10.32604/csse.2022.018468
Aijaz, M., Nazir, M., & Mohammad, M. N. (2023). Threat modeling and assessment methods in the healthcare-IT system: A critical review and systematic evaluation. SN Computer Science, 4(6). https://doi.org/10.1007/s42979-023-02221-1
Al Qartah, A. (2020). Evolving Ransomware Attacks on Healthcare Providers (Doctoral dissertation, Utica College).
Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M.-V., Calcavecchia, F., Anderson, D., Burleson, W., Vogel, J.-M., O’Leary, C., Eshaya-Chauvin, B., & Flahault, A. (2020). Cybersecurity of hospitals: Discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1). https://doi.org/10.1186/s12911-020-01161-7
Argaw, S., Bempong, N., Eshaya-Chauvin, B., & Flahault, A. (2019). The state of research on cyberattacks against hospitals and available best practice recommendations: a scoping review. BMC Medical Informatics and Decision Making, 19. https://doi.org/10.1186/s12911-018-0724-5.
Ariyo, O., & Zheng, J. (2022). A study on security and privacy risks of self-disclosure on social networking sites during COVID-19 pandemic. 2022 IEEE International Conference on Big Data (Big Data). https://doi.org/10.1109/bigdata55660.2022.10021102
Atefi, K., Hashim, H., & Khodadadi, T. (2020). A Hybrid Anomaly Classification with Deep Learning (DL) and Binary Algorithms (BA) as Optimizer in the Intrusion Detection System (IDS). 2020 16th IEEE International Colloquium on Signal Processing & Its Applications (CSPA), 29-34. https://doi.org/10.1109/CSPA48992.2020.9068725.
Bassett, M. S. (2023). Cybersecurity in the Norwegian healthcare system-A socio-technical case study of Akershus University Hospital (Master’s thesis, NTNU).
Bonafide, C. P., Localio, A. R., Roberts, K. E., Nadkarni, V. M., Weirich, C. M., & Keren, R. (2014). Impact of rapid response system implementation on critical deterioration events in children. JAMA Pediatrics, 168(1), 25. https://doi.org/10.1001/jamapediatrics.2013.3266
Bhuyan, S. S., Kabir, U. Y., Escareno, J. M., Ector, K., Palakodeti, S., Wyant, D., ... & Dobalian, A. (2020). Transforming healthcare cybersecurity from reactive to proactive: current status and future recommendations. Journal of medical systems, 44, 1-9. https://doi.org/10.1007/s10916-019-1507-y
Carrasco, M., & Wu, C. (2020). Review: Deep Learning Methods for Cybersecurity and Intrusion Detection Systems. 2020 IEEE Latin-American Conference on Communications (LATINCOM), 1-6. https://doi.org/10.1109/LATINCOM50620.2020.9282324.
Carthey, J. (2006). Involving and communicating with patients and the public. Nursing standard (Royal College of Nursing (Great Britain): 1987), 2017, 50-3. https://doi.org/10.7748/NS2006.01.20.17.50.C4033.
Clarke, M., & Martin, K. (2023). Managing cybersecurity risk in healthcare settings. Healthcare Management Forum, 37(1), 17–20. https://doi.org/10.1177/08404704231195804
Coventry, L., Branley-Bell, D., Sillence, E., Magalini, S., Mari, P., Magkanaraki, A., & Anastasopoulou, K. (2020). Cyber-risk in healthcare: Exploring facilitators and barriers to secure behaviour. HCI for Cybersecurity, Privacy and Trust, 105–122. https://doi.org/10.1007/978-3-030-50309-3_8
El Rob, M. A. (2023). A narrative review of Adavntageous Cybersecurity Frameworks and regulations in the United States healthcare system. Issues In Information Systems. https://doi.org/10.48009/4_iis_2023_126
Hady, A. A., Ghubaish, A., Salman, T., Unal, D., & Jain, R. (2020). Intrusion detection system for healthcare systems using medical and network data: A comparison study. IEEE Access, 8, 106576–106584. https://doi.org/10.1109/access.2020.3000421
Harkins, M., & Freed, A. M. (2017). The ransomware assault on the healthcare sector. JL & Cyber Warfare, 6, 148.
Jiang, J. (Xuefeng), & Bai, G. (2019). Evaluation of causes of protected health information breaches. JAMA Internal Medicine, 179(2), 265. https://doi.org/10.1001/jamainternmed.2018.5295
Kandasamy, K., Srinivas, S., Achuthan, K., & Rangan, V. P. (2022). Digital Healthcare - cyberattacks in Asian organizations: An analysis of vulnerabilities, risks, NIST Perspectives, and recommendations. IEEE Access, 10, 12345–12364. https://doi.org/10.1109/access.2022.3145372
Khan, P., Islam, M. Z., & Hossain, S. (2025). AI-Powered Cybersecurity: Revolutionizing Business Threat Detection and Response. American Journal of Smart Technology and Solutions, 4(1), 37–48. https://doi.org/10.54536/ajsts.v4i1.4488
Koppel, R., Smith, S., Blythe, J., & Kothari, V. (2015). Workarounds to computer access in healthcare organizations: you want my password or a dead patient? In Driving quality in informatics: fulfilling the promise (pp. 215-220). IOS Press.
Kure, H. I., Islam, S., & Razzaque, M. A. (2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences, 8(6), 898. https://doi.org/10.3390/app8060898
Lamba, J., & Jain, E. (2021). Advanced Cyber Security and Internet of Things for Digital Transformations of the Indian Healthcare Sector. Handbook of Research on Advancing Cybersecurity for Digital Transformation. https://doi.org/10.4018/978-1-7998-6975-7.ch017.
Lindner, R. (2022). Cybersecurity Threats to Healthcare Data: Recent Trends and Implications. Journal of Health Informatics, 9(3), 87-102.
Manzuik, S., Gold, A., & Gatford, C. (2006). Chapter 10 – Regulatory Compliance, 221-241. https://doi.org/10.1016/B978-159749101-3/50014-8.
Mathew, A. (2023). The 5 Cs of Cybersecurity and its Integration with Predictive Analytics. International Journal of Computer Science and Mobile Computing. https://doi.org/10.47760/ijcsmc.2022.v12i01.006.
Minnaar, A., & Herbig, F. J. (2021). Cyberattacks and the cybercrime threat of ransomware to hospitals and healthcare services during the COVID-19 pandemic. Acta Criminologica: African Journal of Criminology & Victimology, 34(3), 155-185.
Nifakos, S., Chandramouli, K., Nikolaou, C. K., Papachristou, P., Koch, S., Panaousis, E., & Bonacina, S. (2021). Influence of human factors on cyber security within healthcare organisations: A systematic review. Sensors, 21(15), 5119. https://doi.org/10.3390/s21155119
Nilsen, W. (2021). Security Culture in the Norwegian HealthCare Domain (Master’s thesis, NTNU).
Ntantogian, C., Laoudias, C., Honrubia, A. J., Veroni, E., & Xenakis, C. (2021). Cybersecurity threats in the Healthcare Domain and Technical Solutions. Handbook of Computational Neurodegeneration, 1–29. https://doi.org/10.1007/978-3-319-75479-6_38-1
O’Brien, N., Grass, E., Martin, G., Durkin, M., Darzi, A., & Ghafur, S. (2020). Developing a globally applicable cybersecurity framework for healthcare: a Delphi consensus study. BMJ Innovations, 7, 199 - 207. https://doi.org/10.1136/bmjinnov-2020-000572.
Panattoni, C. T. (2020). Information security compliance in a healthcare setting: A user behavior pilot study.
Pappalardo, S., Niemiec, M., Bozhilova, M., Stoianov, N., Dziech, A., & Stiller, B. (2020). Multi-sector Assessment Framework - a New Approach to Analyse Cybersecurity Challenges and Opportunities. , 1-15. https://doi.org/10.1007/978-3-030-59000-0_1.
Patel, R. (2020). Internet of Things (IoT): Cybersecurity Risks in Healthcare.
Rajamaki, J., Nevmerzhitskaya, J., & Virag, C. (2018). Cybersecurity education and training in Hospitals: Proactive Resilience Educational Framework (Prosilience EF). 2018 IEEE Global Engineering Education Conference (EDUCON). https://doi.org/10.1109/educon.2018.8363488
Lu, S., Tang, X., Zhu, Y., & She, J. (2021). A cloud-edge collaborative Intelligent Fault Diagnosis Method based on LSTM-vae hybrid model. 2021 8th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2021 7th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). https://doi.org/10.1109/cscloud-edgecom52276.2021.00045
Singh, A., Kumar, A., Akhtar, Z., & Khan, M. (2023). Guest Editorial: Cybersecurity Intelligence in the Healthcare System. IEEE Transactions on Industrial Informatics, 19, 809-812. https://doi.org/10.1109/TII.2022.3202828.
Smith, J. (2021). Telemedicine Adoption and Its Implications for Healthcare Cybersecurity: A Case Study. Journal of Telehealth and e-Health, 27(5), 378-385.
Tetteh, B. M. (2019). Does HIPAA Provide Enough Protection for Healthcare in the Age of Ransomware and Current Cybersecurity Threats.
The Office of Civil Right (2022); Fall 2022 OCR Cybersecurity Newsletter. HIPAA Security Rule Security Incident Procedures. Health and Human services. https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-october-2022/index.html
Wang, S., Ko, R. K., Bai, G., Dong, N., Choi, T., & Zhang, Y. (2023). Evasion Attack and Defense On Machine Learning Models in Cyber-Physical Systems: A Survey. IEEE Communications Surveys & Tutorials. https://doi.org/1 0.1109/COMST.2023.3344808
Wasserman, L., & Wasserman, Y. (2022). Hospital cybersecurity risks and gaps: Review (for the non-cyber professional). Frontiers in Digital Health, 4, 862221. https://doi.org/10.3389/fdgth.2022.862221
Watson, A. (2016). Impact of the Digital Age on Transforming Healthcare, 219-233. https://doi.org/10.1007/978-3-319-20765-0_13.
Yeng, P. K., Yang, B., & Snekkenes, E. A. (2019, December). Framework for healthcare security practice analysis, modeling and incentivization. In 2019 IEEE International Conference on Big Data (Big Data) (pp. 3242-3251). IEEE. https://doi.org/10.1109/BigData47090.2019.9006529
Yeo, L. H. (2023). Unintentional Insider Threat Assessment Framework: Examining the Human Security Indicators in Healthcare Cybersecurity (Doctoral dissertation, Eastern Michigan University).
Yusuf, M. K., Danladi, A. J., Shombot, E. S., Dusserre, G., Odey, V. A., Baba-Ahmed, N. B., Bestak, R., & Lawan, M. I. (2024). The Growing Cybersecurity Crisis in Healthcare: A Call to Action. American Journal of Innovation in Science and Engineering, 3(3), 55–68. https://doi.org/10.54536/ajise.v3i3.3576
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Adam Thawbaan, Gilles Dusserre, Yusuf Muritala Kolade, Yasir Abdulkareem
This work is licensed under a Creative Commons Attribution 4.0 International License.
