Kaede Hasegawa, Niki O'Brien, Mabel Prendergast, Chris Agape Ajah, Ana Luisa Neves, Saira Ghafur
{"title":"Cybersecurity Interventions in Health Care Organizations in Low- and Middle-Income Countries: Scoping Review.","authors":"Kaede Hasegawa, Niki O'Brien, Mabel Prendergast, Chris Agape Ajah, Ana Luisa Neves, Saira Ghafur","doi":"10.2196/47311","DOIUrl":null,"url":null,"abstract":"<p><strong>Background: </strong>Health care organizations globally have seen a significant increase in the frequency of cyberattacks in recent years. Cyberattacks cause massive disruptions to health service delivery and directly impact patient safety through disruption and treatment delays. Given the increasing number of cyberattacks in low- and middle-income countries (LMICs), there is a need to explore the interventions put in place to plan for cyberattacks and develop cyber resilience.</p><p><strong>Objective: </strong>This study aimed to describe cybersecurity interventions, defined as any intervention to improve cybersecurity in a health care organization, including but not limited to organizational strategy(ies); policy(ies); protocol(s), incident plan(s), or assessment process(es); framework(s) or guidelines; and emergency planning, implemented in LMICs to date and to evaluate their impact on the likelihood and impact of attacks. The secondary objective was to describe the main barriers and facilitators for the implementation of such interventions, where reported.</p><p><strong>Methods: </strong>A systematic search of the literature published between January 2017 and July 2024 was performed on Ovid Medline, Embase, Global Health, and Scopus using a combination of controlled terms and free text. A search of the gray literature within the same time parameters was undertaken on the websites of relevant stakeholder organizations to identify possible additional studies that met the inclusion criteria. Findings from included papers were mapped against the dimensions of the Essentials of Cybersecurity in Health Care Organizations (ECHO) framework and presented as a narrative synthesis.</p><p><strong>Results: </strong>We included 20 studies in this review. The sample size of the majority of studies (13/20, 65%) was 1 facility to 5 facilities, and the studies were conducted in 14 countries. Studies were categorized into the thematic dimensions of the ECHO framework, including context; governance; organizational strategy; risk management; awareness, education, and training; and technical capabilities. Few studies (6/20, 30%) discussed cybersecurity intervention(s) as the primary focus of the paper; therefore, information on intervention(s) implemented had to be deduced. There was no attempt to report on the impact and outcomes in all papers except one. Facilitators and barriers identified were grouped and presented across national or regional, organizational, and individual staff levels.</p><p><strong>Conclusions: </strong>This scoping review's findings highlight the limited body of research published on cybersecurity interventions implemented in health care organizations in LMICs and large heterogeneity across existing studies in interventions, research objectives, methods, and outcome measures used. Although complex and challenging, future research should specifically focus on the evaluation of cybersecurity interventions and their impact in order to build a robust evidence base to inform evidence-based policy and practice.</p>","PeriodicalId":16337,"journal":{"name":"Journal of Medical Internet Research","volume":"26 ","pages":"e47311"},"PeriodicalIF":5.8000,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Medical Internet Research","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.2196/47311","RegionNum":2,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"HEALTH CARE SCIENCES & SERVICES","Score":null,"Total":0}
引用次数: 0
Abstract
Background: Health care organizations globally have seen a significant increase in the frequency of cyberattacks in recent years. Cyberattacks cause massive disruptions to health service delivery and directly impact patient safety through disruption and treatment delays. Given the increasing number of cyberattacks in low- and middle-income countries (LMICs), there is a need to explore the interventions put in place to plan for cyberattacks and develop cyber resilience.
Objective: This study aimed to describe cybersecurity interventions, defined as any intervention to improve cybersecurity in a health care organization, including but not limited to organizational strategy(ies); policy(ies); protocol(s), incident plan(s), or assessment process(es); framework(s) or guidelines; and emergency planning, implemented in LMICs to date and to evaluate their impact on the likelihood and impact of attacks. The secondary objective was to describe the main barriers and facilitators for the implementation of such interventions, where reported.
Methods: A systematic search of the literature published between January 2017 and July 2024 was performed on Ovid Medline, Embase, Global Health, and Scopus using a combination of controlled terms and free text. A search of the gray literature within the same time parameters was undertaken on the websites of relevant stakeholder organizations to identify possible additional studies that met the inclusion criteria. Findings from included papers were mapped against the dimensions of the Essentials of Cybersecurity in Health Care Organizations (ECHO) framework and presented as a narrative synthesis.
Results: We included 20 studies in this review. The sample size of the majority of studies (13/20, 65%) was 1 facility to 5 facilities, and the studies were conducted in 14 countries. Studies were categorized into the thematic dimensions of the ECHO framework, including context; governance; organizational strategy; risk management; awareness, education, and training; and technical capabilities. Few studies (6/20, 30%) discussed cybersecurity intervention(s) as the primary focus of the paper; therefore, information on intervention(s) implemented had to be deduced. There was no attempt to report on the impact and outcomes in all papers except one. Facilitators and barriers identified were grouped and presented across national or regional, organizational, and individual staff levels.
Conclusions: This scoping review's findings highlight the limited body of research published on cybersecurity interventions implemented in health care organizations in LMICs and large heterogeneity across existing studies in interventions, research objectives, methods, and outcome measures used. Although complex and challenging, future research should specifically focus on the evaluation of cybersecurity interventions and their impact in order to build a robust evidence base to inform evidence-based policy and practice.
期刊介绍:
The Journal of Medical Internet Research (JMIR) is a highly respected publication in the field of health informatics and health services. With a founding date in 1999, JMIR has been a pioneer in the field for over two decades.
As a leader in the industry, the journal focuses on digital health, data science, health informatics, and emerging technologies for health, medicine, and biomedical research. It is recognized as a top publication in these disciplines, ranking in the first quartile (Q1) by Impact Factor.
Notably, JMIR holds the prestigious position of being ranked #1 on Google Scholar within the "Medical Informatics" discipline.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
