ABSTRACT
Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function “Protect,” meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.
Author contributions
Conceptualization, S.A. and A.V.L.; methodology, A.V.L. and S.A.; writing—original draft preparation, S.A.; writing—review and editing, A.V.L. and G.P.; supervision, A.V.L. and G.P. The authors have read and agreed to the published version of the manuscript.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Data availability statement
The underlying data for the Systematic Literature Review are available at the following location: https://data.mendeley.com/datasets/w69674f3hy/draft?a=3b61f725-8414-4ee5-be87-8fcfce45a830
Notes
1 New to Framework | NIST
2 ISO 27001: The 14 Control Sets of Annex A Explained (itgovernance.co.uk).
3 Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (nist.gov).