Sociotechnical Cybersecurity Framework for Securing Health Care From Vulnerabilities and Cyberattacks: Scoping Review

Background: The vulnerability of health care systems to cyberattacks and breaches of health information is on the rise worldwide. Considering the increasing rate of reported cyber incidents and the risks they pose to patient safety, privacy, and financial losses, there is a need to examine the way cybersecurity is conceptualized in health care organizations, taking into account technology, processes, and humans. Objective: This study examined the dynamics of the factors of vulnerabilities and cyberattacks in the context of sociotechnical systems theory underlying the relationships among humans, technology, and processes. It developed a conceptual sociotechnical cybersecurity framework for preventing vulnerabilities and responding to cyberattacks and threats in health care systems. Methods: A scoping review was conducted to search the extant literature in 3 databases—Web of Science, PubMed (MEDLINE), and Scopus. A total of 1375 papers from the period of 2012-2024 were retrieved, 76 of which, in the domain of health care and cybersecurity, were reviewed and analyzed. Original research and review papers were included. Only published English-language papers were included to focus on contemporary issues, challenges, and solutions. Relevant information from the included sources was charted and summarized. The study characteristics were extracted from the included papers, and the evidence was synthesized using thematic analysis. Results: Of the 1375 papers identified, 76 (5.5%) met the inclusion criteria. The results showed that the factors of vulnerabilities to cyberattacks comprise 12 subfactors in health care systems. Concerning technology-related factors of vulnerabilities, most studies described the complex system design and usability (16/76, 21%) and integration of new technology (15/76, 20%) as challenges in health care systems. Concerning human-related factors, most studies described a shortage of skilled professionals and limited budgets as contributing to poor cybersecurity management. The study found that processes involved both technology and humans relative to the unit factors of vulnerabilities to cyberattacks. There was a sociotechnical interplay across the factors of vulnerabilities. The concept of sociotechnical cybersecurity offers a comprehensive and explicit perspective on the sociotechnical underpinning and joint optimization required to advance cybersecurity toward achieving sustainable health care systems. Conclusions: The conceptual framework of sociotechnical cybersecurity provides a contemporary foundation and deep insight for identifying and preventing vulnerabilities and responding to cyberattacks in health care systems. The framework is important due to its suitability, applicability, and customizability for dynamic and complex health care systems. The study also provides compliance standards for applying the proposed conceptual framework to guide health care organizations in cybersecurity practices. The study of cybersecurity through the sociotechnical lens in the health care domain is limited. Further studies are needed on cybersecurity incident management. Health care organizations should leverage the strength of cybersecurity through the implementation of risk assessment and incident response plans.