Table 4.
Crucial health sector security solutions.
| Solution | Reference | |
| Apply endpoint device management tools | ||
|
|
Apply perimeter-based defense (antivirus, firewalls) for protection against cyberattacks | Reagin and Gentry [26] |
|
|
Restrict the technologies and devices used by health staff to remain compliant with security regulations such as HIPAAa during pandemics | Hoffman [20] |
|
|
Adapt the NISTb approach to manage security IoTc medical devices | Kelly et al [50] |
| Secure the remote work environment | ||
|
|
Apply multifactor authentication | Argaw et al [10] |
|
|
Apply a chaotic map–based authenticated security framework for remote point of care | Deebak et al [51] |
|
|
Apply remote access monitoring such as the NHSd attack surface reduction rules | Zorz [52] |
|
|
Apply perimeter security solution such as NHS Secure Boundary to enable secure access | NHS Digital [53] |
|
|
The health care sector needs to ensure data protection mechanisms for securing system access and transmitting data | Rezaeibagha et al [54] |
| Raise security awareness | ||
|
|
Apply a holistic, integrated approach to improve staff awareness, competence, and mitigation of threats | Pullin [45], Sedlack [55] |
|
|
Implement cybersecurity training programs and cybersecurity awareness campaigns | Gordon et al [56] |
|
|
Apply the NCSC’se Board Toolkit to raise board-level security awareness | NHS Digital [57] |
|
|
Provide comprehensive employee training and education to enable the identification and assessment of risks | Alzahrani [58] |
|
|
Implement a positive organizational climate to influence people’s behavior | Kessler et al [59] |
| Ensure business continuity | ||
|
|
Apply a self-assessment tool such as the NHS Data Security and Protection Toolkit | NHS Digital [60] |
|
|
Embrace cybersecurity and a develop strong culture of cyber vigilance | Dameff et al [61] |
|
|
Ensure business continuity through data backups, intrusion detection, and prevention systems | Rezaeibagha et al [54] |
|
|
Apply a systematic risk assessment of the impacts on health care business operations | Kim et al [22] |
|
|
Consider cybersecurity insurance in health care | Kabir et al [62] |
| Apply technical controls | ||
|
|
Apply network segmentation to isolate network traffic | Hakak et al [1] |
|
|
Apply general technical controls including encryption, authentication, and authorization | Yaseen et al [63] |
|
|
Apply homomorphic encryption that ensures strong security and privacy guarantees while enabling analysis of encrypted data and sensitive medical information | Raisaro et al [64] |
|
|
Apply blockchain to facilitate health care interoperability | Narikimilli et al [65] |
|
|
Apply cryptographic security to address data sharing and storage of patient information across network systems | Pussewalage and Oleshchuk [66] |
| Policies and legislations | ||
|
|
Laws and regulations can help to combat the issues of medical cyber-physical systems | Raisaro et al [64] |
|
|
Security instructions and control designs should be tailored | Wang and Jones [67] |
|
|
Regulatory changes or manufacturers should become more security-minded in the medical device design phase | Department of Health and Social Care, UK Government [68] |
|
|
Policymakers may need to alter policies to allow new technological innovations to be applied to health care | Bhuyan et al [69] |
|
|
The US Congress passed the 21st Century Cures Act to promote patient control over their own health information while protecting privacy and cybersecurity | Hoffman [20] |
| Incident reporting and cyber threat intelligence support | ||
|
|
NHS Digital issued two high-severity CareCERT alerts (BlueKeep and DejaBlue) and developed a high-severity alert process handbook to facilitate incident reporting and sharing | Department of Health and Social Care, UK Government [68] |
|
|
Apply an evidence-based approach, such as the generic security template, for incident reporting and exchange | He and Johnson [70], He and Johnson [71] |
|
|
Establish an international workforce to facilitate cyber threat reporting and exchange to combat pandemic-themed cyber threats | Hakak et al [1] |
| Cybersecurity guidance specific to COVID-19 | ||
|
|
The NHS has added guidance on working from home securely in the context of COVID-19 | NHS Digital [72] |
|
|
The United Kingdom’s Information Commissioner’s Office created an information hub to assist individuals and organizations to manage data protection during the COVID-19 pandemic | Information Commissioner’s Office [73] |
aHIPAA: Health Insurance Portability and Accountability Act.
bNIST: National Institute of Standards and Technology.
cIoT: internet of things.
dNHS: National Health Service.
eNCSC: National Cyber Security Centre.