{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,4]],"date-time":"2026-07-04T11:04:50Z","timestamp":1783163090022,"version":"3.54.6"},"reference-count":70,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,10,4]],"date-time":"2023-10-04T00:00:00Z","timestamp":1696377600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,10,4]],"date-time":"2023-10-04T00:00:00Z","timestamp":1696377600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","award":["PID2021-122554OB-C32"],"award-info":[{"award-number":["PID2021-122554OB-C32"]}],"id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","award":["RTI2018-098309-BC33"],"award-info":[{"award-number":["RTI2018-098309-BC33"]}],"id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","award":["TIN2017-90689-REDT"],"award-info":[{"award-number":["TIN2017-90689-REDT"]}],"id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004687","name":"Universidad de Murcia","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100004687","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Med Biol Eng Comput"],"published-print":{"date-parts":[[2024,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The integration of IoT in healthcare has introduced vulnerabilities in medical devices and software, posing risks to patient safety and system integrity. This study aims to bridge the research gap and provide valuable insights for addressing healthcare vulnerabilities and their mitigation mechanisms. Software vulnerabilities related to health systems from 2001 to 2022 were collected from the National Vulnerability Database (NVD) systematized by software developed by the researchers and assessed by a medical specialist for their impact on patient well-being. The analysis revealed electronic health records, wireless infusion pumps, endoscope cameras, and radiology information systems as the most vulnerable. In addition, critical vulnerabilities were identified, including poor credential management and hard-coded credentials. The investigation provides some insights into the consequences of vulnerabilities in health software products, projecting future security issues by 2025, offers mitigation suggestions, and highlights trends in attacks on life support and health systems are also provided. The healthcare industry needs significant improvements in protecting medical devices from cyberattacks. Securing communication channels and network schema and adopting secure software practices is necessary. In addition, collaboration, regulatory adherence, and continuous security monitoring are crucial. Industries, researchers, and stakeholders can utilize these findings to enhance security and safeguard patient safety.<\/jats:p>\n                <jats:p><jats:bold>Graphical abstract<\/jats:bold><\/jats:p>","DOI":"10.1007\/s11517-023-02912-0","type":"journal-article","created":{"date-parts":[[2023,10,4]],"date-time":"2023-10-04T00:02:05Z","timestamp":1696377725000},"page":"257-273","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":58,"title":["Security vulnerabilities in healthcare: an analysis of medical devices and software"],"prefix":"10.1007","volume":"62","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7387-6175","authenticated-orcid":false,"given":"Carlos M.","family":"Mej\u00eda-Granda","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0176-450X","authenticated-orcid":false,"given":"Jos\u00e9 L.","family":"Fern\u00e1ndez-Alem\u00e1n","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3320-622X","authenticated-orcid":false,"given":"Juan M.","family":"Carrillo-de-Gea","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9526-8565","authenticated-orcid":false,"given":"Jos\u00e9 A.","family":"Garc\u00eda-Bern\u00e1","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2023,10,4]]},"reference":[{"key":"2912_CR1","unstructured":"Statista (2020) Number of connected devices worldwide 2030 | Statista. Statista Research Department. https:\/\/www.statista.com\/statistics\/802690\/worldwide-connected-devices-by-access-technology\/ (accessed Aug. 09, 2021)."},{"issue":"4","key":"2912_CR2","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1109\/MCOM.2018.1700706","volume":"56","author":"F Xiao","year":"2018","unstructured":"Xiao F, Miao Q, Xie X, Sun L, Wang R (2018) Indoor anti-collision alarm system based on wearable Internet of Things for smart healthcare. IEEE Commun Mag 56(4):53\u201359. https:\/\/doi.org\/10.1109\/MCOM.2018.1700706","journal-title":"IEEE Commun Mag"},{"key":"2912_CR3","unstructured":"\u201cBrowse cve vulnerabilities by date.\u201d https:\/\/www.cvedetails.com\/browse-by-date.php (accessed Mar. 20, 2020)"},{"key":"2912_CR4","doi-asserted-by":"publisher","unstructured":"Shamal PK, Rahamathulla K, Akbar A (2018) A study on software vulnerability prediction model, in Proceedings of the 2017 International Conference on Wireless Communications, Signal Processing and Networking, WiSPNET 2017, Institute of Electrical and Electronics Engineers Inc 703\u2013706. https:\/\/doi.org\/10.1109\/WiSPNET.2017.8299852","DOI":"10.1109\/WiSPNET.2017.8299852"},{"issue":"2","key":"2912_CR5","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1016\/j.aci.2017.12.002","volume":"15","author":"J Ruohonen","year":"2019","unstructured":"Ruohonen J (2019) A look at the time delays in CVSS vulnerability scoring. Appl Comput Informa 15(2):129\u2013135. https:\/\/doi.org\/10.1016\/j.aci.2017.12.002","journal-title":"Appl Comput Informa"},{"key":"2912_CR6","doi-asserted-by":"publisher","unstructured":"Iannone E, Guadagni R, Ferrucci F, De Lucia A, Palomba F (2022) The secret life of software vulnerabilities: a large-scale empirical study. IEEE Trans Software Eng 1. https:\/\/doi.org\/10.1109\/TSE.2022.3140868","DOI":"10.1109\/TSE.2022.3140868"},{"key":"2912_CR7","doi-asserted-by":"publisher","unstructured":"Beavers J, Pournouri S (2018) Recent cyber attacks and vulnerabilities in medical devices and healthcare institutions BT - blockchain and clinical trial: securing patient data,\u201d H. Jahankhani, S. Kendzierskyj, A. Jamal, G. Epiphaniou, and H. Al-Khateeb, Eds., Cham: Springer International Publishing 249\u2013267. https:\/\/doi.org\/10.1007\/978-3-030-11289-9_11","DOI":"10.1007\/978-3-030-11289-9_11"},{"key":"2912_CR8","doi-asserted-by":"crossref","unstructured":"\u201cCost of a data breach report 2021 | IBM.\u201d https:\/\/www.ibm.com\/security\/data-breach (accessed Aug. 09, 2021)","DOI":"10.1016\/S1361-3723(21)00082-8"},{"issue":"10","key":"2912_CR9","doi-asserted-by":"publisher","first-page":"1825","DOI":"10.1109\/JPROC.2020.2993293","volume":"108","author":"G Lin","year":"2020","unstructured":"Lin G, Wen S, Han Q-L, Zhang J, Xiang Y (2020) Software vulnerability detection using deep neural networks: a survey. Proc IEEE 108(10):1825\u20131848. https:\/\/doi.org\/10.1109\/JPROC.2020.2993293","journal-title":"Proc IEEE"},{"issue":"7","key":"2912_CR10","doi-asserted-by":"publisher","first-page":"3289","DOI":"10.1109\/TII.2018.2821768","volume":"14","author":"G Lin","year":"2018","unstructured":"Lin G et al (2018) Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans Industr Inform 14(7):3289\u20133297. https:\/\/doi.org\/10.1109\/TII.2018.2821768","journal-title":"IEEE Trans Industr Inform"},{"key":"2912_CR11","doi-asserted-by":"publisher","first-page":"121858","DOI":"10.1109\/ACCESS.2020.3006361","volume":"8","author":"X Zhang","year":"2020","unstructured":"Zhang X, Xie H, Yang H, Shao H, Zhu M (2020) A general framework to understand vulnerabilities in information systems. IEEE Access 8:121858\u2013121873. https:\/\/doi.org\/10.1109\/ACCESS.2020.3006361","journal-title":"IEEE Access"},{"key":"2912_CR12","doi-asserted-by":"publisher","first-page":"678","DOI":"10.1109\/ACCESS.2015.2437951","volume":"3","author":"SMR Islam","year":"2015","unstructured":"Islam SMR, Kwak D, Kabir MH, Hossain M, Kwak K-S (2015) The Internet of Things for health care: a comprehensive survey. IEEE Access 3:678\u2013708. https:\/\/doi.org\/10.1109\/ACCESS.2015.2437951","journal-title":"IEEE Access"},{"key":"2912_CR13","doi-asserted-by":"publisher","unstructured":"Phua J et al. (2020) Intensive care management of coronavirus disease 2019 (COVID-19): challenges and recommendations. The Lancet Respiratory Medicine (8):5. Lancet Publishing Group 506\u2013517. https:\/\/doi.org\/10.1016\/S2213-2600(20)30161-2","DOI":"10.1016\/S2213-2600(20)30161-2"},{"issue":"10","key":"2912_CR14","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1145\/2890488","volume":"59","author":"AJ Burns","year":"2016","unstructured":"Burns AJ, Johnson ME, Honeyman P (2016) A brief chronology of medical device security. Commun ACM 59(10):66\u201372. https:\/\/doi.org\/10.1145\/2890488","journal-title":"Commun ACM"},{"key":"2912_CR15","doi-asserted-by":"publisher","unstructured":"Goodman M (2011) Who does the autopsy? Criminal implications of implantable medical devices. USENIX Association 4. https:\/\/doi.org\/10.5555\/2028026.2028030","DOI":"10.5555\/2028026.2028030"},{"key":"2912_CR16","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.maturitas.2018.04.008","volume":"113","author":"L Coventry","year":"2018","unstructured":"Coventry L, Branley D (2018) Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas 113:48\u201352. https:\/\/doi.org\/10.1016\/j.maturitas.2018.04.008","journal-title":"Maturitas"},{"key":"2912_CR17","doi-asserted-by":"publisher","first-page":"106488","DOI":"10.1016\/j.infsof.2020.106488","volume":"131","author":"K Rindell","year":"2021","unstructured":"Rindell K, Ruohonen J, Holvitie J, Hyrynsalmi S, Lepp\u00e4nen V (2021) \u201cSecurity in agile software development: a practitioner survey. Inf Softw Technol 131:106488. https:\/\/doi.org\/10.1016\/j.infsof.2020.106488","journal-title":"Inf Softw Technol"},{"key":"2912_CR18","doi-asserted-by":"publisher","unstructured":"Tung Y, Lo S, Shih J, Lin H (2016) An integrated security testing framework for Secure Software Development Life Cycle,\u201d in 2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS) 1\u20134. https:\/\/doi.org\/10.1109\/APNOMS.2016.7737238","DOI":"10.1109\/APNOMS.2016.7737238"},{"key":"2912_CR19","doi-asserted-by":"publisher","unstructured":"Serhane A, Raad M, Raad R, Susilo W (2018) PLC code-level vulnerabilities. In 2018 International Conference on Computer and Applications, ICCA 2018, Institute of Electrical and Electronics Engineers Inc. 348\u2013352. https:\/\/doi.org\/10.1109\/COMAPP.2018.8460287","DOI":"10.1109\/COMAPP.2018.8460287"},{"issue":"1","key":"2912_CR20","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/s10278-016-9913-x","volume":"30","author":"SG Langer","year":"2017","unstructured":"Langer SG (2017) Cyber-security issues in healthcare information technology. J Digit Imaging 30(1):117\u2013125. https:\/\/doi.org\/10.1007\/s10278-016-9913-x","journal-title":"J Digit Imaging"},{"key":"2912_CR21","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1016\/j.procs.2020.10.087","volume":"177","author":"H Poston","year":"2020","unstructured":"Poston H (2020) Mapping the OWASP Top Ten to Blockchain. Procedia Comput Sci 177:613\u2013617. https:\/\/doi.org\/10.1016\/j.procs.2020.10.087","journal-title":"Procedia Comput Sci"},{"key":"2912_CR22","doi-asserted-by":"publisher","unstructured":"Li H, Xi R, Zhao L (2015) Study on the distribution of CVSS environmental score. In 2015 IEEE 5th International Conference on Electronics Information and Emergency Communication 122\u2013125. https:\/\/doi.org\/10.1109\/ICEIEC.2015.7284502","DOI":"10.1109\/ICEIEC.2015.7284502"},{"key":"2912_CR23","doi-asserted-by":"publisher","first-page":"953","DOI":"10.1016\/j.procs.2021.04.018","volume":"184","author":"BS Meyers","year":"2021","unstructured":"Meyers BS, Meneely A (2021) An automated post-mortem analysis of vulnerability relationships using natural language word embeddings. Procedia Comput Sci 184:953\u2013958. https:\/\/doi.org\/10.1016\/j.procs.2021.04.018","journal-title":"Procedia Comput Sci"},{"issue":"6","key":"2912_CR24","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1109\/MSP.2006.145","volume":"4","author":"S Mell","year":"2006","unstructured":"Mell S (2006) Peter and Scarfone, Karen and Romanosky, \u201cCommon vulnerability scoring system SIG.\u201d IEEE Secur Priv 4(6):85\u201389. https:\/\/doi.org\/10.1109\/MSP.2006.145","journal-title":"IEEE Secur Priv"},{"issue":"9","key":"2912_CR25","doi-asserted-by":"publisher","first-page":"1622","DOI":"10.1016\/j.jss.2009.08.023","volume":"83","author":"SH Houmb","year":"2010","unstructured":"Houmb SH, Franqueira VNL, Engum EA (2010) Quantifying security risk level from CVSS estimates of frequency and impact. J Syst Softw 83(9):1622\u20131634. https:\/\/doi.org\/10.1016\/j.jss.2009.08.023","journal-title":"J Syst Softw"},{"key":"2912_CR26","doi-asserted-by":"crossref","unstructured":"Nowak M, Walkowski M, Sujecki S (2021) Machine learning algorithms for conversion of CVSS base score from 2.0 to 3.x BT - computational science \u2013 ICCS 2021,\u201d M. Paszynski, D. Kranzlm\u00fcller, V. V Krzhizhanovskaya, J. J. Dongarra, and P. M. A. Sloot, Eds., Cham: Springer International Publishing. 255\u2013269","DOI":"10.1007\/978-3-030-77967-2_21"},{"issue":"3","key":"2912_CR27","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1109\/MSP.2009.69","volume":"7","author":"M Howard","year":"2009","unstructured":"Howard M (2009) Improving software security by eliminating the CWE top 25 vulnerabilities. IEEE Secur Priv 7(3):68\u201371. https:\/\/doi.org\/10.1109\/MSP.2009.69","journal-title":"IEEE Secur Priv"},{"key":"2912_CR28","doi-asserted-by":"publisher","unstructured":"Hasan R, Zawoad S, Noor S, Haque MM, Burke D (2016) How secure is the healthcare network from insider attacks? An audit guideline for vulnerability analysis, In Proceedings - International Computer Software and Applications Conference, IEEE Computer Society 417\u2013422. https:\/\/doi.org\/10.1109\/COMPSAC.2016.129","DOI":"10.1109\/COMPSAC.2016.129"},{"key":"2912_CR29","doi-asserted-by":"publisher","unstructured":"Abouzakhar NS, Jones A, Angelopoulou O (2018) Internet of Things security: a review of risks and threats to healthcare sector, In Proceedings - 2017 IEEE International Conference on Internet of Things, IEEE Green Computing and Communications, IEEE Cyber, Physical and Social Computing, IEEE Smart Data, iThings-GreenCom-CPSCom-SmartData 2017, Institute of Electrical and Electronics Engineers Inc., 373\u2013378. https:\/\/doi.org\/10.1109\/iThings-GreenCom-CPSCom-SmartData.2017.62","DOI":"10.1109\/iThings-GreenCom-CPSCom-SmartData.2017.62"},{"key":"2912_CR30","doi-asserted-by":"publisher","unstructured":"Farhadi M, Haddad H, Shahriar H (2018) Static analysis of HIPPA security requirements in electronic health record applications. In Proceedings - International Computer Software and Applications Conference, IEEE Computer Society 474\u2013479. https:\/\/doi.org\/10.1109\/COMPSAC.2018.10279","DOI":"10.1109\/COMPSAC.2018.10279"},{"key":"2912_CR31","doi-asserted-by":"publisher","unstructured":"Martinez JB (2018) Medical device security in the IoT age, In 2018 9th IEEE Annual Ubiquitous Computing, Electronics and Mobile Communication Conference, UEMCON 2018, Institute of Electrical and Electronics Engineers Inc. 128\u2013134. https:\/\/doi.org\/10.1109\/UEMCON.2018.8796531","DOI":"10.1109\/UEMCON.2018.8796531"},{"key":"2912_CR32","doi-asserted-by":"publisher","unstructured":"McGee Z, Acharya S (2019) Security analysis of OpenEMR, In Proceedings - 2019 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2019, Institute of Electrical and Electronics Engineers Inc. 2655\u20132660. https:\/\/doi.org\/10.1109\/BIBM47256.2019.8983178","DOI":"10.1109\/BIBM47256.2019.8983178"},{"key":"2912_CR33","doi-asserted-by":"publisher","first-page":"10933","DOI":"10.1109\/ACCESS.2020.2964988","volume":"8","author":"G Marquez","year":"2020","unstructured":"Marquez G, Astudillo H, Taramasco C (2020) Security in telehealth systems from a software engineering viewpoint: a systematic mapping study. IEEE Access 8:10933\u201310950. https:\/\/doi.org\/10.1109\/ACCESS.2020.2964988","journal-title":"IEEE Access"},{"key":"2912_CR34","doi-asserted-by":"publisher","first-page":"84352","DOI":"10.1109\/ACCESS.2020.2984376","volume":"8","author":"T Tervoort","year":"2020","unstructured":"Tervoort T, De Oliveira MT, Pieters W, Van Gelder P, Olabarriaga SD, Marquering H (2020) Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: a scoping review. IEEE Access 8:84352\u201384361. https:\/\/doi.org\/10.1109\/ACCESS.2020.2984376","journal-title":"IEEE Access"},{"issue":"2","key":"2912_CR35","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1007\/s10664-022-10276-6","volume":"28","author":"K Napier","year":"2023","unstructured":"Napier K, Bhowmik T, Wang S (2023) An empirical study of text-based machine learning models for vulnerability detection. Empir Softw Eng 28(2):38. https:\/\/doi.org\/10.1007\/s10664-022-10276-6","journal-title":"Empir Softw Eng"},{"key":"2912_CR36","doi-asserted-by":"publisher","first-page":"119734","DOI":"10.1016\/j.eswa.2023.119734","volume":"221","author":"S Hore","year":"2023","unstructured":"Hore S, Shah A, Bastian ND (2023) Deep VULMAN: a deep reinforcement learning-enabled cyber vulnerability management framework\u201d. Expert Syst Appl 221:119734. https:\/\/doi.org\/10.1016\/j.eswa.2023.119734","journal-title":"Expert Syst Appl"},{"key":"2912_CR37","doi-asserted-by":"publisher","first-page":"109358","DOI":"10.1016\/j.comnet.2022.109358","volume":"217","author":"K Ramezanpour","year":"2022","unstructured":"Ramezanpour K, Jagannath J (2022) Intelligent zero trust architecture for 5G\/6G networks: principles, challenges, and the role of machine learning in the context of O-RAN\u201d. Computer Networks 217:109358. https:\/\/doi.org\/10.1016\/j.comnet.2022.109358","journal-title":"Computer Networks"},{"key":"2912_CR38","unstructured":"\u201cNVD - vulnerability metrics.\u201d https:\/\/nvd.nist.gov\/vuln-metrics\/cvss (accessed Jul. 11, 2020)"},{"issue":"2","key":"2912_CR39","doi-asserted-by":"publisher","first-page":"270","DOI":"10.26599\/TST.2019.9010003","volume":"25","author":"MC S\u00e1nchez","year":"2020","unstructured":"S\u00e1nchez MC, De Gea JMC, Fern\u00e1ndez-Alem\u00e1n JL, Garcer\u00e1n J, Toval A (2020) Software vulnerabilities overview: a descriptive study. Tsinghua Sci Technol 25(2):270\u2013280. https:\/\/doi.org\/10.26599\/TST.2019.9010003","journal-title":"Tsinghua Sci Technol"},{"issue":"4","key":"2912_CR40","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1002\/SD.1927","volume":"27","author":"JA Garc\u00eda-Bern\u00e1","year":"2019","unstructured":"Garc\u00eda-Bern\u00e1 JA et al (2019) Green IT and sustainable technology development: Bibliometric overview. Sustain Dev 27(4):613\u2013636. https:\/\/doi.org\/10.1002\/SD.1927","journal-title":"Sustain Dev"},{"key":"2912_CR41","unstructured":"\u201cKruskal-Wallis H Test in SPSS Statistics | Procedure, output and interpretation of the output using a relevant example.\u201d https:\/\/statistics.laerd.com\/spss-tutorials\/kruskal-wallis-h-test-using-spss-statistics.php (accessed Jun. 01, 2022)"},{"key":"2912_CR42","doi-asserted-by":"publisher","unstructured":"Kruse CS, Smith B, Vanderlinden H, Nealand A (2017) Security techniques for the electronic health records. J Med Syst 41(8). https:\/\/doi.org\/10.1007\/S10916-017-0778-4","DOI":"10.1007\/S10916-017-0778-4"},{"key":"2912_CR43","doi-asserted-by":"publisher","unstructured":"O'Brien G et al (2018) Securing electronic health records on mobile devices. Nist Special Publication 1800\u20131801. https:\/\/doi.org\/10.6028\/NIST.SP.1800-1","DOI":"10.6028\/NIST.SP.1800-1"},{"key":"2912_CR44","doi-asserted-by":"publisher","unstructured":"Rajendraprasad P, Butakov S, Jaafar F (2018) Information security considerations for wireless infusion pumps,\u00a0Proceedings - 2018 IEEE 18th International Conference on Software Quality, Reliability, and Security Companion, QRS-C 2018 438\u2013442. https:\/\/doi.org\/10.1109\/QRS-C.2018.00081","DOI":"10.1109\/QRS-C.2018.00081"},{"key":"2912_CR45","doi-asserted-by":"publisher","unstructured":"O'Brien G, Edwards S, Littlefield K, McNab N, Wang S, Zheng K (2018) Securing wireless infusion pumps in healthcare delivery organizations. https:\/\/doi.org\/10.6028\/NIST.SP.1800-8","DOI":"10.6028\/NIST.SP.1800-8"},{"issue":"2","key":"2912_CR46","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1136\/JAMIA.1996.96236282","volume":"3","author":"RC Barrows","year":"1996","unstructured":"Barrows RC, Clayton PD (1996) Privacy, confidentiality, and electronic medical records. J Am Med Inform Assoc 3(2):139\u2013148. https:\/\/doi.org\/10.1136\/JAMIA.1996.96236282","journal-title":"J Am Med Inform Assoc"},{"key":"2912_CR47","unstructured":"\u201cUse of hard-coded password | OWASP Foundation.\u201d https:\/\/owasp.org\/www-community\/vulnerabilities\/Use_of_hard-coded_password (accessed Jun. 09, 2022)"},{"issue":"4","key":"2912_CR48","doi-asserted-by":"publisher","first-page":"3723","DOI":"10.1109\/COMST.2019.2914094","volume":"21","author":"T Yaqoob","year":"2019","unstructured":"Yaqoob T, Abbas H, Atiquzzaman M (2019) Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices\u2014a review. IEEE Commun Surv Tutorials 21(4):3723\u20133768. https:\/\/doi.org\/10.1109\/COMST.2019.2914094","journal-title":"IEEE Commun Surv Tutorials"},{"issue":"5","key":"2912_CR49","doi-asserted-by":"publisher","first-page":"420","DOI":"10.1001\/jama.2021.11171","volume":"326","author":"JJ Darrow","year":"2021","unstructured":"Darrow JJ, Avorn J, Kesselheim AS (2021) FDA regulation and approval of medical devices: 1976\u20132020. JAMA 326(5):420\u2013432. https:\/\/doi.org\/10.1001\/jama.2021.11171","journal-title":"JAMA"},{"issue":"1","key":"2912_CR50","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3233\/THC-151102","volume":"24","author":"R Luna","year":"2016","unstructured":"Luna R, Rhine E, Myhra M, Sullivan R, Kruse CS (2016) Cyber threats to health information systems: a systematic review. Technol Health Care 24(1):1\u20139. https:\/\/doi.org\/10.3233\/THC-151102","journal-title":"Technol Health Care"},{"key":"2912_CR51","unstructured":"Humer FJC (n.d) Your medical record is worth more to hackers than your credit card | Reuters.\u201d https:\/\/www.reuters.com\/article\/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924 (accessed Nov. 10, 2022)"},{"issue":"3","key":"2912_CR52","doi-asserted-by":"publisher","first-page":"A17","DOI":"10.1016\/j.annemergmed.2017.07.008","volume":"70","author":"WB Millard","year":"2017","unstructured":"Millard WB (2017) Where bits and bytes meet flesh and blood. Ann Emerg Med 70(3):A17\u2013A21. https:\/\/doi.org\/10.1016\/j.annemergmed.2017.07.008","journal-title":"Ann Emerg Med"},{"key":"2912_CR53","unstructured":"\u201cKenna Security @ 10: a decade of insights | Kenna security research.\u201d https:\/\/www.kennaresearch.com\/a-decade-of-insights\/ (accessed Dec. 15, 2022)"},{"issue":"3","key":"2912_CR54","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1177\/146642409911900309","volume":"119","author":"MC Azubuike","year":"1999","unstructured":"Azubuike MC, Ehiri JE (1999) Health information systems in developing countries: benefits, problems, and prospects. J R Soc Promot Health 119(3):180\u2013184. https:\/\/doi.org\/10.1177\/146642409911900309","journal-title":"J R Soc Promot Health"},{"issue":"7157","key":"2912_CR55","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1136\/bmj.317.7157.531","volume":"317","author":"P Garner","year":"1998","unstructured":"Garner P, Kale R, Dickson R, Dans T, Salinas R (1998) Getting research findings into practice: implementing research findings in developing countries. BMJ 317(7157):531\u2013535. https:\/\/doi.org\/10.1136\/bmj.317.7157.531","journal-title":"BMJ"},{"issue":"3","key":"2912_CR56","doi-asserted-by":"publisher","first-page":"213","DOI":"10.5455\/msm.2013.25.213-215","volume":"25","author":"S Ajami","year":"2013","unstructured":"Ajami S, Arab-Chadegani R (2013) Barriers to implement Electronic Health Records (EHRs). Mater Sociomed 25(3):213\u2013215. https:\/\/doi.org\/10.5455\/msm.2013.25.213-215","journal-title":"Mater Sociomed"},{"issue":"4","key":"2912_CR57","first-page":"38","volume":"41","author":"P Drury","year":"2005","unstructured":"Drury P (2005) The eHealth agenda for developing countries. World Hosp Health Serv 41(4):38\u201340","journal-title":"World Hosp Health Serv"},{"issue":"9490","key":"2912_CR58","doi-asserted-by":"publisher","first-page":"1026","DOI":"10.1016\/S0140-6736(05)67028-6","volume":"366","author":"AK Rowe","year":"2005","unstructured":"Rowe AK, de Savigny D, Lanata CF, Victora CG (2005) How can we achieve and maintain high-quality performance of health workers in low-resource settings? Lancet 366(9490):1026\u20131035. https:\/\/doi.org\/10.1016\/S0140-6736(05)67028-6","journal-title":"Lancet"},{"issue":"16","key":"2912_CR59","doi-asserted-by":"publisher","first-page":"1853","DOI":"10.1001\/jama.298.16.1853","volume":"298","author":"BM Kuehn","year":"2007","unstructured":"Kuehn BM (2007) Global shortage of health workers, brain drain stress developing countries. JAMA 298(16):1853\u20131855. https:\/\/doi.org\/10.1001\/jama.298.16.1853. (United States)","journal-title":"JAMA"},{"issue":"1","key":"2912_CR60","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.healthpol.2008.08.005","volume":"90","author":"S Siddiqi","year":"2009","unstructured":"Siddiqi S et al (2009) Framework for assessing governance of the health system in developing countries: gateway to good governance. Health Policy 90(1):13\u201325. https:\/\/doi.org\/10.1016\/j.healthpol.2008.08.005","journal-title":"Health Policy"},{"issue":"1","key":"2912_CR61","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1186\/s12911-020-01161-7","volume":"20","author":"ST Argaw","year":"2020","unstructured":"Argaw ST et al (2020) Cybersecurity of hospitals: discussing the challenges and working towards mitigating the risks. BMC Med Inform Decis Mak 20(1):146. https:\/\/doi.org\/10.1186\/s12911-020-01161-7","journal-title":"BMC Med Inform Decis Mak"},{"key":"2912_CR62","doi-asserted-by":"publisher","first-page":"454","DOI":"10.1016\/j.wneu.2016.05.010","volume":"92","author":"L Pycroft","year":"2016","unstructured":"Pycroft L et al (2016) Brainjacking: implant security issues in invasive neuromodulation. World Neurosurg 92:454\u2013462. https:\/\/doi.org\/10.1016\/j.wneu.2016.05.010","journal-title":"World Neurosurg"},{"key":"2912_CR63","doi-asserted-by":"publisher","unstructured":"Haber MJ (2020) Privileged account management implementation BT - privileged attack vectors: building effective cyber-defense strategies to protect organizations,\u201d M. J. Haber, Ed., Berkeley, CA: Apress, 335\u2013359. https:\/\/doi.org\/10.1007\/978-1-4842-5914-6_25","DOI":"10.1007\/978-1-4842-5914-6_25"},{"key":"2912_CR64","unstructured":"Oxford: UCSIA ITIL (2017) A guide to change management.  https:\/\/resources.martechseries.com\/mts-whitepapers\/itil-change-management-a-beginners-guide.pdf. Accessed 10 Nov 2022"},{"key":"2912_CR65","unstructured":"FDA, \u201cSoftware as a medical device (SAMD): clinical evaluation guidance for industry and Food and Drug Administration staff,\u201d 2017. https:\/\/resources.martechseries.com\/mts-whitepapers\/itil-change-management-a-beginners-guide.pdf. (accessed Nov. 10, 2022)."},{"key":"2912_CR66","doi-asserted-by":"publisher","first-page":"102995","DOI":"10.1016\/j.cose.2022.102995","volume":"124","author":"R Wang","year":"2023","unstructured":"Wang R et al (2023) Tunter: assessing exploitability of vulnerabilities with taint-guided exploitable states exploration. Comput Secur 124:102995. https:\/\/doi.org\/10.1016\/j.cose.2022.102995","journal-title":"Comput Secur"},{"key":"2912_CR67","doi-asserted-by":"publisher","first-page":"106529","DOI":"10.1016\/j.knosys.2020.106529","volume":"210","author":"J Yin","year":"2020","unstructured":"Yin J, Tang M, Cao J, Wang H (2020) Apply transfer learning to cybersecurity: predicting exploitability of vulnerabilities by description. Knowl Based Syst 210:106529. https:\/\/doi.org\/10.1016\/j.knosys.2020.106529","journal-title":"Knowl Based Syst"},{"issue":"6","key":"2912_CR68","doi-asserted-by":"publisher","first-page":"4150","DOI":"10.1109\/TII.2020.3022182","volume":"17","author":"M Tang","year":"2021","unstructured":"Tang M, Yin J, Alazab M, Cao J, Luo Y (2021) Modeling of extreme vulnerability disclosure in smart city industrial environments. IEEE Trans Industr Inform 17(6):4150\u20134158. https:\/\/doi.org\/10.1109\/TII.2020.3022182","journal-title":"IEEE Trans Industr Inform"},{"issue":"2","key":"2912_CR69","doi-asserted-by":"publisher","first-page":"648","DOI":"10.1002\/qre.2754","volume":"37","author":"N Bhatt","year":"2021","unstructured":"Bhatt N, Anand A, Yadavalli VSS (2021) Exploitability prediction of software vulnerabilities. Qual Reliab Eng Int 37(2):648\u2013663. https:\/\/doi.org\/10.1002\/qre.2754","journal-title":"Qual Reliab Eng Int"},{"key":"2912_CR70","doi-asserted-by":"publisher","unstructured":"Bilge L, Dumitra\\cs T (2012) Before we knew it: an empirical study of zero-day attacks in the real world, In Proceedings of the 2012 ACM Conference on Computer and Communications Security, in CCS '12. New York, NY, USA: Association for Computing Machinery, 833\u2013844. https:\/\/doi.org\/10.1145\/2382196.2382284","DOI":"10.1145\/2382196.2382284"}],"container-title":["Medical &amp; Biological Engineering &amp; Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11517-023-02912-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11517-023-02912-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11517-023-02912-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,2]],"date-time":"2024-01-02T14:23:43Z","timestamp":1704205423000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11517-023-02912-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,4]]},"references-count":70,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1]]}},"alternative-id":["2912"],"URL":"https:\/\/doi.org\/10.1007\/s11517-023-02912-0","relation":{},"ISSN":["0140-0118","1741-0444"],"issn-type":[{"value":"0140-0118","type":"print"},{"value":"1741-0444","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,10,4]]},"assertion":[{"value":"10 January 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 August 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 October 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"This article contains no studies with human participants or animals performed by authors.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics Approval"}},{"value":"The authors declare no competing interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}}]}}