{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T18:34:28Z","timestamp":1778006068407,"version":"3.51.4"},"reference-count":65,"publisher":"SAGE Publications","issue":"4","license":[{"start":{"date-parts":[[2025,12,2]],"date-time":"2025-12-02T00:00:00Z","timestamp":1764633600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"funder":[{"name":"National Science Foundation Office of Advanced Cyberinfrastructure","award":["2319891"],"award-info":[{"award-number":["2319891"]}]}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Hum Factors"],"published-print":{"date-parts":[[2026,4]]},"abstract":"<jats:sec>\n                    <jats:title>Objective<\/jats:title>\n                    <jats:p>This study identifies cybersecurity vulnerabilities and risks in robotic-assisted surgery (RAS) and proposes a cybersecurity framework and an assessment tool for RAS systems.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Background<\/jats:title>\n                    <jats:p>RAS systems are increasingly integrated into networks which raise cybersecurity concerns. These systems can enhance surgical outcomes but are potential cyberattack targets, which can affect clinician care, patient safety, and organizational operations.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Method<\/jats:title>\n                    <jats:p>Surveys and interviews were conducted with stakeholders (clinicians, researchers, cybersecurity professionals, and hospital administrators) to collect perspectives on RAS cybersecurity. Thematic analysis was used to develop an RAS cybersecurity framework. Then, stakeholders contributed to creating an RAS cybersecurity assessment tool using Failure Modes, Effects and Criticality Analysis (FMECA).<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Results<\/jats:title>\n                    <jats:p>\n                      Survey responses (\n                      <jats:italic toggle=\"yes\">n<\/jats:italic>\n                      = 84) revealed that 48.8% of respondents were familiar with RAS cybersecurity. Only 24.6% of clinical respondents were aware of their organization\u2019s cybersecurity policy. Interviews (\n                      <jats:italic toggle=\"yes\">n<\/jats:italic>\n                      = 15) identified vulnerabilities such as inadequate training, limited communication between manufacturers and healthcare systems, and gaps in regulations. Failure modes focused on consequences of cyberattacks on RAS systems, with severity assessments related to patient health and technology reliability\/integrity completed and outcome actions identified.\n                    <\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Conclusion<\/jats:title>\n                    <jats:p>Understanding RAS cybersecurity challenges is still in its infancy. Key vulnerabilities include insufficient training, limited data sharing, and external threats. The framework illustrates the interconnectedness of stakeholders, while the FMECA assessment tool addresses current vulnerabilities in RAS systems.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Application<\/jats:title>\n                    <jats:p>RAS cybersecurity vulnerability and risks should be carefully considered when integrating systems into healthcare organizations, and the RAS cybersecurity assessment tool can be used by stakeholders to systematically identify and analyze potential cybersecurity failure modes.<\/jats:p>\n                  <\/jats:sec>","DOI":"10.1177\/00187208251401735","type":"journal-article","created":{"date-parts":[[2025,12,2]],"date-time":"2025-12-02T22:05:34Z","timestamp":1764713134000},"page":"447-469","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":1,"title":["Cybersecurity Risks and Vulnerabilities in Robotic-Assisted Surgery"],"prefix":"10.1177","volume":"68","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-1306-0972","authenticated-orcid":false,"given":"Patrick","family":"Fuller","sequence":"first","affiliation":[{"name":"University of Wisconsin - Madison"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-0039-2335","authenticated-orcid":false,"given":"Holden","family":"Duffie","sequence":"additional","affiliation":[{"name":"Clemson University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Li","sequence":"additional","affiliation":[{"name":"University of Washington"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alfredo","family":"Carbonell","sequence":"additional","affiliation":[{"name":"Prisma Health Greenville Memorial Hospital"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nicholas","family":"Perkins","sequence":"additional","affiliation":[{"name":"Prisma Health Greenville Memorial Hospital"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8136-2094","authenticated-orcid":false,"given":"Jackie S.","family":"Cha","sequence":"additional","affiliation":[{"name":"University of Wisconsin - Madison"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2025,12,2]]},"reference":[{"key":"e_1_3_4_2_1","volume-title":"Resource allocation and service provisioning in multi-agent cloud robotics: A comprehensive survey","author":"Afrin M.","year":"2021","unstructured":"Afrin M., Jin J., Rahman A., Rahman A., Wan J., Hossain E. (2021). Resource allocation and service provisioning in multi-agent cloud robotics: A comprehensive survey. https:\/\/ieeexplore-ieee-org.libproxy.clemson.edu\/stamp\/stamp.jsp?tp=&arnumber=9360855&tag=1"},{"key":"e_1_3_4_3_1","doi-asserted-by":"publisher","DOI":"10.1111\/bju.12010"},{"key":"e_1_3_4_4_1","volume-title":"Ascension ransomware attack: Initial access vector and data theft confirmed","author":"Alder S.","year":"2024","unstructured":"Alder S. (2024). Ascension ransomware attack: Initial access vector and data theft confirmed. The HIPAA Journal. https:\/\/www.hipaajournal.com\/ascension-cyberattack-2024\/"},{"issue":"5","key":"e_1_3_4_5_1","first-page":"e83614","article-title":"Cybersecurity in healthcare: New threat to patient safety","volume":"17","author":"Aldosari B.","year":"2025","unstructured":"Aldosari B. (2025). Cybersecurity in healthcare: New threat to patient safety. Cureus, 17(5), Article e83614. https:\/\/doi.org\/10.7759\/cureus.83614","journal-title":"Cureus"},{"key":"e_1_3_4_6_1","doi-asserted-by":"publisher","DOI":"10.58496\/MJCS\/2024\/006"},{"key":"e_1_3_4_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2891891"},{"key":"e_1_3_4_8_1","volume-title":"Cybersecurity event update","author":"Ascension","year":"2024","unstructured":"Ascension. (2024). Cybersecurity event update. Ascension. https:\/\/about.ascension.org\/cybersecurity-event"},{"key":"e_1_3_4_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-2155-6"},{"key":"e_1_3_4_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.apergo.2025.104478"},{"key":"e_1_3_4_11_1","doi-asserted-by":"publisher","DOI":"10.1002\/jor.24833"},{"key":"e_1_3_4_12_1","doi-asserted-by":"publisher","DOI":"10.1177\/0018720818783953"},{"key":"e_1_3_4_13_1","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0016395"},{"key":"e_1_3_4_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICARA56516.2023.10126050"},{"key":"e_1_3_4_15_1","doi-asserted-by":"publisher","DOI":"10.1111\/risa.14127"},{"key":"e_1_3_4_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chbr.2022.100167"},{"issue":"1","key":"e_1_3_4_17_1","first-page":"205031211882292","article-title":"Grounded Theory Research: A design framework for novice researchers","volume":"7","author":"Chun Tie Y.","year":"2019","unstructured":"Chun Tie Y., Birks M., Francis K. (2019). Grounded Theory Research: A design framework for novice researchers. Sage Open Medicine, 7(1), Article 205031211882292. https:\/\/doi.org\/10.1177\/2050312118822927","journal-title":"Sage Open Medicine"},{"key":"e_1_3_4_18_1","doi-asserted-by":"publisher","DOI":"10.1177\/08404704231195804"},{"key":"e_1_3_4_19_1","volume-title":"SQL injection attacks and defense","author":"Clarke-Salt J.","year":"2009","unstructured":"Clarke-Salt J. (2009). SQL injection attacks and defense. Elsevier."},{"key":"e_1_3_4_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.maturitas.2018.04.008"},{"issue":"5","key":"e_1_3_4_21_1","first-page":"248","article-title":"Using health care Failure Mode and Effect Analysis: The VA National Center for Patient Safety\u2019s prospective risk analysis system","volume":"28","author":"DeRosier J.","year":"2002","unstructured":"DeRosier J., Stalhandske E., Bagian J. P., Nudell T. (2002). Using health care Failure Mode and Effect Analysis: The VA National Center for Patient Safety\u2019s prospective risk analysis system. Joint Commission Journal on Quality Improvement, 28(5), 248\u2013267. https:\/\/doi.org\/10.1016\/s1070-3241(02)28025-6","journal-title":"Joint Commission Journal on Quality Improvement"},{"issue":"1","key":"e_1_3_4_22_1","first-page":"1","article-title":"A quantitative risk assessment framework for the cybersecurity of networked medical devices","volume":"18","author":"Devender M. V.","year":"2023","unstructured":"Devender M. V., McDonald J. T. (2023). A quantitative risk assessment framework for the cybersecurity of networked medical devices. International Conference on Cyber Warfare and Security, 18(1), 1. https:\/\/doi.org\/10.34190\/iccws.18.1.986","journal-title":"International Conference on Cyber Warfare and Security"},{"key":"e_1_3_4_23_1","volume-title":"Cybersecurity in medical devices: Quality system considerations and content of premarket submissions","author":"FDA","year":"2023","unstructured":"FDA. (2023). Cybersecurity in medical devices: Quality system considerations and content of premarket submissions. https:\/\/www.fda.gov\/regulatory-information\/search-fda-guidance-documents\/cybersecurity-medical-devices-quality-system-considerations-and-content-premarket-submissions"},{"key":"e_1_3_4_24_1","volume-title":"Select updates for the premarket cybersecurity guidance: Section 524B of the FDC act","author":"FDA","year":"2024","unstructured":"FDA. (2024). Select updates for the premarket cybersecurity guidance: Section 524B of the FDC act. https:\/\/www.fda.gov\/regulatory-information\/search-fda-guidance-documents\/select-updates-premarket-cybersecurity-guidance-section-524b-fdc-act"},{"key":"e_1_3_4_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2021.105528"},{"key":"e_1_3_4_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.robot.2019.06.003"},{"key":"e_1_3_4_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.apergo.2024.104403"},{"key":"e_1_3_4_28_1","doi-asserted-by":"publisher","DOI":"10.3390\/healthcare10020327"},{"key":"e_1_3_4_29_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41746-022-00693-8"},{"key":"e_1_3_4_30_1","doi-asserted-by":"crossref","unstructured":"Grandhi S. R. Still J. D. (2025). Deciphering human error: Improving cybersecurity reporting. Proceedings of the Human Factors and Ergonomics Society - Annual Meeting 69(1) Article 10711813251358790. https:\/\/doi.org\/10.1177\/10711813251358790","DOI":"10.1177\/10711813251358790"},{"key":"e_1_3_4_31_1","volume-title":"Seattle cancer center confirms cyberattack after ransomware gang threats","author":"Greig J.","year":"2023","unstructured":"Greig J. (2023). Seattle cancer center confirms cyberattack after ransomware gang threats. https:\/\/therecord.media\/seattle-fred-hutch-cancer-center-ransomware-attack"},{"key":"e_1_3_4_32_1","doi-asserted-by":"publisher","DOI":"10.58471\/esaprom.v3i01.3832"},{"key":"e_1_3_4_33_1","volume-title":"A cyberattack forces a big US health system to divert ambulances and take records offline","author":"Hanna J.","year":"2024","unstructured":"Hanna J., Murphy T., Foody K. (2024). A cyberattack forces a big US health system to divert ambulances and take records offline. AP News. https:\/\/apnews.com\/article\/cyberattack-hospital-system-ambulances-diverted-ascension-728ab2a0e5afaf7c344e46a5ce5ca42c"},{"key":"e_1_3_4_34_1","doi-asserted-by":"publisher","DOI":"10.1503\/cmaj.230436"},{"key":"e_1_3_4_35_1","volume-title":"Healthcare sector DDoS guide","author":"HC3","year":"2024","unstructured":"HC3. (2024). Healthcare sector DDoS guide. https:\/\/www.hhs.gov\/sites\/default\/files\/healthcare-sector-ddos-guide-analyst-tlpclear.pdf"},{"key":"e_1_3_4_36_1","doi-asserted-by":"publisher","DOI":"10.1080\/00140139.2013.838643"},{"key":"e_1_3_4_37_1","doi-asserted-by":"publisher","DOI":"10.1177\/1049732305276687"},{"key":"e_1_3_4_38_1","volume-title":"Verizon 2024 data breach investigations report","author":"Hylender D.","year":"2024","unstructured":"Hylender D., Langlois P., Pinto A., Widup S. (2024). Verizon 2024 data breach investigations report. Verizon. https:\/\/verizon.com\/dbir"},{"key":"e_1_3_4_39_1","doi-asserted-by":"publisher","DOI":"10.2196\/12644"},{"key":"e_1_3_4_40_1","doi-asserted-by":"publisher","DOI":"10.1177\/08404704231194577"},{"key":"e_1_3_4_41_1","doi-asserted-by":"publisher","DOI":"10.1177\/0018720818767683"},{"key":"e_1_3_4_42_1","doi-asserted-by":"publisher","DOI":"10.1080\/00207543.2024.2432463"},{"key":"e_1_3_4_43_1","doi-asserted-by":"publisher","DOI":"10.4135\/9781071878781"},{"key":"e_1_3_4_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/s40747-021-00396-9"},{"key":"e_1_3_4_45_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.egyr.2021.08.126"},{"key":"e_1_3_4_46_1","volume-title":"DNS security: Defending the domain name system","author":"Liska A.","year":"2016","unstructured":"Liska A., Stowe G. (2016). DNS security: Defending the domain name system. Syngress."},{"key":"e_1_3_4_47_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41591-023-02732-7"},{"key":"e_1_3_4_48_1","volume-title":"The basics of FMEA","author":"Mikulak R. J.","year":"2017","unstructured":"Mikulak R. J., McDermott R., Beauregard M. (2017). The basics of FMEA. CRC Press."},{"key":"e_1_3_4_49_1","volume-title":"Change Healthcare cyberattack was due to a lack of multifactor authentication, UnitedHealth CEO says","author":"Murphy T.","year":"2024","unstructured":"Murphy T. (2024). Change Healthcare cyberattack was due to a lack of multifactor authentication, UnitedHealth CEO says. AP News. https:\/\/apnews.com\/article\/change-healthcare-cyberattack-unitedhealth-senate-9e2fff70ce4f93566043210bdd347a1f"},{"issue":"1","key":"e_1_3_4_50_1","first-page":"160940692312057","article-title":"A step-by-step process of thematic analysis to develop a conceptual model in qualitative research","volume":"22","author":"Naeem M.","year":"2023","unstructured":"Naeem M., Ozuem W., Howell K., Ranfagni S. (2023). A step-by-step process of thematic analysis to develop a conceptual model in qualitative research. International Journal of Qualitative Methods, 22(1), Article 16094069231205789. https:\/\/doi.org\/10.1177\/16094069231205789","journal-title":"International Journal of Qualitative Methods"},{"key":"e_1_3_4_51_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-61r3"},{"key":"e_1_3_4_52_1","doi-asserted-by":"publisher","DOI":"10.3390\/s21155119"},{"key":"e_1_3_4_53_1","doi-asserted-by":"publisher","DOI":"10.1177\/20552076221104665"},{"key":"e_1_3_4_54_1","doi-asserted-by":"publisher","DOI":"10.1177\/0003134820943547"},{"key":"e_1_3_4_55_1","volume-title":"HC3 about us [Text]","author":"Office of the Chief Information Officer (OCIO)","year":"2020","unstructured":"Office of the Chief Information Officer (OCIO). (2020). HC3 about us [Text]. https:\/\/www.hhs.gov\/about\/agencies\/asa\/ocio\/hc3\/about\/index.html"},{"key":"e_1_3_4_56_1","doi-asserted-by":"publisher","DOI":"10.1177\/0018720818780472"},{"key":"e_1_3_4_57_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1477-2574.2012.00589.x"},{"key":"e_1_3_4_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2020.102269"},{"key":"e_1_3_4_59_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.csa.2024.100074"},{"issue":"1","key":"e_1_3_4_60_1","first-page":"117863292311878","article-title":"Healthcare and cybersecurity: Taking a zero trust approach","volume":"16","author":"Vukotich G.","year":"2023","unstructured":"Vukotich G. (2023). Healthcare and cybersecurity: Taking a zero trust approach. Health Services Insights, 16(1), Article 11786329231187826. https:\/\/doi.org\/10.1177\/11786329231187826","journal-title":"Health Services Insights"},{"key":"e_1_3_4_61_1","doi-asserted-by":"publisher","DOI":"10.1177\/08404704231196137"},{"key":"e_1_3_4_62_1","doi-asserted-by":"publisher","DOI":"10.1177\/0018720818769250"},{"key":"e_1_3_4_63_1","volume-title":"Studies in health technology and informatics","author":"Wani T. A.","year":"2021","unstructured":"Wani T. A., Mendoza A., Gray K. (2021). Bring-your-own-device usage trends in Australian Hospitals \u2013 A National Survey. In Merolli M., Bain C., Schaper L. K. (Eds.), Studies in health technology and informatics. IOS Press. https:\/\/doi.org\/10.3233\/SHTI210002"},{"key":"e_1_3_4_64_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.apergo.2020.103155"},{"key":"e_1_3_4_65_1","volume-title":"19th annual NDIA systems engineering conference","author":"Wilson R.","year":"2016","unstructured":"Wilson R. (2016). CyberFMECA an adaptation of the FMECA process to cyber effects criticality determination. In 19th annual NDIA systems engineering conference. https:\/\/ndia.dtic.mil\/wp-content\/uploads\/2016\/systems\/19020_RoyWilson.pdf"},{"key":"e_1_3_4_66_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103412"}],"container-title":["Human Factors: The Journal of the Human Factors and Ergonomics Society"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/00187208251401735","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/00187208251401735","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/00187208251401735","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T07:54:22Z","timestamp":1777449262000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/00187208251401735"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,2]]},"references-count":65,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2026,4]]}},"alternative-id":["10.1177\/00187208251401735"],"URL":"https:\/\/doi.org\/10.1177\/00187208251401735","relation":{},"ISSN":["0018-7208","1547-8181"],"issn-type":[{"value":"0018-7208","type":"print"},{"value":"1547-8181","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,2]]}}}