{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T00:14:10Z","timestamp":1772237650088,"version":"3.50.1"},"reference-count":54,"publisher":"JMIR Publications Inc.","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Med Internet Res"],"abstract":"\n Background<\/jats:title>\n Health care organizations globally have seen a significant increase in the frequency of cyberattacks in recent years. Cyberattacks cause massive disruptions to health service delivery and directly impact patient safety through disruption and treatment delays. Given the increasing number of cyberattacks in low- and middle-income countries (LMICs), there is a need to explore the interventions put in place to plan for cyberattacks and develop cyber resilience.<\/jats:p>\n <\/jats:sec>\n \n Objective<\/jats:title>\n This study aimed to describe cybersecurity interventions, defined as any intervention to improve cybersecurity in a health care organization, including but not limited to organizational strategy(ies); policy(ies); protocol(s), incident plan(s), or assessment process(es); framework(s) or guidelines; and emergency planning, implemented in LMICs to date and to evaluate their impact on the likelihood and impact of attacks. The secondary objective was to describe the main barriers and facilitators for the implementation of such interventions, where reported.<\/jats:p>\n <\/jats:sec>\n \n Methods<\/jats:title>\n A systematic search of the literature published between January 2017 and July 2024 was performed on Ovid Medline, Embase, Global Health, and Scopus using a combination of controlled terms and free text. A search of the gray literature within the same time parameters was undertaken on the websites of relevant stakeholder organizations to identify possible additional studies that met the inclusion criteria. Findings from included papers were mapped against the dimensions of the Essentials of Cybersecurity in Health Care Organizations (ECHO) framework and presented as a narrative synthesis.<\/jats:p>\n <\/jats:sec>\n \n Results<\/jats:title>\n We included 20 studies in this review. The sample size of the majority of studies (13\/20, 65%) was 1 facility to 5 facilities, and the studies were conducted in 14 countries. Studies were categorized into the thematic dimensions of the ECHO framework, including context; governance; organizational strategy; risk management; awareness, education, and training; and technical capabilities. Few studies (6\/20, 30%) discussed cybersecurity intervention(s) as the primary focus of the paper; therefore, information on intervention(s) implemented had to be deduced. There was no attempt to report on the impact and outcomes in all papers except one. Facilitators and barriers identified were grouped and presented across national or regional, organizational, and individual staff levels.<\/jats:p>\n <\/jats:sec>\n \n Conclusions<\/jats:title>\n This scoping review\u2019s findings highlight the limited body of research published on cybersecurity interventions implemented in health care organizations in LMICs and large heterogeneity across existing studies in interventions, research objectives, methods, and outcome measures used. Although complex and challenging, future research should specifically focus on the evaluation of cybersecurity interventions and their impact in order to build a robust evidence base to inform evidence-based policy and practice.<\/jats:p>\n <\/jats:sec>","DOI":"10.2196\/47311","type":"journal-article","created":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T22:06:36Z","timestamp":1725746796000},"page":"e47311","source":"Crossref","is-referenced-by-count":2,"title":["Cybersecurity Interventions in Health Care Organizations in Low- and Middle-Income Countries: Scoping Review"],"prefix":"10.2196","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-6764-671X","authenticated-orcid":false,"given":"Kaede","family":"Hasegawa","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8389-1448","authenticated-orcid":false,"given":"Niki","family":"O'Brien","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4060-7216","authenticated-orcid":false,"given":"Mabel","family":"Prendergast","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0000-6390-1971","authenticated-orcid":false,"given":"Chris Agape","family":"Ajah","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7107-7211","authenticated-orcid":false,"given":"Ana Luisa","family":"Neves","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4487-6904","authenticated-orcid":false,"given":"Saira","family":"Ghafur","sequence":"additional","affiliation":[]}],"member":"1010","published-online":{"date-parts":[[2024,11,20]]},"reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1515\/cclm-2018-0658"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.maturitas.2018.04.008"},{"key":"ref3","unstructured":"Cyber Threats 2020: A Year in RetrospectPWC2024-09-28https:\/\/www.pwc.co.uk\/cyber-security\/pdf\/pwc-cyber-threats-2020-a-year-in-retrospect.pdf"},{"key":"ref4","unstructured":"AttackNational Institute of Standards and Technology (NIST) Information Technology Laboratory Computer Security Resource Center2024-09-28https:\/\/csrc.nist.gov\/glossary\/term\/attack"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.j3179"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1001\/jamahealthforum.2022.4873"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.csa.2023.100016"},{"key":"ref8","unstructured":"Investigation: WannaCry cyber attack and the NHSNational Audit Office20182024-09-28https:\/\/www.nao.org.uk\/wp-content\/uploads\/2017\/10\/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf"},{"key":"ref9","unstructured":"CoreraGIrish health cyber-attack could have been even worse, report saysBBC202112102024-09-28https:\/\/www.bbc.co.uk\/news\/technology-59612917"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/s1470-2045(23)00119-5"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1177\/2516043520975926"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1038\/s41746-019-0161-6"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1136\/emermed-2021-211572"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1136\/bmjopen-2018-028753"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.7189\/jogh.06.020408"},{"key":"ref16","unstructured":"Leesa-NguansukSWarning over cyberattack threatsBangkok Post202109082024-09-28https:\/\/www.bangkokpost.com\/business\/2178051\/warning-over-cyberattack-threats"},{"key":"ref17","unstructured":"South Africa's Life Healthcare hit by cyber attackReuters202006092024-09-28https:\/\/www.reuters.com\/article\/us-life-healthcare-cyber-idUSKBN23G0MY"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1093\/ptj\/89.9.873"},{"key":"ref19","unstructured":"World Bank Country and Lending GroupsThe World Bank2024-09-28https:\/\/datahelpdesk.worldbank.org\/knowledgebase\/articles\/906519-world-bank-country-and-lending-groups.Accessed"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1136\/bmjgh-2022-009067"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1136\/bmjinnov-2020-000572"},{"key":"ref22","unstructured":"O'BrienNMartinGGrassEDurkinMGhafurSSafeguarding our Healthcare Systems: A Global Framework for CybersecurityWorld Innovation Summit for Health20202024-09-28Doha, QatarWorld Innovation Summit for Healthhttps:\/\/2020.wish.org.qa\/app\/uploads\/2020\/09\/WISH-2020_Forum-Reports_Cyber-Security-and-Healthcare-Systems_ENG.pdf"},{"key":"ref23","unstructured":"Implementation Know-how Briefs to Support Countries to Prioritize, Connect and Scale for a Digital-in-Health FutureThe World Bank2024-09-28https:\/\/openknowledge.worldbank.org\/handle\/10986\/40215"},{"issue":"2","key":"ref24","first-page":"369","volume":"10","author":"Ali Alferjanya, MAO","year":"2022","journal-title":"Health Education and Health Promotion"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.2174\/1874431101711010037"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2021.1893410"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ICIT52682.2021.9491781"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.5455\/aim.2020.28.265-271"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.techfore.2017.03.023"},{"key":"ref30","first-page":"359","author":"Jara, HLS","year":"2021","journal-title":"Proceedings of the 6th Brazilian Technology Symposium (BTSym\u201920). BTSym 2020. Smart Innovation, Systems and Technologies, vol 233"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/iotsms58070.2022.10061936"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0188160"},{"key":"ref33","unstructured":"MaekoMEVan Der HaarDTA framework for user awareness and acceptance of smart card and fingerprint-based access control to medical information systems in South Africa2018IST-Africa Week Conference (IST-Africa)May 9-11, 2018Gaborone, Botswana"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/tnsm.2018.2815280"},{"key":"ref35","unstructured":"NistrinaKBin BonHATInformation security for hospital information system using COBIT 5 framework2019International Conference on Industrial Engineering and Operations ManagementMarch 5-7, 2019Bangkok, Thailand"},{"key":"ref36","first-page":"211","author":"Quimiz-Moreira, M","year":"2022","journal-title":"Trends in Artificial Intelligence and Computer Engineering. ICAETT 2021. Lecture Notes in Networks and Systems, vol 407"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.4018\/IJEHMC.2020040106"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ICALTER57193.2022.9964729"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.23919\/CISTI54924.2022.9820432"},{"key":"ref40","first-page":"65","volume":"258","author":"Sarbaz, M","year":"2019","journal-title":"Stud Health Technol Inform"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.28945\/5185"},{"issue":"1","key":"ref42","first-page":"246","volume":"100","author":"Singh, I","year":"2022","journal-title":"Journal of Theoretical and Applied Information Technology"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/ICCIC.2018.8782417"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1055\/s-0041-1735527"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.3390\/s21155119"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.2147\/JMDH.S183275"},{"key":"ref47","unstructured":"What Good Looks Like frameworkNHS England20211042024-09-28https:\/\/transform.england.nhs.uk\/digitise-connect-transform\/what-good-looks-like\/what-good-looks-like-publication\/"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.2196\/21747"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1016\/j.surge.2021.09.007"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-50309-3_8"},{"key":"ref51","unstructured":"Branley-BellDCoventryLSillenceEPromoting cybersecurity culture change in healthcareNorthumbria University Research Portal20212024-09-28https:\/\/researchportal.northumbria.ac.uk\/ws\/portalfiles\/portal\/54632089\/PETRA_Branley_Bell_et_al_2021_.pdf"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1177\/00207020211067946"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1002\/jrsm.1123"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1186\/s13012-021-01171-7"}],"container-title":["Journal of Medical Internet Research"],"original-title":[],"language":"en","deposited":{"date-parts":[[2024,11,20]],"date-time":"2024-11-20T16:30:34Z","timestamp":1732120234000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jmir.org\/2024\/1\/e47311"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,20]]},"references-count":54,"URL":"https:\/\/doi.org\/10.2196\/47311","relation":{"has-preprint":[{"id-type":"doi","id":"10.2196\/preprints.47311","asserted-by":"object"}]},"ISSN":["1438-8871"],"issn-type":[{"value":"1438-8871","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,20]]}}}