A Systematization of Cybersecurity Regulations, Standards and Guidelines for the Healthcare Sector

TL;DR

This paper systematically categorizes 49 key cybersecurity regulations, standards, and guidelines for healthcare using the NIST framework to aid organizations in improving cyber resilience amid rising incidents.

Contribution

It provides a comprehensive systematization of major healthcare cybersecurity documents, facilitating better understanding and implementation of security measures.

Findings

Categorized 49 key cybersecurity documents using NIST framework

Identified operational challenges in applying cybersecurity standards

Supported healthcare organizations in enhancing cyber resilience

Abstract

The growing adoption of IT solutions in the healthcare sector is leading to a steady increase in the number of cybersecurity incidents. As a result, organizations worldwide have introduced regulations, standards, and best practices to address cybersecurity and data protection issues in this sector. However, the application of this large corpus of documents presents operational difficulties, and operators continue to lag behind in resilience to cyber attacks. This paper contributes a systematization of the significant cybersecurity documents relevant to the healthcare sector. We collected the 49 most significant documents and used the NIST cybersecurity framework to categorize key information and support the implementation of cybersecurity measures.