Article Text

Download PDFPDF
Original research
Developing a globally applicable cybersecurity framework for healthcare: a Delphi consensus study
  1. Niki O'Brien1,
  2. Emilia Grass1,
  3. Guy Martin1,
  4. Mike Durkin1,
  5. Ara Darzi2,
  6. Saira Ghafur1
  1. 1 Institute of Global Health Innovation, Imperial College London, London, UK
  2. 2 Surgery and Cancer, Imperial College London, London, UK
  1. Correspondence to Niki O'Brien, Institute of Global Health Innovation, Imperial College London, London W2 1NY, UK; n.obrien{at}


Background Cybersecurity in healthcare has become increasingly important as the COVID-19 pandemic has increased the use of digital technologies in healthcare provision around the world, while simultaneously encouraged cybercriminals to target healthcare organisations in greater numbers. Despite the threat of cyberattack to patient safety and the provision of healthcare, cybersecurity in the health sector lags behind other industries. Additionally, no adequate cybersecurity framework exists which considers the unique needs of the health sector.

Methods An online Delphi was carried out to develop a globally relevant and applicable readiness framework to guide cybersecurity planning in healthcare. Experts (n=42) in the areas of cybersecurity, information communications and technology and health informatics were invited to list the components they felt were essential to a framework and subsequently agree with consensus on a final framework based on the identified components.

Results After two rounds, the Essentials of Cybersecurity in Healthcare Organizations (ECHO) framework with 51 components, grouped into six categories, was regarded by the experts as an acceptable planning tool to guide cybersecurity in healthcare at the global level.

Conclusions The ECHO framework, designed based on components chosen by international experts to meet the challenges of cybersecurity scale-up in the health and care sector globally, can help guide policymakers and health and care organisations in strengthening their cybersecurity infrastructure and deliver safe and effective care.

  • global health
  • health planning
  • health care facilities, manpower and services
  • health services administration
  • patient care

Statistics from

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.


  • Contributors The manuscript was written by NOB, SG, EG and GM. SG, GM, MD and AD conceptualised this research. NOB and EG conducted the Delphi analysis. All authors contributed to the multiple versions of the manuscript and to the revision.

  • Funding This work was supported by the World Innovation Summit for Health (WISH), Qatar Foundation. Infrastructure support for this research was provided by the NIHR Imperial Biomedical Research Centre (BRC). EG was supported by the Fritz Thyssen Foundation.

  • Competing interests None declared.

  • Patient consent for publication Not required.

  • Ethics approval The research protocol was reviewed and institutional ethical approval was granted by the Imperial College London Joint Research Compliance Office (JRCO) (reference number 20IC5785).

  • Provenance and peer review Not commissioned; externally peer reviewed.

  • Data availability statement Data sharing not applicable as no data sets generated and/or analysed for this study.