Article Text

Download PDFPDF
Original research
Developing a globally applicable cybersecurity framework for healthcare: a Delphi consensus study


Background Cybersecurity in healthcare has become increasingly important as the COVID-19 pandemic has increased the use of digital technologies in healthcare provision around the world, while simultaneously encouraged cybercriminals to target healthcare organisations in greater numbers. Despite the threat of cyberattack to patient safety and the provision of healthcare, cybersecurity in the health sector lags behind other industries. Additionally, no adequate cybersecurity framework exists which considers the unique needs of the health sector.

Methods An online Delphi was carried out to develop a globally relevant and applicable readiness framework to guide cybersecurity planning in healthcare. Experts (n=42) in the areas of cybersecurity, information communications and technology and health informatics were invited to list the components they felt were essential to a framework and subsequently agree with consensus on a final framework based on the identified components.

Results After two rounds, the Essentials of Cybersecurity in Healthcare Organizations (ECHO) framework with 51 components, grouped into six categories, was regarded by the experts as an acceptable planning tool to guide cybersecurity in healthcare at the global level.

Conclusions The ECHO framework, designed based on components chosen by international experts to meet the challenges of cybersecurity scale-up in the health and care sector globally, can help guide policymakers and health and care organisations in strengthening their cybersecurity infrastructure and deliver safe and effective care.

  • global health
  • health planning
  • health care facilities, manpower and services
  • health services administration
  • patient care

Statistics from

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.