The growing adoption of IT solutions in the healthcare sector is accompanied by a steady increase in cybersecurity incidents. In response to this phenomenon regulations, standards, and best practices have been introduced to address cybersecurity and data protection issues in this sector. However, applying this large corpus of documents poses several operational hurdles, while operators continue to lag behind the growing number of cyber attacks. This paper contributes a Systematization of Knowledge (SoK) of the main cybersecurity documents relevant to the healthcare sector. We collected and analyzed 49 relevant documents and used the NIST Cybersecurity Framework as a taxonomical instrument to categorize key information extracted through a three-step analysis. We provide and quantify seven findings emerging from this analysis and propose a way to exploit the extracted measures to support cybersecurity assessments.
SoK: Cybersecurity Regulations, Standards and Guidelines for the Healthcare Sector / Carello, MARIA PATRIZIA; Marchetti-Spaccamela, Alberto; Querzoni, Leonardo; Angelini, Marco. - (2023), pp. -6. (Intervento presentato al convegno International Conference on Intelligence and Security Informatics tenutosi a Charlotte, North Carolina, USA) [10.1109/isi58743.2023.10297246].
SoK: Cybersecurity Regulations, Standards and Guidelines for the Healthcare Sector
Maria Patrizia Carello
;Alberto Marchetti-Spaccamela;Leonardo Querzoni;Marco Angelini
2023
Abstract
The growing adoption of IT solutions in the healthcare sector is accompanied by a steady increase in cybersecurity incidents. In response to this phenomenon regulations, standards, and best practices have been introduced to address cybersecurity and data protection issues in this sector. However, applying this large corpus of documents poses several operational hurdles, while operators continue to lag behind the growing number of cyber attacks. This paper contributes a Systematization of Knowledge (SoK) of the main cybersecurity documents relevant to the healthcare sector. We collected and analyzed 49 relevant documents and used the NIST Cybersecurity Framework as a taxonomical instrument to categorize key information extracted through a three-step analysis. We provide and quantify seven findings emerging from this analysis and propose a way to exploit the extracted measures to support cybersecurity assessments.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
