A Review of the State of Cybersecurity in the Healthcare Industry and Propose Security Controls

Our study aims to identify the state of cybersecurity in the healthcare domain. Cyber incidents, including
ransomware and similar cyber-attacks, impact healthcare entities. The review highlights the
government's efforts to protect citizens' health information by passing laws regulating the healthcare
industry. The review targeted healthcare-related laws in the United States, the European Union,
Singapore, and India. The study identified that while developed countries like the United States, the
European Union, and Singapore have health data privacy laws, developing countries like India still need
data privacy laws. The nature, value, and sensitivity of data retained by healthcare entities make the
healthcare domain a rich target for cyber threat actors. Based on the study, the paper proposes security
practices, including security monitoring, secure network architecture, information technology
vulnerability management, cyber policies, and user training, that can help prevent cyber-attacks on
healthcare entities.