Digital technology has transformed significantly in the past decade, being integrated into a multitude of industries including healthcare. New medical devices and information and communication technology (ICT) is becoming increasingly pervasive, accelerated in part by the COVID-19 pandemic. However, the recent rise in cyber attacks, beginning as “as spam eventually transition[ing] into computer viruses and malware (e.g., WannaCry)” makes it imperative to consider how to address the risk posed by the integrated technologies. Because health care data is particularly sensitive and high-value, consolidating a conceptual framework of organizational defense and human factors impacting cybersecurity is important to strengthen cybersecurity. Through a rigorous review of 70 published articles on “human behavior resulting in security gaps” in the context of healthcare, more has been elucidated regarding social engineering attacks and how to prevent them. Particularly, since health care employees exhibit automatic behavior when interacting with a device, they become susceptible to phishing attacks, password sharing, and cloud service; to combat this, organizational training about cybersecurity vulnerabilities and good habits are ways to strengthen cybersecurity. In addition, a lack of organizational roles plays a part in data breaches. It becomes imperative to support good cyber practices and promote cyber hygiene in healthcare.
