Skip to main content

Table 1 Identified domains of research and types of studies

From: The state of research on cyberattacks against hospitals and available best practice recommendations: a scoping review

Research domain

Brief description of research domain

Number of articles

Study design with reference

Context and trends in cybersecurity

Explores context of the field, formulates definitions of pertinent terms, offers generalized recommendations, and describes trends in cybersecurity.

27

- Literature review [11, 21]

- Descriptive study [27, 29, 68, 78]

- Summative report [28, 30, 65, 66, 70, 77, 79, 80]

- Editorial [10, 16, 25, 26, 67, 81,82,83,84,85,86,87]

- Technical paper [88]

Connected medical devices and equipment

Discusses the development, research, and security of connected medical devices and equipment (includes implantable and wearable devices found in neurology, cardiology, endocrinology, mental health, and radiology)

29

- Summative report [6, 31, 33, 37, 38, 50, 75, 76, 89,90,91,92,93,94]

- Editorial [32, 39, 74, 95,96,97,98,99]

- Experimental study [40, 41]

- Technical paper [34,35,36, 100, 101]

Hospital information systems (HIS)

Offers methods for evaluating HIS, discusses security concerns of electronic health records, and proposes specific recommendations. Also includes discussions on data security and cloud-based storage.

14

- Descriptive study [44, 102]

- Literature review [18, 45, 103]

- Summative report [9, 42, 43, 47, 104]

- Technical paper [48, 49]

- Editorial [46]

- Experimental study [105]

Raising awareness and lessons learned

Discusses previous attacks and lessons learned, as well as training programs for various players. Also proposes and evaluates methods for the dissemination of information.

6

- Descriptive study [53, 54]

- Editorial [14, 51, 52, 55]

Information security methodology

Discusses network security, multifactor authentication, encryption, password protection, updates and others.

15

- Technical paper [56,57,58, 60,61,62, 71,72,73, 106,107,108]

- Summative report [59, 109, 110]

Specific types of attacks (i.e. ransomware, phishing, and social engineering attacks)

Offers definitions, background information, and recommendations specific to these attack types in the context of hospitals.

6

- Descriptive study [111, 112]

- Editorial [15, 63, 64]

- Summative report [69]