Abstract
BACKGROUND: Connected medical devices and electronic health records have added important functionality to patient care, but have also introduced a range of cybersecurity concerns. When a healthcare organization suffers from a cybersecurity incident, its incident response strategies are critical to the success of its recovery. OBJECTIVE: In this article, we identify gaps in research concerning cybersecurity response plans in healthcare. Through a systematic literature review, we develop aggregated strategies that professionals can use to construct better response strategies in their organizations. METHODS: We reviewed journal articles on cyber incident response plans in healthcare published in PubMed and Web of Science. We sought to collect articles on the intersection of cybersecurity and healthcare that focused on incident response strategies. RESULTS: We identified and reviewed 13 articles for cybersecurity response recommendations. We then extracted information such as research methods, findings, and implications. Finally, we synthesized the recommendations into a framework of eight aggregated response strategies (EARS) that fall under managerial and technological categories. CONCLUSIONS: We conducted a systematic review of the literature on cybersecurity response plans in healthcare and developed a novel framework for response strategies that could be deployed by healthcare organizations. More work is needed to evaluate incident response strategies in healthcare.