Cybersecurity Interventions in Health Care Organizations in Low-and Middle-Income Countries:Scoping Review

Background: Health care organizations globally have seen a significant increase in the frequency of cyberattacks in recentyears. Cyberattacks cause massive disruptions to health service delivery and directly impact patient safety through disruption andtreatment delays. Given the increasing number of cyberattacks in low- and middle-income countries (LMICs), there is a need toexplore the interventions put in place to plan for cyberattacks and develop cyber resilience. Objective: This study aimed to describe cybersecurity interventions, defined as any intervention to improve cybersecurity in ahealth care organization, including but not limited to organizational strategy(ies); policy(ies); protocol(s), incident plan(s), orassessment process(es); framework(s) or guidelines; and emergency planning, implemented in LMICs to date and to evaluatetheir impact on the likelihood and impact of attacks. The secondary objective was to describe the main barriers and facilitatorsfor the implementation of such interventions, where reported. Methods: A systematic search of the literature published between January 2017 and July 2024 was performed on Ovid Medline,Embase, Global Health, and Scopus using a combination of controlled terms and free text. A search of the gray literature withinthe same time parameters was undertaken on the websites of relevant stakeholder organizations to identify possible additionalstudies that met the inclusion criteria. Findings from included papers were mapped against the dimensions of the Essentials ofCybersecurity in Health Care Organizations (ECHO) framework and presented as a narrative synthesis. Results: We included 20 studies in this review. The sample size of the majority of studies (13/20, 65%) was 1 facility to 5facilities, and the studies were conducted in 14 countries. Studies were categorized into the thematic dimensions of the ECHOframework, including context; governance; organizational strategy; risk management; awareness, education, and training; andtechnical capabilities. Few studies (6/20, 30%) discussed cybersecurity intervention(s) as the primary focus of the paper; therefore,information on intervention(s) implemented had to be deduced. There was no attempt to report on the impact and outcomes inall papers except one. Facilitators and barriers identified were grouped and presented across national or regional, organizational,and individual staff levels. Conclusions: This scoping review's findings highlight the limited body of research published on cybersecurity interventionsimplemented in health care organizations in LMICs and large heterogeneity across existing studies in interventions, researchobjectives, methods, and outcome measures used. Although complex and challenging, future research should specifically focuson the evaluation of cybersecurity interventions and their impact in order to build a robust evidence base to inform evidence-basedpolicy and practice.