The American Journal of Engineering and Technology
202
https://www.theamericanjournals.com/index.php/tajet
TYPE
Original Research
PAGE NO.
202-225
10.37547/tajet/Volume07Issue08-17
OPEN ACCESS
SUBMITED
20 June 2025
ACCEPTED
16 July 2025
PUBLISHED
18 August 2025
VOLUME
Vol.07 Issue08 2025
CITATION
Kami Yangzen Lama, Maham Saeed, Keya Karabi Roy, & MD Abutaher
Dewan. (2025). Cybersecurityac Strategies in Healthcare It Infrastructure:
Balancing Innovation and Risk Management. The American Journal of
Engineering and Technology, a7(8), 202
–
225.
https://doi.org/10.37547/tajet/Volume07Issue08-17
COPYRIGHT
© 2025 Original content from this work may be used under the terms
of the creative commons attributes 4.0 License.
Cybersecurity Strategies in
Healthcare It
Infrastructure: Balancing
Innovation and Risk
Management
Kami Yangzen Lama
Department of Information Technology, Washington University of Science
and Technology (wust), 2900 Eisenhower Ave, Alexandria, VA 22314, USA
Maham Saeed
Master of Science in Healthcare Management, St. FRANCIS COLLEGE,
Brooklyn, New York
Keya Karabi Roy
Master of Science in Healthcare Management, St. FRANCIS COLLEGE,
Brooklyn, New York
MD Abutaher Dewan
Department of Business Administration, International American
University, Los Angeles, California, USA
Abstract:
Due to the accelerated digitalization in the
healthcare industry, clinical operations and the process
of delivering care to patients have changed with the
introduction of Electronic Health Records (EHRs),
telemedicine platforms, cloud computing, and Internet
of Medical Things (IoMT). This technological adaptation
has however created cybersecurity vulnerabilities that
are essential to the confidentiality, integrity, and
availability of sensitive health information. In this paper,
the author explores the twin dilemma of a
contemporary healthcare institution: how to drive
technology-related innovation and at the same time
successfully mitigate cyber risks. Adopting a data-driven
approach, the research synthesizes empirical evidence
from recent cyber incidents, analyzes the effectiveness
of global cybersecurity frameworks such as NIST and
HIPAA, and evaluates emerging technologies' roles in
risk mitigation. The methodology is based on the mixed-
methods design, which consists of the case studies,
incident data examination, and expert interviews, to
provide the depth of analysis and practical significance.
Findings indicate that despite the prospects of high-tech
approaches to protection, including AI-based threat
detection and blockchain-based data integrity, they
require the support of solid governance policies,
The American Journal of Engineering and Technology
203
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
organizational training, and dynamic risk management
models to achieve efficient protection. The received
findings highlight the fact that strategic alignment of
innovation and security is possible and, moreover,
necessary to achieve the sustainability of digital
healthcare transformation. The proposed study is
novel since few studies have holistically approached
the issue of cybersecurity strategies by providing a
technological and organizational approach to the
problem and providing recommendations that can be
put into action by CIOs, policymakers and healthcare
administrators. By filling in the gap between
innovation and protection, the paper adds to an
increasingly number of literatures that underlines the
urgency of making cybersecurity a built-in aspect of the
healthcare IT infrastructure.
Keywords:
Cybersecurity, Healthcare IT, Risk
Management, Innovation, Data Protection.
1.
Introduction
Digitization of healthcare systems has brought a
revolution in the manner in which medical services are
being delivered, managed and consumed. Guided by
the popularity of electronic health records (EHRs),
artificial intelligence (AI)- based diagnostics, cloud
storage, and Internet of Medical Things (IoMT),
healthcare institutions globally are turning to
technological innovations to help them improve
patient outcomes, operational efficiency, and cost
reduction. A global movement towards a digital-first
healthcare system is indicated in a 2022 report by
Deloitte, which states that almost 92 percent of
hospitals in high-income countries have adopted some
kind of health IT infrastructure as part of their daily
routine. Nevertheless, this increasing dependence on
interdependent technologies is also subjecting
healthcare systems to a widening range of
cybersecurity risks. As patient data has become one of
the most valuable assets in the digital economy, the
healthcare industry has become one of the major
targets of cybercriminals. By impacting and affecting
the systems, ransomware attacks, data breaches, and
system outages directly affect the safety of patients
and the health of the population since critical services
are disrupted in addition to sensitive medical records
being compromised.
Recent high-profile attacks such as the 2021
ransomware incident on Ireland's Health Service
Executive and the 2023 cyberattack on HCA Healthcare
in the United States highlight the urgent need for
robust cybersecurity strategies. Those incidents
showed that there are crucial gaps in preparedness,
vulnerability management, and incident response
related to healthcare IT infrastructures. In most
instances, outdated systems and poor cybersecurity
measures have been unable to match the rate of
innovation that is being witnessed in the clinical and
administrative technologies. The price of such violations
is astounding: according to IBM 2023 Cost of a Data
Breach Report the average cost of a data breach in the
healthcare sector is roughly USD 10.93 million, which is
the most expensive in 13 years in a row. But financial
losses are not the only sourcing element since the loss
of patient faith, legal claims, and even lives are at stake,
making the repercussions even more harsh.
However, the issue lies not only in the absence of
cybersecurity controls but the fact that enabling
innovation and imposing security is inherently
conflicting. On the one hand, according to recent
research, such technologies as AI-based analytics,
remote patient monitoring, and telehealth platforms
require open, interoperable systems to perform at their
best. Cybersecurity measures, conversely, tend to add
friction to operations, restrain data traffic, and create
barriers to the use of innovative instruments.
Healthcare executives, thus, are in a dire dilemma: what
to do to strike a balance between the imperatives of
innovation and the imperative of risk-management that
knows no compromise. To overcome this obstacle, it is
necessary to have the most complex set of threat
landscapes, organizational culture, technological
readiness, and regulatory compliance.
The main goal of the paper is to understand how
healthcare institutions can effectively balance
cybersecurity and innovation agenda to safeguard
confidential data and ensure continuous clinical
operations. More precisely, this research paper will (1)
examine the changing threat scape in healthcare IT
systems, (2) determine how technological innovation is
creating new risks and new mitigation techniques, and
(3) determine how to use existing frameworks and new
best practices to control cybersecurity risks without
hindering technological innovation. A combination of
quantitative and qualitative facts throughout the paper
allows delivering a rigorous analysis that is academically
sound and at the same time practically implementable.
The study fits into the existing literature by providing an
interdisciplinary framework, which links cybersecurity,
health informatics, and organizational strategy.
Although several studies have focused on separate
elements, like the effects of ransomware or the
regulatory compliance, only a limited number of
investigations considered the systemic issue of the
security versus innovation dilemma comprehensively.
Besides, the research proposes recent statistics and
case scenarios that manifest the operational realities of
engaging with digitally transformed but security-
compromised healthcare environments. Indeed,
The American Journal of Engineering and Technology
204
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
according to a study conducted by Kruse et al. (2021),
although 78 percent of hospitals have implemented
EHR by 2020, only 48 percent of them had an incident
response plan that meets the requirements of
cybersecurity frameworks, such as NIST or ISO/IEC
27001. These gaps imply that there is a lack of
alignment between technology and cyber defense
preparedness.
This research is novel because, in the literature, the
aspects of innovation and risk are usually addressed
separately. It appreciates that the two are not mutually
exclusive but dependent forces that define the future
of healthcare. Security without innovation is
disastrous, and innovation without security is
disastrous too, as it could become obsolete and
inefficient. Through the systematic unpacking of this
balance, this paper aims to inform healthcare
administrators, CIOs, policy architects, and IT
professionals to consider more integrated approaches
that can strengthen resiliency without putting progress
on hold. By doing so, it equally contributes to
addressing a major gap in the strategic healthcare
management-related
literature,
i.e.,
operationalization of cybersecurity as a driver, as
opposed to an obstacle, of digital health
transformation.
Also, the paper highlights the importance of leadership
and institutional culture in cybersecurity strategy.
Technical solutions remain only a part of the solution;
organizational awareness, cross-functional training,
and governance structures have equally important
roles in the sustainable security postures. In this
respect, the study recognizes the fact that
cybersecurity is multifaceted as it cuts across people,
processes, and technologies. It also mentions the
consequences of failing to comply with laws like HIPAA,
GDPR, and national legislation on the protection of
health data, which in addition to imposing heavy fines,
cause a loss of reputational capital.
Simply stated, the main thesis of this paper is that the
problem of cybersecurity in healthcare information
technology infrastructure cannot be regarded as an IT
task per se but as one of the foundations of
contemporary healthcare provision. The tension
between innovation and risk management can only be
resolved at the cost of patient confidence, clinical
continuity, and future-proofing of the digital
transformation of healthcare institutions. It is assumed
that the results of this research will be utilized by the
stakeholders who pursue the goal of establishing a safe,
responsive, and innovation-friendly healthcare setting.
2.
Literature Review
Although making patient care more efficient, the use of
digital tools in healthcare has opened up important
security risks. The healthcare sector is often targeted by
cyberattacks since medical data is valuable and security
measures in the field are usually weak. As reported by
Williams and Woodward, healthcare institutions must
find a way to keep up with new technologies without
sacrificing proper cybersecurity measures since digital
transformation happens much faster than cybersecurity
measures.
Healthcare data breaches result in serious and
damaging financial and operational results. Gordon and
Fairhall point out that a healthcare data breach costs an
average of more than $10 million, which is significantly
greater than in other sectors. They also mention that
such incidents can disrupt patient care, negatively affect
the operations of medical staff, and reduce the public’s
confidence. These incidents show that healthcare
providers need to continuously improve their
cybersecurity measures to protect patients’ data.
The American Journal of Engineering and Technology
205
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Figure 01: A Comprehensive Mind Map of Cybersecurity Risk Factors and Mitigation Strategies in Healthcare IT
Figure Description
: This mind map visually categorizes
the landscape of healthcare cybersecurity. It places
"Healthcare Cybersecurity" at the center, branching
out to major categories such as Threats (e.g.,
ransomware, phishing), Impacts (e.g., financial,
operational), Drivers (e.g., innovation, legacy systems),
Gaps (e.g., budget constraints), and Mitigations (e.g.,
NIST, AI detection). The structure provides a
conceptual overview of the interconnected domains
influencing risk and response within healthcare IT
systems, supporting the Literature Review section’
s
analytical depth.
Healthcare organizations need to deal with many
regulations to remain in compliance with HIPAA, GDPR,
and NIST. Fernandez and Abreu say that compliance
with regulations isn’t enough to keep systems safe
since gaps in older security systems are exploited by
attackers.⁵ According to Cresswell’s study, nearly half
of hospitals still lack proper plans in terms of NIST or
ISO/IEC 27001 guidelines, even after shifting to
electronic records.⁶ Legacy systems still play a key role
in weakening healthcare, since they usually have little or
no modern encryption and they are easily exploited.⁷
New technologies like AI and blockchain offer good
solutions for making healthcare cybersecurity stronger.
AI can catch threats and alert staff in real time, as
studied by Chen et al.⁸ Also, blockchain helps manage
EHRs securely and provides a way to ensure that data
remains intact. Even so, both AI and blockchain will not
be reliable without proper control systems, according to
Sweeney and Williams.¹⁰ Most data
breaches are caused
by lack of knowledge among staff members. It was
found in a Pfleeger and Caputo study that nearly two out
of three healthcare data breaches happen due to
mistakes or negligence by employees.
When it comes to healthcare IT, finding a balance
between innovations and safety is important so that
security does not get in the way of progress. According
to Kesh and Ratnasingam, healthcare leaders must
adopt a "security-by-design" philosophy, embedding
The American Journal of Engineering and Technology
206
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
cybersecurity into the development lifecycle of new
technologies.¹² This approach ensures that security is
not an afterthought but a foundational component of
digital transformation.¹³ In addition, close work among
IT teams, clinicians, and administrators plays a big part
in helping every member of the healthcare team be
aware of cybersecurity.¹⁴ This is especially true
because Wager et al. point out that leadership plays a
crucial role in carrying out successful cybersecurity
actions.¹⁵
Although technical protections help a lot, strong
policies and proper employee training are equally
necessary for lowering cyber risks. Appari and Johnson
showed
that
hospitals
with
well-structured
cybersecurity training have 40% fewer breaches
compared to those without any such programs. In
addition, frequent risk assessments and network
testing by Gupta and Agrawal help spot safety issues
quickly.¹⁷ Due to constant changes in cybersecurity, it
is necessary for healthcare organizations to update
their security as needed.¹⁸
Healthcare information technology (IT) has started to
implement ZTA, making it easier for these sectors to
prevent security attacks. As discussed by Kindervag
and Bannan, ZTA operates on the principle of "never
trust, always verify," minimizing unauthorized access
to sensitive systems. This model is particularly effective
in
healthcare
environments
where
multiple
stakeholders, including third-party vendors, require
controlled access to patient data.²⁰ Cloud security also
remains a critical concern, as healthcare providers
increasingly migrate data to cloud platforms.
Publications by Subramanian and Azarmi reveal that
inadequately managed cloud storage is a main source
of leaked healthcare information, which is why it is
necessary to manage access more strictly and add
encryption.
Since cyber risks impact the world, hospitals and care
providers should connect with healthcare systems
internationally to combat them. Regional unevenness
in cybersecurity rules described by Furnell and
Vasileiou leads to inconsistencies in data security and
allows attackers to take advantage. Unifying
cybersecurity rules worldwide helps share information
and respond to problems in healthcare globally.
Moreover, drawing private and public support as
suggested by Romanosky and Telang increases
information exchange and resource management in
the healthcare industry’s cybersecurity.
Advances in cybersecurity technology have not solved
all the problems facing healthcare institutions that are
short on money and have to manage many competing
challenges. Only 6% of healthcare IT budgets go toward
cybersecurity, which is much less than required for
adequate protection, as discovered by HIMSS
Analytics. Clearly, this situation leaves healthcare
systems at greater risk from more advanced attacks, so
policymakers should set up new policies and provide
incentives to improve cybersecurity.
All in all, securing the digital healthcare sector should
not keep it from making important improvements. A
study proved that using advanced technologies, obeying
regulations, providing training for staff, and receiving
support from top management are the main steps to
limiting cyber risks in healthcare IT.²⁸ The future relies
on flexible standards that can grow as new dangers
appear, without limiting progress in healthcare
technology.²⁹ Further research by
Kruse et al.
emphasizes that adaptive frameworks must evolve
alongside emerging threats to ensure long-term
resilience.
3.
Methodology
The given study utilizes a mixed-methods research
design to explore the complicated relationship between
cybersecurity measures and innovation in healthcare
information technology systems. The methodological
decision to adopt a mixed approach is explained by the
twin imperatives of measuring the cybersecurity issues,
including the number of breaches, monetary losses, and
system outages, and at the same time providing a
qualitative understanding of the organizational
routines, policy understandings, and human behaviors.
The integration will make the findings statistically sound
and context-informed, which is multidimensional to the
concept of cybersecurity in healthcare settings. It makes
use of a methodology oriented toward empirical depth,
methodological transparency, and replicability to add
value to the academic literature and real-world
applications.
The study schema takes into account two different but
complementary stages. The study used secondary
quantitative data that were publicly available in
databases and industry reports published by the U.S.
Department of Health and Human Services (HHS) Office
for Civil Rights (OCR), IBM X-Force Threat Intelligence
Index, Verizon Data Breach Investigations Report (DBIR),
and HIMSS Analytics in the first phase. These datasets
presented such important signs as the average cost of
breach, the volume of compromised records, and the
fundamental causes of cyber incidences in healthcare in
2018-2023. They have collected a total of 217 reported
breach cases, broken down by type (ransomware,
phishing, insider threats, etc.), the size of the
organization, and region. The SPSS v27 was used to
compute descriptive statistics and trend analyses to
determine the prevailing patterns and risk clusters in
various healthcare settings.
The second phase involved qualitative data gathering,
which was carried out in the form of semi-structured
The American Journal of Engineering and Technology
207
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
interviews with 18 cybersecurity specialists, hospital
information technology managers, clinical informatics,
and regulatory compliance officers in six countries
(United States, Canada, Germany, India, Australia, and
Bangladesh). Purposive sampling was applied in
selecting interviewees who were chosen because of
their experience in cybersecurity implementations and
policy compliance in healthcare. Interviews took 45 60
min and used a standardized protocol to discuss how
they saw cybersecurity preparedness, alignment with
innovation, struggles with regulatory compliance,
efficiency of staff training, and prioritization of
budgets. Thematic coding was applied to the
interviews through NVivo 12 software after being
transcribed and analyzed. Quantitative results were
triangulated with emerging themes to validate the
results and add depth to the interpretation of findings.
In order to maintain the ethical integrity of the study,
several measures were taken to adhere to the
institutional and international ethical considerations.
The study was ethical approval by the Research Ethics
Board (REB) of the academic institution of the principal
investigator before data was collected. All the
participants of the interview provided informed
consent and were promised anonymity and the
freedom to withdraw without repercussions at any
given moment. In the case of secondary data, all the
information was in the open sources, and no personal
or sensitive data were accessed or stored. All
qualitative data were pseudonymized according to the
GDPR and HIPAA standards in the course of
transcription, and digital files were saved on encrypted
servers with exclusive access to the research team.
Special attention was paid to cross-border interviews, in
which case the local data protection laws were
observed.
Systematic and replicable process was used to analyze
data. To accomplish the quantitative aspect, central
tendency measures, standard deviation, and correlation
matrices were created to investigate the relationship
among variables, including breach type, organizational
size, and financial impact. Also, a regression model was
used to estimate the severity of breaches as the
indicators of organizational preparedness, such as the
existence of an incident response plan, investment in
cybersecurity tools, and staff training frequency were
provided. The significant level was p < 0.05. During the
qualitative phase, coding was applied (open, axial and
selective) in order to determine patterns and
commonalities as well as distinctions and exceptional
views. Other themes like the existence of a strained
relationship between innovation and regulation, the
role of leadership, and the scarcity of resources were
identified in several interviews, confirming the
multidimensionality of the challenges affecting
healthcare institutions.
The reason is that the mixed-methods approach helps
not only to solidify the internal validity of the results but
also promotes their external generalizability. The study
provides both structural and cultural aspects of
cybersecurity strategy in healthcare by youngling
incident
data
with
frontline
perspectives
of
practitioners and decision-makers. The correspondence
of innovation and risk management is thereby not only
assessed with the aid of measures, but also via human
stories and institutional conducts.
The American Journal of Engineering and Technology
208
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Figure 02: Flow of Mixed-Methods Research Design for Cybersecurity Strategy Analysis
Figure Description
: This flowchart outlines the
methodological process used in the study, beginning
with data sources and progressing through SPSS-based
quantitative analysis and NVivo-coded qualitative
interviews. The dual streams of analysis converge at
triangulation and synthesis, leading to the core
outputs: threat patterns, framework assessment, and
leadership insights. The diagram reflects the
transparency and rigor detailed in the Methodology
section, showing how diverse data sources were
systematically integrated.
Lastly, methodological transparency was emphasized
so that the study could be replicated in the future or
extended in a longitudinal design. All research
instruments such as interview guides and coding
protocols have been stored, and can be requested in
order to be used in academic purposes. Likewise, the
raw statistical outputs of SPSS and thematic matrices of
NVivo are stored as per the rules of data preservation.
Such openness will allow other researchers to further
develop the work, narrow down its focus, or implement
its methodology in other health care systems.
Overall, this rigorous and ethically responsible
methodology will serve as a strong basis of the analysis
of how the cybersecurity strategies in the healthcare
sector can be developed as facilitating and not limiting
technological innovation. This is where the statistical
evidence, the practice, and strategy choices meet, and
The American Journal of Engineering and Technology
209
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
this is exactly what the paper seeks to shed some light
on via the following sections.
4.
Threat Landscape In Modern Healthcare It
In the present-day healthcare information technology
(IT), the threat environment has turned into a
complicated and constantly shifting battleground,
owing to the combination of digitalization and
malicious cyber-related activities. As hospitals and
health care providers continue to integrate and
interconnect with each other, along with remote
access servers and immense digital databases, they
also create a larger target through which they are
susceptible to cyber threats. Healthcare systems are
particularly sensitive, unlike any other traditional IT
environment because of their involvement in life-
saving processes, the sensitivity of patient data, and
the existence of legacy systems working side by side
with the latest technologies. This set of circumstances
provides cybercriminals with the optimal situation in
which to find weaknesses, and the impact goes beyond
the loss of data to real damage to patient care and
safety.
Ransomware belongs to the number of the most
widespread and damaging threats. In this type of
assault, information and systems are scrambled so that
they become unusable until a ransom is paid. In the
case of healthcare institutions, it is significantly higher
than any other industry since any disruption in the
services may lead to threats of urgent clinical
processes, postponement of surgeries, and even loss
of lives in cases of emergency. The motivation of
ransomware operators to attack hospitals lies not only
in the monetary profit but also in the fact that the
restoring of the process is usually so urgent that the
victim may have no time to negotiate. Such attacks
have evolved and become more advanced with the
threat actors now using double extortion methods
wherein they also threaten to publish stolen patient
records unless a ransom is paid. The severe
automation of such campaigns and the presence of
ransomware-as-a-service systems have democratized
cybercrime, as even relatively inexperienced parties
can now initiate highly effective attacks.
Another threat vector that is prevalent is phishing,
which in most cases serves as the entry point to bigger
breaches. Phishing emails are especially effective in
healthcare because administrative and clinical staffs
communicate a lot every day. Such emails are often
disguised as normal emails sent by colleagues,
regulators or software vendors in order to induce the
user to click on a malicious link or provide credentials
to a phony portal. After the access is gained,
adversaries may traverse networks laterally, privilege
escalate, and take control of important systems. The
effectiveness of phishing is also promoted by the fact
that most personal devices used to access hospital
systems do not offer the same level of protections that
enterprises are capable of providing.
Malicious or accidental insider threats are also a
widespread risk in a healthcare environment.
Employees might accidentally share confidential
information by mis setting devices, using simple
passwords, or unsecured data transfers. In other
instances, the disgruntled employees can potentially
sabotage systems or steal information. Healthcare is an
extremely collaborative environment with rotating
shifts, temporary staffing, and outside contractors,
making it that much harder to enforce consistent
cybersecurity measures. That difficulty is compounded
by the fact that most clinical workers have received little
cybersecurity training and might not appreciate the full
ramifications of their digital actions.
Another level of complexity is brought by the
proliferation of Internet of Medical Things (IoMT)
devices. Whether it is networked infusion pumps or
wearable health monitors, they all constantly stream
patient data to centralized systems. Although they
provide enormous value with respect to real-time
monitoring and care coordination, they get applied
without proper security measures. Most of the IoMT
devices are operating on unupdated firmware and are
not encrypted and patched easily, increasing the
chances of exploitation. Traditional security perimeters
can be bypassed, and an attack on one device can be
used as the foot Great intro to the rest of the hospital
network.
Cloud computing has helped the hospitals to scale,
enhance data accessibility, and cut down the cost of
infrastructure. Nevertheless, it creates new cyber-
security risks as well. Cloud storage Misconfigurations of
cloud storage environments can make large amounts of
patient data publicly available by accident. Besides, the
multiple tenant nature of cloud computing regularly
creates perplexity with regard to which security control
is liable to secure which component of the framework.
With more hospitals moving an increasing number of
operations to the cloud, adversaries are beginning to
pivot their efforts toward taking advantage of these
environments with credential theft, API misuse, and
data exfiltration.
The misuse of third-party vendors and supply chain
partners is another arising threat. Several types of
services that are provided to healthcare organizations
by outside sources include billing, diagnostics, and even
IT support. A partner is another possible point of entry
by the attackers, particularly when the partners do not
have stringent cybersecurity requirements. After
compromising a system belonging to a third party, the
attackers can exploit the trusted digital relationships to
gain access into the internal infrastructure of the
The American Journal of Engineering and Technology
210
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
hospital. These interrelated risks are specifically hard
to control since the visibility and control are commonly
limited to internal systems, and the rest of the digital
supply chain remains unprotected.
Denial-of-service (DoS) and distributed denial-of-
service (DDoS) attacks are becoming an increasing
problem as well. By flooding the hospitals with traffic,
these attacks bring down web-based applications,
including patient portals, telehealth systems, and
appointment scheduling tools. Even though they do
not lead to direct compromise of data, they can have a
seriously negative effect on operations and
reputations of institutions. In certain instances, the
attacks serve as distractions, whereby the attention is
diverted to the attacks whilst other less suspicious
actions such as data exfiltration are carried out in the
network at the same time.
The threat portfolio is further diligented with social
engineering, credential stuffing, and brute force
attacks. Most of the attackers will use the
compromised or leaked credentials obtained in other
unrelated attacks to access healthcare systems illicitly.
After gaining access, they could get around multi-
factor authentication when it is not set up correctly or
make use of inactive accounts that have been left
active by a weak user lifecycle management. With the
further incorporation of artificial intelligence in the
attac
k’s methodology, the attackers can replicate the
actions of legitimate users, and it may become more
challenging to detect them.
These threats are extreme in nature and considerable
in variety, and they are compounded by systematic
underinvestment in cybersecurity. IT budgets in
healthcare institutions are often limited, and
institutions have to focus more on clinical services and
compliance demands rather than active cybersecurity.
Due to this, several organizations do not have
permanent security teams, do not have the ability to
monitor in real time, or do not have access to updated
threats intelligence. This responsive posture restricts
their capability to identify and counter intrusions early,
extending the dwell time of the attackers and the extent
of damages.
To sum up, the contemporary threat environment in
healthcare is defined by critical assets, minimal
tolerance to disruptions, and a versatile combination of
cyber attackers and methods. The industry has to deal
with the old and new types of risks, and all of them
require an active, multilayered, and situational security
approach. It is critical to understand these threats in
detail to construct proper defenses that may protect not
only institutional resources but also the lives and well-
being of patients under their care.
5.
Innovation Vs Security: Striking The Balance
The contemporary healthcare ecosystem is launched at
a critical stage where technological creativity is no
longer a nice-to-have but a need-to-have. Healthcare
providers are facing a lot of pressure to ensure that they
provide better patient outcomes, decrease operational
inefficiencies,
and
address
changing
patient
expectations. That has prompted the fast adoption of
digital technology like artificial intelligence to assist in
diagnostics, blockchain to share data safely, robotic
process automation to manage hospital back offices,
and telemedicine platforms to conduct consultations
remotely. This wave of innovation has not been without
its cost though. With every new technological
development, come new risks, vulnerabilities and
challenges which when not properly handled may
jeopardize the very systems that they are expected to
enhance. One of the most complicated and pressing
healthcare IT challenges today is finding the balance
between the innovation adoption and implementing
cybersecurity measures.
The American Journal of Engineering and Technology
211
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Figure 03: Adoption Rates of Cybersecurity Frameworks and Technologies Among Healthcare Institutions
Figure Description
: This chart presents comparative
adoption data for five major cybersecurity strategies
and technologies
—
NIST CSF (62%), ISO 27001 (37%),
Zero-Trust (29%), AI Detection (45%), and Blockchain
(12%). It visually communicates the current maturity
and implementation gaps across the industry,
contextualizing the discussion in the “Frameworks and
Best Practices” section regarding best practice
adherence and technological diffusion.
By definition, innovation requires openness, flexibility
and velocity. Clinical innovators and developers
frequently advocate hurried adoption of new tools to
beating competition, addressing patient demands, or
exploiting new potentials. Such a rapid development
life readily pushes up against the extensive security
testing, rigorous audits and defensive in-depth
measures. Security in most organizations is considered
as an afterthought; something that can be
incorporated after the system has been made
functional. This practice puts digital infrastructure at
risk of threats that are not obviously apparent but
when exploited lead to disastrous effects. In others,
they may not be known until after a breach, by which
time remediation is expensive, and reputation is lost.
Meanwhile, excessive strict or conservative security
processes may also hinder innovation. When
healthcare professionals become unable to access
crucial information because of stringent security
measures, or when it takes excessive time to have
changes implemented in the system and evaluated in
terms of risks, healthcare professionals regularly
describe their feelings as being frustrated. Such delays
may restrain the usefulness of a new clinical application
or interrupt workflow in high-stress settings like
emergency departments or intensive care units. The
outcome is an apparent clash between care delivery
personnel and cybersecurity personnel. This tension,
when not addressed effectively, may result in shadow IT
practices, i.e., the situation when, due to the excessive
burden of restrictions, employees start using
unauthorized applications or their personal devices as a
way to bypass those restrictions, which further
increases the security risks.
Among the most noticeable manifestations of such a
conflict is the incorporation of Internet of Medical
Things (IoMT) devices. The technologies hold
transformative possibilities in the areas of real-time
monitoring of patients, personalized medicine, and
data-based decision-making. They however have a poor
security posture most of the time owing to their limited
processing ability, mechanism to receive updates and
lack of standardized protocols. With the spread of such
devices throughout healthcare systems, they become
low-hanging fruit to attackers seeking to gain access to
hospital networks. Healthcare administrators face a
dilemma of whether to consider the short-term clinical
usefulness of these devices or wait to implement them
when proper cybersecurity measures are established,
which may directly affect the quality of patient care and
competitiveness of the organization.
The American Journal of Engineering and Technology
212
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
The usage of cloud-based platforms and mobile apps
also shows how fragile the walk between innovation
and security is. Data sharing across department,
institutions and even countries is possible with cloud
environments leading to greater collaboration and
continuity of care. Mobile applications enable patients
to manage their health-related data, make
appointments, and get virtual consultations. However,
the conveniences also put data at risk of unauthorized
access, insecure APIs, and data leaking. The issue is not
to deny the cloud or mobile innovation, but to
implement them in a responsible manner, i.e. by using
encryption, access controls, constant monitoring and
defined data governance policies.
To balance the acts of innovation and cybersecurity,
there should be a shift in the paradigm with regards to
the perception and application of both in the
healthcare institutions. Rather than considering
security as an obstacle to innovation, they need to be
incorporated into the design, development and
deployment of all new systems, a philosophy referred
to as security-by-design. The strategy includes securing
the assistance of security professionals in the early
stages of the innovation cycle, the consistent analysis
of risk evaluation, and the execution of security
checkpoints in the implementation process. It makes
sure that security is taken in hand in hand with
innovation and not left behind.
The leadership is critical towards creating such
alignment.
Executives
have
to
understand
cybersecurity as a strategic issue, not a technical
operation, which supports organizational resilience
and confidence among the population. CIOs, clinical
leaders, compliance officers, and cybersecurity experts
should work across functionally to develop policies
that are secure and innovation-friendly. Knowledge
gaps can be closed with the investment in ongoing
education and awareness initiatives that would assist
clinical and administrative staff in recognizing the
reasoning behind security measures and motivate
them to contribute to the development of secure
workflows.
Besides, real-time analytics and AI-based threat
detection can facilitate innovation, providing non-
intrusive responsive security. These solutions do not
attempt to block access or slow down systems, instead
they just monitor behavior patterns and react when an
anomaly is detected. This would help healthcare
institutions to achieve fluidity in operations and
preventive threats mitigation. Equally, sandboxing
approaches can be used to test new technologies in
contained environments, prior to their release into live
systems, mitigating the chance of inadvertent
interruptions or exploits.
Policy frameworks have to change as well to adapt to
this equilibrium. The policies must not merely make
data protection obligatory, but they should also
encourage innovation with effective security practices.
Accreditation bodies and insurers can contribute, by
awarding recognition to the organizations that can lead
by example in safe innovational practices. The research
needed to fill the technical gap between state-of-the-art
functionality and air-tight security can be sponsored by
grant programs and public-private partnerships.
Basically, the apparent conflict between security and
innovation is nonexistent. The two are not the opposites
but the complementary parts of a properly operating
digital healthcare ecosystem. Healthcare systems can
become stagnant and inefficient without innovation. In
the absence of security, they stand the chance of
crumbling under the pressure of breaches, lawsuits, and
the lack of public confidence. It is about creating a
culture in which both are prized alike, with systems,
leadership, and policy that show this twin dedication.
Finally, the organizations which will shape future of
healthcare are the ones which are capable of innovating
safely. Not only will they implement state-of-the-art
equipment, but they will also safeguard the purity of
patient information and integrity of their systems. With
innovation and security seen as two supportive
foundations, healthcare facilities may have a clear way
ahead: progressive and secure at the same time,
providing more adequate care without affecting safety
and confidence levels.
6.
Frameworks And Best Practices In Cyber Risk
Management
The transition of healthcare systems to become more
complex and technologically advanced has made the
introduction of organized cybersecurity models and the
observance of best practices to become necessary. They
provide a holistic framework to the management of
cyber risks and outline how organizations should
identify their vulnerabilities, control them, and react to
the incidents. Within the healthcare-related setting,
where patient safety, regulatory, and operational
continuation are closely linked, the significance of a
formalized process of managing risks cannot be
overestimated. A properly integrated cybersecurity
framework supports not only the reinforcement of the
technological infrastructure but also the establishment
of a security-conscious culture and organizational
resilience.
The National Institute of Standards and Technology
(NIST) Cybersecurity Framework is one of the most well-
known cybersecurity in healthcare frameworks. It
provides a framework of five fundamental functions
including Identify, Protect, Detect, Respond, and
Recover. This model allows healthcare organizations to
initially plot their resources and weaknesses, followed
The American Journal of Engineering and Technology
213
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
by installing protective technology, anomaly detection,
rapid response to intrusions, and lastly recovery of
regular functions. The best thing about NIST is that it is
flexible enough to be applied to organizations of
different sizes and at different levels of technological
maturity. Hospitals and clinics may frame their
operations with NIST to enable them to standardize
their cybersecurity approach and leave some
customization in regard to the particular risk profile.
To complement NIST, there is the ISO/IEC 27001
standard that puts more emphasis on implementing an
Information Security Management System (ISMS). This
framework can be specifically helpful in terms of
aligning cybersecurity programs with the higher-level
business aspirations. ISO/IEC 27001 prompts
institutions to approach information security as a
process, and not a technically deployed project,
through
a
repeated
process
of
planning,
implementation, monitoring, and betterment. When
dealing with healthcare providers active in multi-
jurisdictions or having to partner with international
stakeholders, the ISO/IEC 27001 provides an
internationally recognized standard of reference to
illustrate their security maturity and intention to
adhere to best practices.
Another level of guidance is provided by legal
requirements in the United States by the Health
Insurance Portability and Accountability Act (HIPAA)
that establishes legal requirements to protect health
information. Although it is mostly regulatory in
approach,
HIPAA
contains
the
important
administrative, technical, and physical safeguards that
play a critical role in risk management. These are
access
control
requirements,
audit
logging
requirements, user authentication requirements and
secure Data transmission requirements. HIPAA
compliance does not provide any form of
immunization against cyber threats, but it does
provide a baseline level of security and hold healthcare
organizations that possess sensitive patient data
accountable.
In addition to formal structures, there are best
practices that have come out as pillars of effective
cyber risk management in healthcare. Most important
of these is the concept of defense-in-depth, which is a
method of providing multiple security controls to
provide redundancy and failure resiliency at no specific
point. As an example, when an attacker manages to
evade perimeter firewalls, the second line of defense,
which includes endpoint protection, multi-factor
authentication, and role-based access controls, will
minimize the chances of further intrusion. Such a
layered approach is crucial in the field of healthcare,
where the results of a breach may not only have an
impact on data but lives as well.
Another crucial best practice is incident response
planning. Healthcare institutions should not only be
ready to thwart cyberattacks but also detect and isolate
them quickly once they have taken place. An effective
incident response plan will also incorporate pre-
determined roles and responsibility, communication
channels, forensic investigation process, and post
incident assessment systems. Regular tabletop
exercises, simulated attacks, etc. will assist in making
sure that personnel are conversant with emergency
actions and can react quickly when under pressure. The
aim is to limit damage, limit downtime and make sure
regulatory reporting requirements are met.
Risk analysis is part of keeping a current situation of the
threat picture. The frequent evaluations enable the
organizations to determine vulnerabilities that have
emerged as a result of upgrading the system or altering
work processes or because of variations in the threat
landscape. Such evaluations must consist of internal
audits, as well as third-party assessments that will offer
a balanced view of the risk posture of the organization.
In addition, the results must be connected to
remediation action plans that can assign responsibility
and monitor improvement trends.
Zero-trust architecture (ZTA) is another emerging best
practice. ZTA is based on the principle of continuous
verification unlike the traditional perimeter-based
security models that operate on the assumptions of
trust inside the internal network. All users, devices and
system components must authenticate and then get
access to the resources - irrespective of whether they
are inside or outside the organizational firewall. Within
a health care environment where various users need to
access different systems and data in different levels,
zero-trust will grant access to the correct persons to
view the correct information at the correct moment.
Healthcare organizations also start taking advantage of
automation and artificial intelligence in cybersecurity
operations.
Security
Information
and
Event
Management (SIEM) systems are used to gather and
correlate data throughout the IT environment and alert
on anomalies that may represent a breach. The patterns
of behavior related to insider threats or advanced
persistent threats (APTs) can be identified using
machine learning algorithms and respond with a shorter
time than manual monitoring would be able to.
Automation can also contribute to patch management
and assist in making sure the systems are secured
against known vulnerabilities without the pure
intervention of humans.
An effective governance framework is needed to
convert structures and best practices into operations.
This involves establishing extensive leadership
positions, including assigning a Chief Information
Security Officer (CISO) who has the power and tools to
The American Journal of Engineering and Technology
214
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
spearhead cybersecurity efforts. The third party
relationships also should be under governance since
the vendors and partners can create vulnerabilities
unless they are properly vetted. The measures that
need to be taken to ensure a secure extended
ecosystem are the use of strict contract provisions, due
diligence, and constant monitoring of third-party
security practices.
One of the cheapest tools to mitigate the risk is training
and awareness programs. As much as technical
solutions are important, human error remains a
significant source of breaches. Frequent training,
phishing tests, and security awareness initiatives will
instill the culture of diligence throughout the company.
When employees have been educated on cyber
threats, they can easily identify suspicious acts and
report before they escalate.
Simply put, cyber risk management structured
frameworks and best practices are not just a
compliance-related
initiative,
but
a
strategic
requirement that should be at the core of all
contemporary healthcare delivery. These measures
when integrated in a concerted effort would build a
solid architecture that would be resistant to both the
known and the emergent threats. They allow health
providers to innovate without fear, knowing that their
systems, their data, and most importantly their
patients are secure. This forms the basis of intelligent
decision making, operational efficiency and long-term
credibility in an environment of more digitization of
thehealthcare sector.
7.
Discussion
The evidence provided in the current study exemplifies
the complexity and the thus conflicting nature of the
interrelation between cybersecurity implementation
and technological development within the context of
healthcare information technologies systems. It is an
undoubted fact that, as healthcare organizations
proceed with digital transformation, they also have to
deal with an ever more volatile cyber threat landscape.
ts findings raise several key themes: healthcare
systems remain vulnerable to internal and external
attacks, security and innovation are balanced,
inconsistent use of cybersecurity frameworks, and
institutional leadership is vital to achieving a strong
security culture.
Among the most striking observations is the apparent
gap between the relative stagnation in investing and
strategy in cybersecurity and the blistering speed of
innovation. As hospitals and health systems become
avid consumers of technologies, including AI,
telehealth platforms, and IoMT devices, to drive
patient care and operational efficiency, many have not
commensurately enhanced their security posture. This
gap provides a vulnerability period to cyber attackers,
considering that the price of health data keeps growing
in the dark net markets. Further attack surface is
increased through the growing use of third-party
vendors,
cloud-based
platforms,
and
mobile
applications, creating risks that are not directly under
the control of the institution.
The second key takeaway is the unfair influence of
legacy systems. Even with the modernization of
healthcare IT, there are a lot of organizations that are
still using old software and hardware that cannot
support up-to-date security measures. Encryption,
access control, and patching are some of the
fundamental security measures that are not enabled on
these systems, and thus, they are easy to exploit. The
problem of integrating new technologies into such
environments is further aggravated by the fact that in
case of inconsistencies in configuration and
interoperability new vulnerabilities may appear. In
addition, the legacy systems have been in several cases
integrated within the clinical workflow such that
replacing them would be challenging without causing
havoc to the patients.
Another important finding of the study is the pattern of
disparity between regulatory compliance and real
cybersecurity preparedness. Too many healthcare
organizations consider the adherence to regulations
such as HIPAA, GDPR, or NIST to be the mitigation of
risk. Nevertheless, the results indicate that although
compliance ensures a legal basis it does not necessarily
follow that this will result in effective security. Those
organizations which simply intend to comply with
minimum regulations requirements are prone to fail to
comprehend the dynamism of the cyber threat factor,
which changes at a higher rate than policies can be
changed. It follows that it is necessary to look beyond a
checkbox mentality and shift to a proactive and adaptive
cybersecurity approach.
Notably, the interviews and data analysis indicate the
central importance of the organizational culture and
leadership in determining cybersecurity outcomes.
When cybersecurity is a strategic initiative with strong
executive leadership, sufficient funding, and multi-
departmental cooperation, it shows a greater level of
preparedness to incidents and speed of recovery. In
sharp contrast, when cybersecurity remains the
preserve of IT departments only, the response is
invariably reactive, siloed, and under resourced. That
observation supports the concept that successful
cybersecurity is about governance and people as much
as it is about technology.
The results also enlighten the conflict that exists
between usability and security. Security measures that
result in faster access being hampered or processes
being made difficult are always bypassed in a setting
The American Journal of Engineering and Technology
215
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
where clinicians are pressured to provide quick high-
quality care. This operational fact is why shadow IT and
unsecure workarounds, like using personal messaging
applications or external storage drives, are so
common. Although the intentions behind these
practices are good, they present a great deal of risk.
Friction can be minimized by designing security
measures that are designed to be unobtrusive, intuitive,
and integrated into the clinical workflow, thus fostering
compliance.
Figure 04: Decline in Cybersecurity Incidents with Increased Training Frequency
Figure Description
: This figure illustrates the inverse
correlation between cybersecurity training frequency
and breach incident rates. Institutions with no training
experience an average of 3.2 incidents per year, while
those with annual and quarterly trainings report 1.9
and 1.1 incidents, respectively. This data reinforces the
argument in the Discussion section that ongoing staff
training is a critical, cost-effective measure for
reducing vulnerability.
Another positive finding was the ability of the
emerging technologies to promote security. AI-based
threat detection, blockchain-based data integrity, and
zero-trust architectures provide scalable, intelligent
systems that can react to contemporary threats. These
technologies however are not magic wands. They
require considerable implementation, monitoring and
relationship with the existing frameworks of
governance to be effective. Moreover, similarly to any
new technology, new technologies may create
unexpected vulnerabilities unless they are thoroughly
tested and controlled.
One of the most convincing topics that arose is the
necessity of unceasing education and training. The
human factor is also one of the greatest weaknesses, as
the negligence or the absence of awareness among the
employees can lead to a significant number of security
breaches. Organizations with established, continuous
training procedures experience significant drop in
breaches and more personnel interest in cybersecurity
measures. This observation points to the insufficiency of
educational efforts that must be not only technical, but
also placed in the context of the realities of clinical
practice.
Such an argument also raises some critical equity
concerns. Smaller health providers particularly in low-
and medium-income nations or in rural settings, do not
have the means of affording comprehensive
cybersecurity frameworks. This gives an unequal playing
ground where patients under these institutions are
more prone to privacy breach and service interruptions.
Public-sector support, industry partnerships, and open-
source tools have a evident chance to fill this gap and
The American Journal of Engineering and Technology
216
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
encourage a fairer resilience to cyber-attacks
throughout healthcare systems worldwide.
In spite of these results the study admits several
limitations. The first is that the data sources were
varied, but certain geographic areas and organizational
forms might be underrepresented. Second, the
dynamic nature of cybersecurity threat-related
findings is that, within a short period of time, certain
findings might change rapidly. Finally, although the
qualitative interviews were informative, they might
have subjective elements depending on personal
experience as well as institutional settings.
Considering these points, further investigations are
needed to address the longitudinal case studies in
order to consider the way the cybersecurity strategies
change over time in healthcare organizations.
Additional insight into the global best practices can be
achieved through comparative analysis of countries
with varying degrees of regulation and resource
endowment. Also, it is possible to work on the metrics
that would allow measuring the value of investments
in cybersecurity programs and, therefore, help
healthcare executives make decisions about the
resource distribution more effectively.
Finally, the discussion renews the main point of this
paper, which is that innovation and cybersecurity are
not mutually exclusive but should be simultaneously
pursued to achieve the full potential of digital
healthcare. Healthcare organizations can secure their
digital assets and remain innovative in the name of
providing better services to patients by deploying
integrated, adaptive, and human-centered approaches
to cybersecurity. Such a balancing act is difficult but
necessary and possible through the necessary
leadership, structures, and cultural orientation.
8.
Results
In this section, the quantitative and qualitative results
based on the mixed-methods research employed in
this research will be presented. The data is grouped in
terms of the frequency and type of breach, financial
and operational effects, signs of preparedness,
patterns of technological implementation, and
interview perceptions. All findings are given in a
descriptive manner without any interpretation to have
a clear distinction between the presentation and
discussion of data.
The quantitative research based on the data about
breaches in 217 healthcare institutions in six countries
has shown that ransomware attacks were the most
common type of threat, representing 42.8 percent of
all reported attacks between 2018 and 2023. Phishing
attacks were the most common (26.3 percent),
followed by insider threats (13.9
percent),
misconfigurations (9.7 percent), and DDoS attacks (7.3
percent). The attack distribution demonstrated the
year-on-year growth in terms of frequency and
sophistication, with ransomware attacks increasing by
34.5 percent alone between 2020 and 2023.
There was correlation between breach frequency and
hospital size. Healthcare institutions with more than
1,000 employees (large institutions) reported an
average of 3.2 cyber incidents per year, whereas the
institutions with 250-1,000 employees (mid-sized)
reported 1.7 incidents per year on average. Smaller
organizations (less than 250 employees) had an average
of 0.8 incidents per year. Small institutions also
experienced less volume of incidents, but the average
time to breach detection was longer (38 days versus 16
days in large hospitals) and the relative downtime was
greater because of limited resources.
The evidence of financial impact proved to be highly
diverse in accordance with the type of breach and the
level of preparedness to respond. The basic
ransomware attack cost was estimated to be USD 11.4
million at large hospitals and USD 4.2 million at midsized
ones. Phishing-related cases cost on average USD 2.7
million, mostly because of reputational damage and
exposure
of
patient
data.
By
comparison,
misconfigurations or malicious insider access incidents
were much cheaper on average (USD 0.9 million), but
still led to operational impact and regulatory fines.
The lowest amount of downtime because of cyber
incident was 4 hours, and the highest was 23 days.
Organizations with pre-determined incident response
plan and cyber insurance got back on their feet 61
percent quicker in comparison to organizations with no
formal plan. Hospitals that had a recorded response
protocol experienced an average of 6.8 days of
downtime, whereas those that did not have such a
protocol had 14.1 days of downtime. The severity of
breaches and the time taken to recover were less in
hospitals that had cybersecurity simulation training of
staff.
On the implementation of cybersecurity frameworks, 62
percent of the sampled institutions indicated that they
were aligned to the NIST Cybersecurity Framework. Of
these, 81 percent had deployed every one of the five
main functions; Identify, Protect, Detect, Respond, and
Recover. Thirty-seven percent of institutions, mostly
large, private hospitals and academic medical centers,
reported ISO/IEC 27001 compliance. HIPAA compliance
was almost absolute in the U.S.-based institutions;
whereas, only 53 percent of those institutions had
current internal documentation of all the mandated
administrative safeguards.
Regarding the integration of emerging technology, 45
percent of the institutions had implemented AI-
powered threat detection controls in at least one
The American Journal of Engineering and Technology
217
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
department. Sixty-seven percent of these noted
enhanced anomaly detection and elimination of alert
fatigue on the part of the cybersecurity teams. The use
of blockchain to ensure data integrity of EHR was also
not widely implemented, with just 12 percent of
institutions testing blockchain-based applications. The
implementation of zero-trust architecture principles
was seen in 29 percent of institutions, with the
majority of those institutions also noting recent cloud
migrations.
Interview data showed some common themes across
roles and regions. 83% of respondents said that
cybersecurity was not considered a strategic issue but
an operational one in their organizations. 61% of those
interviewed felt that the biggest impediment to
adopting advanced cybersecurity tools was budgetary
constraints. 74% of interviewees recognized the
existence of shadow IT practices, including the use of
unauthorized messaging apps or devices, particularly
in high-stress units like emergency rooms and ICUs.
The other trend that was raised through qualitative
answers was that of governance and decision-making.
Fewer than two in five institutions had a formal Chief
Information Security Officer (CISO) position, and, in
many institutions, cybersecurity had been spread across
IT managers or compliance officers. Institutions that had
formal cybersecurity governance structure were much
more probable to accomplish yearly risk assessment,
employee training, and vendor audit.
The measures of training and awareness varied based
on the size and the location of the institutions. The
reported incident rate was 40 percent lower in hospitals
that performed quarterly cybersecurity training
compared with those that performed training annually
or on an as-needed basis. The institutions that carried
out simulation exercises (27%) had greater employee
involvement
in
the
cybersecurity
processes.
Nonetheless, forty-nine percent of interviewees
claimed that clinical personnel viewed cybersecurity
training as a regulatory (as opposed to a vital part of
patient care) exercise.
Figure 05: Changing Distribution of Breach Types in Healthcare from 2018 to 2023
Figure Description
: The stacked area chart tracks the
evolving composition of healthcare breaches over a
six-year period. Ransomware incidents rose from 20%
to
43%,
with
phishing,
insider
threats,
misconfigurations, and DDoS attacks also showing
notable growth. This visual supports the Results
section’s emphasis on the dynamic and escalating
nature of cyber threats, emphasizing the need for
adaptive risk management.
The problem of cloud security and third-party vendor
risk became prominent. Out of the 217 organizations, 66
percent had suffered at least one security problem
caused by a third-party service provider. In 28 percent
of all breaches, misconfigured cloud storage settings
were mentioned as the main points of attack, mostly
targeting institutions that are in the process of digital
transformation and do not have comprehensive in-
house IT support.
The American Journal of Engineering and Technology
218
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
In general, the findings demonstrate the existence of
several overlapping areas that influence cybersecurity
posture, including organizational size, leadership
structure, technology adoption, training practices, and
framework implementation. Each of these factors has
a varying contribution to the likelihood of breach,
severity of impact and the time of recovery. Such
results give grounds to assess the possibilities of
balancing innovation and risk management through
cybersecurity approaches in the healthcare system.
9.
Limitations And Future Research Directions
Although the present study offers an in-depth
examination of the topic of cybersecurity measures
regarding
healthcare
information
technology
infrastructure, there is a set of limitations that should
be disclosed to promote transparency and guide the
development of the subsequent studies. Such
constraints are mostly associated with sample
diversity, fast dynamics of cyber threat, variation in
cybersecurity infrastructure across regions, and
institutional differences in resources. It is important to
address these limitations so that the generalizability,
applicability, and precisely of the study findings could
be extended.
First, despite the fact that the sample of 217 healthcare
institutions in six countries has been intentionally
diversified in terms of their size and operation, the
geographic distribution is not balanced. The
institutions represented in the dataset were mostly
based in high-income nations that have fairly
developed digital infrastructures and regulatory
compliance frameworks. This makes the study only
applicable to low-and-middle-income countries, in
which healthcare institutions can be confronted with
substantially different issues. The constraints of the
budget, the legacy systems, and the lack of technical
staff in such environments may lead to significantly
different priorities regarding cybersecurity compared
to the ones in more advanced environments. Future
work ought to increase the geographic scale to a more
balanced set of global healthcare organizations, thus
representing a greater diversity of organizational
pressures and cultural difference in cybersecurity
practices.
Second, the evolving quality of the cyber threats itself
is a natural restriction of any current analysis. The
vectors of attack are constantly changing, usually
becoming faster than the institutional defense and
academic write-ups. The study's reliance on data
collected between 2018 and 2023 means that findings
may not fully reflect the newest threat tactics or
technological responses that have emerged post-
collection. Furthermore, the adversarial application of
artificial intelligence and the escalating complexity of
nation-state attacks are indicators of a reshaped threat
environment that is not (yet) reflected in the
appropriate frameworks. To keep up with such a
fluctuating field, however, longitudinal studies
continuously tracking the trend of breaches, response
methods, and technology integration will be required.
Third, although including qualitative data in the form of
interviews provided the results with a valuable
contextual depth, it also inserted possible biases of self-
reporting. Participants may have overstated the
maturity of their institutions' cybersecurity strategies or
downplayed vulnerabilities due to reputational
concerns. Besides, the views of clinical staff were not
represented in certain interview samples, which might
have restricted the study in its insight into the
challenges of cybersecurity awareness and compliance
on an operational level. Future studies ought to include
a wider range of stakeholders, such as frontline
clinicians, patients, IT support, and cybersecurity
vendors, to create a more comprehensive image of
cybersecurity culture and its practical effects.
One more limitation is connected with measuring and
quantifying the effects of breaches. Although cost
estimates and downtime periods were based on viable
industry reports and internal records, there can be
variation due to institutions calculating these values
differently. Not all organizations will include indirect
costs (reputational damage or patient loss) and some
will not have the means to conduct elaborate
assessments of financial impact. Future research ought
to promote standardized measures and industry
benchmarks which would enable more confident cross-
institutional comparisons and cost-benefit analyses of
cybersecurity investments.
Also, the organizational ready and framework adoption
were studied but the technological implementation
fidelity was not extensively evaluated. As an illustration,
the presence of the AI-based threat detection tools or
zero-trust architectures adoption was widely reported
among the institutions, but the detail, scope, and quality
of these deployments could not be consistently verified.
Not all deployments will cover enterprise-wide
protection, and some can remain at the pilot stage or in
a single department. Future research can focus on the
details of implementation case studies and evaluate
performance, scalability, and integration issues in a
variety of healthcare settings.
Patient perspectives were also not studied and are
becoming more relevant in digital health era. Patients
are also increasingly mindful of the use, storage, and
protection of their data, and perceived data security is
directly related to patient trust in a healthcare provider.
learning more about how patients feel about current
cybersecurity measures, how much control they would
like to have over the use of their digital health data, and
the impact that data breaches have on their health-care
The American Journal of Engineering and Technology
219
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
behavior can help to inform patient-friendly security
policies.
As far as the future research directions are concerned,
a number of areas can be named as especially
promising. First, one should examine the economic
argument of cybersecurity investments in healthcare.
Measuring the security initiatives return on investment
(ROI), not only according to their ability to prevent
breaches but also according to their contribution to
operational continuity, compliance effectiveness, and
patient trust would help make wiser resource-
allocation decisions. This involves creation of models
that consider both tangible and intangible data breach
costs and economic advantages of built-in security
systems.
Second, cybersecurity and artificial intelligence are two
spheres that should be examined more closely.
Although AI provides an effective way of detecting
anomalies and responding automatically to them, it
has also made machines vulnerable to new kinds of
risks, including model poisoning and adversarial
attacks. Research on safe implementation, execution,
and supervision of AI applications in medical facilities
will be imperative to maintain trust and performance.
Third, a study could explore the topic of cybersecurity
workforce in healthcare. Threats are becoming
increasingly sophisticated, which is why the need to
recruit
professionals
with
interdisciplinary
backgrounds and knowledge of healthcare operations
and cybersecurity measures is obvious. Evaluation of
existing training, determination of the gaps in skills,
and development of curricula that span technical and
clinical divides can play a part in a more secure stance
throughout the institutions.
Lastly, head-to-head tests of the efficiency of different
cybersecurity frameworks, including NIST, ISO/IEC
27001, and those country-specific, might assist
healthcare executives in making evidence-based
decisions regarding which of these strategies would be
most effective in their particular situation. Aw damage
awareness of the implementation difficulties,
scalability and tangible results of each and every
framework may help to sustain more customized and
sustainable cybersecurity practices.
Finally, even though the presented study represents an
important stepping stone towards developing an
adequate understanding of how healthcare facilities
manage the challenge of cybersecurity in the context
of active innovation, it will be necessary to address its
limitations in the course of further development. The
increased variety of data, round-the-clock observation
of the ever-changing threats, and unification of
metrics, as well as the involvement of more
stakeholders, can boost the soundness and relevance
of the future studies greatly. With an increasingly high
level of digitization of the healthcare industry, the
significance of long-term, dynamic, and inclusive
cybersecurity research will continue to grow.
10.
Conclusion And Recommendations
The intersection of digital transformation and
cybersecurity in healthcare has brought about amazing
opportunities as well as perplexing challenges. The aim
of the present research was to consider the means
through which medical institutions can strike the right
balance between the rapidly growing rate of
technological advancement and the urgent necessity to
secure sensitive patient information and guarantee the
structural soundness of their systems. The results have
highlighted a simple fact: cybersecurity and innovation
are not two incompatible goals, but two supports of a
strong and modern healthcare system.
It was found that healthcare organizations are operating
in a highly unpredictable threat environment that is
characterized by ransomware, phishing, malicious
insiders, and risks created by cloud misconfigurations
and third-party vendors. Not only are such threats
common, but they are also getting more advanced, with
most of them exploiting the weakest points in human
behavior, outdated systems, and patchy security
measures. The financial and operation cost of such
breaches is astounding as it usually runs into millions of
dollars per breach and more importantly it jeopardizes
patient trust and patient safety.
Simultaneously, the paper has shown that innovation in
healthcare, be it AI-based diagnostics, telemedicine, or
IoMT devices, is essential to improve the delivery of
services, patient outcomes, and efficiency. But the
innovation also has risks as it is implemented without
adequate planning, management or coordination with
cybersecurity strategy. And those hospitals that adopt a
hasty approach to adopting the latest technologies,
without factoring in the security consequences, are
usually vulnerable and end up undermining the very
benefits they are trying to realize.
According to the findings, the most successful
institutions are those incorporating cybersecurity as
part of the innovation lifecycle. They take frameworks
like NIST or ISO/IEC 27001 not as a checklist to pass an
audit, but as a strategy to rely on when making all
decisions, including procurement, deployment, etc.
These organizations acknowledge that cybersecurity
does not belong to IT departments only, but it is an
institutional shared responsibility. They prioritize
training and awareness of employees, as well as
retaining specific leadership (CISOs) and routine risk
assessment and simulation training. Consequently, they
not only have fewer occurrences but also take shorter
durations to recuperate and have better reputations in
The American Journal of Engineering and Technology
220
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
the minds of their patients and stakeholders.
These are encouraging practices although there are
still challenges. The ability to implement modern tools
or employ specialized workers is restricted by the
resources, especially in small and rural healthcare
institutions. The incident response plans or security
documentation is up to date in many institutions.
Moreover, according to a cultural gap that still exists in
most healthcare settings, cybersecurity is viewed as an
impediment, as opposed to a facilitator of care. It will
take a mix of strategic investing, policy alignment,
cross-functional teamwork, and constant learning to
defeat these challenges.
On the basis of the findings, it is possible to formulate
several practical recommendations to healthcare
leaders, policymakers, and technology providers who
could strengthen cybersecurity without hindering the
pace of innovation.
One, cybersecurity should be managed as a strategic
issue and not only a technical requirement within
healthcare organizations. This means promoting
cybersecurity to an executive level with CISOs
possessing decision-making capability and control over
the budget. It will also entail incorporating
cybersecurity aspects in the entire innovation and
procurement procedures to inculcate security by
design.
Second, organizations ought to embrace and integrate
globally accepted cybersecurity models. Frameworks
like the NIST and ISO/IEC 27001 offer guided
frameworks that are flexible and comprehensive in
nature and enable organizations to build mature
security postures based on their size, function and risk
appetite. The adoption must come with frequent
audits and success metrics as well as improvement
cycles.
Third, the human factors should be tackled with the
continuous training and awareness programs. Staff,
especially those working in clinical positions, should be
enabled with the knowledge and the means to identify
threats, report suspicious activities, and practice
securely. To induce behavioral change, training must
be interesting, role- oriented and supported by
simulations and real-life cases.
Fourth, medical organizations ought to invest in smart
and dynamic cybersecurity technologies. Security
Information and Event Management (SIEM) platforms,
AI-based threat detection and zero-trust architectures
are scalable and responsive defensive mechanisms
that have the potential to match the contemporary
multi-faceted threats. To realize the best of these
technologies, they ought to be chosen and deployed
considering aspects of interoperability, usability, and
training of the staff to ensure efficiency.
Fifth, incident response planning should be employed as
a rule within the healthcare field. Organizations are
supposed to create and exercise response procedures
that entail role designation, escalation, forensic
procedures, as well as recovery plans. Such procedures
must be revised periodically, and confirmed by
exercising to confirm their functionality when the real
incidents occur.
Sixth, policymakers can play an important role in
facilitating secure innovation. They ought to provide a
boost to investments in cybersecurity by way of grants,
subsidies, or even tax exemptions, especially to
resource-strained providers. The regulation needs to
strike a balance between prescriptive regulation or
flexibility, which promotes proactive risk management
and does not inhibit innovation. Also, governments
ought to initiate international collaborations in order to
normalize cybersecurity expectations, encourage threat
intelligence sharing, and collectively respond to
transnational cyber threats.
Seventh, it is necessary to raise the standards of
accountability of the vendor ecosystem. Healthcare
organizations ought to implement stringent vendor
management policies, such as contract provisions that
require cybersecurity standards, third-party audits, and
real-time observation of all vendor activity. This is
particularly significant in a landscape where cloud usage
and outsourcing are ever increasing.
Lastly, the principle of secure by design has to be applied
to future innovations. Security must be baked into the
development of software or implementation of IoMT
devices and new platforms as opposed to an
afterthought that occurs after a deployment has been
made. The technology vendors should work closely with
the healthcare facilities to co-innovate solutions that
are practical and robust because the end-users work in
high-stakes and time-sensitive settings.
To sum up, the dichotomy between innovation and
cybersecurity in healthcare IT is not a mere possibility to
strike the right balance between the two, but a
necessity. Those organizations which accept this dual
obligation will be in a better place to provide high-
quality safe and efficient care in a digital world.
Cybersecurity can become a competitive advantage of
healthcare
institutions
that embrace
strategic
frameworks, empowered leadership, education and
technology investment, and a culture of shared
responsibility. It is not only the question of how we
innovate in healthcare, but how we innovate safely, and
this paper provides a guide to that future.
11.
References
1.
Williams PA, Woodward AJ. Cybersecurity
vulnerabilities in medical devices: a complex
systems
challenge.
J
Med
Internet
Res.
The American Journal of Engineering and Technology
221
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
2019;21(5):e11261.
2.
Kruse CS, Frederick B, Jacobson T, et al.
Cybersecurity in healthcare: a systematic review of
modern threats and trends. Technol Health Care.
2021;29(1):1-19.
3.
Jalali MS, Kaiser JP. Cybersecurity in hospitals: a
systematic review of threats, vulnerabilities, and
mitigation strategies. IEEE Access. 2020;8:106309-
106327.
4.
Gordon WJ, Fairhall A. The financial impact of
healthcare
data
breaches.
Health
Aff.
2022;41(3):456-464.
5.
Coventry L, Branley D. Cybersecurity in healthcare:
a narrative review of threats, impacts, and
countermeasures. J Med Syst. 2021;45(8):78.
6.
HHS.gov. HCA Healthcare Data Breach: Lessons
Learned. 2023.
7.
Fernandez A, Abreu R. HIPAA compliance and
cybersecurity: challenges and solutions. J Healthc
Inf Manag. 2020;34(2):45-52.
8.
Cresswell K, Sheikh A, Krasuska M. Reconciling
technological
and
security
innovation
in
healthcare.
BMJ
Health
Care
Inform.
2021;28(1):e100271.
9.
Anderson M, Agarwal R. The security challenges of
legacy systems in healthcare. Commun ACM.
2020;63(4):72-81.
10.
Chen T, Wang Y, Zheng X. AI-driven cybersecurity
for healthcare: a review. Artif Intell Med.
2022;124:102246.
11.
Kshetri
N.
Blockchain
and
healthcare:
opportunities
and
challenges.
IT
Prof.
2021;23(3):24-29.
12.
Sweeney P, Williams R. Blockchain in healthcare:
hype or
reality?
J Med
Internet
Res.
2022;24(3):e17246.
13.
Pfleeger SL, Caputo DD. Leveraging behavioral
science to mitigate insider threats in healthcare.
IEEE Secur Priv. 2021;19(2):56-64.
14.
Kesh S, Ratnasingam P. Security-by-design in
healthcare IT: a framework for implementation.
Health Policy Technol. 2022;11(1):100602.
15.
Wager KA, Lee FW, Glaser JP. Health Care
Information Systems: A Practical Approach for
Health Care Management. 4th ed. Wiley; 2021.
16.
Appari A, Johnson ME. Information security and
privacy in healthcare: current state and future
directions. Int J Med Inform. 2020;141:104216.
17.
Gupta BB, Agrawal DP. Cybersecurity in healthcare:
attacks and challenges. Comput Electr Eng.
2021;90:106958.
18.
Kindervag J, Bannan M. Zero Trust Networks:
Building Secure Systems in Untrusted Networks.
O’Reilly Media; 2020.
19.
Subramanian N, Azarmi M. Cloud security in
healthcare: risks and mitigation. J Cloud Comput.
2021;10(1):1-15.
20.
Furnell S, Vasileiou I. Cybersecurity in healthcare: a
global
perspective.
Comput
Secur.
2022;112:102525.
21.
Romanosky S, Telang R. The economics of
cybersecurity
in
healthcare.
J
Cybersecur.
2021;7(1):tyab003.
22.
HIMSS Analytics. 2023 Healthcare Cybersecurity
Survey. 2023.
23.
Kruse CS, Frederick B, Jacobson T, et al.
Cybersecurity in healthcare: a systematic review of
modern threats and trends. Technol Health Care.
2021;29(1):1-19.
24.
Coventry L, Branley D. Cybersecurity in healthcare:
a narrative review of threats, impacts, and
countermeasures. J Med Syst. 2021;45(8):78.
25.
Gordon WJ, Fairhall A. The financial impact of
healthcare
data
breaches.
Health
Aff.
2022;41(3):456-464.
26.
Jalali MS, Kaiser JP. Cybersecurity in hospitals: a
systematic review of threats, vulnerabilities, and
mitigation strategies. IEEE Access. 2020;8:106309-
106327.
27.
Williams PA, Woodward AJ. Cybersecurity
vulnerabilities in medical devices: a complex
systems
challenge.
J
Med
Internet
Res.
2019;21(5):e11261.
28.
Anderson M, Agarwal R. The security challenges of
legacy systems in healthcare. Commun ACM.
2020;63(4):72-81.
29.
Chen T, Wang Y, Zheng X. AI-driven cybersecurity for
healthcare:
a
review.
Artif
Intell
Med.
2022;124:102246.
30.
Kshetri N. Blockchain and healthcare: opportunities
and challenges. IT Prof. 2021;23(3):24-29.
31.
Artificial Intelligence and Machine Learning as
Business Tools: A Framework for Diagnosing Value
Destruction
Potential
-
Md
Nadil
Khan,
Tanvirahmedshuvo, Md Risalat Hossain Ontor,
Nahid Khan, Ashequr Rahman - IJFMR Volume 6,
Issue
1,
January-February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.23680
32.
Enhancing Business Sustainability Through the
The American Journal of Engineering and Technology
222
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Internet of Things - MD Nadil Khan, Zahidur
Rahman,
Sufi
Sudruddin
Chowdhury,
Tanvirahmedshuvo, Md Risalat Hossain Ontor, Md
Didear Hossen, Nahid Khan, Hamdadur Rahman -
IJFMR Volume 6, Issue 1, January-February 2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.2411
8
33.
Real-Time Environmental Monitoring Using Low-
Cost Sensors in Smart Cities with IoT - MD Nadil
Khan,
Zahidur
Rahman,
Sufi
Sudruddin
Chowdhury, Tanvirahmedshuvo, Md Risalat
Hossain Ontor, Md Didear Hossen, Nahid Khan,
Hamdadur Rahman - IJFMR Volume 6, Issue 1,
January-February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.2316
3
34.
IoT and Data Science Integration for Smart City
Solutions - Mohammad Abu Sufian, Shariful
Haque, Khaled Al-Samad, Omar Faruq, Mir Abrar
Hossain, Tughlok Talukder, Azher Uddin Shayed -
AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1086
35.
Business Management in an Unstable Economy:
Adaptive Strategies and Leadership - Shariful
Haque, Mohammad Abu Sufian, Khaled Al-Samad,
Omar Faruq, Mir Abrar Hossain, Tughlok Talukder,
Azher Uddin Shayed - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1084
36.
The Internet of Things (IoT): Applications,
Investments, and Challenges for Enterprises - Md
Nadil Khan, Tanvirahmedshuvo, Md Risalat
Hossain Ontor, Nahid Khan, Ashequr Rahman -
IJFMR Volume 6, Issue 1, January-February 2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.2269
9
37.
Real-Time Health Monitoring with IoT - MD Nadil
Khan,
Zahidur
Rahman,
Sufi
Sudruddin
Chowdhury, Tanvirahmedshuvo, Md Risalat
Hossain Ontor, Md Didear Hossen, Nahid Khan,
Hamdadur Rahman - IJFMR Volume 6, Issue 1,
January-February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.2275
1
38.
Strategic Adaptation to Environmental Volatility:
Evaluating the Long-Term Outcomes of Business
Model Innovation - MD Nadil Khan, Shariful Haque,
Kazi Sanwarul Azim, Khaled Al-Samad, A H M Jafor,
Md. Aziz, Omar Faruq, Nahid Khan - AIJMR Volume
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1079
39.
Evaluating the Impact of Business Intelligence
Tools on Outcomes and Efficiency Across Business
Sectors - MD Nadil Khan, Shariful Haque, Kazi
Sanwarul Azim, Khaled Al-Samad, A H M Jafor, Md.
Aziz, Omar Faruq, Nahid Khan - AIJMR Volume 2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1080
40.
Analyzing the Impact of Data Analytics on
Performance Metrics in SMEs - MD Nadil Khan,
Shariful Haque, Kazi Sanwarul Azim, Khaled Al-
Samad, A H M Jafor, Md. Aziz, Omar Faruq, Nahid
Khan - AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1081
41.
The Evolution of Artificial Intelligence and its Impact
on Economic Paradigms in the USA and Globally -
MD Nadil khan, Shariful Haque, Kazi Sanwarul Azim,
Khaled Al-Samad, A H M Jafor, Md. Aziz, Omar
Faruq, Nahid Khan - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1083
42.
Exploring the Impact of FinTech Innovations on the
U.S. and Global Economies - MD Nadil Khan, Shariful
Haque, Kazi Sanwarul Azim, Khaled Al-Samad, A H M
Jafor, Md. Aziz, Omar Faruq, Nahid Khan - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1082
43.
Business Innovations in Healthcare: Emerging
Models for Sustainable Growth - MD Nadil khan,
Zakir Hossain, Sufi Sudruddin Chowdhury, Md. Sohel
Rana, Abrar Hossain, MD Habibullah Faisal, SK Ayub
Al Wahid, MD Nuruzzaman Pranto - AIJMR Volume
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1093
44.
Impact of IoT on Business Decision-Making: A
Predictive Analytics Approach - Zakir Hossain, Sufi
Sudruddin Chowdhury, Md. Sohel Rana, Abrar
Hossain, MD Habibullah Faisal, SK Ayub Al Wahid,
Mohammad Hasnatul Karim - AIJMR Volume 2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1092
45.
Security Challenges and Business Opportunities in
the IoT Ecosystem - Sufi Sudruddin Chowdhury,
Zakir Hossain, Md. Sohel Rana, Abrar Hossain, MD
Habibullah Faisal, SK Ayub Al Wahid, Mohammad
Hasnatul Karim - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1089
46.
The Impact of Economic Policy Changes on
International Trade and Relations - Kazi Sanwarul
Azim, A H M Jafor, Mir Abrar Hossain, Azher Uddin
Shayed, Nabila Ahmed Nikita, Obyed Ullah Khan -
AIJMR Volume 2, Issue 5, September-October 2024.
The American Journal of Engineering and Technology
223
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
47.
Privacy
and
Security
Challenges
in
IoT
Deployments - Obyed Ullah Khan, Kazi Sanwarul
Azim, A H M Jafor, Azher Uddin Shayed, Mir Abrar
Hossain, Nabila Ahmed Nikita - AIJMR Volume 2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1099
48.
Digital
Transformation
in
Non-Profit
Organizations:
Strategies,
Challenges,
and
Successes - Nabila Ahmed Nikita, Kazi Sanwarul
Azim, A H M Jafor, Azher Uddin Shayed, Mir Abrar
Hossain, Obyed Ullah Khan - AIJMR Volume 2, Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1097
49.
AI and Machine Learning in International
Diplomacy and Conflict Resolution - Mir Abrar
Hossain, Kazi Sanwarul Azim, A H M Jafor, Azher
Uddin Shayed, Nabila Ahmed Nikita, Obyed Ullah
Khan - AIJMR Volume 2, Issue 5, September-
October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1095
50.
The Evolution of Cloud Computing & 5G
Infrastructure and its Economical Impact in the
Global Telecommunication Industry - A H M Jafor,
Kazi Sanwarul Azim, Mir Abrar Hossain, Azher
Uddin Shayed, Nabila Ahmed Nikita, Obyed Ullah
Khan - AIJMR Volume 2, Issue 5, September-
October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1100
51.
Leveraging Blockchain for Transparent and
Efficient Supply Chain Management: Business
Implications and Case Studies - Ankur Sarkar, S A
Mohaiminul Islam, A J M Obaidur Rahman Khan,
Tariqul Islam, Rakesh Paul, Md Shadikul Bari -
IJFMR Volume 6, Issue 5, September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.2849
2
52.
AI-driven Predictive Analytics for Enhancing
Cybersecurity in a Post-pandemic World: a
Business Strategy Approach - S A Mohaiminul
Islam, Ankur Sarkar, A J M Obaidur Rahman Khan,
Tariqul Islam, Rakesh Paul, Md Shadikul Bari -
IJFMR Volume 6, Issue 5, September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.2849
3
53.
The Role of Edge Computing in Driving Real-time
Personalized Marketing: a Data-driven Business
Perspective - Rakesh Paul, S A Mohaiminul Islam,
Ankur Sarkar, A J M Obaidur Rahman Khan, Tariqul
Islam, Md Shadikul Bari - IJFMR Volume 6, Issue 5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.2849
4
54.
Circular Economy Models in Renewable Energy:
Technological Innovations and Business Viability -
Md Shadikul Bari, S A Mohaiminul Islam, Ankur
Sarkar, A J M Obaidur Rahman Khan, Tariqul Islam,
Rakesh Paul - IJFMR Volume 6, Issue 5, September-
October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28495
55.
Artificial Intelligence in Fraud Detection and
Financial Risk Mitigation: Future Directions and
Business Applications - Tariqul Islam, S A
Mohaiminul Islam, Ankur Sarkar, A J M Obaidur
Rahman Khan, Rakesh Paul, Md Shadikul Bari -
IJFMR Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28496
56.
The Integration of AI and Machine Learning in
Supply Chain Optimization: Enhancing Efficiency
and Reducing Costs - Syed Kamrul Hasan, MD Ariful
Islam, Ayesha Islam Asha, Shaya afrin Priya, Nishat
Margia Islam - IJFMR Volume 6, Issue 5, September-
October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28075
57.
Cybersecurity in the Age of IoT: Business Strategies
for Managing Emerging Threats - Nishat Margia
Islam, Syed Kamrul Hasan, MD Ariful Islam, Ayesha
Islam Asha, Shaya Afrin Priya - IJFMR Volume 6,
Issue
5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28076
58.
The Role of Big Data Analytics in Personalized
Marketing: Enhancing Consumer Engagement and
Business Outcomes - Ayesha Islam Asha, Syed
Kamrul Hasan, MD Ariful Islam, Shaya afrin Priya,
Nishat Margia Islam - IJFMR Volume 6, Issue 5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28077
59.
Sustainable Innovation in Renewable Energy:
Business Models and Technological Advances -
Shaya Afrin Priya, Syed Kamrul Hasan, Md Ariful
Islam, Ayesha Islam Asha, Nishat Margia Islam -
IJFMR Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28079
60.
The Impact of Quantum Computing on Financial Risk
Management: A Business Perspective - Md Ariful
Islam, Syed Kamrul Hasan, Shaya Afrin Priya, Ayesha
Islam Asha, Nishat Margia Islam - IJFMR Volume 6,
Issue
5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28080
61.
AI-driven
Predictive
Analytics,
Healthcare
Outcomes, Cost Reduction, Machine Learning,
Patient Monitoring - Sarowar Hossain, Ahasan
Ahmed, Umesh Khadka, Shifa Sarkar, Nahid Khan -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/ 10.62127/aijmr.2024.v02i05.1104
62.
Blockchain in Supply Chain Management: Enhancing
The American Journal of Engineering and Technology
224
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Transparency, Efficiency, and Trust - Nahid Khan,
Sarowar Hossain, Umesh Khadka, Shifa Sarkar -
AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1105
63.
Cyber-Physical Systems and IoT: Transforming
Smart Cities for Sustainable Development - Umesh
Khadka, Sarowar Hossain, Shifa Sarkar, Nahid Khan
- AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1106
64.
Quantum Machine Learning for Advanced Data
Processing in Business Analytics: A Path Toward
Next-Generation Solutions - Shifa Sarkar, Umesh
Khadka, Sarowar Hossain, Nahid Khan - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1107
65.
Optimizing Business Operations through Edge
Computing: Advancements in Real-Time Data
Processing for the Big Data Era - Nahid Khan,
Sarowar Hossain, Umesh Khadka, Shifa Sarkar -
AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1108
66.
Data Science Techniques for Predictive Analytics in
Financial Services - Shariful Haque, Mohammad
Abu Sufian, Khaled Al-Samad, Omar Faruq, Mir
Abrar Hossain, Tughlok Talukder, Azher Uddin
Shayed - AIJMR Volume 2, Issue 5, September-
October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1085
67.
Leveraging IoT for Enhanced Supply Chain
Management in Manufacturing - Khaled AlSamad,
Mohammad Abu Sufian, Shariful Haque, Omar
Faruq, Mir Abrar Hossain, Tughlok Talukder, Azher
Uddin Shayed - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1087
33
68.
AI-Driven Strategies for Enhancing Non-Profit
Organizational Impact - Omar Faruq, Shariful
Haque, Mohammad Abu Sufian, Khaled Al-Samad,
Mir Abrar Hossain, Tughlok Talukder, Azher Uddin
Shayed - AIJMR Volume 2, Issue 5, September-
October
2024.
https://doi.org/10.62127/aijmr.2024.v02i0.1088
69.
Sustainable Business Practices for Economic
Instability: A Data-Driven Approach - Azher Uddin
Shayed, Kazi Sanwarul Azim, A H M Jafor, Mir Abrar
Hossain, Nabila Ahmed Nikita, Obyed Ullah Khan -
AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1095
70.
Mohammad Majharul Islam, MD Nadil khan,
Kirtibhai Desai, MD Mahbub Rabbani, Saif Ahmad, &
Esrat Zahan Snigdha. (2025). AI-Powered Business
Intelligence in IT: Transforming Data into Strategic
Solutions for Enhanced Decision-Making. The
American Journal of Engineering and Technology,
7(02),
59
–
73.
https://doi.org/10.37547/tajet/Volume07Issue02-
09
71.
Saif Ahmad, MD Nadil khan, Kirtibhai Desai,
Mohammad Majharul Islam, MD Mahbub Rabbani,
& Esrat Zahan Snigdha. (2025). Optimizing IT Service
Delivery with AI: Enhancing Efficiency Through
Predictive Analytics and Intelligent Automation. The
American Journal of Engineering and Technology,
7(02),
44
–
58.
https://doi.org/10.37547/tajet/Volume07Issue02-
08
72.
Esrat Zahan Snigdha, MD Nadil khan, Kirtibhai Desai,
Mohammad Majharul Islam, MD Mahbub Rabbani,
& Saif Ahmad. (2025). AI-Driven Customer Insights
in IT Services: A Framework for Personalization and
Scalable Solutions. The American Journal of
Engineering and Technology, 7(03), 35
–
49.
https://doi.org/10.37547/tajet/Volume07Issue03-
04
73.
MD Mahbub Rabbani, MD Nadil khan, Kirtibhai
Desai, Mohammad Majharul Islam, Saif Ahmad, &
Esrat
Zahan
Snigdha.
(2025).
Human-AI
Collaboration
in
IT
Systems
Design:
A
Comprehensive Framework for Intelligent Co-
Creation. The American Journal of Engineering and
Technology,
7(03),
50
–
68.
https://doi.org/10.37547/tajet/Volume07Issue03-
05
74.
Kirtibhai Desai, MD Nadil khan, Mohammad
Majharul Islam, MD Mahbub Rabbani, Saif Ahmad,
& Esrat Zahan Snigdha. (2025). Sentiment analysis
with ai for it service enhancement: leveraging user
feedback for adaptive it solutions. The American
Journal of Engineering and Technology, 7(03), 69
–
87.
https://doi.org/10.37547/tajet/Volume07Issue03-
06
75.
Mohammad Tonmoy Jubaear Mehedy, Muhammad
Saqib Jalil, MahamSaeed, Abdullah al mamun, Esrat
Zahan Snigdha, MD Nadil khan, NahidKhan, & MD
Mohaiminul Hasan. (2025). Big Data and Machine
Learning inHealthcare: A Business Intelligence
Approach for Cost Optimization andService
Improvement. The American Journal of Medical
Sciences
andPharmaceutical
Research,
115
–
135.https://doi.org/10.37547/tajmspr/Volume07Is
sue0314.
The American Journal of Engineering and Technology
225
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
76.
76. Maham Saeed, Muhammad Saqib Jalil,
Fares Mohammed Dahwal, Mohammad Tonmoy
Jubaear Mehedy, Esrat Zahan Snigdha, Abdullah
al mamun, & MD Nadil khan. (2025). The Impact of
AI on Healthcare Workforce Management:
Business Strategies for Talent Optimization and IT
Integration. The American Journal of Medical
Sciences and Pharmaceutical Research, 7(03),
136
–
156.
https://doi.org/10.37547/tajmspr/Volume07Issue
03-15
77.
Muhammad Saqib Jalil, Esrat Zahan Snigdha,
Mohammad Tonmoy Jubaear Mehedy, Maham
Saeed, Abdullah al mamun, MD Nadil khan, &
Nahid Khan. (2025). AI-Powered Predictive
Analytics in Healthcare Business: Enhancing
OperationalEfficiency and Patient Outcomes. The
American Journal of Medical Sciences and
Pharmaceutical
Research,
93
–
114.
https://doi.org/10.37547/tajmspr/Volume07Issue
03-13
78.
Esrat Zahan Snigdha, Muhammad Saqib Jalil, Fares
Mohammed Dahwal, Maham Saeed, Mohammad
Tonmoy Jubaear Mehedy, Abdullah al mamun, MD
Nadil khan, & Syed Kamrul Hasan. (2025).
Cybersecurity in Healthcare IT Systems: Business
Risk Management and Data Privacy Strategies. The
American Journal of Engineering and Technology,
163
–
184.
https://doi.org/10.37547/tajet/Volume07Issue03-
15
79.
Abdullah al mamun, Muhammad Saqib Jalil,
Mohammad Tonmoy Jubaear Mehedy, Maham
Saeed, Esrat Zahan Snigdha, MD Nadil khan, &
Nahid Khan. (2025). Optimizing Revenue Cycle
Management in Healthcare: AI and IT Solutions for
Business Process Automation. The American
Journal of Engineering and Technology, 141
–
162.
https://doi.org/10.37547/tajet/Volume07Issue03-
14
80.
Hasan, M. M., Mirza, J. B., Paul, R., Hasan, M. R.,
Hassan, A., Khan, M. N., & Islam, M. A. (2025).
Human-AI Collaboration in Software Design: A
Framework for Efficient Co Creation. AIJMR-
Advanced
International
Journal
of
Multidisciplinary
Research,
3(1).
DOI:
10.62127/aijmr.2025.v03i01.1125
81.
Mohammad
Tonmoy
Jubaear
Mehedy,
Muhammad Saqib Jalil, Maham Saeed, Esrat Zahan
Snigdha, Nahid Khan, MD Mohaiminul Hasan.The
American Journal of Medical Sciences and
Pharmaceutical
Research,
7(3).
115-
135.https://doi.org/10.37547/tajmspr/Volume07I
ssue03-14.
82.
Junaid Baig Mirza, MD Mohaiminul Hasan, Rajesh
Paul, Mohammad Rakibul Hasan, Ayesha Islam
Asha. AIJMR-Advanced International Journal of
Multidisciplinary Research, Volume 3, Issue 1,
January-February
2025
.DOI:
10.62127/aijmr.2025.v03i01.1123.
83.
Mohammad Rakibul Hasan, MD Mohaiminul Hasan,
Junaid Baig Mirza, Ali Hassan, Rajesh Paul, MD Nadil
Khan, Nabila Ahmed Nikita.AIJMR-Advanced
International Journal of Multidisciplinary Research,
Volume 3, Issue 1, January-February 2025 .DOI:
10.62127/aijmr.2025.v03i01.1124.
