Authors : Itunu Omolade Dave-Agboola; Richard Kayode Alhassan

Volume/Issue : Volume 11 - 2026, Issue 4 - April

Google Scholar : https://tinyurl.com/mmh82pkk

Scribd : https://tinyurl.com/ys3ne45x

DOI : https://doi.org/10.38124/ijisrt/26apr799

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Introduction The COVID-19 pandemic unexpectedly accelerated the digital transformation of healthcare systems, exposing them to unprecedented cybersecurity risks. During the COVID-19 pandemic, the healthcare system was affected by ransomware, phishing, and other cyber threats which disrupted the delivery of healthcare services, compromised patient data, and challenged public health emergency response. Although the cyberthreats and cyberattacks were documented, there is a limited synthesis of lessons learned for pandemic preparedness.  Methods Following the Arksey and O’Malley framework and PRISMA-ScR guidelines, we conducted a systematic search of peer-reviewed and grey literature published between January 2020 and December 2025 across PubMed, Scopus, Web of Science, IEEE Xplore, and Google Scholar. Eligible studies reported on cyber threats, mitigation measures, and impacts on healthcare or public health response during COVID-19. Data were extracted using a standardized template and analyzed descriptively and thematically, categorizing threats, mitigation strategies, and lessons learned.  Results Twenty-six studies were included, comprising scoping/systematic reviews, empirical analyses, case studies, surveys, and policy reports. The most prevalent threats were ransomware and phishing, followed by malware, device/IoMT vulnerabilities, and data breaches. Impacts included service disruption, diagnostic delays, patient safety risks, and widespread data exposure. Mitigation strategies spanned technical (e.g., multi-factor authentication, segmentation, backups), organizational (e.g., incident response planning, workforce training), and policy/governance measures (e.g., reporting systems, cross-sector coordination). Key lessons highlighted the importance of layered socio-technical defenses, workforce preparedness, tested recovery plans, and integrated cyber governance. Major gaps were noted in the evaluation of mitigation effectiveness, and research on cyberbiosecurity and infodemic-related threats.  Conclusions Health systems must adopt resilient, evidence-informed, socio-technical strategies to mitigate cyber threats, maintain continuity of care, and protect patient data. Policymakers should integrate cybersecurity into emergency planning, strengthen reporting and governance frameworks, and support research on intervention effectiveness and emerging threats.

Keywords : Cybersecurity; Healthcare; Public Health; COVID-19; Pandemic Preparedness; Ransomware; Phishing; Mitigation Strategies; Scoping Review.

References :

1. Al‐Qahtani, A. F., & Cresci, S. (2022). The COVID‐19 scamdemic: A survey of phishing attacks and their countermeasures during COVID‐19. IET Information Security, 16(5), 324-345.
2. Arksey, H., & O’Malley, L. (2005). Scoping studies: towards a methodological framework. International Journal of Social Research Methodology, 8(1), 19–32.
3. ASPR. (2023). Healthcare sector cybersecurity. U.S. Department of Health & Human Services. Retrieved from https://aspr.hhs.gov/cyber/Documents/Health-Care-Sector-Cybersecurity-Dec2023-508.pdf.
4. Bloomberg (2023). Case study of ransomware attack on Irish health services. Available at https://www.bloomberg.com/news/features/2023-02-03/ireland-hospital-ransomware-attack-fractured-hacker-group-conti
5. Boven, L. S., Kusters, R. W., Tin, D., van Osch, F. H., De Cauwer, H., Ketelings, L., ... & Barten, D. G. (2024). Hacking acute care: a qualitative study on the health care impacts of ransomware attacks against hospitals. Annals of emergency medicine, 83(1), 46-56.
6. Chigada, J. (2020). Cyberattacks and threats during COVID-19: A systematic literature review. Journal of Cybersecurity, 6(1), 1–14.
7. Chen, J., Mohamed, M. A., Dampage, U., Rezaei, M., Salmen, S. H., Obaid, S. A., & Annuk, A. (2021). A multi-layer security scheme for mitigating smart grid vulnerability against faults and cyber-attacks. Applied Sciences, 11(21), 9972.
8. CISA. (2021, January). Cybersecurity perspectives: Healthcare and public health response to COVID-19. Cybersecurity and Infrastructure Security Agency. Retrieved from https://www.cisa.gov/sites/default/files/publications/CISA_01132021_HPH_Factsheet_508.pdf
9. CyberPeace Institute. (2021). Cyber incidents affecting the healthcare sector during COVID-19. Retrieved from https://cyberpeaceinstitute.org/report/2021-03-CyberPeaceInstitute-SAR001-Healthcare-ExecSummary.pdf
10. Cycore Compliance. (2025). Healthcare in cybersecurity: Trends, threats, and solutions. Retrieved from https://www.cycoresecure.com/blogs/healthcare-cybersecurity-trends-threats-solutions
11. Dialoghealth. (2025). 120+ latest healthcare cybersecurity statistics for 2025. Retrieved from https://www.dialoghealth.com/post/healthcare-cybersecurity-statistics.
12. Eriksen, M. B., & Frandsen, T. F. (2018). The impact of patient, intervention, comparison, outcome (PICO) as a search strategy tool on literature search quality: a systematic review. Journal of the Medical Library Association, 106(4), 420–431.
13. Ewoh, O., & Vartiainen, T. (2024). Vulnerability to cyberattacks and sociotechnical solutions for health care systems: A systematic review. Health Informatics Journal.
14. Fox-IT (2022). Understanding the impact of ransomeware on patient response. Do we know enough? Available at https://www.fox-it.com/be/understanding-the-impact-of-ransomware-on-patient-outcomes-do-we-know-enough/.
15. Georgiadou, A., Mouzakitis, S., & Askounis, D. (2021). Hospitals’ cybersecurity culture during the COVID-19 crisis. Information & Computer Security.
16. Gioulekas, F., Stamatiadis, E., Tzikas, A., Gounaris, K., Georgiadou, A., Michalitsi-Psarrou, A., ... & Ntanos, C. (2022, February). A cybersecurity culture survey targeting healthcare critical infrastructures. In Healthcare (Vol. 10, No. 2, p. 327). MDPI.
17. He, Y., Aliyu, A., Evans, M., & Luo, C. (2021). Health care cybersecurity challenges and solutions under the climate of COVID-19: A scoping review. Journal of Medical Internet Research, 23(4), e21747.
18. Hoheisel, R., van Capelleveen, G., Sarmah, D. K., & Junger, M. (2023). The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains. Computers & Security, 128, 103158.
19. INTERPOL (2020). Annual Report 2020. Global law enforcement analysis of cyber fraud and scams. Available at https://www.interpol.int › content › download
20. Klick, J., Brandstetter, T., et al. (2021). Epidemic? The attack surface of German hospitals during the COVID-19 pandemic. Computer Security Journal.
21. Laith, A. E. (2025). Addressing cyberbiosecurity challenges in the life sciences. Journal of Global Biosecurity.
22. Li, S., Surineni, K., & Prabhakaran, N. (2025). Cyber-attacks on hospital systems: A narrative review. The American Journal of Geriatric Psychiatry: Open Science, Education, and Practice, 7, 30-39.
23. Muthuppalaniappan, M., & Stevenson, K. (2021). Healthcare cyber-attacks and the COVID-19 pandemic: An urgent threat to global health. International Journal for Quality in Health Care, 33(1), mzaa117.
24. Neprash, H. T., et al. (2022). Trends in ransomware attacks on US hospitals and clinics, 2016–2021. JAMA Health Forum.
25. Papathanasiou, A., Liontos, G., Liagkou, V., & Glavas, E. (2023). Business email compromise (BEC) attacks: threats, vulnerabilities and countermeasures—a perspective on the Greek landscape. Journal of Cybersecurity and Privacy, 3(3), 610-637.
26. Portela, D., et al. (2023). Economic impact of a hospital cyberattack in a national context. Health Policy and Technology.
27. Rajput, K., Darzi, A., & Ghafur, S. (2025). Overlooked and under-reported: the impact of cyberattacks on primary care in the UK National Health Service. The Lancet Digital Health, 7(7).
28. Tricco, A. C., Lillie, E., Zarin, W., et al. (2018). PRISMA Extension for Scoping Reviews (PRISMA-ScR): Checklist and Explanation. Annals of Internal Medicine, 169(7), 467–473.
29. Sabet, C., Lin, J. C., Zhong, A., & Nguyen, D. (2024). Cybersecurity in the age of digital pandemics: protecting patient data in low-income and middle-income countries. The Lancet Global Health, 12(6), e911-e912.
30. World Health Organization. (2024). WHO reports outline responses to cyber-attacks on health care and the rise of disinformation in public-health emergencies. Retrieved from https://www.who.int/news/item/06-02-2024-who-reports-outline-responses-to-cyber-attacks-on-health-care-and-the-rise-of-disinformation-in-public-health-emergencies