BACKGROUND: COVID-19 has challenged the resilience of the health care information system, which has affected our ability to achieve the global goal of health and well-being . The pandemic has resulted in a number of recent cyberattacks on hospitals, pharmaceutical companies, the US Department of Health and Human Services, the World Health Organization and its partners, and others .
OBJECTIVE: The aim of this review was to identify key cybersecurity challenges, solutions adapted by the health sector, and areas of improvement needed to counteract the recent increases in cyberattacks (eg, phishing campaigns and ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people introduced through changes to working practices in response to the COVID-19 pandemic .
METHODS: A scoping review was conducted by searching two major scientific databases (PubMed and Scopus) using the search formula``(covid OR healthcare) AND cybersecurity ."Reports, news articles, and industry white papers were also included if they were related directly to previously published works, or if they were the only available sources at the time of writing . Only articles in English published in the last decade were included (ie , 2011-2020) in order to focus on current issues, challenges, and solutions .
RESULTS: We identified 9 main challenges in cybersecurity , 11 key solutions that health care organizations adapted to address these challenges, and 4 key areas that need to be strengthened in terms of cybersecurity capacity in the health sector . We also found that the most prominent and significant methods of cyberattacks that occurred during the pandemic were related to phishing, ransomware, distributed denial-of-service attacks, and malware .
CONCLUSIONS: This scoping review identified the most impactful methods of cyberattacks that targeted the health sector during the COVID-19 pandemic, as well as the challenges in cybersecurity, solutions, and areas in need of improvement . We provided useful insights to the health sector on cybersecurity issues during the COVID-19 pandemic as well as other epidemics or pandemics that may materialize in the future.