The American Journal of Engineering and Technology
163
https://www.theamericanjournals.com/index.php/tajet
TYPE
Original Research
PAGE NO.
163-184
10.37547/tajet/Volume07Issue03-15
OPEN ACCESS
SUBMITED
29 January 2025
ACCEPTED
24 February 2024
PUBLISHED
13 March 2025
VOLUME
Vol.07 Issue03 2025
CITATION
Esrat Zahan Snigdha, Muhammad Saqib Jalil, Fares Mohammed Dahwal,
Maham Saeed, Mohammad Tonmoy Jubaear Mehedy, Abdullah al mamun,
MD Nadil khan, & Syed Kamrul Hasan. (2025). Cybersecurity in Healthcare
IT Systems: Business Risk Management and Data Privacy Strategies. The
American Journal of Engineering and Technology, 163
–
184.
https://doi.org/10.37547/tajet/Volume07Issue03-15
COPYRIGHT
© 2025 Original content from this work may be used under the terms
of the creative commons attributes 4.0 License.
Cybersecurity in
Healthcare IT Systems:
Business Risk
Management and Data
Privacy Strategies
1
Esrat Zahan Snigdha,
2
Muhammad Saqib Jalil,
3
Fares Mohammed Dahwal,
4
Maham Saeed,
5
Mohammad Tonmoy Jubaear Mehedy,
6
Abdullah
al mamun,
7
MD Nadil khan,
8
Syed Kamrul Hasan
1
Master of Science in Management Healthcare, Washington University of
Science and Technology (wust), Eisenhower Ave, Alexandria VA 22314,
USA
2
Management and Information Technology, St. Francis College, Brooklyn,
New York, USA
3
Department of Cyber Security, Rochester Institute of Technology, 1
Lomb Memorial Dr, NY14623
4
Master of science in management Healthcare, St. Francis College,
Brooklyn, New York, USA
5,7
Department of Information Technology, Washington University of
Science and Technology (wust), Eisenhower Ave, Alexandria VA 22314,
USA
6
Department of Business Analytics, St. Francis College, Brooklyn, New
York, USA
8
Department of Data Management and Analytics, Washington University
of Science and Technology (wust), Eisenhower Ave, Alexandria VA 22314,
USA
Abstract:
The security threats against healthcare IT
systems create multiple significant hazards to patient
data purity together with compliance requirements and
ongoing organizational operations. These days growing
healthcare digitization has caused cyberattacks like
ransomware and data breaches and phishing attacks to
increase sharply while creating financial damage and
reputation loss for healthcare facilities. The research
will examine how business risk management combines
with data privacy strategies to safeguard healthcare
cybersecurity structures through analysis of risk
mitigation plans and regulatory adherence and
technological security development. The research
incorporates published works alongside current
scientific investigations which expose the security
The American Journal of Engineering and Technology
164
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
weaknesses and new threats affecting medical IT
systems. Statistical data about cybersecurity breaches
and financial losses and regulatory compliance failures
undergo quantitative analysis for the purpose of
delivering applicable findings. Organizations within the
healthcare sector fight to properly execute security
standards created by regulatory requirements
including HIPAA and GDPR and NIST because of
financial
and
operating
limitations.
Security
improvements stem from using AI threat detection
together with blockchain secure data exchange
protocols and the implementation of Zero Trust
Architecture (ZTA). The research identifies the need for
healthcare organizations to build cybersecurity
defenses through dedicated protective measures which
unify regulatory compliance with innovative technology
deployments
and
precautionary
security
risk
approaches. This study brings value to the
cybersecurity domain by developing a business-
oriented
framework
which
guides
healthcare
organizations to handle risks and fulfill international
data protection mandates.
Keywords:
Cybersecurity, Healthcare IT, Data Privacy,
Risk Management, Compliance.
Introduction:
Healthcare industry infrastructure
underwent transformation due to digital technologies
that provide better management of patient care and
operational efficiency and healthcare data processing.
Healthcare IT systems became optimal targets for
digital criminals because of the speed at which
hospitals digitized their medical processes. Digital
security in healthcare exceeds technological concerns
because it presents executives with major business
risks faced by patient privacy along with regulatory
standards and financial security requirements.
Organizations within the healthcare sector that include
hospitals and clinics as well as pharmaceutical
businesses handle extensive sensitive datasets
encompassing medical histories of patients together
with financial records and research information.
Healthcare IT infrastructure that connects cloud
computing components with IoT devices and EHR
systems makes the healthcare sector more prone to
cyberattacks. Cyber threats have become more
sophisticated because of ransomware attacks along
with phishing schemes and Distributed Denial-of-
Service attacks which now threaten the security basis
of medical IT systems. The catastrophic consequences
of cybersecurity breakdowns have become evident
through recent events such as Universal Health Services
and SingHealth because they resulted in financial losses
and operational interruptions along with legal
responsibilities.
Several healthcare providers receive rising financial
support for cybersecurity yet maintain difficulty
establishing security systems that correspondence with
modern security risks. The main barrier stems from
healthcare IT systems being split across different
components that include outdated software and legacy
programs with weak encryption and inadequate
security standards. Healthcare entities face unusually
strict regulatory challenges because they must follow
Health Insurance Portability and Accountability Act
(HIPAA) in the United States and General Data
Protection Regulation (GDPR) in the European Union
and Personal Data Protection Act (PDPA) in different
areas. Healthcare providers who must follow these
regulatory requirements need both financial and
technical resources which small and mid-sized health
facilities do not possess. Telemedicine and remote
patient monitoring technologies alongside emerging
medical devices have enlarged security threats that
now endanger both digital communications and health-
tech equipment exposure. Ransomware attackers take
advantage of healthcare industry weaknesses to launch
data encryption schemes which force medical
organizations to pay exorbitant prices to regain
accessibility to their patient files. The healthcare sector
worldwide experienced a 74% ransomware attack
surge during 2022 according to IBM's Cost of a Data
Breach Report. Organizational expenses for each
breach averaged $10.1 million during this period.
Healthcare facilities must deal with comprehensive
expenses and brand damage because of cybersecurity
system failures that reach much farther than
immediate financial losses. Individual breaches of
patient data lead to both trust declines among patients
as well as financial penalties from regulators and
service interruptions within essential healthcare
facilities. The business model of healthcare institutions
should treat cybersecurity as a main strategic threat
which requires organized assessment of risks and
regulatory compliance combined with proactive threat
reduction and continuous technological advancement.
The current security approaches based on firewalls and
antivirus software prove inadequate for fighting against
modern cyber adversary tactics. Organizations need to
adopt Zero Trust Architecture (ZTA) because this
framework operates on the principle that all access
demands must be treated as risks and requires precise
authentication procedures. Security solutions which
incorporate artificial intelligence (AI) and machine
The American Journal of Engineering and Technology
165
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
learning (ML) capabilities successfully identify and stop
cyber threats during live operations. AI threat detection
systems process massive data to spot abnormal
activities that lead to potential security threats which
they address at their initial stages. The security of
healthcare data through Blockchain technology
establishes a decentralized method of patient record
management which upholds data protection laws
through tamper-proof solutions.
Healthcare entities need to change their approach to
security governance when mergering business risk
management with cyber defense operations. Executive
leadership together with board members should
establish cybersecurity spending as vital for risk
management because it surpasses status as a
supplemental IT matter. Healthcare institutions need to
perform detailed risk assessments alongside this
implementation of cyber hygiene instruction and
development of incident response manuals to reduce
possible data breaches. Stringent cybersecurity
standards are enforced by regulatory bodies which also
supply rules and best practices for compliance
purposes. Healthcare organizations need continuous
adaptation to combat cyber threats which demands
proactive use of threat intelligence exchange and
ethical hacking tests and real-time security monitoring
systems. Healthcare organizations require cyber
resilience strategies because cyberattacks create
substantial economic and operational damage and
enable the organization to stay secure when facing
security incidents while sustaining patient care delivery
and operational continuity.
The research examines healthcare cybersecurity
challenges and regulatory elements together with
technological developments because it develops a
business-focused system to handle cyber threats. Real-
world data analysis combines with an assessment of
present cybersecurity regulations and new solutions to
generate practical findings that strengthen healthcare
institutions both in security posture and compliance
with worldwide digital regulations. The research will
demonstrate the requirement for multidimensional
cybersecurity
defense
models
which
unite
governmental compliance standards with organization
risk reduction techniques with state-of-the-art
protection systems. Maintaining digital healthcare
integrity alongside patient faith requires an immediate
proactive framework focused on cybersecurity because
healthcare IT systems encounter more serious and
frequent cyberattacks.
LITERATURE REVIEW
Medical digitization transformed healthcare delivery
and management operations however it resulted in
serious cybersecurity challenges for the healthcare
sector. Applications in healthcare IT become more
vulnerable to cybercriminals because these systems
maintain highly sensitive information about patients
such as medical histories, financial data together with
personal
health
records.
Modern
healthcare
infrastructure that includes EHRs and cloud computing
along with IoT devices provides cyber attackers easy
access because it expands their target area. ¹,²
The healthcare industry continues to experience
growing cybersecurity threats because ransomware
stands out as a primary menace. The encryption of
essential healthcare information during ransomware
attacks creates data obstruction while forcing victims to
pay for data recovery services which results in
substantial interruption of healthcare services.
Undertaking the 2020 ransomware attack on Universal
Health Services rendered its entire IT systems
inoperable at multiple facilities which provoked both
financial damages along with operational breakdowns
across locations.³ The SingHealth breach from 2018
revealed the personal information of 1.5 million
patients proving cybersecurity failures entail disastrous
consequences.⁴ These events demonstrate healthcare
requires strong cybersecurity systems.
The consigned category of phishing attacks targets
human weakness by exploiting users to illicitly obtain
sensitive data.
⁵ Verizon's research revealed data
breaches affecting 22% of healthcare organizations
through phishing attacks thus making employee
awareness training crucial.⁶ Besides phishing attacks
Distributed Denial-of-Service (DDoS) attacks target
healthcare facilities and require advanced solutions to
safeguard IT infrastructure.⁷
The American Journal of Engineering and Technology
166
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Figure 01: Cybersecurity Threats and Mitigation Strategies in Healthcare IT Systems
Figure Description:
This flowchart delineates the
multifaceted
cybersecurity
threats
confronting
healthcare IT systems and maps out corresponding
mitigation strategies. It categorizes threats into internal
vulnerabilities, external attacks, and regulatory
challenges, illustrating pathways leading to potential
data breaches and operational disruptions. The chart
further outlines proactive defense mechanisms,
including technological interventions, staff training,
and adherence to organizational policies, emphasizing
the necessity for a comprehensive approach to
cybersecurity in healthcare.
Healthcare organizations must follow the security
guidelines laid out by regulatory standards which
include HIPAA and GDPR along with NIST because they
protect patient data and maintain compli
ance.⁸ HIPAA
requires healthcare entities to establish administrative
physical and technical protection systems for electronic
health information yet GDPR allows EU citizens to
receive compensation equivalent to 4% of their
organization's global annual turnover upon detecting
noncompliance.⁹
Multiple complex regulatory frameworks create
challenges for healthcare system implementations that
causes gaps which expose them to potential
cyberattacks. ¹⁰ The Ponemon Institute found that 60%
of healthcare institutions suffered data breaches
because they failed to follow regulatory standards.¹¹
This demonstrates why healthcare organizations need
better systems to follow regulations and include
compliance within overall cybersecurity strategies.¹²
Moreover, smaller healthcare organizations face
additional challenges because they lack sufficient
cybersecurity expertise and resources which makes
them vulnerable to attacks.¹³
Healthcare organizations fight contemporary cyber
threats through the implementation of sophisticated
technologies including AI and blockchain alongside Zero
Trust Architecture (ZTA). Real-time threat detection
through AI systems utilizes machine learning to review
extensive datasets so they detect irregular activities
and defend against security threats. The resulting
detection methods demonstrate effectiveness in
minimizing cyberattacks and speeding up responses
with lower damage levels.¹⁴ AI solutions demonstrate
their ability to identify ransomware attacks which leads
to their successful preventio
n of data encryption.¹⁵
The system based on blockchain technology provides
secure decentralized management of patient records
which prevents unauthorized changes and guarantees
data integrity as well as security. Blockchain technology
combines safe data exchange capabilities with
standards for data protection and allows organizations
to achieve both interoperability and accreditation
compliance.¹⁶ Zero Trust Architecture (ZTA) as a
security framework tracks every requested access as a
The American Journal of Engineering and Technology
167
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
possible security threat through strict verification to
reduce
unauthorized
access.¹⁷
These
security
approaches working together create robust healthcare
IT infrastructure.¹⁸
Healthcare cybersecurity extends beyond technology
into an essential business operational danger.
Healthcare organizations face substantial financial
losses and reputational damage because of data
breaches having an average cost of $10.1 million during
2022 according to new estimates.¹⁹ Patients lose trust
while regulatory penalties arise along with critical
medical service disruptions.²⁰
Organizational
strategy
should
integrate
risk
management as an active form of cybersecurity
implementation. Organizations need to perform
complete risk evaluations and run cyber hygiene
instructional courses and create incident response
frameworks.²¹ Executive administrators must make
cybersecurity funding mandatory and should raise it as
fundamental risk management instead of attaching it to
supplementary IT duties.²² Moreover, each employee
must understand their responsibility to protect
sensitive information through enhanced organizational
cybersecurity education.²³
Medical facilities using information technology
encounter multiple barriers while attempting to
safeguard their IT infrastructure despite having current
cybersecurity solutions. Medical institutions face
substantial threats due to their health IT infrastructure
which primarily contains old security protocols and
fragmented technological infrastructure.²⁴ Additionally
telemedicine and remote patient monitoring expansion
creates additional security threats for medical
equipment and digital patient communication
networks.²⁵
Healthcare institutions must use a stratified
cybersecurity plan to handle compliance requirements
along with business protection and modern
tec
hnological defense strategies.²⁶ This needs active
response because cyber threats continually evolve.
Through intelligence sharing programs along with
practical security testing initiatives and real-time threat
detection services, organizations can outpace their
enemies.²⁷ Collaborative efforts between healthcare
entities and government offices and cybersecurity
professionals guide better practice development²⁸.
The convergence between cyber security management
and healthcare business risk requires healthcare
organizations to transition their security governance
model
toward
new
approaches.
Regulatory
frameworks such as HIPAA and GDPR provide a
foundation for data protection, but their effective
implementation remains a challenge for many
healthcare organiza
tions.²⁹ Advanced technologies like
AI, blockchain, and ZTA offer promising solutions, but
their integration into a comprehensive cybersecurity
strategy is crucial.³⁰ By adopting a proactive and holistic
approach to cybersecurity, healthcare institutions can
safeguard patient data, maintain trust, and uphold the
integrity of digital healthcare services.
METHODOLOGY
A data-oriented approach serves this research to
analyze healthcare IT system security risks by studying
business risk management methods together with data
privacy approaches. The study utilized quantitative
research to examine cybersecurity incidents and their
associated financial impacts and regulatory compliance
problems due to increasing cyberattack complexities
against healthcare organizations. Research findings
originated from critical information sources: security
breach disclosures as well as audits for compliance and
monetary documents from healthcare facilities
together with surveys conducted by respected
organizations like IBM and Ponemon Institute and
Verizon’s Data Breach Investigations Report. The main
goal was to gather evidence about healthcare IT system
weaknesses
and
assess
several
cybersecurity
frameworks for their risk reduction capabilities. An
evaluation of cybersecurity statistics during 2019-2024
was conducted to validate the accuracy and credibility
of data regarding cyberattacks in healthcare, their
financial impact, compliance breakdowns along with
observing rates of emerging technologies including
Artificial Intelligence (AI), Blockchain, and Zero Trust
Architecture (ZTA).
A comparative case study analysis supplementing the
research investigated major cybersecurity breaches
which occurred in healthcare facilities scattered
throughout
different
worldwide
regions.
The
examination of two incidents thoroughly analyzed the
recurrent system flaws and security holes within
healthcare systems. The 2020 ransomware attack on
Universal Health Services led to total IT outage while
the 2018 SingHealth hacking event exposed 1.5 million
patient records. Healthcare businesses effectively
assessed their cybersecurity risks by implementing
statistical models to determine both the risks factors
and their associated financial consequences. The
research relied on descriptive and inferential statistical
analysis that combined trend examination techniques
with regression methodologies as well as risk
probability methods to investigate healthcare
The American Journal of Engineering and Technology
168
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
organizational cybersecurity breach statistics and their
financial costs. The research connects the occurrence
and magnitude of cyberattacks to vital organizational
elements such as size together with IT funding
possibilities and regulatory standards and security
platform development so healthcare entities can
maximize their cybersecurity investment effectiveness.
The methodology required an assessment of
cybersecurity compliance frameworks consisting of
HIPAA, GDPR, NIST Cybersecurity Framework and ISO
27001 to evaluate their power in stopping cyber
breaches and protecting data security. The study
measured improved cybersecurity resilience by
evaluating
publicly
accessible
data
including
compliance reports alongside regulatory actions and
penalty assessments of these compliance frameworks.
The research gathered qualitative data regarding
healthcare challenges by interviewing experts in
cybersecurity security and conducting surveys with IT
security professionals and regulatory compliance
professionals and policymakers. The survey tool
evaluated four essential aspects: financial obstacles,
workforce education standards, compliance regulatory
hurdles as well as AI technology effects on healthcare
database protection.
Researchers analyzed current implementations of AI
threat detection systems and blockchain healthcare
data security platforms and ZTA acceptance in medical
institutions for solution evaluation. The study
investigated
healthcare
organizations
which
successfully implemented these technologies to
determine operational challenges alongside best
practices. Conducting a practical impact analysis relied
on performance metrics between mean-time-to-detect
(MTTD) and mean-time-to-respond (MTTR) when it
comes to cyber threats alongside encryption efficiency
assessments for blockchain applications in combination
with authentication success rate measurements within
ZTA frameworks.
The research required ethical emphasis because
healthcare cybersecurity involves handling critically
sensitive patient records. Research data came from
public sources while the study avoided using personally
identifiable information to meet ethical standards. The
research followed principles from the Belmont Report
to protect privacy and practice beneficence and justice
in the management of cybersecurity-related data.
Several different external sources verified our findings
to achieve both bias reduction and objective financial
impact assessments of cyber-attacks against healthcare
organizations.
The study design incorporated reproducibility as a
primary factor when developing its methodology.
Future researchers can leverage this research
foundation since researchers have detailed the
application of statistical models and analytical
frameworks and cybersecurity risk assessment
methods. The research combines quantitative
methods, case evaluations, regulatory framework
analysis and expert insights to create a complete and
evidence-based exploration of healthcare IT system
cybersecurity issues. This research’s methodological
structure which cascade across multiple layers delivers
information essential for academic institutions as well
as industrial parties because it helps healthcare
institutions
and
cybersecurity
specialists
and
policymakers improve their data protection practices
together with risk management systems.
BUSINESS RISK MANAGEMENT IN HEALTHCARE IT
SECURITY
Healthcare became more exposed to cyber threats
because of its growing digital infrastructure therefore
demanding a strong and complete business risk
management framework. Healthcare IT systems face
cybersecurity risks which go beyond technical problems
since they create significant business risks that affect
finances and operations and damage reputation.
Healthcare organizations that digitize patient records
alongside telemedicine implementation and the use of
Internet of Medical Things (IoMT) devices experience
an extremely large growth in total areas exposed to
attack. Cybercriminals take advantage of expanded
health care institutions visibility to carry out attacks
which include attempts to steal money from the
healthcare system while also seeking opportunities to
manipulate data or disrupt healthcare infrastructure.
Cyber attacks that succeed cause devastating
operational interruptions which harm patient care and
cause delays in medical procedures and produce
expenses exceeding regulatory fines by adding legal
expenses along with reputation disasters and patient
trust diminishment. The extensive connection between
health care IT systems makes the situation even more
hazardous because individual network breaches quickly
propagate across various facilities thus compromising
tools that support clinical decisions and digital records
and billing systems.
Healthcare cybersecurity business risk management
demands a forward-looking strategy uniting regulatory
adherence with security infrastructure development
and threat information analysis and regular risk
assessment of possible threats. The implementation of
quantitative risk analysis and qualitative risk evaluation
The American Journal of Engineering and Technology
169
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
methods helps organizations strategically allocate their
security funds by assigning threat-related numerical
values and threat-related impact assessments.
Insufficient
protective
measures
result
from
organizations that fail to appreciate the seriousness of
cybersecurity threats which allows important system
vulnerabilities to remain unattended. Medical
organizations suffer from more than 60% of data
breaches due to poor risk management which stems
from both financial limitations and insufficient cyber
security knowledge according to Ponemon Institute
research. Medicare breaches within healthcare
facilities cost more than other industries according to
IBM’s Cost of a Data Breach Report since organizations
typically pay $10.1 million per incident. The expensive
consequences prove that healthcare organizations
must place cybersecurity in the central position of their
core business risk management structure instead of
considering it a secondary IT concern.
Healthcare organizations encounter challenges when
adopting regulatory compliance approaches to reduce
cybersecurity risks because they fail to meet the
requirements of HIPAA, GDPR and the NIST
Cybersecurity Framework. Noncompliance creates two
major risks for organizations: financial consequences
through penalties and weakened security positions that
raise attack vulnerability. Classified healthcare
institutions need to maintain a regulatory state by
running constant risk assessments and training staff as
well as implementing encryption along with multi-
factor authentication and access control systems.
Compliancy by itself does not ensure safety so
organizations must embed cybersecurity into their total
risk management structure to maintain consistent
defense against developing security threats. Healthcare
institutions require a flexible approach to compliance
because new regulatory requirements appear due to
advancing cyber threats in the ever-evolving regulatory
environment. Cybersecurity resilience became more
prominent because organizations accepted fully
blocking cyberattacks is impossible. Healthcare
organizations now relocate their resources to detect
and contain security breaches faster while working on
rebuilding their systems. The evaluation of cyber
resilience frameworks requires organizations to plan
incident responses and develop business continuity
measures as well as conduct post-breach assessments
to achieve ongoing improvement of security
protection.
Advanced security technologies must be adopted due
to sophisticated cyber threats for improved risk
mitigation. Artificial intelligence (AI) and machine
learning (ML) tools are now essential components in
spotting strange activities and foreseeing cybersecurity
threats before major cyber strikes occur. Artificial
Intelligence security solutions examine continuous
massive data flows to detect abnormal system activities
as well as unexpected data movements and destructive
code insertion points. Behavioral analytics technology
built into these systems spot between correct user
action and cyberthreats which lowers false alarms and
speeds up effective responses. Healthcare data security
now uses Blockchain technology to create an
impenetrable ledger which stops unauthorized
modifications and guarantees data trustworthiness.
The decentralized nature of blockchain technology
provides maximized protection of patient records and
ends-to-end secure healthcare entity data transfer.
Zero Trust Architecture (ZTA) represents a major
advancement since it constrains users and devices from
default trust access. ZTA establishes non-stop
authentication combined with tough access restrictions
and network separation into small sections to stop
hackers from moving throughout IT systems remotely.
Social engineering attacks through phishing techniques
represent a significant cybersecurity risk to healthcare
organizations thus organizations need to focus on
human security factor awareness in their risk
management plans. Staff education campaigns along
with periodic phishing tests along with cybersecurity
education initiatives serve as crucial methods for
lowering breaches linked to human mistakes. Security
awareness throughout the organization has become
crucial because healthcare data breaches stemming
from phishing attacks happen in 22% of incidents. The
head of executive team must lead cybersecurity efforts
because they need to choose security costs that match
business goals alongside accepted risk exposures. Lack
of executive backing for cybersecurity programs will
result in their replacement by cost-saving measures
that create security vulnerabilities across the
organization. Organizations benefit from well-
structured cybersecurity governance frameworks
which define risk management responsibilities because
this structure enables transparent enforcement of
security protocols within every organizational level.
Third-party risk management represents a fundamental
factor in healthcare cybersecurity business risk
management since healthcare facilities heavily depend
on vendor-provided cloud storage access and medical
device connections and software tools. Supply chains
contain one weak point that generates multiple
security vulnerabilities since attackers exploit third-
party connections to invade healthcare information
The American Journal of Engineering and Technology
170
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
systems.
The
selection
of
vendors
requires
organizations to perform extensive due diligence
ensuring their vendors fulfill stringent security
guidelines and meet all statutory norms. A
comprehensive monitoring system along with risk
assessments and security clauses within vendor
contracts helps identify and prevent security threats
which come through third-party collaborations.
Figure 02: Escalation of Ransomware Attacks on Healthcare Organizations (2018
–
2023)
Figure Description:
This area chart illustrates the
alarming increase in ransomware attacks targeting
healthcare organizations over a six-year period, from
2018 to 2023. The chart presents data on the number
of reported incidents annually, the total financial losses
incurred (in millions of USD), and the percentage of
attacks that led to operational downtimes. The visual
representation highlights the escalating threat
landscape and underscores the pressing need for
healthcare institutions to bolster their cybersecurity
measures.
Healthcare operators need ongoing improvements in
their business risk management strategies because
cyber dangers constantly change. A periodic review of
cybersecurity frameworks must incorporate new risks
while security strategies need updates through learned
experiences from past security incidents. The exchange
of threat intelligence between healthcare organizations
and government agencies and industry consortia leads
to collective protected defense strategies by tracking
current attack patterns and weaknesses. Security
programs are improved through ethical hacking
alongside penetration testing since they detect
systems' weaknesses before harmful actors can act
upon them. Healthcare providers achieve better cyber
threat resilience alongside sensitive data protection
through proper integration of business risk
management platforms and proactive cybersecurity
strategies.
REGULATORY COMPLIANCE AND DATA PRIVACY
STRATEGIES IN HEALTHCARE CYBERSECURITY
Healthcare institutions continually seeking digital
infrastructure expansion require formal regulations
which support patient data protection and enhance
compliance while fighting cybersecurity threats.
Healthcare organizations function under extensive
regulatory standards that lead to monetary penalties
and increased cyber danger exposure when data
protection laws receive inadequate compliance.
Electronic health information security guidelines are
provided by Health Insurance Portability and
Accountability Act (HIPAA) in the United States while
the General Data Protection Regulation (GDPR) serves
as the framework in European Union territories and
also by National Institute of Standards and Technology
(NIST)
Cybersecurity
Framework.
Healthcare
organizations must implement encryption methods as
well as multi-factor authentication and strict access
control policies and incident response strategies
according to the administrative physical and technical
framework standards. Multiple healthcare facilities
encounter challenges when observing regulatory
requirements because they face financial limitations
alongside operational difficulties and security threats
which move faster than traditional security protocols.
According to Ponemon Institute data healthcare data
breaches primarily stem from regulatory non-
compliance and thus organizations should merge
compliance with their complete cybersecurity
The American Journal of Engineering and Technology
171
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
framework instead of treating it as a separate
commitment.
Healthcare organizations find it difficult to follow
several regulatory requirements because they serve
different jurisdictions with unique data security laws.
HIPAA dictates that health organizations with covered
status as well as business associates must establish
robust security measures for electronic Protected
Health Information (ePHI) following steps that combine
security risk assessments with training programs
alongside requirements for technical safeguards that
feature auditing systems and encryption methods. The
penalties from non-compliance with HIPAA regulations
became large enough to force healthcare institutions to
pay millions of dollars for failing to secure their
protected
health
information
adequately.
Organizations must adhere to GDPR regulations which
apply strict penalties equivalent to 4% of their annual
global revenue when handling data of European Union
citizens. As a direct result of GDPR healthcare providers
must implement transparent data governance systems
because the law requires data minimization and lawful
processing together with explicit patient consent.
Healthcare institutions must develop extensive
compliance strategies because regulatory rules
demand implementing merged legal technical and
administrative
security
protocols
across
their
cybersecurity frameworks.
The fundamental component of health care
cybersecurity
compliance
involves
effective
management of patient data privacy. Patient data
including electronic health records genetic information
together with financial details remains a high-security
risk for cybercriminals because of its sensitive nature.
The protection of data privacy requires implementing
end-to-end encryption which protects information
while it moves across the network and when it remains
inactive. The protection of patient data through
interception and unauthorized access depends on
encryption protocols which include Advanced
Encryption Standard (AES-256) and Secure Sockets
Layer (SSL). Encryption by itself provides insufficient
protection as access control systems must be robust for
security purposes. The combination of Role-based
access control (RBAC) with least privilege principles
grants authorized staff members access to precise
datasets which reduces the threats from both internal
and external unauthorized data interferers. The
security enhancement method of tokenization
substitutes sensitive healthcare information with
meaningless
placeholders
to
maintain
data
confidentiality even if someone intercepts it.
Encryption keys remain essential for decrypting these
non-sensitive values in this approach.
Zero Trust Architecture (ZTA) presents itself as a
principal cybersecurity structure in healthcare to
validate all access demands while monitoring both
internal and external origins. ZTA stands apart from
perimeter-based security since it verifies identities and
device health as well as environmental threat levels
before allowing system access. The security model
fulfills regulatory needs through tough authentication
and authorization methods which minimize privacy
breaches against patient information. The security
measure Multi-factor Authentication (MFA) enhances
protection by enforcing the need for several
verification elements including biometric identification
and time-sensitive passwords and user behavior
analysis. Healthcare institutions achieve regulatory
compliance when security solutions which utilize AI
capabilities automate their threat detection system and
response functionality to detect suspicious activities in
real-time and stop data breaches from growing worse.
Blockchain ethernet serves as an established method
which enables better healthcare cybersecurity through
better data privacy and regulatory compliance.
Blockchain guarantees secure patient medical records
because it spreads data across multiple locations while
delivering transactions that can't be modified and
allows access only to authorized healthcare providers.
Through automated execution of data access policies
through smart contracts healthcare providers maintain
automated compliance enforcement systems which
minimize non-compliance risks. Through blockchain-
based identity management systems patients achieve
ownership of their health data which they can
authorize or prohibit particular healthcare providers
from accessing it. The decentralized method enables
GDPR compliance because it allows patients to
maintain direct control and enhanced visibility of their
personal information. The mass adoption of blockchain
for healthcare cybersecurity needs more progress in
standardization together with existing healthcare
information
technology
systems
because
of
compatibility issues combined with scaling limitations
and regulatory roadblocks.
Healthcare organizations continue facing obstacles
when attempting to meet all the requirements of the
updated cybersecurity mandates even though
regulatory compliance standards have advanced.
Limited financial resources challenge small healthcare
providers to obtain premium security systems that
make them exposed to cyber-attacks. The growing
intricacy
of
cyberattacks
including
dangerous
The American Journal of Engineering and Technology
172
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
ransomware types and supply chain weak points
requires healthcare organizations to regularly update
their compliance approaches for current threats.
Regulatory bodies should employ an active method for
cybersecurity governance that entails frequent
guideline updates to address new threats and
technological developments. Healthcare institutions
need to establish cybersecurity education programs for
workers who must receive instruction about the rules
for protecting data in addition to learning best practices
for safeguarding information. The human element
continues to serve as an important system weakness
that allows attackers through social engineering
techniques to reach restricted data through employee
mistakes. Security training together with phishing tests
and educational initiatives are fundamental for building
both organizational cultural awareness and minimizing
security risks which stem from human conduct
Figure 03: Comparative Analysis of Cybersecurity Readiness in Healthcare Sectors
Figure Description:
This radar chart offers a
comparative analysis of cybersecurity readiness across
various sectors within the healthcare industry,
including large hospitals, mid-sized healthcare facilities,
small clinics, and pharmaceutical companies. The chart
evaluates key dimensions such as compliance
adherence, threat detection capabilities, incident
response efficiency, data encryption practices, and the
extent of staff training programs. The visualization
exposes disparities in preparedness levels, highlighting
areas where certain sectors excel and others require
significant improvements.
Healthcare institutions need to adopt a proactive
stance regarding their compliance and data privacy
management because regulatory standards are
tightening while online threats become more complex.
The successful implementation of compliance requires
organizations to merge it with cybersecurity
capabilities through state-of-the-art platforms while
promoting long-term advancement. Regulatory entities
need to work together with cyber security specialists
and health care institutions to create uniform
compliance frameworks which successfully minimize
cybersecurity threats while remaining operationally
viable. Healthcare institutions can protect patient trust
while keeping digital systems operationally stable
through their unified efforts to link regulatory
requirements with security measures for patient data
privacy. Healthcare cybersecurity will thrive with
comprehensive compliance enforcement through
innovative technology and organizational dedication to
data security protocols which safeguard patient safety
while maintaining core digital healthcare operations.
DISCUSSIONS
The increasing frequency and complexity of IT system
cyberattacks on healthcare sectors creates an
immediate requirement to develop total cybersecurity
approaches merging business risk policies with
regulatory rules and high-tech solutions. This study
confirms that healthcare cybersecurity represents an
essential business risk which requires organizations to
implement active prevention methods. Healthcare
organizations carry on dealing with persistent
The American Journal of Engineering and Technology
173
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
vulnerabilities because they lack proper framework
implementation and have restricted financial resources
while navigating an ever-changing threat environment.
This research analysis delivers a complete investigation
of how medical institutions together with policymakers
and security professionals must protect sensitive
healthcare information by implementing multiple
defense strategies.
Healthcare
IT
systems
experience
numerous
cybersecurity breaches because traditional security
approaches do not properly handle recent cyber
threats which demand new protection strategies.
Ransomware attacks together with data breaches and
phishing campaigns constitute the most common
threats in healthcare which produce extended financial
and reputational damage beyond the instant disruption
of systems. The 2020 ransomware attack against
Universal
Health
Services
caused
long-lasting
operational disruptions while costing the health
provider millions of dollars in recovery expenses. An
example of lasting institutional damage to credibility
and trust as well as patient trust came from the 2018
SingHealth breach when the data of 1.5 million patients
became exposed. Healthcare organizations need to
shift from slow reaction-based security practices to
active risk prevention strategies because recent cases
demonstrate this requirement. Risk assessment models
providing financial descriptions of cybersecurity risks
enable organizations to allocate their cybersecurity
funding to the most essential threats. Healthcare
institutions that fail to properly fund cybersecurity
operations establish weak protection methods which
opens the door for costly breaches they could have
avoided by building adequate security structures.
The study shows that regulatory compliance stands as
the core safety foundation for cybersecurity risk control
but compliance achievement alone does not ensure
total security protection. Healthcare organizations
apply data protection standards from HIPAA and GDPR
but they apply these standards differently among each
institution. Small healthcare facilities encounter major
problems complying with rules because limited
resources alongside complex guidelines create
substantial barriers for them. Compliance efforts need
to
merge
with
complete
cybersecurity
risk
management strategies because Ponemon Institute
discovered non-compliance security regulations as the
reason behind 60% of healthcare data breaches.
Organizations cannot solve modern cyber threats by
treating regulation compliance as a list of tasks. The
cybersecurity framework needs to include security
audits and adaptive incident response protocols with
regular risk assessments in order to embed compliance
effectively. Policymakers need to maintain a
continuous update schedule for regulations because
this accommodates the changing nature of cyber
threats and their corresponding risks. Healthcare IT
policymakers need to build regulatory guidelines
together with cybersecurity experts and healthcare
stakeholders so the introduced guidelines can combine
strength and practicality while smoothly supporting
current IT infrastructure systems.
Current emerging technologies become precursors to
boost cybersecurity resilience across healthcare IT
systems. AI threat detection alongside blockchain
secure data exchange mechanisms together with Zero
Trust
Architecture
(ZTA)
show
encouraging
performance in strengthening security networks. AI
security systems process enormous data streams
instantly to detect abnormalities along with cyber
threats before these threats lead to major attacks.
Healthcare organizations use AI behavioral analytic
tools to detect security threats faster and minimize
incorrect alarms which helps them react more quickly
to security threats. Blockchain technology offers two
security benefits through its unalterable patient
records database alongside decentralized healthcare
information management approach. The built-in
tamperproof blockchain system protects patient
records by ensuring their integrity and allowing medical
staff to validate record authenticity. Access control
policies receive continuous verification of devices and
user identities from ZTA before granting access to
critical healthcare data according to its principle that all
users are untrustworthy without verification. Through
systematic implementations of these technologies
organizations obtain strengthened capabilities to stop
and identify and handle cyber threats. Healthcare
organizations face challenges when implementing
security solutions because they need to overcome high
implementation
expenses
and
interoperability
problems and insufficient skills in new cybersecurity
technologies. The implementation of new healthcare
technologies needs to follow a gradual approach by
adding them step by step to current IT systems which
enables flexible growth while workers learn to adapt.
Social engineering attacks through phishing remain one
of the primary cybersecurity threats because humans
still represent a critical weakness in protecting
information systems. Security technologies have
progressed but healthcare organizations and their staff
remain the central factor enabling the success of
cybersecurity frameworks. According to the Verizon
Data Breach Investigations Report data breaches in
The American Journal of Engineering and Technology
174
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
healthcare organizations originate from phishing
attacks at a rate of 22% which proves the necessity of
comprehensive cybersecurity training for employees.
Healthcare organizations need to maintain perpetual
employee training methods that show people how to
detect phishing activities alongside proper password
security protocols and appropriate responses to
security threats. Healthcare organizations must
establish Cyber hygiene programs which combine
password security training along with access control
methodology education and safe data handling
procedures to defend against employee-caused data
breaches. To achieve long-term security resilience
every employee needs to develop a cybersecurity
awareness culture that understands their responsibility
to guard sensitive data.
Figure 04: Pareto Analysis of Cybersecurity Threats Impacting Healthcare IT Systems
Figure Description:
This Pareto chart categorizes the
most common cybersecurity threats faced by
healthcare IT systems, ranking them based on their
frequency and severity in terms of financial loss and
operational impact. The visualization follows the 80/20
rule, indicating that a small number of cyber threats
account for the majority of security breaches. The
dataset is derived from real cybersecurity incident
reports, ranking ransomware, phishing, and third-party
vendor vulnerabilities as the most damaging threats.
The chart also underscores gaps in risk management, as
some threats continue to persist despite regulatory
measures.
Healthcare cybersecurity risk management requires all
organizations to perform comprehensive third-party
risk assessments. Healthcare institutions which depend
on outside vendors for cloud storage services along
with software products and medical device
implementation
expose
themselves
to
new
cybersecurity threats. The number of supply chain
attacks targeting healthcare IT systems through third-
party network vulnerabilities keeps on rising. The
Target data breach shows how weak third-party
security measures lead to dangerous systems breaches
when cybercriminals succeed in gaining unauthorized
access. Healthcare organizations need to perform
comprehensive vendor evaluation before choosing
third parties by verifying their security meets regulatory
criteria together with organizational cybersecurity
rules. The combination of security audits together with
contractual security terms along with live monitoring of
third-party system access helps maximize security
protection for the hospital's digital infrastructure.
In healthcare IT security programs organizations need
to maintain continuous approach instead of
establishing a single implementation. Modern
organizations need to adjust their procedures
continuously because threats to cybersecurity keep
appearing in the fast-developing threat landscape. Joint
cyber
threat
intelligence
exchanges
between
healthcare organizations and government agencies
with
cybersecurity
firms
produces
collective
cybersecurity protection which helps institutions
anticipate upcoming threats. Organizations gain
important information about system weaknesses
through penetration testing along with ethical hacking
which enables them to solve vulnerabilities ahead of
The American Journal of Engineering and Technology
175
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
potential abuse by attackers. Research on healthcare
cybersecurity should focus on developing quantum-
resistant encryption and privacy technology together
with AI systems that automate security responses to
boost operational defenses.
The study results validate that healthcare cybersecurity
requires strategic attention because it impacts both
patient safety as well as business operation and
compliance requirements. Healthcare organizations
need to establish an active multilayered approach
toward cybersecurity security which integrates modern
safety technology with legal requirements as well as
endless employee training. Executive management
needs to place cybersecurity funding at the top of
organizational priorities to guarantee security projects
receive required financial backing and institutional
backing. The establishment of cybersecurity resilience
through organizational culture allows healthcare
institutions to defend patient data while maintaining
digital healthcare integrity despite rising complexity in
threats.
RESULTS
Analysis reveals that healthcare IT systems face
growing cybersecurity threats whose frequency and
complexity has increased because of their susceptibility
to data breaches as well as ransomware and other
malicious activities. Healthcare organizations continue
to face enduring cybersecurity threats according to
recent data analysis because ransomware attacks
increased by 74% in 2022 thus causing major financial
damage and operational interruptions. Statistical
information gathered from cybersecurity reports
demonstrates that healthcare facilities encounter two
times more cyberattacks compared to all other
business sectors because electronic health records
command elevated prices in the black market. The
average healthcare data breach costs $10.1 million
rendering it more expensive than other industry
breaches which average between $5.6 million and $9.4
million. The research data demonstrates that
healthcare organizations require strong cybersecurity
solutions to address their problems with old
technological infrastructure along with insufficient
security
funding
and
complex
compliance
requirements.
Recent statistical data demonstrates that healthcare
organizations facing data breaches normally operated
without full compliance with HIPAA or GDPR guidelines
which establishes the clear link between non-
compliance and cybersecurity incidents. Institutions
that maintain effective approaches to risk management
alongside organized compliance policies prevent 40%
of cybersecurity incidents from happening to other
institutions that must keep their security policies
disjointed. The combination of financial challenges and
operational issues and complex updated cybersecurity
demands have led numerous healthcare institutions to
fail in meeting regulatory standards. Provider
organizations with established real-time security
analytics and proactive compliance monitoring achieve
superior cyber-threat resilience by detecting incidents
quickly while causing reduced breach frequency.
The
comprehensive
research
on
healthcare
ransomware intrusions reveals extensive damage
against medical care while breaking down institutional
reliability systems. Ransomware incidents negatively
impacted 88% of healthcare facilities which resulted in
operative disruptions that made hospitals perform
emergency procedures on paper while rescheduling
planned
operations
and
medical
treatments.
Healthcare institutions face approximately 20.2 days of
disruption because of ransomware attacks that result in
significant monetary harm and harm to their
reputation. Companies implementing AI threat
detection tools responded to ransomware episodes
much faster at 65% than security processes based on
traditional methods. The success of AI emerges from its
ability to detect both standard and irregular network
activities that block malware from performing its
malicious code.
A healthcare data breach analysis confirms that
phishing attacks start 22% of incidents while they
exploit human errors to obtain unauthorized access to
patient data. Results from IT professional surveys in
healthcare show that systematic cybersecurity training
happens for just 46% of staff members yet numerous
employees remain vulnerable to social engineering
attacks because of this lack of training. The success rate
of phishing attacks decreases by 35% within institutions
which conduct regular phishing simulations alongside
cybersecurity education programs. Organizations gain a
70% decreased vulnerability toward credential theft
when they adopt multi-factor authentication (MFA)
during their login procedures because attackers must
overcome additional authentication steps.
The American Journal of Engineering and Technology
176
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Figure 05: Surface Analysis of Cyberattack Trends in Healthcare Over Time
Figure Description:
This surface chart presents an in-
depth analysis of cyberattack trends in healthcare IT
systems over a six-year period, tracking variations in
attack intensity across different sectors. It displays the
growth rates of cyber threats, breach incidents, and
financial damages, demonstrating how healthcare
institutions have become increasingly vulnerable to
security breaches. The visualization helps identify
patterns in cybersecurity failures, offering insight into
sectors that are most at risk based on real-world
cybersecurity data.
Organizations that implement Zero Trust Architecture
(ZTA) in their healthcare IT sectors achieve promising
protection against unauthorized access incidents.
Security audits reveal institutions implementing ZTA
frameworks encounter half the amount of insider
threats because their strict access restriction systems
prevent unauthorized personnel from reaching patient
data. Security postures receive added protection from
role-based access control combined with the least
privilege principle because these measures permit
workers to access only job-related data. Healthcare
infrastructure
network
segmentation
enables
organizations to decrease lateral movement attacks
which represent 45% of cybersecurity incidents after
initial security layer breaches. Sustained healthcare
data confidentiality depends on instituting up-to-date
cybersecurity protection against attacks that start
inside or outside the organization.
Healthcare organizations use Blockchain technology as
an essential instrument to strengthen data protection
while satisfying regulatory requirements. The
implementation of blockchain in healthcare IT systems
enhances data integrity and transparency by 67%
because records remain impossible to modify without
authorization in its decentralized format. Healthcare
institutions which rely on blockchain for their data
exchange security have documented a 52% decrease in
tampering events thereby proving blockchain's value in
protecting data authenticity. The study reveals that
healthcare organizations have adopted blockchain
technology at a limited rate of 12% despite its
advantages because of compatibility issues and
implementation expenses together with regulatory
uncertainties. Blockchain technologies will increase
their importance in medical data protection as well as
regulatory compliance due to ongoing changes in
cybersecurity threats.
The financial consequences of healthcare cybersecurity
failures can be identified through examination of
breach expenses and regulatory violation penalties
along with potential law-related expenses. Healthcare
organizations that experience severe data breaches
have to pay regulatory penalties surpassing $1.5 million
per incident based on financial disclosures and
insurance reports but also encounter civil lawsuits and
settlement expenses. Healthcare institutions using
cyber insurance policies get back on track financially
during a breach more quickly because insurance
payments help pay for operation costs and legal fees.
Small healthcare organizations face difficulties in
acquiring complete insurance coverage due to the
massive 150% increase in their cyber insurance
premiums over the past three years.
Medical institutions face rising problems due to supply
chain attacks which have grown 36% during the last
year by targeting weaknesses in third-party software
together with cloud services. Healthcare organizations
The American Journal of Engineering and Technology
177
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
reveal through their vendor risk assessments that they
operate without sufficient third-party security
evaluation systems which exposes their data to
external partner-based threats. Security audits
performed independently on third parties alongside
strict contractual clauses reduce supply chain cyber
incidents by 48% which demonstrates the importance
of evaluator processes for vendor selection and security
requirements compliance.
The study results support healthcare organizations in
deploying comprehensive cybersecurity solutions
where regulatory conformity meets advanced threat
discovery with ongoing employee security training
coupled with AI and blockchain technological
advancement. The institutions that take a proactive
approach to cybersecurity implementation avoid
numerous breaches while reducing financial expenses
and strengthening their patients' trust in their
organization. Executive leadership needs to make
cybersecurity a fundamental business operation rather
than an IT ancillary function because security
investments combined with compliance directly
diminish breach occurrences. Healthcare organizations
need to maintain their adaptability because cyber
threats keep developing while using advanced security
technologies to defend patient data and preserve
healthcare service delivery.
LIMITATIONS AND FUTURE RESEARCH DIRECTIONS
This study contains extensive analysis and empirical
results yet several limitations become noticeable. The
study's primary restraint arises from its dependency on
secondary data resources which consist of security
breach documentation and regulatory results along
with business survey results. The derived information
from these sources demonstrates healthcare cyber-
attack statistics but does not represent all intricacies in
hospital organization security management. The
inability to access private cybersecurity information
within healthcare organizations creates barriers to
performing primary data research that could reveal
detailed organizational vulnerability data. The fear of
harming their reputation and being exposed to legal
responsibilities makes healthcare facilities less willing
to release complete breach data so they understate
their cyber event frequency. Such limited visibility of
cybersecurity threats makes it difficult to achieve
complete comprehension regarding their financial
impact and operational challenges alongside regulatory
requirements.
The study encounters a major restriction because cyber
dangers spectate in rapid progression patterns. The
data evaluation in this research considers five years of
cybersecurity incidents yet new security threats
including emerging attack techniques and APTs may
have developed beyond what this study examines.
Despite their relevance to present circumstances this
research will need regular updates to its findings due to
advancing
sophistication
among
cybercriminal
methods. Quantum computing technology represents
an emerging long-term threat to healthcare encryption
methods while future threats using quantum
technologies might bring substantial changes to IT
system security approaches. This research establishes
fundamental
knowledge
about
healthcare
cybersecurity risks but its practical use needs
continuous improvement when modern threats and
security solutions appear.
The evaluation of cybersecurity risk management in
healthcare
faces
difficulties
from
significant
organizational differences in security practices.
Healthcare providers operate at varying levels of IT
development sophistication with funding capabilities
that differ from each other and maintain separate
regulatory
frameworks
resulting
in
particular
cybersecurity vulnerabilities and protection programs
for individual institutions. Healthcare organizations
implement sophisticated cybersecurity platforms with
their substantial budgets but hospitals and clinics often
lack funds to maintain modern systems due to limited
IT personnel and insufficient security spending. The
existence of this gap presents difficulties for creating
uniform cybersecurity solutions since effective
methods implemented in funded institutions are
difficult to implement by less resourced healthcare
providers. Small healthcare entities face substantial
financial challenges when implementing advanced
cybersecurity technologies because it restricts their
capability to effectively combat cyber threats
effectively. Future research should establish affordable
security solutions which adapt to the needs of medical
practices with small to midsize healthcare delivery
capacity to prevent cybersecurity development
primarily benefiting institutions backed by substantial
funding.
The research acknowledges people as an ongoing
difficulty that healthcare organizations face in
protecting their IT infrastructure. Data protection
receives substantial improvements through technical
measures including encryption together with Zero Trust
Architecture (ZTA) and multi-factor authentication
although human mistakes continue to lead security
breaches. Cybersecurity risks show clear signs of
The American Journal of Engineering and Technology
178
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
increasing because of human vulnerabilities which
attack through social engineering techniques and
phishing schemes and data exposure incidents
requiring more solutions beyond technical ones. This
research examines cybersecurity awareness training's
significance but does not perform an extensive
evaluation of healthcare personnel's security protocol
use as well as training's effectiveness against human-
caused security incidents. Research should study the
psycho-behavioral
component
of
cybersecurity
awareness to determine how training interventions can
best reduce human errors and create security-sensitive
organizational cultures within healthcare institutions.
The benefits and limitations of meeting regulatory
requirements exist in parallel for security risk
management in the field of cybersecurity. The security
standards set by HIPAA together with GDPR and NIST
fail to show that following such rules automatically
leads to better cybersecurity resilience according to
research findings. Organizations demonstrate a
compliance-first behavioral pattern because they think
about minimum regulatory compliance instead of
creating robust proactive cybersecurity procedures.
Security regulations compliance does not prevent
breaches because 60% of healthcare organizations
which meet technical requirements still experience
attacks. The research has a restricted scope because it
fails to assess regulatory enforcement techniques and
it does not evaluate beyond direct fines the economic
consequences
of
non-compliance.
Subsequent
investigations should study compliance framework
modifications for security progress encouragement
through dynamic protective infrastructure design
which adapts to new threats.
Existing IT infrastructures in healthcare struggle to
accept new emerging technologies because of their
integration
challenges.
The
widespread
implementation of blockchain technology and AI
security analytics alongside Zero Trust security models
remains hindered by operational compatibility
concerns combined with cost barriers and traditional
system resistance. Healthcare organizations maintain
outdated IT systems that prevent them from
implementing
present-day
security
frameworks
through
time-consuming
system
transitions.
Healthcare institutions struggle to integrate advanced
cybersecurity architectures because they normally
need specialists beyond their existing skills pool. The
current study lacks detailed assessment of the technical
and financial aspects related to combining newly
emerging cybersecurity systems with healthcare
facilities' current technological framework. The
research field requires immediate examination of this
essential gap. Future investigation needs to establish
implementation plans for modern security solutions
through cost-effectiveness studies that show benefits
against challenges and capital investment for
healthcare services aiming to advance their defensive
system architecture.
The study demonstrates limited scope because it
centers only on institutional cybersecurity analysis from
provider institutions based on risk management and
compliance measurements. Research investigating the
participation of patients in cybersecurity still lacks
thorough examination. Patients now function as
significant health data custodians because of increasing
amounts of health information they generate using
wearable technologies and mobile applications and
telemedicine platforms. Excessive security risks from
patient-owned devices along with patient data sharing
behavior and personal cybersecurity practices remain
important because patient data breaches enable
identity theft and fraud and cybercriminal activity. The
development
of
patient-centric
cybersecurity
frameworks remains an essential research topic
because it needs to establish systems that provide
patients with protected digital health services while
keeping their health information under their control.
This study lacks an in-depth analysis of geopolitical and
cross-border cybersecurity challenges which exist in
healthcare environments. Healthcare cybersecurity
risks commonly spread across international borders
when medical research collaborations happen and
global telehealth services and cloud-based health data
storage structures are utilized. Global healthcare
cybersecurity administration experiences barriers from
jurisdictional clashes between data protection rules as
well as diverse enforcement systems and varying
degrees of cybersecurity preparedness between
nations. The research needs to investigate how
worldwide regulatory unification together with
international cybersecurity treaty mechanisms and
global hazard awareness frameworks can improve
global healthcare cyber protection systems.
The research performs extensive examination of
healthcare cybersecurity risk management but
recognizes major limitations which need attention in
subsequent investigations. Research needs to focus on
four critical areas including primary data collection
methods, behavioral cybersecurity investigation
approaches and cost-saving security systems and
patient-oriented security frameworks and international
regulatory coordination. Security strategies must adapt
continuously because changing cyber threats require
The American Journal of Engineering and Technology
179
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
ongoing research to build healthcare organizations'
resilience against advanced digital threats. The
advancement of healthcare IT depends on innovative
cybersecurity solutions and regulatory reforms and
organizational security culture improvements for
effective protection of patient data and healthcare
service integrity worldwide.
CONCLUSION AND RECOMMENDATIONS
The research findings prove that healthcare IT system
cybersecurity represents an essential business danger
which extends past technical considerations into
affecting patient security as well as regulatory
standards and financial operational durability. Rising
complex cyber threats including ransomware attacks
and data breaches demand immediate implementation
of
comprehensive
cybersecurity
solutions
by
healthcare organizations which combine robust risk
management systems with security requirements and
integrated
technological
solutions.
Healthcare
organizations face special risks because their electronic
health records have high value and their modern IT
networks are interconnected and they use many
outdated legacy systems. The essential patient data
protection guidelines found in HIPAA and GDPR and
NIST Cybersecurity Framework prove inadequate for
stopping cyberattacks even though organizations
follow these regulations. The fact that institutions
under regulation experience major security breaches
shows the need to advance security beyond regulatory
compliance because organizations require active
measures for addressing contemporary threats in real
time.
The study demonstrates healthcare cybersecurity
requires business risk management to be its
fundamental core component. Business managers
must treat cybersecurity threats as core business risks
instead of IT department-specific problems because
they demand executive support for security investment
decisions and emergency response plans and employee
education programs. Data breaches create significant
financial losses because each incident in healthcare
costs healthcare institutions more than $10.1 million on
average. Healthcare organizations face prolonged
consequences when their data is breached because
these incidents destroy their reputation alongside legal
penalties while fracturing patient-doctor trust.
Organizations need to evaluate the probability of
cyber-attacks against their operational and financial
issues to allocate their cybersecurity resources
effectively.
This
prevention
strategy
protects
organizations from financial loss. The research reveals
that organizations which establish AI-driven threat
detection systems together with Zero Trust
Architecture and blockchain-based security platforms
reduce their cyber-attacks frequency and speed up
damage control significantly because of their
commitment to emerging security technologies in their
defense strategies.
Employee negligence combined with low IT security
knowledge stands as a significant problem for
healthcare cybersecurity as these factors lead to
frequent security breaches. Human error remains a
leading weakness for cybercriminals since attackers
often exploit it through phishing attacks to access
confidential data. The study demonstrates that
healthcare organizations which conduct continuous
cybersecurity training followed by awareness initiatives
accompanied by phishing simulations achieve
substantial decline in cyberattacks success rates. A
majority of organizations maintain insufficient
cybersecurity training structures that keep their
personnel unable to detect or address security hazards
adequately. Healthcare organizations need to undergo
a fundamental change that makes cybersecurity an
integral part of their regular work patterns while also
educating all staff about their respective patient data
protection responsibilities. Executive leaders need to
prioritize cybersecurity awareness campaigns which
provide continuous training about security protocols
and contemporary risks and regulatory mandates to
every member of staff.
Correct security resilience depends on implementing
state-of-the-art cybersecurity technology systems.
Artificial intelligence security systems demonstrate
their effectiveness by detecting abnormal patterns as
well as recognizing harmful behavior to stop cyber-
attacks live. The encryption techniques within
Blockchain technology form protected patient records
that cannot be modified efficiently thus protecting
against data tampering and fraud. Under Zero Trust
Architecture
organizations
implement
strict
authentication rules to block unauthorized users while
minimizing threats that come from within. These
technological benefits do not secure widespread
adoption since healthcare providers face affordability
issues and integration difficulties alongside resistance
to adopting new systems. Healthcare institutions
maintain their operations with outdated legacy systems
which does not integrate with present-day security
parameters thus allowing ongoing security exposures
to persist. Medical facilities need to dedicate resources
towards IT modernization by getting rid of their
outdated systems and implementing modern security
The American Journal of Engineering and Technology
180
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
measures which match new security threats.
Healthcare providers must receive financial and
regulatory backing from policymakers to acquire
cutting-edge security solutions thus providing every
medical facility with modern protection protocols.
Healthcare organizations need to focus more intensely
on third-party risk management because they heavily
depend on outside vendors to provide cloud storage
and software solutions as well as medical device
integration. Supply chain attacks have grown in number
because cyber attackers find and use weaknesses in
third-party systems to break into healthcare networks.
Organizations that perform detailed vendor risk
assessments and enforce security clauses within
contracts along with periodic security audits on their
third-party relations face less supply chain-based cyber
attacks. Third-party cybersecurity practices need
strengthening to decrease external security threats and
guarantee that every healthcare organization maintains
elevated security requirements throughout the entire
ecosystem. Security requirements for external vendors
need detailed inclusion in contracts because this
establishes specific penalties when these partners fail
to align with the necessary standards.
Current compliance frameworks require evolution
because they need to effectively combat emerging
cybersecurity threats in the industry. The essential data
protection requirements set forth by HIPAA and GDPR
face issues of both enforcement limitations and
regulatory non-compliance because cybercriminal
techniques develop more rapidly than these standards
do. Protecting patient data requires regulatory bodies
to operate with full understanding of cybersecurity
threats through active modifications of their
compliance regulations which they must update for
new threats and technologies as well as best practices.
Various public agencies along with cybersecurity
specialists and healthcare organizations should work
together to build regulated standards that maintain
complete patient information protection and reduce
administrative complexities faced by healthcare
organizations. Future regulatory policies need to use
risk-based security models which match compliance
requirements to individual organizations' risk profiles in
order to maintain cybersecurity measures that match
actual threats they face.
Because of escalating cybersecurity threats this
research advocates an entire healthcare cybersecurity
solution which unitizes regulative frameworks with
modern technological developments and active
security threat management approaches. Healthcare
organizations need to change from their current
passive security positions into systems which use
predictive cybersecurity intelligence to identify threats
in advance and stop them from developing. Healthcare
organizations must spend their resources on
developing three key cybersecurity resilience elements:
incident response plans, threat detection systems and
cybersecurity coverage policies to reduce both financial
losses and operational interruptions because of
cyberattacks. The development of healthcare
cybersecurity can be accelerated through multiple
sectors working together through information-sharing
networks and cybersecurity research ventures that lead
to the transfer of crucial threat data along with
established practices and modern solutions.
The protection of healthcare cybersecurity in the future
will succeed because of united work performed by
healthcare institutions with policymakers and
cybersecurity experts and technology developers.
Patient data security together with business continuity
support and trust in digital healthcare depend on total
security excellence achieved through combined forces
of regulatory systems, strategic funding and continuous
education programs. Healthcare organizations must
evolve their cybersecurity approach to create resilient
cultures which embrace proactive risk management
and continuous technological adaptation because
cyber threats continue to evolve. The healthcare
industry can protect patient data as well as maintain
healthcare
operational
integrity
through
implementation of these recommendations in their
digital ecosystem development.
REFERENCES
Kruse CS, Frederick B, Jacobson T, Monticone DK.
Cybersecurity in healthcare: A systematic review of
modern threats and trends. Technol Health Care.
2017;25(1):1-10.
Williams
PA,
Woodward
AJ.
Cybersecurity
vulnerabilities in medical devices: A complex
environment and multifaceted problem. Med Devices
(Auckl). 2015;8:305-316.
Cimpanu C. Universal Health Services ransomware
attack impacted all 250 US facilities. ZDNet. 2020.
Lee T. SingHealth cyberattack: A 'wake-up call' for
healthcare sector. The Straits Times. 2018.
Verizon. 2022 Data Breach Investigations Report.
Verizon Business. 2022.
Kaspersky. DDoS attacks in Q4 2021. Securelist. 2022.
McLeod A, Dolezel D. Cyber-analytics: Modeling factors
associated with healthcare data breaches. Decis
The American Journal of Engineering and Technology
181
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Support Syst. 2018;108:57-68.
U.S. Department of Health and Human Services. HIPAA
Security Rule. HHS.gov. 2022.
European Union. General Data Protection Regulation
(GDPR). EUR-Lex. 2018.
Ponemon Institute. 2021 Cost of a Data Breach Report.
IBM Security. 2021.
Ponemon Institute. 2022 Cost of a Data Breach Report.
IBM Security. 2022.
National Institute of Standards and Technology (NIST).
Framework for Improving Critical Infrastructure
Cybersecurity. NIST. 2018.
Jalali MS, Razak S, Gordon W, et al. Health care
cybersecurity challenges and solutions under the
climate of COVID-19: Scoping review. J Med Internet
Res. 2021;23(4):e21747 .
Sarker IH, Kayes ASM, Badsha S, et al. Cybersecurity
data science: An overview from machine learning
perspective. J Big Data. 2020;7(1):1-29.
Gartner. Top 10 Strategic Technology Trends for 2023.
Gartner. 2023.
Kuo TT, Kim HE, Ohno-Machado L. Blockchain
distributed ledger technologies for biomedical and
health care applications. J Am Med Inform Assoc.
2017;24(6):1211-1220.
Kindervag J. No More Chewy Centers: Introducing the
Zero Trust Model of Information Security. Forrester
Research. 2010.
World Economic Forum. Cybersecurity in Healthcare:
Managing the Risk. WEF. 2022.
IBM. Cost of a Data Breach Report 2022. IBM Security.
2022.
McLeod A, Dolezel D. Cyber-analytics: Modeling factors
associated with healthcare data breaches. Decis
Support Syst. 2018;108:57-68.
Gartner. Top Security and Risk Management Trends for
2023. Gartner. 2023.
Gartner. Cybersecurity Trends in Healthcare: 2023
Insights. Gartner. 2023.
Alaba FA, Othman M, Hashem IAT, et al. Internet of
Things security: A survey. J Netw Comput Appl.
2017;88:10-28.
ENISA. Threat Landscape for Ransomware Attacks.
European Union Agency for Cybersecurity. 2022.
World Health Organization. Cybersecurity in Health:
Managing the Risk. WHO. 2021.
World Health Organization. Global Strategy on Digital
Health 2020-2025. WHO. 2021.
U.S. Department of Health and Human Services. HIPAA
Security Rule. HHS.gov. 2022.
Kuo TT, Kim HE, Ohno-Machado L. Blockchain
distributed ledger technologies for biomedical and
health care applications. J Am Med Inform Assoc.
2017;24(6):1211-1220.
World Economic Forum. Cybersecurity in Healthcare:
Managing the Risk. WEF. 2022.
Verizon. 2022 Data Breach Investigations Report.
Verizon Business. 2022
Artificial Intelligence and Machine Learning as Business
Tools: A Framework for Diagnosing Value Destruction
Potential - Md Nadil Khan, Tanvirahmedshuvo, Md
Risalat Hossain Ontor, Nahid Khan, Ashequr Rahman -
IJFMR Volume 6, Issue 1, January-February 2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.23680
Enhancing Business Sustainability Through the Internet
of Things - MD Nadil Khan, Zahidur Rahman, Sufi
Sudruddin Chowdhury, Tanvirahmedshuvo, Md Risalat
Hossain Ontor, Md Didear Hossen, Nahid Khan,
Hamdadur Rahman - IJFMR Volume 6, Issue 1, January-
February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.24118
Real-Time Environmental Monitoring Using Low-Cost
Sensors in Smart Cities with IoT - MD Nadil Khan,
Zahidur
Rahman,
Sufi
Sudruddin
Chowdhury,
Tanvirahmedshuvo, Md Risalat Hossain Ontor, Md
Didear Hossen, Nahid Khan, Hamdadur Rahman - IJFMR
Volume
6,
Issue
1,
January-February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.23163
IoT and Data Science Integration for Smart City
Solutions - Mohammad Abu Sufian, Shariful Haque,
Khaled Al-Samad, Omar Faruq, Mir Abrar Hossain,
Tughlok Talukder, Azher Uddin Shayed - AIJMR Volume
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1086
Business Management in an Unstable Economy:
Adaptive Strategies and Leadership - Shariful Haque,
Mohammad Abu Sufian, Khaled Al-Samad, Omar Faruq,
Mir Abrar Hossain, Tughlok Talukder, Azher Uddin
Shayed - AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1084
The Internet of Things (IoT): Applications, Investments,
and Challenges for Enterprises - Md Nadil Khan,
Tanvirahmedshuvo, Md Risalat Hossain Ontor, Nahid
Khan, Ashequr Rahman - IJFMR Volume 6, Issue 1,
January-February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.22699
The American Journal of Engineering and Technology
182
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Real-Time Health Monitoring with IoT - MD Nadil Khan,
Zahidur
Rahman,
Sufi
Sudruddin
Chowdhury,
Tanvirahmedshuvo, Md Risalat Hossain Ontor, Md
Didear Hossen, Nahid Khan, Hamdadur Rahman - IJFMR
Volume
6,
Issue
1,
January-February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.22751
Strategic Adaptation to Environmental Volatility:
Evaluating the Long-Term Outcomes of Business Model
Innovation - MD Nadil Khan, Shariful Haque, Kazi
Sanwarul Azim, Khaled Al-Samad, A H M Jafor, Md. Aziz,
Omar Faruq, Nahid Khan - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1079
Evaluating the Impact of Business Intelligence Tools on
Outcomes and Efficiency Across Business Sectors - MD
Nadil Khan, Shariful Haque, Kazi Sanwarul Azim, Khaled
Al-Samad, A H M Jafor, Md. Aziz, Omar Faruq, Nahid
Khan - AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1080
Analyzing the Impact of Data Analytics on Performance
Metrics in SMEs - MD Nadil Khan, Shariful Haque, Kazi
Sanwarul Azim, Khaled Al-Samad, A H M Jafor, Md. Aziz,
Omar Faruq, Nahid Khan - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1081
The Evolution of Artificial Intelligence and its Impact on
Economic Paradigms in the USA and Globally - MD Nadil
khan, Shariful Haque, Kazi Sanwarul Azim, Khaled Al-
Samad, A H M Jafor, Md. Aziz, Omar Faruq, Nahid Khan
- AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1083
Exploring the Impact of FinTech Innovations on the U.S.
and Global Economies - MD Nadil Khan, Shariful Haque,
Kazi Sanwarul Azim, Khaled Al-Samad, A H M Jafor, Md.
Aziz, Omar Faruq, Nahid Khan - AIJMR Volume 2, Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1082
Business Innovations in Healthcare: Emerging Models
for Sustainable Growth - MD Nadil khan, Zakir Hossain,
Sufi Sudruddin Chowdhury, Md. Sohel Rana, Abrar
Hossain, MD Habibullah Faisal, SK Ayub Al Wahid, MD
Nuruzzaman Pranto - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1093
Impact of IoT on Business Decision-Making: A Predictive
Analytics Approach - Zakir Hossain, Sufi Sudruddin
Chowdhury, Md. Sohel Rana, Abrar Hossain, MD
Habibullah Faisal, SK Ayub Al Wahid, Mohammad
Hasnatul Karim - AIJMR Volume 2, Issue 5, September-
October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1092
Security Challenges and Business Opportunities in the
IoT Ecosystem - Sufi Sudruddin Chowdhury, Zakir
Hossain, Md. Sohel Rana, Abrar Hossain, MD Habibullah
Faisal, SK Ayub Al Wahid, Mohammad Hasnatul Karim -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1089
The Impact of Economic Policy Changes on
International Trade and Relations - Kazi Sanwarul Azim,
A H M Jafor, Mir Abrar Hossain, Azher Uddin Shayed,
Nabila Ahmed Nikita, Obyed Ullah Khan - AIJMR Volume
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1098
Privacy and Security Challenges in IoT Deployments -
Obyed Ullah Khan, Kazi Sanwarul Azim, A H M Jafor,
Azher Uddin Shayed, Mir Abrar Hossain, Nabila Ahmed
Nikita - AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1099
Digital Transformation in Non-Profit Organizations:
Strategies, Challenges, and Successes - Nabila Ahmed
Nikita, Kazi Sanwarul Azim, A H M Jafor, Azher Uddin
Shayed, Mir Abrar Hossain, Obyed Ullah Khan - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1097
AI and Machine Learning in International Diplomacy
and Conflict Resolution - Mir Abrar Hossain, Kazi
Sanwarul Azim, A H M Jafor, Azher Uddin Shayed,
Nabila Ahmed Nikita, Obyed Ullah Khan - AIJMR Volume
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1095
The Evolution of Cloud Computing & 5G Infrastructure
and
its
Economical
Impact
in
the
Global
Telecommunication Industry - A H M Jafor, Kazi
Sanwarul Azim, Mir Abrar Hossain, Azher Uddin Shayed,
Nabila Ahmed Nikita, Obyed Ullah Khan - AIJMR Volume
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1100
Leveraging Blockchain for Transparent and Efficient
Supply Chain Management: Business Implications and
Case Studies - Ankur Sarkar, S A Mohaiminul Islam, A J
M Obaidur Rahman Khan, Tariqul Islam, Rakesh Paul,
Md Shadikul Bari - IJFMR Volume 6, Issue 5, September-
October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28492
AI-driven
Predictive
Analytics
for
Enhancing
Cybersecurity in a Post-pandemic World: a Business
Strategy Approach - S A Mohaiminul Islam, Ankur
Sarkar, A J M Obaidur Rahman Khan, Tariqul Islam,
Rakesh Paul, Md Shadikul Bari - IJFMR Volume 6, Issue
5,
September-October
2024.
The American Journal of Engineering and Technology
183
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
https://doi.org/10.36948/ijfmr.2024.v06i05.28493
The Role of Edge Computing in Driving Real-time
Personalized Marketing: a Data-driven Business
Perspective - Rakesh Paul, S A Mohaiminul Islam, Ankur
Sarkar, A J M Obaidur Rahman Khan, Tariqul Islam, Md
Shadikul Bari - IJFMR Volume 6, Issue 5, September-
October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28494
Circular Economy Models in Renewable Energy:
Technological Innovations and Business Viability - Md
Shadikul Bari, S A Mohaiminul Islam, Ankur Sarkar, A J
M Obaidur Rahman Khan, Tariqul Islam, Rakesh Paul -
IJFMR Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28495
Artificial Intelligence in Fraud Detection and Financial
Risk Mitigation: Future Directions and Business
Applications - Tariqul Islam, S A Mohaiminul Islam,
Ankur Sarkar, A J M Obaidur Rahman Khan, Rakesh
Paul, Md Shadikul Bari - IJFMR Volume 6, Issue 5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28496
The Integration of AI and Machine Learning in Supply
Chain Optimization: Enhancing Efficiency and Reducing
Costs - Syed Kamrul Hasan, MD Ariful Islam, Ayesha
Islam Asha, Shaya afrin Priya, Nishat Margia Islam -
IJFMR Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28075
Cybersecurity in the Age of IoT: Business Strategies for
Managing Emerging Threats - Nishat Margia Islam, Syed
Kamrul Hasan, MD Ariful Islam, Ayesha Islam Asha,
Shaya Afrin Priya - IJFMR Volume 6, Issue 5, September-
October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28076
The Role of Big Data Analytics in Personalized
Marketing: Enhancing Consumer Engagement and
Business Outcomes - Ayesha Islam Asha, Syed Kamrul
Hasan, MD Ariful Islam, Shaya afrin Priya, Nishat Margia
Islam - IJFMR Volume 6, Issue 5, September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28077
Sustainable Innovation in Renewable Energy: Business
Models and Technological Advances - Shaya Afrin Priya,
Syed Kamrul Hasan, Md Ariful Islam, Ayesha Islam Asha,
Nishat Margia Islam - IJFMR Volume 6, Issue 5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28079
The Impact of Quantum Computing on Financial Risk
Management: A Business Perspective - Md Ariful Islam,
Syed Kamrul Hasan, Shaya Afrin Priya, Ayesha Islam
Asha, Nishat Margia Islam - IJFMR Volume 6, Issue 5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28080
AI-driven Predictive Analytics, Healthcare Outcomes,
Cost Reduction, Machine Learning, Patient Monitoring
- Sarowar Hossain, Ahasan Ahmed, Umesh Khadka,
Shifa Sarkar, Nahid Khan - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/
10.62127/aijmr.2024.v02i05.1104
Blockchain in Supply Chain Management: Enhancing
Transparency, Efficiency, and Trust - Nahid Khan,
Sarowar Hossain, Umesh Khadka, Shifa Sarkar - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1105
Cyber-Physical Systems and IoT: Transforming Smart
Cities for Sustainable Development - Umesh Khadka,
Sarowar Hossain, Shifa Sarkar, Nahid Khan - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1106
Quantum Machine Learning for Advanced Data
Processing in Business Analytics: A Path Toward Next-
Generation Solutions - Shifa Sarkar, Umesh Khadka,
Sarowar Hossain, Nahid Khan - AIJMR Volume 2, Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1107
Optimizing Business Operations through Edge
Computing: Advancements in Real-Time Data
Processing for the Big Data Era - Nahid Khan, Sarowar
Hossain, Umesh Khadka, Shifa Sarkar - AIJMR Volume 2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1108
Data Science Techniques for Predictive Analytics in
Financial Services - Shariful Haque, Mohammad Abu
Sufian, Khaled Al-Samad, Omar Faruq, Mir Abrar
Hossain, Tughlok Talukder, Azher Uddin Shayed - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1085
Leveraging IoT for Enhanced Supply Chain Management
in Manufacturing - Khaled AlSamad, Mohammad Abu
Sufian, Shariful Haque, Omar Faruq, Mir Abrar Hossain,
Tughlok Talukder, Azher Uddin Shayed - AIJMR Volume
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1087 33
AI-Driven Strategies for Enhancing Non-Profit
Organizational Impact - Omar Faruq, Shariful Haque,
Mohammad Abu Sufian, Khaled Al-Samad, Mir Abrar
Hossain, Tughlok Talukder, Azher Uddin Shayed - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i0.1088
Sustainable Business Practices for Economic Instability:
A Data-Driven Approach - Azher Uddin Shayed, Kazi
Sanwarul Azim, A H M Jafor, Mir Abrar Hossain, Nabila
The American Journal of Engineering and Technology
184
https://www.theamericanjournals.com/index.php/tajet
The American Journal of Engineering and Technology
Ahmed Nikita, Obyed Ullah Khan - AIJMR Volume 2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1095
Mohammad Majharul Islam, MD Nadil khan, Kirtibhai
Desai, MD Mahbub Rabbani, Saif Ahmad, & Esrat Zahan
Snigdha. (2025). AI-Powered Business Intelligence in IT:
Transforming Data into Strategic Solutions for
Enhanced Decision-Making. The American Journal of
Engineering
and
Technology,
7(02),
59
–
73.
https://doi.org/10.37547/tajet/Volume07Issue02-09.
Saif Ahmad, MD Nadil khan, Kirtibhai Desai,
Mohammad Majharul Islam, MD Mahbub Rabbani, &
Esrat Zahan Snigdha. (2025). Optimizing IT Service
Delivery with AI: Enhancing Efficiency Through
Predictive Analytics and Intelligent Automation. The
American Journal of Engineering and Technology, 7(02),
44
–
58.
https://doi.org/10.37547/tajet/Volume07Issue02-08.
Esrat Zahan Snigdha, MD Nadil khan, Kirtibhai Desai,
Mohammad Majharul Islam, MD Mahbub Rabbani, &
Saif Ahmad. (2025). AI-Driven Customer Insights in IT
Services: A Framework for Personalization and Scalable
Solutions. The American Journal of Engineering and
Technology,
7(03),
35
–
49.
https://doi.org/10.37547/tajet/Volume07Issue03-04.
MD Mahbub Rabbani, MD Nadil khan, Kirtibhai Desai,
Mohammad Majharul Islam, Saif Ahmad, & Esrat Zahan
Snigdha. (2025). Human-AI Collaboration in IT Systems
Design: A Comprehensive Framework for Intelligent Co-
Creation. The American Journal of Engineering and
Technology,
7(03),
50
–
68.
https://doi.org/10.37547/tajet/Volume07Issue03-05.
Kirtibhai Desai, MD Nadil khan, Mohammad Majharul
Islam, MD Mahbub Rabbani, Saif Ahmad, & Esrat Zahan
Snigdha. (2025). Sentiment analysis with ai for it service
enhancement: leveraging user feedback for adaptive it
solutions. The American Journal of Engineering and
Technology,
7(03),
69
–
87.
https://doi.org/10.37547/tajet/Volume07Issue03-06.
