Cybersecurity in healthcare: A narrative review of trends, threats and ways forward

•Cybersecurity is a patient trust and safety concern.•Electronic health records, the healthcare infrastructure and individual medical devices are all targets.•Healthcare is vulnerable due to historic lack of investment in cybersecurity, vulnerabilities in existing technology and staff behaviour.•Breaches have resulted in millions of stolen health records and have on occasion brought the infrastructure to a standstill, which could have cost patient lives.•Moving forward, cybersecurity must be an integral part of the patient care pathway. Electronic healthcare technology is prevalent around the world and creates huge potential to improve clinical outcomes and transform care delivery. However, there are increasing concerns relating to the security of healthcare data and devices. Increased connectivity to existing computer networks has exposed medical devices to new cybersecurity vulnerabilities. Healthcare is an attractive target for cybercrime for two fundamental reasons: it is a rich source of valuable data and its defences are weak. Cybersecurity breaches include stealing health information and ransomware attacks on hospitals, and could include attacks on implanted medical devices. Breaches can reduce patient trust, cripple health systems and threaten human life. Ultimately, cybersecurity is critical to patient safety, yet has historically been lax. New legislation and regulations are in place to facilitate change. This requires cybersecurity to become an integral part of patient safety. Changes are required to human behaviour, technology and processes as part of a holistic solution.