Author(s)

Mostafa Rahmany, Arunmozhi Selvi

Department of Data and Cybersecurity, British University College, Ajman, UAE.

Cybersecurity attacks represent a significant threat to healthcare organizations, jeopardizing patient data, clinical operations, and institutional trust. The human element—healthcare workers themselves—continues to be a primary and persistent vulnerability that technological controls alone cannot mitigate. This paper argues that traditional, compliance-oriented security approaches are insufficient to tackle the inherent human factors leveraged by modern cyber attackers. Recognizing that most security incidents stem from human error and social engineering, a new paradigm is needed. This paper presents the C4 Framework, a novel human-centric cybersecurity model tailored to the unique constraints of the healthcare sector. The framework is built on four interdependent pillars: Comprehensive Assessment & Risk Profiling, Customized Education & Training, Cultural Reinforcement & Communication, and Continuous Measurement & Adaptation. By emphasizing a shift in security culture, personalized education, and perpetual evolution, the framework provides a roadmap for transforming an organization’s human element from its greatest vulnerability into a resilient defense asset.

Security Culture, Healthcare, Human Factor, Insider Threat, C4 Framework, Social Engineering, Human-Computer Interaction, Cybersecurity, Socio-Technical Systems, Change Management

Rahmany, M. and Selvi, A. (2025) C4 Framework for Healthcare Cybersecurity Defense: A Human-Centric, Socio-Technical Approach. E-Health Telecommunication Systems and Networks, 14, 31-38. doi: 10.4236/etsn.2025.143004.