TITLE:
CARE Framework for Healthcare Cybersecurity Defense: A Human-Centric Approach
AUTHORS:
Mostafa Rahmany, Arunmozhi Selvi
KEYWORDS:
Social Engineering, Insider Threat, Healthcare, Human Factor, CARE Framework, Security Culture, Human-Computer Interaction, Cybersecurity, Cybersecurity, Socio-Technical Systems, Change Management
JOURNAL NAME:
E-Health Telecommunication Systems and Networks,
Vol.14 No.2,
June
30,
2025
ABSTRACT: The health sector remains a key target for cyberattacks due to the sensitive information and critical services it manages. Technical safety measures alone are insufficient when the human factor, frequently the weakest link in the security chain, is not addressed. This paper develops a new human-centric conceptual model, the CARE model, which proposes a structured route to creating a robust Cyber Defense Capability within healthcare. CARE is an acronym for Culture, Awareness, Responsibility, and Engagement. The framework posits that a secure organization must be part of a broader culture of safety, where security education is role-based and context-aware. Within this model, Security Awareness underpins a non-negotiable, shared Responsibility for cybersecurity across all roles, which in turn fosters active Engagement. The CARE framework aims to instigate a paradigm shift, anchoring resilient healthcare controls not only in technology, but across the entire socio-technical stack of people, processes, and technology.