Evidence on security-by-design (SbD) implementation in healthcare remains limited despite escalating cyber risk. We audited 156 health systems across 18 countries using harmonized NIST and ISO-aligned assessments. Mean cybersecurity maturity was 2.7/5.0, and only 34.0% had formal SbD programs. SbD adoption was associated with lower critical/high vulnerability density (IRR 0.57, 95% CI 0.48-0.68), lower breach rates (IRR 0.33, 95% CI 0.21-0.51), and faster remediation (18.4 vs 34.7 days; p<0.001). In adjusted models, SbD adoption (beta=0.74), dedicated CISO presence (beta=0.84), and security budget share (beta=0.42) independently predicted higher maturity (all p<0.001). Small organizations had the largest structural deficits in staffing, budget, and breach burden. SbD is underused but strongly associated with better security outcomes, supporting governance mandates plus targeted capacity support for resource-constrained providers. Full Text Available: Security-by-Design Frameworks for Digital Health Through a Cross-Sectional Audit of Cybersecurity Implementation Across 156 Health Systems
Stevenson et al. (Tue,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: