Analysing Cybersecurity Risk Assessment Model for Healthcare Systems in Saudi Arabia

Abstract

This study analyses the Saudi Arabian's cybersecurity issues in healthcare systems and assesses the usefulness of international risk assessment models in some frameworks such as ISO/IEC 27001 and NIST. It identifies major threats like ransomware, phishing, data breaches, and insider risks based on survey responses from medical professionals like medical staff, cybersecurity specialists and administrative managers. Variety of medical institutions members with difference in beds capability, number of branches and financial situation that guarantees the national-wide needs study. Findings point to critical weaknesses in the current models, especially their incompatibility with local regulations and organisational cultures and special needs. Consequently, the study emphasises the necessity of a tailored cybersecurity risk assessment model that is particular to the Saudi healthcare environment. The research highlights key elements and offers suggestions to improve cybersecurity resilience in accordance with national policies and Vision 2030 objectives, even though it does not fully implement a model.