Abstract

Cybersecurity is an essential component for preserving the integrity of healthcare systems, particularly in the face of the increasing adoption of interconnected medical devices, which significantly expands cyber risk exposure. A critical issue in this context is the fragmentation of knowledge regarding the security of these devices. The absence of a unified framework hampers the systematic identification of vulnerabilities and the effective implementation of protective measures. This study highlights such fragmentation by requiring the integration of seven ISO standards, nine NIST controls, one HIPAA regulation, one ENISA directive, one GDPR regulation, and one HITRUST framework, along with the review of 47 scientific articles and analysis of 27 documented vulnerabilities (CVEs). The need to consult this broad range of sources reflects both the complexity of the regulatory landscape and the lack of standardization in medical device security. Based on this review, key pillars were defined to support an integral and adaptable security model. This model provides a practical tool to strengthen digital healthcare infrastructures, facilitate continuous audits, and mitigate emerging threats, all while aligning with international standards. Furthermore, it promotes the consolidation of fragmented knowledge, helping to close security gaps and enhance the resilience of healthcare systems in a globalized environment. © 2025 by the authors.