SoK: Cybersecurity Regulations, Standards and Guidelines for the Healthcare Sector

The growing adoption of IT solutions in the healthcare sector is accompanied by a steady increase in cybersecurity incidents. In response to this phenomenon regulations, standards, and best practices have been introduced to address cybersecurity and data protection issues in this sector. However, applying this large corpus of documents poses several operational hurdles, while operators continue to lag behind the growing number of cyber attacks. This paper contributes a Systematization of Knowledge (SoK) of the main cybersecurity documents relevant to the healthcare sector. We collected and analyzed 49 relevant documents and used the NIST Cybersecurity Framework as a taxonomical instrument to categorize key information extracted through a three-step analysis. We provide and quantify seven findings emerging from this analysis and propose a way to exploit the extracted measures to support cybersecurity assessments.