TITLE:
C4 Framework for Healthcare Cybersecurity Defense: A Human-Centric, Socio-Technical Approach
AUTHORS:
Mostafa Rahmany, Arunmozhi Selvi
KEYWORDS:
Security Culture, Healthcare, Human Factor, Insider Threat, C4 Framework, Social Engineering, Human-Computer Interaction, Cybersecurity, Socio-Technical Systems, Change Management
JOURNAL NAME:
E-Health Telecommunication Systems and Networks,
Vol.14 No.3,
July
17,
2025
ABSTRACT: Cybersecurity attacks represent a significant threat to healthcare organizations, jeopardizing patient data, clinical operations, and institutional trust. The human element—healthcare workers themselves—continues to be a primary and persistent vulnerability that technological controls alone cannot mitigate. This paper argues that traditional, compliance-oriented security approaches are insufficient to tackle the inherent human factors leveraged by modern cyber attackers. Recognizing that most security incidents stem from human error and social engineering, a new paradigm is needed. This paper presents the C4 Framework, a novel human-centric cybersecurity model tailored to the unique constraints of the healthcare sector. The framework is built on four interdependent pillars: Comprehensive Assessment & Risk Profiling, Customized Education & Training, Cultural Reinforcement & Communication, and Continuous Measurement & Adaptation. By emphasizing a shift in security culture, personalized education, and perpetual evolution, the framework provides a roadmap for transforming an organization’s human element from its greatest vulnerability into a resilient defense asset.