Journal of Engineering Research and Reports

This study develops and validates a comprehensive framework for modeling and measuring the cyber resilience of healthcare cyber-physical systems (CPS) against ransomware attacks, adopting a Cyber-Physical Systems Risk Perspective. Utilizing a mixed-methods approach, the research integrates a systematic literature review, meta-analysis, simulation modeling, and statistical analysis to fulfill five core objectives: analyzing ransomware vectors, evaluating existing resilience frameworks, constructing a multi-dimensional resilience model, designing quantitative metrics, and validating real-world applicability. Empirical findings show ransomware exploits phishing (43%), IoMT vulnerabilities (28%), and third-party breaches (19%), with Internet of Medical Things (IoMT) devices posing the highest cyber-physical risk (mean R_cps = 8.5). The proposed Healthcare CPS Resilience Index (HCRI) yielded a mean score of 5.4, reflecting moderate resilience across healthcare organizations. Key influencing factors include staff preparedness, backup efficacy, and network segmentation. Statistical analyses revealed a strong negative correlation between organizational preparedness and recovery time (r = −0.72, p < .01), highlighting the importance of training and response planning. The framework was validated through historical alignment with the WannaCry ransomware case, achieving a close match in disruption and recovery metrics (MAE = 0.4). This validation underscores the framework’s empirical credibility and real-world applicability. By introducing standardized metrics—HCRI and R_cps—this study contributes practical tools for healthcare systems to benchmark, monitor, and enhance their cyber resilience. The findings offer both scholarly insights and actionable guidance for policymakers, healthcare administrators, and cybersecurity professionals seeking to safeguard critical infrastructure and ensure patient safety in an increasingly hostile cyber threat landscape.