Cakmak, CumaCakmak, Mehmet AzizBicer, IsmailCelik, Tarik Ziyad2025-11-152025-11-1520241368-21561741-5144https://doi.org/10.1504/IJHTM.2024.149026https://hdl.handle.net/20.500.12514/9903Hospitals' webpages contain important information that can be used for social engineering. Social engineering can be used to access important information about hospitalised patients. The paper emphasises that defence strategies against cyber-attacks are vital due to the sensitive nature of the healthcare industry. In particular, sensitive information such as hospital records, medical data, and personal health data can be attractive targets. At this point, how strategic cyber-attack management can be applied in the health sector is discussed with a scenario. This study is designed to reveal whether healthcare organisations can protect patient data and privacy. The focus of this study is to evaluate hospitals objectively using the methods used in the study and to bring an innovative evaluation method to the literature. Identifying cyber-attack scenarios and planning strategic defences against them can provide an effective and coordinated response in times of crisis.en10.1504/IJHTM.2024.149026info:eu-repo/semantics/closedAccessStrategyCybersecurityCybersecurity ManagementScenario PlanningHealth SectorArticle2-s2.0-105018806631