FROM : Creating a Data Architecture for Cybersecurity in Healthcare Systems

Dear Editor and reviewers:

Thank you very much for your suggestions and comments that helped improve the quality
of our paper. We have read the suggestions and comments carefully and revised the paper. We
have also added new references and more information in the paper. The editor’s suggestions
and reviewers’ comments are kept in black in this file. Our responses/answers are marked in
green.
Under your suggestions and comments, we have answered your questions and provided the
page numbers or sections where we have made revisions so that you can locate our revisions
easily. Please check our revised paper and the revised information (marked in red in the revised
paper). The following are our responses to your suggestions and comments:

Responses to Reviewer 1

Title Suitability: The title is mostly suitable. A clearer option could be: “Data Architecture
for Cybersecurity in Healthcare Systems.”

Yes, we have changed the title to “Data Architecture for Cybersecurity in Healthcare Systems”.

Abstract Feedback: The abstract is good but a bit repetitive. It should briefly mention the case study and remove repeated points about encryption.

Yes, we have briefly mentioned the case study and removed repeated points about encryption. Please see page 1 in the revised paper.

References: The references are recent and enough. Adding one or two more about IoT or blockchain in healthcare could make it stronger.

Yes, we have added IoT and blockchain in healthcare. Please see pages 6 and 11 in the revised paper.

Language/English Quality: The English is mostly clear but could be improved by removing long and repetitive sentences to make it easier to read.

Yes, we have made modifications and improved the English in the paper. Please see some information (marked in red) in the revised paper.

Responses to Reviewer 2

General Comments

However, the paper would benefit from minor improvements in language clarity, figure presentation, and connection to regulatory standards. These revisions will enhance the manuscript’s readability and rigor without requiring major restructuring.

Yes, we have made modifications and improved the quality of the paper. Please see the marked information (in red) in the revised paper.

Major Comments

Clarity and Consistency of Terminology

The manuscript uses terms inconsistently or with awkward phrasing in some cases. For example:

   • In the abstract:

  “Encryption facilitates a vigorous safeguard against malicious actors...” This phrasing is awkward. A clearer alternative could be:

   “Encryption provides a robust safeguard against unauthorized access to sensitive data.”

Yes, we have made modifications. Please see page 1 in the revised paper.

• Repeated statements such as:

“Encryption is used for data at rest and data in motion” appear in multiple sections with no added nuance. Consider consolidating and expanding with specific examples (e.g., TLS for data in motion, AES-256 for data at rest).

Yes, we have made modifications. Please see page 2 and page 9 in the revised paper.

Figure and Data Flow Diagram Presentation

Figure 1 lacks a professional layout and sufficient explanation. It is important to:
• Label each layer clearly within the figure.
• Include a caption that explains the role of each layer.
• Reference and explain the figure in the body text (Section 4) with more detail. For example: “The data processing layer handles data aggregation, sorting, and transformation to prepare inputs for analytics...”

Yes, we have highlighted the layers. Please see page 7 in the revised paper. Figure 1 was completed by us based on our knowledge. There is no reference for the figure.

Regulatory and Security Frameworks

Given the strong focus on healthcare, regulatory standards like HIPAA, HITECH, or NIST should be mentioned. For instance, Section 3 mentions:

“Every medical center has a security architecture with critical pieces of networking such as access controls, disaster recovery plans...”

This could be strengthened by adding:

“These security measures align with requirements set forth by HIPAA and NIST CSF to ensure confidentiality, integrity, and availability of protected health information (PHI).”

Yes, we have added the important information you suggested. Please see page 5 in the revised paper. Thank you.

Minor Comments

• Language polishing: Terms like “insightful heats” are unclear and may be the result of translation or typographical errors. A professional proofread is recommended.

Yes, we have modified it. Please see page 8 in the revised paper.

• Conclusion: Currently restates earlier sections. Consider summarizing the novel contributions and offering suggestions for future research, such as real-time adaptive threat models or integration with FHIR standards.

Yes, we have added the important information you suggested. Please see page 9 in the revised paper. Thank you.

• Citations: Some sources (e.g., Cousin, 2014) are industry blog-style content. Where possible, cite peer-reviewed literature or official guidelines.

Yes, it is true that (Cousin, 2014) is industry blog-style content. We have added peer-reviewed literature (Alhamdani, 2020), besides (Cousin, 2014). Please see page 4 in the revised paper.