Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities

Dari Alhuwail; Eiman Al-Jafar; Yousef Abdulsalam; Shaikha AlDuaij

doi:10.1055/s-0041-1735527

Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities

Appl Clin Inform. 2021 Aug;12(4):924-932. doi: 10.1055/s-0041-1735527. Epub 2021 Sep 29.

Authors

Dari Alhuwail^{1

2}, Eiman Al-Jafar³, Yousef Abdulsalam⁴, Shaikha AlDuaij¹

Affiliations

¹ Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait.
² Health Informatics Unit, Dasman Diabetes Institute, Kuwait City, Kuwait.
³ Health Informatics and Information Management, Faculty of Allied Health Sciences, Kuwait University, Kuwait City, Kuwait.
⁴ Quantitative Methods and Information Systems, College of Business Administration, Kuwait University, Kuwait City, Kuwait.

Abstract

Objectives: This study investigated information security behaviors of professionals working in the public health sector to guide policymakers toward focusing their investments in infrastructure and training on the most vulnerable segments. We sought to answer the following questions: (1) Are certain professional demographics more vulnerable to cybersecurity threats? (2) Do professionals in different institution types (i.e., hospitals vs. primary care clinics) exhibit different cybersecurity behaviors? (3) Can Internet usage behaviors by professionals be indicative of their cybersecurity awareness and the risk they introduce?

Methods: A cross-sectional, anonymous, paper-based survey was distributed among professionals working in public health care organizations in Kuwait. Data were collected about each professional's role, experience, work environment, cybersecurity practices, and understanding to calculate a cybersecurity score which indicates their level of compliance to good cybersecurity practices. We also asked about respondents' internet usage and used K-means cluster analysis to segment respondents into three groups based on their internet activities at work. Ordinary least squares regression assessed the association between the collected independent variables in question on the overall cybersecurity behavior.

Results: A total of 453/700 (64%) were responded to the survey. The results indicated that professionals with more work experience demonstrated higher compliance with good cybersecurity practices. Interestingly, nurses demonstrate higher cybersecurity aptitude relative to physicians. Professionals that were less inclined to use the internet for personal use during their work demonstrated higher cybersecurity aptitude.

Conclusion: Our findings provide some guidance regarding how to target health care professional training to mitigate cybersecurity risks. There is a need for ensuring that physicians receive adequate cybersecurity training, despite the opportunity costs and other issues competing for their attention. Additionally, classifying professionals based on their internet browsing patterns may identify individuals vulnerable to cybersecurity incidents better than more discrete indicators such as age or gender.

MeSH terms

Computer Security*
Cross-Sectional Studies
Health Personnel
Hospitals
Humans
Public Health*

Grants and funding

Funding None.