Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait.
Health Informatics Unit, Dasman Diabetes Institute, Kuwait City, Kuwait.
Appl Clin Inform. 2021 Aug;12(4):924-932. doi: 10.1055/s-0041-1735527. Epub 2021 Sep 29.
This study investigated information security behaviors of professionals working in the public health sector to guide policymakers toward focusing their investments in infrastructure and training on the most vulnerable segments. We sought to answer the following questions: (1) Are certain professional demographics more vulnerable to cybersecurity threats? (2) Do professionals in different institution types (i.e., hospitals vs. primary care clinics) exhibit different cybersecurity behaviors? (3) Can Internet usage behaviors by professionals be indicative of their cybersecurity awareness and the risk they introduce?
A cross-sectional, anonymous, paper-based survey was distributed among professionals working in public health care organizations in Kuwait. Data were collected about each professional's role, experience, work environment, cybersecurity practices, and understanding to calculate a cybersecurity score which indicates their level of compliance to good cybersecurity practices. We also asked about respondents' internet usage and used K-means cluster analysis to segment respondents into three groups based on their internet activities at work. Ordinary least squares regression assessed the association between the collected independent variables in question on the overall cybersecurity behavior.
A total of 453/700 (64%) were responded to the survey. The results indicated that professionals with more work experience demonstrated higher compliance with good cybersecurity practices. Interestingly, nurses demonstrate higher cybersecurity aptitude relative to physicians. Professionals that were less inclined to use the internet for personal use during their work demonstrated higher cybersecurity aptitude.
Our findings provide some guidance regarding how to target health care professional training to mitigate cybersecurity risks. There is a need for ensuring that physicians receive adequate cybersecurity training, despite the opportunity costs and other issues competing for their attention. Additionally, classifying professionals based on their internet browsing patterns may identify individuals vulnerable to cybersecurity incidents better than more discrete indicators such as age or gender.
本研究调查了公共卫生部门专业人员的信息安全行为,以指导政策制定者将投资集中在基础设施和培训上,以针对最脆弱的群体。我们试图回答以下问题:(1)某些专业人群是否更容易受到网络安全威胁?(2)不同机构类型(即医院与初级保健诊所)的专业人员是否表现出不同的网络安全行为?(3)专业人员的互联网使用行为是否可以表明他们的网络安全意识和引入的风险?
在科威特的公共医疗保健组织中,我们进行了一项横断面、匿名、基于纸质的调查。收集了每位专业人员的角色、经验、工作环境、网络安全实践和理解方面的数据,以计算网络安全得分,该得分表明他们遵守良好网络安全实践的程度。我们还询问了受访者的互联网使用情况,并使用 K 均值聚类分析将受访者根据其在工作中的互联网活动分为三组。普通最小二乘回归评估了所收集的独立变量与总体网络安全行为之间的关联。
共有 453/700(64%)人对调查做出了回应。结果表明,具有更多工作经验的专业人员表现出更高的合规性,以遵守良好的网络安全实践。有趣的是,护士相对于医生表现出更高的网络安全能力。在工作期间不太倾向于将互联网用于个人用途的专业人员表现出更高的网络安全能力。
我们的研究结果为如何针对医疗保健专业人员的培训以减轻网络安全风险提供了一些指导。尽管存在机会成本和其他竞争因素,但有必要确保医生接受足够的网络安全培训。此外,根据互联网浏览模式对专业人员进行分类可能比年龄或性别等更离散的指标更好地识别易受网络安全事件影响的个人。
