Identifying Contextual Factors That Shape Cybersecurity Risk Perception for Assisted Living and Health Care Technologies and Wearables: Mixed Methods Study.

BACKGROUND

Over the last decade, the health care technology landscape has expanded significantly, introducing new and innovative solutions to address health care needs. The implications of cybersecurity incidents in the health care context extend beyond data breaches to potentially harming individuals' health and safety. Risk perception is influenced by various contextual factors, contributing to cybersecurity concerns that technological safeguards alone cannot address. Thus, it is imperative to study risk perceptions, contextual factors, and technological benefits to guide policy development, risk management, education, and implementation strategies.

OBJECTIVE

This study aims to investigate the differences in cybersecurity risk perception among various stakeholders in the health care sector in Norway and British Columbia (BC), Canada, and identify specific contextual factors that shape these perceptions. We expect to identify differences in risk perceptions for the explored health care technologies.

METHODS

We used a mixed methods approach comprising surveys and semistructured interviews to sample health care-related wearable technology stakeholders, including health care workers, patients (adults and adolescents) and their families, health authorities and hospital staff (biomedical engineers, information technology support, research staff), and device vendors/industry professionals in Norway and BC. Surveys explored information security scenarios based on the Behavioral-Cognitive Internet Security Questionnaire (BCISQ), risk perception, and contextualizing variables. We analyzed both survey data sets to summarize participants' characteristics and responses to questions related to the BCISQ (behavior and attitude) and risk perception. Interviews were analyzed thematically using an inductive-deductive approach to explore risk perception and contextual factors.

RESULTS

Data from 274 survey respondents were available for analysis: 185 from Norway, including 139 (75.1%) females, and 89 from BC, including 57 (64%) females. A total of 45 respondents (31 in Norway and 14 in BC) participated in interviews. The BCISQ showed minor differences between locations; respondents demonstrated generally low-risk behavior and robust information security awareness. However, password simulation demonstrated discrepancies between self-assessed and "real" behavior by sharing or willingness to share passwords. Perceived risk is generally considered low, yet consequences of cybersecurity risks were evaluated as major but unlikely. Risk perception was stronger for assisted living and diabetes technologies than for smartwatches. The most important contextual factors shaping risk perceptions are human factors encompassing knowledge, competence, familiarity, feelings of dread, perceived benefit, and trust, as well as the technological factor of device functionality. Organizational and technological factors had lesser effects.

CONCLUSIONS

We found minimal differences in behavior and risk perception among Norwegian and BC participants. Human factors and device functionality were most influential in shaping cybersecurity risk perceptions. Considering the rising need for assisted living technologies and wearables, insights into risk perceptions can strengthen risk management, awareness, and competence building. Further, it can address potential concerns among stakeholders to enable quicker technology adoption.