Cibersecurity: A healthcare professional's perspective

Authors

  • Cecília Teresa Pinto Instituto Politécnico de Santarém, Escola Superior de Gestão e Tecnologia, Santarém, Portugal https://orcid.org/0009-0003-0686-7203
  • Diogo Bessa Instituto Politécnico de Santarém, Escola Superior de Gestão e Tecnologia, Santarém, Portugal https://orcid.org/0009-0005-8951-5469
  • Sónia Merciano Instituto Politécnico de Santarém, Escola Superior de Gestão e Tecnologia, Santarém, Portugal https://orcid.org/0009-0008-4483-9365
  • Ana Narra Instituto Politécnico de Santarém, Escola Superior de Gestão e Tecnologia, Santarém, Portugal
  • Ana Pereira Instituto Politécnico de Santarém, Escola Superior de Gestão e Tecnologia, Santarém, Portugal https://orcid.org/0009-0000-9502-6534
  • Mario Silva Instituto Politécnico de Santarém, Escola Superior de Saúde, Santarém, Portugal https://orcid.org/0000-0002-2434-4356
  • Filipe Madeira Instituto Politécnico de Santarém, Escola Superior de Gestão e Tecnologia, Santarém, Portugal; CIAC, Pólo de Literacia Digital e Inclusão Social, Universidade do Algarve, Faro, Portugal https://orcid.org/0000-0002-2227-7006

DOI:

https://doi.org/10.25746/ruiips.v11.i1.27712

Keywords:

Cibersecurity, professional's healthcare, cyber attack, empowerment

Abstract

The present study aimed is to understand the training of health professionals in relation to cybersecurity and cyberattack prevention in the institutions where they work. The study consists of applying a previously validated and published Likert-type response scale to assess attitudes towards cybersecurity in a business environment (ATC-IB), with the purpose of obtaining data on several indicators such as cybersecurity and risk management of cyberattacks from the perspective of health professionals. This is an observational, quantitative, cross-sectional, and descriptive study on attitudes towards cybersecurity in their workplaces. A database was created in Microsoft Office Excel ® program and for descriptive and exploratory statistical analysis of the data, the R programming language and the EZR plug-in were used. In the sample under study 82 health professionals were included and 8 were excluded for a statistical question. Respondents by gender: 76% women and 24% men. Divided into 4 professional groups: nurses; physicians; senior technicians of diagnosis and therapy (TSDT); and managers.  The average age is 38.12 years with a standard deviation of 12.38. The area covered is mostly located in the Lisbon and Tagus Valley region, with 94.4% of respondents; the Northern region with 4.4%, and the Alentejo region with 1.1% of respondents. 72% work in the public sector; 25% in the private sector; and 3% in the social sector. Academic degree and academic qualifications are distributed as follows: 2% have a PhD; 32% have a Master's degree; 60% have a degree. We conclude that there are some differences in terms of knowledge of cybersecurity, namely in the 18-30 age group and the remaining age groups, as well as between genders in the same item (not knowing who to turn to if there is a cyberattack). This difficulty is more evident in age groups over 31 and in the female gender. Also between genders, there is a statistically significant difference in the item (gaining from the financial point of view with cyberattacks), concluding that the female gender has the perception that money is not the only motivating factor of cyberattacks. Between professional classes, differences were found between nurses and SDWTs for one item: nurses give more importance to governmental newsletters regarding cybercrime than SDWTs; and one item between nurses and managers: managers have more knowledge about who is responsible for protecting the health institution from cyber threats than nurses. Overall the ATC-IB scale in the three variables (gender, age groups and professional classes) no major differences were found, in general there is training of health professionals in relation to cybersecurity and prevention of cyberattacks in the context of work environment.

References

APA (2020). The Publication Manual of the American Psychological Association, Seventh Edition is the official source for APA Style. https://www.apastyle.org/

Baashar, Y., Hitham Alhussian, H., Patel, A., Alkawsi, G., Alzahrani, A. I., Alfarraj, O., & Hayder, G. (2020). Customer relationship management systems (CRMS) in the healthcare environment: A systematic literature review. PubMed. Retrieved Junho 22, 2022, from https://pubmed.ncbi.nlm.nih.gov/34170994/

Baptista, I. M. A. (2019). Dissertação · Mestrado Bolonha em Segurança de Informação e Direito no Ciberespaço. Dissertação · Mestrado Bolonha em Segurança de Informação e Direito no Ciberespaço. Retrieved Junho 27, 2022, from https://fenix.tecnico.ulisboa.pt/cursos/msidc/dissertacao/1409728525632070

Bradley, D. C., Maria, A. R., Cabello, I. R., Villanueva, G., Fønhus, M. S., Glenton, C., Glenton, C., Lewin, S., Henschke, N., Buckley, B. S., Melhl, G. L., Tamrat, T., & Shepperd, S. (2020). Mobile technologies to support healthcare provider to healthcare provider communication and management of care. PubMed. Retrieved Junho 20, 2022, from https://pubmed.ncbi.nlm.nih.gov/32813281/

Carmo, H., & Ferreira, M. M. (1998). Metodologia da Investigação: guia para auto-aprendizagem. Universidade Aberta.

CNCS: Centro Nacional de Cibersegurança Português. (2022). Relatório Riscos e Conflitos em Cibersegurança. Centro Nacional de Cibersegurança. Retrieved Junho 15, 2022, from https://www.cncs.gov.pt/docs/relatorio-riscosconflitos2022-obciber-cncs15m.pdf

CNCS: Centro Nacional de Cibersegurança Portugal. (2020). CIBERSEGURANÇA EM PORTUGAL. Centro Nacional de Cibersegurança. Retrieved Junho 30, 2022, from https://www.cncs.gov.pt/docs/relatorio-sociedade2020-observatoriociberseguranca-cncs-1.pdf

Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Martin Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: a systematic review of data availability. PubMed. Retrieved Junho 21, 2022, from https://pubmed.ncbi.nlm.nih.gov/35194352/

Diário da República, 1.ª série. (2019). Lei n.º 58/2019 Regulamento Geral sobre a Proteção de Dados – DGERT. DGERT. Nº151 pág. 3. Retrieved Junho 21, 2022, from https://www.dgert.gov.pt/regulamento-geral-sobre-a-protecao-de-dados

Gonçalves, R. S. (2019). Repositório da Universidade de Lisboa: O fator humano da cibersegurança nas organizações. UTL Repository. Retrieved Junho 30, 2022, from https://www.repository.utl.pt/handle/10400.5/19248

Gunasekeran, D. V., Tseng, R. M. W. W. T., Tham, Y.-C. T., & Wong, T. Y. W. (2021). Applications of digital health for public health responses to COVID-19: a systematic scoping review of artificial intelligence, telehealth and related technologies. PubMed. Retrieved Junho 23, 2022, from https://pubmed.ncbi.nlm.nih.gov/33637833/ Hadlington L. Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon [Internet]. 2017;3(7):e00346. Available from: http://dx.doi.org/10.1016/j.heliyon.2017.e00346

Hadlington L., (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon. 2017;3(7):e00346. http://dx.doi.org/10.1016/j.heliyon.2017.e00346

Hellemann, N. (2021). SoSafe Cyber Security Awareness. An Analysis of the European Cyberthreat Landscape. Retrieved Junho 30, 2022, from https://lp.sosafe.de/hubfs/SoSafe%20%20Human%20Risk%20Review%202021%20%20EN.pdf?__hstc=106398849.e258a00999b2355d7856ff3839bf88d0.1656070830516.165607083

INE: Instituto Nacional de Estatística (2021). Censos 2021 - Dados de saúde. Disponível em https://www.ine.pt/xportal/xmain?xpgid=ine_tema&xpid=INE&tema_cod=1117

Kanda, Y., (2013). “Investigation of the freely available easy.to.use software EZR for medical Statistics.” Bone Marrow Transplantation. https://www.nature.com/articles/bmt2012244.pdf.

King, Z. M., Henshel, D. S., Flora, L., Cains, M. G., Hoffman, B., & Sample, C. (2018). Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment. NCBI. Retrieved Junho 21, 2022, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5807417/

Ministério da Saúde - Serviço Nacional Saúde. (2019). Guia de Boas Práticas e Regras para sítios web SNS/MS CIBERSEGURANÇA. SPMS. Retrieved Junho 25, 2022, from https://www.spms.min-saude.pt/wp-content/uploads/2019/11/Guia-de-Boas-Pra%CC%81ticas-e-Regras-para-sites.pdf

Moore, E. C., Tolley, C. L., Bates, D. W., & Slight, S. P. (2020). A systematic review of the impact of health information technology on nurses' time. PubMed. Retrieved Junho 23, 2022, from https://pubmed.ncbi.nlm.nih.gov/32159770/

Moustafa, A. A., Bello, A., & Maurushat, A. (2021, Junho 18). The Role of User Behaviour in Improving Cyber Security Management. PubMed. Retrieved June 20, 2022, from https://pubmed.ncbi.nlm.nih.gov/34220596/

Nifakos, S., Chandramouli, K., Nikolaou, C. K., Papachristou, P., Koch, S., Panaousis, E., & Bonacina, S. (2021). Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. PubMed. Retrieved Junho 18, 2022, from https://pubmed.ncbi.nlm.nih.gov/34372354/

Nunes, P., Antunes, M., & Sila, C. (2021). Evaluating cybersecurity attitudes and behaviors in Portuguese healthcare institutions. PDF. Retrieved Junho 21, 2022, from https://iconline.ipleiria.pt/handle/10400.8/6096

Pinto, M., (2018). Empowerment: entenda o que é e como aplicar! Guia do empreenderdor. Disponível em https://www.guiaempreendedor.com/guia/empowerment-entenda-o-que-e-e-como-aplicar

Proofpoint Report. (2019). Human Factor Report. gtd-pfpt-us-r-human-factor-2019_0.pdf. Retrieved Junho 21, 2022, from https://www.proofpoint.com/sites/default/files/gtd-pfpt-us-r-human-factor-2019_0.pdf

R Core Team, (2022). R: A languase and environment for statiscal computing. R Foundation for Statiscal Computing, Vienna, Austria. URL https://www.R-project.org/.

World Health Organization. (2006). What is the evidence on effectiveness of empowerment to improve health? WHO/Europe. Retrieved Julho 2, 2022, from https://www.euro.who.int/__data/assets/pdf_file/0010/74656/E88086.pdf

Downloads

Published

2023-07-18

How to Cite

Pinto, C. T., Bessa, D. ., Merciano, S., Narra, A., Pereira, A., Silva, M., & Madeira, F. (2023). Cibersecurity: A healthcare professional’s perspective. Revista Da UI_IPSantarém, 11(1), e27712. https://doi.org/10.25746/ruiips.v11.i1.27712

Issue

Vol. 11 No. 1 (2023): Jan-Dec 2023

Section

Papers

License

Copyright (c) 2023 Cecília Teresa Pinto, Diogo Bessa, Sónia Merciano, Ana Narra, Ana Pereira, Mario Silva, Filipe Madeira

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors publishing in this journal agree to the following terms:

Authors retain copyright and grant the journal the right of first publication, with the article simultaneously licensed under the Creative Commons Attribution License that allows sharing of the work with acknowledgement of authorship and initial publication in this journal.
Authors are permitted to enter into additional contracts separately for non-exclusive distribution of the version of the article published in this journal (e.g., publish in an institutional repository or as a book chapter), with acknowledgment of authorship and initial publication in this journal.
Authors have permission and are encouraged to publish and distribute their work online (e.g., in institutional repositories or on their personal webpage) at any point before or during the editorial process, as this may generate productive changes, as well as increase the impact and citation of the published work.

Most read articles by the same author(s)

1 2 > >>