Cyber-risk in Healthcare: Exploring Facilitators and Barriers to Secure Behaviour

Coventry, Lynne, Branley-Bell, Dawn, Sillence, Elizabeth, Magalini, Sabina, Mari, Pasquale, Magkanaraki, Aimilia and Kalliopi, Anastasopoulou (2020) Cyber-risk in Healthcare: Exploring Facilitators and Barriers to Secure Behaviour. In: HCI International 2020, 9-24 July 2020, Bella Center, Copenhagen, Denmark. (In Press)

[img] Text
Cyber risk in Healthcare Exploring Facilitators and Barriers to Secure Behaviour.pdf - Accepted Version
Restricted to Repository staff only until 19 July 2020.

Download (299kB) | Request a copy

Abstract

There are increasing concerns relating to cybersecurity of healthcare data and medical devices. Cybersecurity in this sector is particularly important given the criticality of healthcare systems, the impacts of a breach or cyberattack (including in the worst instance, potential physical harm to patients) and the value of healthcare data to criminals. Technology design is important for cybersecurity, but it is also necessary to understand the insecure behaviours prevalent within healthcare. It is vital to identify the drivers behind these behaviours, i.e., why staff may engage in insecure behaviour including their goals and motivations and/or perceived barriers preventing secure behaviour. To achieve this, in-depth interviews with 50 staff were conducted at three healthcare sites, across three countries (Ireland, Italy and Greece). A range of seven insecure behaviours were reported: Poor computer and user account security; Unsafe e-mail use; Use of USBs and personal devices; Remote access and home working; Lack of encryption, backups and updates; Use of connected medical devices; and poor physical security. Thematic analysis revealed four key facilitators of insecure behaviour: Lack of awareness and experience, Shadow working processes, Behaviour prioritisation and Environmental appropriateness. The findings suggest three key barriers to security: i) Security perceived as a barrier to productivity and/or patient care; ii) Poor awareness of consequences of behaviour; and iii) a lack of policies and reinforcement of secure behaviour. Implications for future research are presented.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Cybersecurity, health, healthcare, cyberthreat, Behaviour Change
Subjects: B900 Others in Subjects allied to Medicine
C800 Psychology
G500 Information Systems
Department: Faculties > Health and Life Sciences > Psychology
Related URLs:
Depositing User: John Coen
Date Deposited: 29 Apr 2020 10:43
Last Modified: 29 Apr 2020 10:45
URI: http://nrl.northumbria.ac.uk/id/eprint/42959

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics