Your hospital needs you: Eliciting positive cybersecurity behaviours from healthcare staff using the AIDE approach

Branley-Bell, Dawn, Coventry, Lynne, Sillence, Elizabeth, Magalini, Sabina, Mari, Pasquale, Magkanaraki, Aimilia and Kalliopi, Anastasopoulou (2020) Your hospital needs you: Eliciting positive cybersecurity behaviours from healthcare staff using the AIDE approach. Annals of Disaster Risk Sciences, 3 (1). pp. 1-16. ISSN 2584-4873

[img]
Preview
Text
Branley-Bell et al_2020.pdf - Published Version
Available under License Creative Commons Attribution 4.0.

Download (392kB) | Preview
[img] Text
Branley-Bell et al_2020_CYSEC_revised_final.pdf - Accepted Version
Restricted to Repository staff only

Download (585kB) | Request a copy
Official URL: https://ojs.vvg.hr/index.php/adrs/article/view/51

Abstract

Staff behaviour plays a key role in the cybersecurity position of an organisation. Despite this, behaviour-change interventions are not commonly applied within the field of cybersecurity. Behaviour change technique could be particularly beneficial given increasing concerns around healthcare cybersecurity risks; particularly following the 2017 WannaCry ransomware attack which had devastating results on healthcare services. Cyber-risk is particularly concerning within healthcare given the criticality of medical systems and the potential impacts of a cyberbreach or attack. In worst case scenarios, cybersecurity incidents could result in patient harm or even fatalities. Whilst there has been concerted investment in improving healthcare’s technological defences against cyberthreat, the same level of investment has not been made in healthcare staff. This has left staff behaviour as a vulnerability which can be exploited by attackers. This paper introduces a structured approach to help organisations work through four key steps that we refer to as the AIDE approach to Assess, Identify, Develop and Evaluate behaviour change techniques to facilitate more secure behaviour. We include a worked example of how we are applying this approach to the development of interventions to mitigate insecure cybersecurity behaviours in a healthcare context.

Item Type: Article
Uncontrolled Keywords: cybersecurity, insecure behaviour, healthcare, security, behaviour change
Subjects: B900 Others in Subjects allied to Medicine
C800 Psychology
Department: Faculties > Health and Life Sciences > Psychology
Related URLs:
Depositing User: John Coen
Date Deposited: 12 Jan 2021 14:39
Last Modified: 13 Jan 2021 15:43
URI: http://nrl.northumbria.ac.uk/id/eprint/45201

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics