Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities

Alhuwail, Dari; Al-Jafar, Eiman; Abdulsalam, Yousef; AlDuaij, Shaikha

doi:10.1055/s-0041-1735527

Cited by 8 publications

(4 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some universities already offer comprehensive ISA training programs, but they lack a strategy for persuading students to participate in these programs [16]. ISA training is such an important factor that even public institutions have to plan by job category in order to determine existing awareness gaps and risk levels in each job category [17]. In each institution, whether private or public, the success of the ISA-related training framework will depend on how much the actual program is tailored to the individual employee's or user's needs and perceptions.…”

Section: Related Workmentioning

confidence: 99%

Work Experience as a Factor in Cyber-Security Risk Awareness: A Survey Study with University Students

Pósa

Großklags

2022

JCP

View full text Add to dashboard Cite

The emergence of the COVID-19 pandemic in early 2020 has transformed how individuals work and learn and how they can apply cyber-security requirements in their, mostly remote, environments. This transformation also affected the university student population; some needed to adjust to new remote work settings, and all needed to adjust to the new remote study environment. In this online research study, we surveyed a large number of university students (n = 798) to understand their expectations in terms of support and help for this new remote work and study environment. We also asked students to report on their practices regarding remote location and Wi-Fi security settings, smart home device usage, BYOD (bring your own device) and personal device usage and social engineering threats, which can all lead to compromised security. A key aspect of our work is a comparison between the practices of students having work experience with the practices of students having no such additional experience. We identified that both the expectations and the level of cyber-security awareness differ significantly between the two student populations and that cyber-security awareness is increased by work experience. Work experience students are more aware of the cyber-security risks associated with a remote environment, and a higher portion of them know the dedicated employee whom they can contact in the event of incidents. We present the organizational security practices through the lens of employees with initial work experience, contributing to a topic that has so far received only limited attention from researchers. We provide recommendations for remote study settings and also for remote work environments, especially where the existing research literature survey results differ from the findings of our survey.

show abstract

Section: Related Workmentioning

confidence: 99%

Work Experience as a Factor in Cyber-Security Risk Awareness: A Survey Study with University Students

Pósa

Großklags

2022

JCP

View full text Add to dashboard Cite

show abstract

“…Information and Data Security in healthcare is paramount due to the sensitive nature of the data involved and the potential consequences of breaches (Alhuwail et al, 2021). The integrity of computer systems is the primary concern, as the effort is concentrated on maintaining the confidentiality and integrity of the data needed to assess, track, and treat patients.…”

Section: Background and Methodologymentioning

confidence: 99%

“…While it is essential for IT and security staff to be aware of how to defend the organization from cyber threats, it is also essential that the entire staff, regardless of duty or function, receive security awareness training. Healthcare organizations can facilitate this to improve end user recognition and adoption of concepts from relevant training programs (Alhuwail et al, 2021;Polis, 2023). Alhuwail et al (2021) recommends "targeted bottom-up approach via personalized outreach, in-person contacts, and frequent announcements throughout the workflow" (Alhuwail et al, 2021).…”

Section: Mitigation and Prevention Strategiesmentioning

confidence: 99%

“…Healthcare organizations can facilitate this to improve end user recognition and adoption of concepts from relevant training programs (Alhuwail et al, 2021;Polis, 2023). Alhuwail et al (2021) recommends "targeted bottom-up approach via personalized outreach, in-person contacts, and frequent announcements throughout the workflow" (Alhuwail et al, 2021). In conjunction with proper training, devices in the healthcare infrastructure's network should be assessed, updated and/or configured properly prior to being introduced to the overall network, especially over time with regards to software life cycles (Otieno et al, 2023;Phiri, 2023;Harkat et al, 2024;Dadkhah et al, 2024).…”

Section: Mitigation and Prevention Strategiesmentioning

confidence: 99%

See 1 more Smart Citation

Botnets in Healthcare: Threats, Vulnerabilities, and Mitigation Strategies

Barnett,

Womack,

Brito

et al. 2024

eccws

View full text Add to dashboard Cite

The increasing digitization of healthcare systems has introduced new opportunities to improve efficiency and accessibility for medical professionals and patients. Examples include the simplified collection, storage, and organization of patient data using electronic health records (EHRs), the use of teleconferencing software like Zoom to allow patients to meet with their care providers remotely, and medical IoT devices like glucose monitors, pacemakers, and other remote patient monitoring devices that leverage software and the internet to provide patients and their healthcare providers with critical information. All of these use cases are examples of how technology can increase the quality of patient care. While the healthcare industry has realized many benefits from its increased investment in new technology, trends have shown that this increased utilization has also opened avenues for malicious cyber actors. One of these threats is botnets. These malicious networks of compromised computers, controlled by cybercriminals, can wreak havoc on all sectors of society, with the healthcare industry proving to be a desirable target. This research is a high-level analysis that investigates the threat botnets pose by employing an exploratory review. We identify the multifaceted nature of botnet threats in healthcare, analyzing their standard forms and the vulnerabilities inherent in healthcare infrastructures, ranging from outdated software to inadequate cybersecurity protocols to poor or total lack of security awareness training for staff. Moreover, the various techniques botnets use to propagate are explored to elucidate the potential points of exploitation and the damage they can cause organizations when proper controls are not implemented. These negative consequences include data breaches, service disruptions, and compromised patient confidentiality, which can endanger medical staff and patients if not addressed. This paper then discusses proven mitigation strategies such as end-user awareness, traffic monitoring, and detection response tools that organizations can employ to reduce the potential and efficacy of such threats. The threat landscape will continue to evolve; however, by staying on top of the latest trends, we can ensure the security of such critical infrastructure and save lives.

show abstract

Expert Perspectives on Information Security Awareness Programs in Medical Care Institutions in Germany

Tolsdorf,

Lo Iacono

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities

Cited by 8 publications

References 37 publications

Work Experience as a Factor in Cyber-Security Risk Awareness: A Survey Study with University Students

Work Experience as a Factor in Cyber-Security Risk Awareness: A Survey Study with University Students

Botnets in Healthcare: Threats, Vulnerabilities, and Mitigation Strategies

Expert Perspectives on Information Security Awareness Programs in Medical Care Institutions in Germany

Contact Info

Product

Resources

About