Cyber-risk in healthcare: exploring facilitators and barriers to secure behaviour

Lynne Coventry*, Dawn Branley-Bell, Elizabeth Sillence, Sabina Magalini, Pasquale Mari, Aimilia Magkanaraki, Kalliopi Anastasopoulou

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)

Abstract

There are increasing concerns relating to cybersecurity of healthcare data and medical devices. Cybersecurity in this sector is particularly important given the criticality of healthcare systems, the impacts of a breach or cyberattack (including in the worst instance, potential physical harm to patients) and the value of healthcare data to criminals. Technology design is important for cybersecurity, but it is also necessary to understand the insecure behaviours prevalent within healthcare. It is vital to identify the drivers behind these behaviours, i.e., why staff may engage in insecure behaviour including their goals and motivations and/or perceived barriers preventing secure behaviour. To achieve this, in-depth interviews with 50 staff were conducted at three healthcare sites, across three countries (Ireland, Italy and Greece). A range of seven insecure behaviours were reported: Poor computer and user account security; Unsafe e-mail use; Use of USBs and personal devices; Remote access and home working; Lack of encryption, backups and updates; Use of connected medical devices; and poor physical security. Thematic analysis revealed four key facilitators of insecure behaviour: Lack of awareness and experience, Shadow working processes, Behaviour prioritisation and Environmental appropriateness. The findings suggest three key barriers to security: i) Security perceived as a barrier to productivity and/or patient care; ii) Poor awareness of consequences of behaviour; and iii) a lack of policies and reinforcement of secure behaviour. Implications for future research are presented.

Original languageEnglish
Title of host publicationHCI for Cybersecurity, Privacy and Trust
Subtitle of host publicationSecond International Conference, HCI-CPT 2020, Held as Part of the 22nd HCI International Conference, HCII 2020, Proceedings
EditorsAbbas Moallem
Place of PublicationCham
PublisherSpringer
Pages105-122
Number of pages18
ISBN (Electronic)9783030503093
ISBN (Print)9783030503086
DOIs
Publication statusPublished - 10 Jul 2020
Externally publishedYes
Event2nd International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2020, held as part of the 22nd International Conference on Human-Computer Interaction, HCII 2020 - Copenhagen, Denmark
Duration: 19 Jul 202024 Jul 2020

Publication series

NameLecture Notes in Computer Science (including subseries Information Systems and Applications, incl. Internet/Web, and HCI (LNISA))
PublisherSpringer
Volume12210
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference2nd International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2020, held as part of the 22nd International Conference on Human-Computer Interaction, HCII 2020
Country/TerritoryDenmark
CityCopenhagen
Period19/07/2024/07/20

Keywords

  • Cybersecurity
  • Health
  • Healthcare
  • Cyberthreat
  • Behaviour change

Fingerprint

Dive into the research topics of 'Cyber-risk in healthcare: exploring facilitators and barriers to secure behaviour'. Together they form a unique fingerprint.

Cite this