Abstract
Background
Cybersecurity is a growing challenge for health systems worldwide as the rapid adoption of digital technologies has led to increased cyber vulnerabilities with implications for patients and health providers. It is critical to develop workforce awareness and training as part of a safety culture and continuous improvement within health care organizations. However, there are limited open-access, health care–specific resources to help organizations at different levels of maturity develop their cybersecurity practices.
Objective
This study aims to assess the usability and feasibility of the Essentials of Cybersecurity in Health Care Organizations (ECHO) framework resource and evaluate the strengths, weaknesses, opportunities, and threats associated with implementing the resource at the organizational level.
Methods
A mixed methods, cross-sectional study of the acceptability and usability of the ECHO framework resource was undertaken. The research model was developed based on the technology acceptance model. Members of the Imperial College Leading Health Systems Network and other health care organizations identified through the research teams’ networks were invited to participate. Study data were collected through web-based surveys 1 month and 3 months from the date the ECHO framework resource was received by the participants. Quantitative data were analyzed using R software (version 4.2.1). Descriptive statistics were calculated using the mean and 95% CIs. To determine significant differences between the distribution of answers by comparing results from the 2 survey time points, 2-tailed t tests were used. Qualitative data were analyzed using Microsoft Excel. Thematic analysis used deductive and inductive approaches to capture themes and concepts.
Results
A total of 16 health care organizations participated in the study. The ECHO framework resource was well accepted and useful for health care organizations, improving their understanding of cybersecurity as a priority area, reducing threats, and enabling organizational planning. Although not all participants were able to implement the resource as part of information computing technology (ICT) cybersecurity activities, those who did were positive about the process of change. Learnings from the implementation process included the usefulness of the resource for raising awareness and ease of use based on familiarity with other standards, guidelines, and tools. Participants noted that several sections of the framework were difficult to operationalize due to costs or budget constraints, human resource limitations, leadership support, stakeholder engagement, and limited time.
Conclusions
The research identified the acceptability and usability of the ECHO framework resource as a health-focused cybersecurity resource for health care organizations. As cybersecurity in health care organizations is everyone’s responsibility, there is potential for the framework resource to be used by staff with varied job roles. Future research needs to explore how it can be updated for ICT staff and implemented in practice and how educational materials on different aspects of the framework could be developed.
Reference27 articles.
1. GhafurSFontanaGMartinGGrassEGoodmanJDarziAImproving cyber security in the NHSInstitute of Global Health Innovation, Imperial College London20192024-02-09https://www.imperial.ac.uk/media/imperial-college/institute-of-global-health-innovation/Cyber-report-2020.pdf
2. WHO reports fivefold increase in cyber attacks, urges vigilanceWHO20202024-02-09https://www.who.int/news/item/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance
3. WinderDThe University of California pays $1 million ransom following cyber attackForbes20202024-02-09https://www.forbes.com/sites/daveywinder/2020/06/29/the-university-of-california-pays-1-million-ransom-following-cyber-attack/
4. Irish cyber-attack: hackers bail out Irish health service for freeBBC20212024-02-09https://www.bbc.co.uk/news/world-europe-57197688
5. IBMCost of a data breach report 2022IBM Security20222024-02-09https://www.securityhq.com/reports/cost-of-a-data-breach-report-2022/
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Assessing the Efficiency of Contemporary Cybersecurity Protocols in Nigeria;International Journal of Latest Technology in Engineering Management & Applied Science;2024-07-29