Evaluating Staff Attitudes, Intentions, and Behaviors Related to Cyber Security in Large Australian Health Care Environments: Mixed Methods Study

Author:

Dart MartinORCID,Ahmed MohiuddinORCID

Abstract

Background Previous studies have identified that the effective management of cyber security in large health care environments is likely to be significantly impacted by human and social factors, as well as by technical controls. However, there have been limited attempts to confirm this by using measured and integrated studies to identify specific user motivations and behaviors that can be managed to achieve improved outcomes. Objective This study aims to document and analyze survey and interview data from a diverse range of health care staff members, to determine the primary motivations and behaviors that influence their acceptance and application of cyber security messaging and controls. By identifying these issues, recommendations can be made to positively influence future cyber security governance in health care. Methods An explanatory sequential mixed methods approach was undertaken to analyze quantitative data from a web-based staff survey (N=103), with a concurrent qualitative investigation applied to data gathered via in-depth staff interviews (N=9). Data from both stages of this methodology were mapped to descriptive variables based on a modified version of the Technology Acceptance Model (TAM; TAM2). After normalization, the quantitative data were verified and analyzed using descriptive statistics, distribution and linearity measures, and a bivariate correlation of the TAM variables to identify the Pearson coefficient (r) and significance (P) values. Finally, after confirming Cronbach α, the determinant score for multicollinearity, and the Kaiser-Meyer-Olkin measure, and applying the Bartlett test of sphericity (χ2), an exploratory factor analysis (EFA) was conducted to identify the primary factors with an eigenvalue (λ) >1.0. Comments captured during the qualitative interviews were coded using NVivo software (QSR International) to create an emic-to-etic understanding, which was subsequently integrated with the quantitative results to produce verified conclusions. Results Using the explanatory sequential methodology, this study showed that the perceived usefulness of security controls emerged as the most significant factor influencing staff beliefs and behaviors. This variable represented 24% of all the variances measured in the EFA and was also the most common category identified across all coded interviews (281/692, 40.6%). The word frequency analysis showed that systems, patients, and people represented the top 3 recurring themes reported by the interviewees. Conclusions To improve cyber security governance in large health care environments, efforts should be focused on demonstrating how confidentiality, integrity, availability, policies, and cloud or vendor-based controls (the main contributors of usefulness measured by the EFA) can directly improve outcomes for systems, staff, and patients. Further consideration also needs to be given to how clinicians should share data and collaborate on patient care, with tools and processes provided to support and manage data sharing securely and to achieve a consistent baseline of secure and normalized behaviors.

Publisher

JMIR Publications Inc.

Subject

Health Informatics,Human Factors and Ergonomics

Reference57 articles.

1. Examining the Link Between Stress Level and Cybersecurity Practices of Hospital Staff in Indonesia

2. Notifiable data breaches publicationsOffice of the Australian Information Commissioner20232023-01-30https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications

3. Healthcare industry continues to be main target of data breaches, with 79 reported in six monthsAustralian Broadcasting Corporation20222023-01-28https://www.abc.net.au/news/science/2022-11-10/data-breach-medibank-healthcare-system/101612056

4. Cyberattacks on Australian healthcare doublesAustralian Cyber Security Magazine202205302023-02-02https://australiancybersecuritymagazine.com.au/cyberattacks-on-australian-healthcare-doubles/

5. Medical records at Victorian hospital get hackedHealthcare IT News20192023-01-15https://www.healthcareitnews.com/news/anz/medical-records-victorian-hospital-get-hacked

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3