Appl Clin Inform 2021; 12(04): 924-932
DOI: 10.1055/s-0041-1735527
Research Article

Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities

Dari Alhuwail
1   Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait
2   Health Informatics Unit, Dasman Diabetes Institute, Kuwait City, Kuwait
Eiman Al-Jafar
3   Health Informatics and Information Management, Faculty of Allied Health Sciences, Kuwait University, Kuwait City, Kuwait
Yousef Abdulsalam
4   Quantitative Methods and Information Systems, College of Business Administration, Kuwait University, Kuwait City, Kuwait
Shaikha AlDuaij
1   Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait
› Author Affiliations
Funding None.


Objectives This study investigated information security behaviors of professionals working in the public health sector to guide policymakers toward focusing their investments in infrastructure and training on the most vulnerable segments. We sought to answer the following questions: (1) Are certain professional demographics more vulnerable to cybersecurity threats? (2) Do professionals in different institution types (i.e., hospitals vs. primary care clinics) exhibit different cybersecurity behaviors? (3) Can Internet usage behaviors by professionals be indicative of their cybersecurity awareness and the risk they introduce?

Methods A cross-sectional, anonymous, paper-based survey was distributed among professionals working in public health care organizations in Kuwait. Data were collected about each professional's role, experience, work environment, cybersecurity practices, and understanding to calculate a cybersecurity score which indicates their level of compliance to good cybersecurity practices. We also asked about respondents' internet usage and used K-means cluster analysis to segment respondents into three groups based on their internet activities at work. Ordinary least squares regression assessed the association between the collected independent variables in question on the overall cybersecurity behavior.

Results A total of 453/700 (64%) were responded to the survey. The results indicated that professionals with more work experience demonstrated higher compliance with good cybersecurity practices. Interestingly, nurses demonstrate higher cybersecurity aptitude relative to physicians. Professionals that were less inclined to use the internet for personal use during their work demonstrated higher cybersecurity aptitude.

Conclusion Our findings provide some guidance regarding how to target health care professional training to mitigate cybersecurity risks. There is a need for ensuring that physicians receive adequate cybersecurity training, despite the opportunity costs and other issues competing for their attention. Additionally, classifying professionals based on their internet browsing patterns may identify individuals vulnerable to cybersecurity incidents better than more discrete indicators such as age or gender.

Protection of Human and Animal Subjects

The study was conducted in full accordance with the World Medical Association Declaration of Helsinki and commenced after obtaining the necessary ethical approvals from the Medical Research Committee at the Ministry of Health, Kuwait.

Supplementary Material

Publication History

Received: 01 May 2021

Accepted: 29 July 2021

Publication Date:
29 September 2021 (online)

© 2021. Thieme. All rights reserved.

Georg Thieme Verlag KG
Rüdigerstraße 14, 70469 Stuttgart, Germany