Understanding Cybersecurity Practices in Emergency Departments

Stobert, Elizabeth; Barrera, David; Homier, Valérie; Kollek, Daniel

doi:10.1145/3313831.3376881

Cited by 12 publications

(8 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, the findings also showed a significant positive weak correlation between work emergency and ISCCB, as stated in Hypothesis H3d, but not workload. It is possible that workload does not create urgency and does not interfere with the healthcare security practice as compared to work emergency [66][67][68][69][70][71]. In a healthcare emergency situation, the medical staff's main goal is to save the patient's life or prevent the patient's condition from worsening.…”

Section: Principal Findingsmentioning

confidence: 99%

A Comprehensive Assessment of Human Factors in Cyber Security Compliance toward Enhancing the Security Practice of Healthcare Staff in Paperless Hospitals

2022

View full text Add to dashboard Cite

Recent reports indicate that over 85% of data breaches are still caused by a human element, of which healthcare is one of the organizations that cyber criminals target. As healthcare IT infrastructure is characterized by a human element, this study comprehensively examined the effect of psycho-socio-cultural and work factors on security behavior in a typical hospital. A quantitative approach was adopted where we collected responses from 212 healthcare staff through an online questionnaire survey. A broad range of constructs was selected from psychological, social, cultural perception, and work factors based on earlier review work. These were related with some security practices to assess the information security (IS) knowledge, attitude and behavior gaps among healthcare staff in a comprehensive way. The study revealed that work emergency (WE) has a positive correlation with IS conscious care behavior (ISCCB) risk. Conscientiousness also had a positive correlation with ISCCB risk, but agreeableness was negatively correlated with information security knowledge (ISK) risk and information security attitude (ISA) risk. Based on these findings, intrinsic and extrinsic motivation methods combined with cutting-edge technologies can be explored to discourage IS risks behaviors while enhancing conscious care security practice.

show abstract

Section: Principal Findingsmentioning

confidence: 99%

A Comprehensive Assessment of Human Factors in Cyber Security Compliance toward Enhancing the Security Practice of Healthcare Staff in Paperless Hospitals

2022

View full text Add to dashboard Cite

show abstract

“…Political workers, for example, operate within extremely limited election timelines, which can make it challenging to set up the security infrastructure needed to counter nationstate attackers [17]. Hospital emergency departments similarly "have strong availability demands ... and must provide services as quickly as possible" [86], leading to password reuse and use of unsecured personal devices in a sensitive work context. Underserved accessibility needs.…”

Section: Personal Circumstancesmentioning

confidence: 99%

“…For example, emergency department staff may be targeted for their access to patient medical data [86], journalists for their access to original source material, such as legal documents or financial records [25,59,60], and executive staff for their ability to approve wire transfers [22].…”

Section: Personal Circumstancesmentioning

confidence: 99%

“…[52]. In several studies, journalists, political campaign workers, and emergency department personnel reported mixing personal and work data and devices for efficiency in their work [17,60,78,86].…”

Section: Participation and Connectionmentioning

confidence: 99%

“…Other populations, like journalists and people involved with political campaigns, commonly did not have the time to develop the technical skills to counter the digital-safety risks they faced [17,59,60]. Several studies reported that at-risk users who are resource or time constrained (emergency department workers [86], older adults [31,40], refugees [84], and others) did not understand digital-safety settings that were, in theory, available to them.…”

Section: B Lack Of Knowledge or Experiencementioning

confidence: 99%

See 2 more Smart Citations

SoK: A Framework for Unifying At-Risk User Research

Warford¹,

Matthews²,

Yang³

et al. 2021

Preprint

View full text Add to dashboard Cite

At-risk users are people who experience elevated digital security, privacy, and safety threats because of what they do, who they are, where they are, or who they are with. In this systematization work, we present a framework for reasoning about at-risk users based on a wide-ranging meta-analysis of 85 papers. Across the varied populations that we examined (e.g., children, activists, women in developing regions), we identified 10 unifying contextual risk factors-such as oppression or stigmatization and access to a sensitive resource-which augment or amplify digital-safety threats and their resulting harms. We also identified technical and non-technical practices that at-risk users adopt to attempt to protect themselves from digital-safety threats. We use this framework to discuss barriers that limit at-risk users' ability or willingness to take protective actions. We believe that the security, privacy, and human-computer interaction research and practitioner communities can use our framework to identify and shape research investments to benefit at-risk users, and to guide technology design to better support at-risk users. RQ1: Contextual risk factors. What factors-such as aperson's relationships, personal circumstances, or situation in society-contribute to digital-safety threats for at-risk users? RQ2: Interactions. How do these contextual risk factors interact to elevate the risk or severity of digitalsafety threats for at-risk users? RQ3: Protective practices. What protective practices are common across at-risk users when attempting to address their digital-safety needs? RQ4: Barriers. What barriers do at-risk users encounter in protecting themselves from digital-safety threats?Based on an analysis across 31 distinct population categories (e.g., activists, refugees, children), we identified 10 contextual risk factors that cross-cut at-risk populations, yielding a clearly-defined set of circumstances that the digital-safety community can consider in research, design, and development to support at-risk users. We also found that at-risk users currently rely on varied, often ad-hoc protective practices, ranging from leaning on social connections, to distancing themselves from technology, to relying on a patchwork of technical strategies to try to minimize risks and harms. Our atrisk framework is comprised of these contextual risk factors and protective practices. We use our framework to discuss barriers that limit or prevent at-risk users from enacting digital protections, and show how competing priorities, a lack of digital safety awareness, and broken technology assumptions compound the challenges at-risk users face.We advocate for the digital-safety community to consider at-risk users' needs in risk modeling and design. Our framework provides a blueprint for addressing these issues through research, 1 education support, and technology development, to 1 While ethical best practices for engaging in at-risk user research are critical-e.g., in order to avoid further harming research participantsdefining these best p...

show abstract

SOK: Evaluating Privacy and Security Vulnerabilities of Patients’ Data in Healthcare

Tazi

Dykstra²,

Rajivan

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Sensitive information is intrinsically tied to interactions in healthcare, and its protection is of paramount importance for achieving high-quality patient outcomes. Research in healthcare privacy and security is predominantly focused on understanding the factors that increase the susceptibility of users to privacy and security breaches. To understand further, we systematically review 26 research papers in this domain to explore the existing user studies in healthcare privacy and security. Following the review, we conducted a card-sorting exercise, allowing us to identify 12 themes integral to this subject such as "Data Sharing," "Risk Awareness," and "Privacy." Further to the identification of these themes, we performed an in-depth analysis of the 26 research papers report on the insights into the discourse within the research community about healthcare privacy and security, particularly from the user perspective. MotivationSecurity and privacy integration in the healthcare domain is essential to protect patients' data [12], considering medical records include sensitive health and personal information. The healthcare industry is often a prime target for cybercriminals considering that these data sets could contain a plethora of sensitive information such as social security numbers, birth dates, employment information, emergency contacts, and insurance and billing data; these data are also notoriously difficult to monitor or safeguard after a breach [23]. Furthermore, healthcare data are lucrative on the black market. Sahi et al. noted

show abstract

Understanding Cybersecurity Practices in Emergency Departments

Cited by 12 publications

References 15 publications

A Comprehensive Assessment of Human Factors in Cyber Security Compliance toward Enhancing the Security Practice of Healthcare Staff in Paperless Hospitals

A Comprehensive Assessment of Human Factors in Cyber Security Compliance toward Enhancing the Security Practice of Healthcare Staff in Paperless Hospitals

SoK: A Framework for Unifying At-Risk User Research

SOK: Evaluating Privacy and Security Vulnerabilities of Patients’ Data in Healthcare

Contact Info

Product

Resources

About