{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T05:56:08Z","timestamp":1743141368408,"version":"3.40.3"},"publisher-location":"Cham","reference-count":68,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031830716"},{"type":"electronic","value":"9783031830723"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T00:00:00Z","timestamp":1741824000000},"content-version":"vor","delay-in-days":71,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Healthcare organisations are increasingly targeted by cybercriminals. Such attacks are not just an attack on data but on this critical infrastructure \u2013 putting lives at risk. They face multiple challenges in maintaining their cybersecurity, including the technology infrastructure in use, the heterogeneity of healthcare and admin staff and the IT and cybersecurity skills within the organization.<\/jats:p>\n          <jats:p>This paper focuses on healthcare and admin staff within a single hospital in Italy. The study sought to understand the differences in perceptions of culture between different staff groups and the overall relationship between these perceptions and behaviours.<\/jats:p>\n          <jats:p>The methodology consisted of a cultural, behavioural and data use questionnaire, translated into Italian and distributed to doctors, nurses and administrators.<\/jats:p>\n          <jats:p>Linear regression models\u00a0suggest that security culture significantly predicts how important and achievable staff perceive cybersecurity behaviours to be. Further analyses found significant differences between the doctors and other staff groups. Doctors reported a significantly more negative perception of cybersecurity culture. They also perceived cybersecurity behaviours to be significantly less important and less achievable than the other two groups. Doctors were also most likely to copy and access patient data outside of the institution, albeit for benign or patient centered reasons.<\/jats:p>\n          <jats:p>Overall, in terms of cybersecurity, doctors were the least compliant staff group \u2013 albeit with the best of intentions (i.e., focus upon patient care). These data, alongside other research, suggest that healthcare staff focus on delivering patient care and see cybersecurity as interfering with, rather than facilitating, their clinical practice. There is a need for change to ensure that cybersecurity measures are appropriate, work within the clinical workflow and staff accept cybersecurity as crucial to protecting patients.<\/jats:p>","DOI":"10.1007\/978-3-031-83072-3_6","type":"book-chapter","created":{"date-parts":[[2025,3,12]],"date-time":"2025-03-12T19:00:13Z","timestamp":1741806013000},"page":"93-112","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Situation Critical: Intensive Cybersecurity Care Needed"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6600-8414","authenticated-orcid":false,"given":"Lynne","family":"Coventry","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1085-7115","authenticated-orcid":false,"given":"Elizabeth","family":"Sillence","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4384-775X","authenticated-orcid":false,"given":"Richard","family":"Brown","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0105-5495","authenticated-orcid":false,"given":"Dawn","family":"Branley-Bell","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1136-9722","authenticated-orcid":false,"given":"Pasquale","family":"Mari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Caruso","family":"Saverio","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alessandra","family":"Casaroli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0686-6177","authenticated-orcid":false,"given":"Fabio","family":"Rizzoni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4056-1115","authenticated-orcid":false,"given":"Sabina","family":"Magalini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,3,13]]},"reference":[{"key":"6_CR1","unstructured":"European Union Agency for Cybersecurity (ENISA): ENISA Threat Landscape 2021 (2021)"},{"key":"6_CR2","doi-asserted-by":"publisher","DOI":"10.2196\/12644","volume":"21","author":"MS Jalali","year":"2019","unstructured":"Jalali, M.S., Razak, S., Gordon, W., Perakslis, E., Madnick, S.: Health care and cybersecurity: bibliometric analysis of the literature. J. Med. Internet Res. 21, e12644 (2019). https:\/\/doi.org\/10.2196\/12644","journal-title":"J. Med. Internet Res."},{"key":"6_CR3","unstructured":"Office for Civil Rights (OCR): Summary of the HIPAA Privacy Rule. https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/laws-regulations\/index.html"},{"key":"6_CR4","unstructured":"ENISA: Cybersecurity Cultures in Organisations. European Union Agency for Network and Information Security (2017)"},{"key":"6_CR5","unstructured":"Deal, T.E., Kennedy, A.A.: Corporate Cultures: The Rites and Rituals of Corporate Life. Perseus Books (2000)"},{"key":"6_CR6","doi-asserted-by":"publisher","unstructured":"Loi, M., Christen, M., Kleine, N., Weber, K.: Cybersecurity in health \u2013 disentangling value tensions. J. Inf. Commun. Ethics Soc. 17 (2019). https:\/\/doi.org\/10.1108\/JICES-12-2018-0095","DOI":"10.1108\/JICES-12-2018-0095"},{"key":"6_CR7","unstructured":"Zorabedian, J.: Why cybercriminals attack healthcare more than any other industry. https:\/\/nakedsecurity.sophos.com\/2016\/04\/26\/why-cybercriminals-attack-healthcare-more-than-any-other-industry\/. Accessed 10 Feb 2022"},{"key":"6_CR8","unstructured":"Trustwave: 2019 Trustwave Global Security Report (2019)"},{"key":"6_CR9","unstructured":"Vice Society Ransomware Gang Attacks United Health Centers of San Joaquin Valley. https:\/\/www.hipaajournal.com\/vice-society-ransomware-gang-attacks-united-health-centers-of-san-joaquin-valley\/. Accessed 10 Feb 2022"},{"key":"6_CR10","unstructured":"HealthITSecurity: Mespinoza, Pysa Ransomware Pose Threat to Healthcare Cybersecurity. https:\/\/healthitsecurity.com\/news\/mespinoza-pysa-ransomware-pose-threat-to-healthcare-cybersecurity. Accessed 10 Feb 2022"},{"key":"6_CR11","unstructured":"HealthITSecurity: CISA, FBI, NSA Release Advisory Warning of Conti Ransomware Attacks. https:\/\/healthitsecurity.com\/news\/cisa-fbi-nsa-release-advisory-warning-of-conti-ransomware-attacks. Accessed 10 Feb 2022"},{"key":"6_CR12","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/s10916-017-0752-1","volume":"41","author":"JM Ehrenfeld","year":"2017","unstructured":"Ehrenfeld, J.M.: WannaCry, cybersecurity and health information technology: a time to act. J. Med. Syst. 41, 104 (2017). https:\/\/doi.org\/10.1007\/s10916-017-0752-1","journal-title":"J. Med. Syst."},{"key":"6_CR13","unstructured":"HealthITSecurity: Ireland HSE Cyberattack is a Cautionary Tale for US Healthcare Orgs. https:\/\/healthitsecurity.com\/news\/ireland-hse-cyberattack-is-a-cautionary-tale-for-us-healthcare-orgs. Accessed 08 Feb 2022"},{"key":"6_CR14","unstructured":"Filkins, B.: Health care cyberthreat report: widespread compromises detected, compliance nighmare on horizon. https:\/\/www.qualityplusconsulting.com\/res\/infosec\/2014-2_HealthCareCyberthreatReport.pdf. Accessed 10 Feb 2022"},{"key":"6_CR15","first-page":"2349","volume":"6","author":"A Albarrak","year":"2012","unstructured":"Albarrak, A.: Information security behavior among nurses in an academic hospital. HealthMED 6, 2349\u20132354 (2012)","journal-title":"HealthMED"},{"key":"6_CR16","unstructured":"Cyber Incident Tracer #HEALTH. https:\/\/cit.cyberpeaceinstitute.org\/. Accessed 10 Feb 2022"},{"key":"6_CR17","doi-asserted-by":"publisher","unstructured":"Perakslis, E.D.: Cybersecurity in health care. https:\/\/www.nejm.org\/doi\/10.1056\/NEJMp1404358. https:\/\/doi.org\/10.1056\/NEJMp1404358. Accessed 08 Feb 2022","DOI":"10.1056\/NEJMp1404358"},{"key":"6_CR18","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1186\/s12911-020-01145-7","volume":"20","author":"D Kim","year":"2020","unstructured":"Kim, D., Choi, J., Han, K.: Risk management-based security evaluation model for telemedicine systems. BMC Med. Inform. Decis. Mak. 20, 106 (2020). https:\/\/doi.org\/10.1186\/s12911-020-01145-7","journal-title":"BMC Med. Inform. Decis. Mak."},{"key":"6_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2019.103233","volume":"95","author":"M Kintzlinger","year":"2019","unstructured":"Kintzlinger, M., Nissim, N.: Keep an eye on your personal belongings! The security of personal medical devices and their ecosystems. J. Biomed. Inform. 95, 103233 (2019). https:\/\/doi.org\/10.1016\/j.jbi.2019.103233","journal-title":"J. Biomed. Inform."},{"key":"6_CR20","first-page":"28","volume":"56","author":"T Lecklider","year":"2017","unstructured":"Lecklider, T.: Mitigating medical device risk. EE-Eval. Eng. 56, 28 (2017)","journal-title":"EE-Eval. Eng."},{"key":"6_CR21","unstructured":"WHO: Cybersecurity. https:\/\/www.who.int\/about\/cyber-security. Accessed 15 Feb 2022"},{"key":"6_CR22","doi-asserted-by":"publisher","unstructured":"Sardi, A., Rizzi, A., Sorano, E., Guerrieri, A.: Cyber risk in health facilities: a systematic literature review. Sustainability 12 (2020). https:\/\/doi.org\/10.3390\/su12177002","DOI":"10.3390\/su12177002"},{"key":"6_CR23","doi-asserted-by":"publisher","first-page":"1424","DOI":"10.1001\/jama.2015.2746","volume":"313","author":"D Blumenthal","year":"2015","unstructured":"Blumenthal, D., McGraw, D.: Keeping personal health information safe: the importance of good data hygiene. JAMA 313, 1424 (2015). https:\/\/doi.org\/10.1001\/jama.2015.2746","journal-title":"JAMA"},{"key":"6_CR24","doi-asserted-by":"publisher","DOI":"10.1136\/bmjhci-2019-100031","volume":"26","author":"W Priestman","year":"2019","unstructured":"Priestman, W., Anstis, T., Sebire, I.G., Sridharan, S., Sebire, N.J.: Phishing in healthcare organisations: threats, mitigation and approaches. BMJ Health Care Inform. 26, e100031 (2019). https:\/\/doi.org\/10.1136\/bmjhci-2019-100031","journal-title":"BMJ Health Care Inform."},{"key":"6_CR25","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1136\/bmj.312.7023.109","volume":"312","author":"R Anderson","year":"1996","unstructured":"Anderson, R.: Clinical system security: interim guidelines. BMJ 312, 109\u2013111 (1996)","journal-title":"BMJ"},{"key":"6_CR26","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/5601068","volume":"2020","author":"P Moura","year":"2020","unstructured":"Moura, P., Fazendeiro, P., In\u00e1cio, P.R.M., Vieira-Marques, P., Ferreira, A.: Assessing access control risk for mHealth: a delphi study to categorize security of health data and provide risk assessment for mobile apps. J. Healthc. Eng. 2020, e5601068 (2020). https:\/\/doi.org\/10.1155\/2020\/5601068","journal-title":"J. Healthc. Eng."},{"key":"6_CR27","doi-asserted-by":"publisher","first-page":"2921","DOI":"10.1007\/s10916-011-9770-6","volume":"36","author":"A Almulhem","year":"2012","unstructured":"Almulhem, A.: Threat modeling for electronic health record systems. J. Med. Syst. 36, 2921\u20132926 (2012). https:\/\/doi.org\/10.1007\/s10916-011-9770-6","journal-title":"J. Med. Syst."},{"key":"6_CR28","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1177\/1460458219832048","volume":"26","author":"SR Kessler","year":"2020","unstructured":"Kessler, S.R., Pindek, S., Kleinman, G., Andel, S.A., Spector, P.E.: Information security climate and the assessment of information security risk among healthcare employees. Health Inform. J. 26, 461\u2013473 (2020). https:\/\/doi.org\/10.1177\/1460458219832048","journal-title":"Health Inform. J."},{"key":"6_CR29","unstructured":"NCSC: Cyber warning issued for key healthcare organisations in UK and USA. https:\/\/www.ncsc.gov.uk\/news\/warning-issued-uk-usa-healthcare-organisations"},{"key":"6_CR30","doi-asserted-by":"publisher","first-page":"556","DOI":"10.1080\/02684527.2020.1752459","volume":"35","author":"KL Offner","year":"2020","unstructured":"Offner, K.L., Sitnikova, E., Joiner, K., MacIntyre, C.R.: Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation. Intell. Natl. Secur. 35, 556\u2013585 (2020). https:\/\/doi.org\/10.1080\/02684527.2020.1752459","journal-title":"Intell. Natl. Secur."},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Weil, T.R., Murugesan, S.: IT risk and resilience - cybersecurity response to COVID-19 (2020)","DOI":"10.1109\/MITP.2020.2988330"},{"key":"6_CR32","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1109\/MSEC.2020.3019678","volume":"18","author":"PA Schneck","year":"2020","unstructured":"Schneck, P.A.: Cybersecurity during COVID-19. IEEE Secur. Priv. 18, 4\u20135 (2020). https:\/\/doi.org\/10.1109\/MSEC.2020.3019678","journal-title":"IEEE Secur. Priv."},{"key":"6_CR33","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.maturitas.2018.04.008","volume":"113","author":"L Coventry","year":"2018","unstructured":"Coventry, L., Branley, D.: Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas 113, 48\u201352 (2018). https:\/\/doi.org\/10.1016\/j.maturitas.2018.04.008","journal-title":"Maturitas"},{"key":"6_CR34","doi-asserted-by":"publisher","unstructured":"Dykstra, J., Mathur, R., Spoor, A.: Cybersecurity in medical private practice: results of a survey in audiology. In: 2020 IEEE 6th International Conference on Collaboration and Internet Computing (CIC), pp. 169\u2013176 (2020). https:\/\/doi.org\/10.1109\/CIC50333.2020.00029","DOI":"10.1109\/CIC50333.2020.00029"},{"key":"6_CR35","doi-asserted-by":"publisher","first-page":"S92","DOI":"10.7326\/M19-0879","volume":"172","author":"H Singh","year":"2020","unstructured":"Singh, H., Sittig, D.F.: A sociotechnical framework for safety-related electronic health record research reporting: the SAFER reporting framework. Ann. Intern. Med. 172, S92\u2013S100 (2020). https:\/\/doi.org\/10.7326\/M19-0879","journal-title":"Ann. Intern. Med."},{"key":"6_CR36","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2011.74","volume":"9","author":"R Heckle","year":"2011","unstructured":"Heckle, R.: Security dilemma: healthcare clinicians at work. IEEE Secur. Priv. 9, 14\u201319 (2011). https:\/\/doi.org\/10.1109\/MSP.2011.74","journal-title":"IEEE Secur. Priv."},{"key":"6_CR37","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/978-3-030-50309-3_8","volume-title":"HCI for Cybersecurity, Privacy and Trust: Second International Conference, HCI-CPT 2020, Held as Part of the 22nd HCI International Conference, HCII 2020, Copenhagen, Denmark, July 19\u201324, 2020, Proceedings","author":"L Coventry","year":"2020","unstructured":"Coventry, L., et al.: Cyber-risk in healthcare: exploring facilitators and barriers to secure behaviour. In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 105\u2013122. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-50309-3_8"},{"key":"6_CR38","doi-asserted-by":"publisher","DOI":"10.2196\/21747","volume":"23","author":"Y He","year":"2021","unstructured":"He, Y., Aliyu, A., Evans, M., Luo, C.: Health care cybersecurity challenges and solutions under the climate of COVID-19: scoping review. J. Med. Internet Res. 23, e21747 (2021). https:\/\/doi.org\/10.2196\/21747","journal-title":"J. Med. Internet Res."},{"key":"6_CR39","doi-asserted-by":"publisher","unstructured":"Tabasum, A., Safi, Z., AlKhater, W., Shikfa, A.: Cybersecurity issues in implanted medical devices. In: 2018 International Conference on Computer and Applications (ICCA), pp. 1\u20139 (2018). https:\/\/doi.org\/10.1109\/COMAPP.2018.8460454","DOI":"10.1109\/COMAPP.2018.8460454"},{"key":"6_CR40","unstructured":"Cybersecurity and Infrastructure Security Agency: Fresenius Kabi Agilia Connect Infusion System (Update A). CISA. https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsma-21-355-01"},{"key":"6_CR41","unstructured":"Legaspi, J.: Exploring the cybersecurity measures healthcare managers use to reduce patient endangerment resulting from backdoor intrusions into medical devices (2022). https:\/\/www.proquest.com\/docview\/2234288053\/abstract\/E9939BCAD63E4B96PQ\/1"},{"key":"6_CR42","doi-asserted-by":"publisher","first-page":"73","DOI":"10.2147\/JMDH.S183275","volume":"12","author":"MA Arain","year":"2019","unstructured":"Arain, M.A., Tarraf, R., Ahmad, A.: Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization. J. Multidiscip. Healthc. 12, 73\u201381 (2019). https:\/\/doi.org\/10.2147\/JMDH.S183275","journal-title":"J. Multidiscip. Healthc."},{"key":"6_CR43","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1016\/j.cose.2018.09.002","volume":"80","author":"M Evans","year":"2019","unstructured":"Evans, M., He, Y., Maglaras, L., Janicke, H.: HEART-IS: a novel technique for evaluating human error-related information security incidents. Comput. Secur. 80, 74\u201389 (2019). https:\/\/doi.org\/10.1016\/j.cose.2018.09.002","journal-title":"Comput. Secur."},{"key":"6_CR44","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1016\/S1361-3723(09)70127-7","volume":"2009","author":"A Beautement","year":"2009","unstructured":"Beautement, A., Sasse, A.: The economics of user effort in information security. Comput. Fraud Secur. 2009, 8\u201312 (2009). https:\/\/doi.org\/10.1016\/S1361-3723(09)70127-7","journal-title":"Comput. Fraud Secur."},{"key":"6_CR45","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0159015","volume":"11","author":"LH Hall","year":"2016","unstructured":"Hall, L.H., Johnson, J., Watt, I., Tsipa, A., O\u2019Connor, D.B.: Healthcare staff wellbeing, burnout, and patient safety: a systematic review. PLoS ONE 11, e0159015 (2016). https:\/\/doi.org\/10.1371\/journal.pone.0159015","journal-title":"PLoS ONE"},{"key":"6_CR46","doi-asserted-by":"publisher","unstructured":"Branley-Bell, D., et al.: Your hospital needs you: eliciting positive cybersecurity behaviours from healthcare staff. Ann. Disaster Risk Sci. (ADRS) 3 (2020). https:\/\/doi.org\/10.51381\/adrs.v3i1.51","DOI":"10.51381\/adrs.v3i1.51"},{"key":"6_CR47","doi-asserted-by":"publisher","DOI":"10.2196\/16775","volume":"22","author":"MS Jalali","year":"2020","unstructured":"Jalali, M.S., Bruckes, M., Westmattelmann, D., Schewe, G.: Why employees (still) click on phishing links: an investigation in hospitals. J. Med. Internet Res. 22, e16775 (2020). https:\/\/doi.org\/10.2196\/16775","journal-title":"J. Med. Internet Res."},{"key":"6_CR48","doi-asserted-by":"crossref","unstructured":"Stobert, E., Barrera, D., Homier, V., Kollek, D.: Understanding cybersecurity practices in emergency departments. In: Proceedings of CHI, pp. 1\u20138. ACM, New York (2020)","DOI":"10.1145\/3313831.3376881"},{"key":"6_CR49","doi-asserted-by":"publisher","unstructured":"Martin, J.D., Frost, P., O\u2019Neill, O.A.: Organizational culture: beyond struggles for intellectual dominance (2004). https:\/\/doi.org\/10.4135\/9781848608030.n26","DOI":"10.4135\/9781848608030.n26"},{"key":"6_CR50","doi-asserted-by":"publisher","unstructured":"Alvesson, M.: Understanding organizational culture, London (2002). https:\/\/doi.org\/10.4135\/9781446280072","DOI":"10.4135\/9781446280072"},{"key":"6_CR51","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1108\/02635570710734316","volume":"107","author":"S-E Chang","year":"2007","unstructured":"Chang, S.-E., Lin, C.: Exploring organizational culture for information security management. Ind. Manag. Data Syst. 107, 438\u2013458 (2007). https:\/\/doi.org\/10.1108\/02635570710734316","journal-title":"Ind. Manag. Data Syst."},{"key":"6_CR52","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1108\/IMCS-08-2013-0057","volume":"22","author":"J D\u2019Arcy","year":"2014","unstructured":"D\u2019Arcy, J., Greene, G.: Security culture and the employment relationship as drivers of employees\u2019 security compliance. Inf. Manag. Comput. Secur. 22, 474\u2013489 (2014). https:\/\/doi.org\/10.1108\/IMCS-08-2013-0057","journal-title":"Inf. Manag. Comput. Secur."},{"key":"6_CR53","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1016\/j.cose.2004.01.013","volume":"23","author":"R von Solms","year":"2004","unstructured":"von Solms, R., von Solms, B.: From policies to culture. Comput. Secur. 23, 275\u2013279 (2004). https:\/\/doi.org\/10.1016\/j.cose.2004.01.013","journal-title":"Comput. Secur."},{"key":"6_CR54","doi-asserted-by":"publisher","unstructured":"Hyla, T., Fabisiak, L.: Measuring cyber security awareness within groups of medical professionals in Poland (2020). https:\/\/doi.org\/10.24251\/HICSS.2020.473","DOI":"10.24251\/HICSS.2020.473"},{"key":"6_CR55","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"455","DOI":"10.1007\/978-3-030-30859-9_39","volume-title":"Internet of Things, Smart Spaces, and Next Generation Networks and Systems: 19th International Conference, NEW2AN 2019, and 12th Conference, ruSMART 2019, St. Petersburg, Russia, August 26\u201328, 2019, Proceedings","author":"T Haukilehto","year":"2019","unstructured":"Haukilehto, T., Hautam\u00e4ki, J.: Survey of cyber security awareness in health, social services and regional government in South Ostrobothnia, Finland. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds.) NEW2AN ruSMART 2019. LNCS, vol. 11660, pp. 455\u2013466. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-30859-9_39"},{"key":"6_CR56","doi-asserted-by":"publisher","first-page":"327","DOI":"10.3390\/healthcare10020327","volume":"10","author":"F Gioulekas","year":"2022","unstructured":"Gioulekas, F., et al.: A cybersecurity culture survey targeting healthcare critical infrastructures. Healthcare 10, 327 (2022). https:\/\/doi.org\/10.3390\/healthcare10020327","journal-title":"Healthcare"},{"key":"6_CR57","doi-asserted-by":"publisher","first-page":"924","DOI":"10.1055\/s-0041-1735527","volume":"12","author":"D Alhuwail","year":"2021","unstructured":"Alhuwail, D., Al-Jafar, E., Abdulsalam, Y., AlDuaij, S.: Information security awareness and behaviors of health care professionals at public health care facilities. Appl. Clin. Inform. 12, 924\u2013932 (2021). https:\/\/doi.org\/10.1055\/s-0041-1735527","journal-title":"Appl. Clin. Inform."},{"key":"6_CR58","doi-asserted-by":"publisher","first-page":"541","DOI":"10.4300\/JGME-5-4-18","volume":"5","author":"GM Sullivan","year":"2013","unstructured":"Sullivan, G.M., Artino, A.R.: Analyzing and interpreting data from likert-type scales. J. Grad. Med. Educ. 5, 541\u2013542 (2013). https:\/\/doi.org\/10.4300\/JGME-5-4-18","journal-title":"J. Grad. Med. Educ."},{"key":"6_CR59","doi-asserted-by":"publisher","first-page":"129","DOI":"10.3102\/10769986009002129","volume":"9","author":"SF Olejnik","year":"1984","unstructured":"Olejnik, S.F., Algina, J.: Parametric ANCOVA and the rank transform ANCOVA when the data are conditionally non-normal and heteroscedastic. J. Educ. Stat. 9, 129\u2013149 (1984). https:\/\/doi.org\/10.3102\/10769986009002129","journal-title":"J. Educ. Stat."},{"key":"6_CR60","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1080\/00220970109599493","volume":"69","author":"DC Rheinheimer","year":"2001","unstructured":"Rheinheimer, D.C., Penfield, D.A.: The effects of type I error rate and power of the ANCOVA F test and selected alternatives under nonnormality and variance heterogeneity. J. Exp. Educ. 69, 373\u2013391 (2001). https:\/\/doi.org\/10.1080\/00220970109599493","journal-title":"J. Exp. Educ."},{"key":"6_CR61","unstructured":"AlKalbani, A., Deng, H., Kam, B.: Investigating the role of socio-organizational factors in the information security compliance in organizations. In: Australasian Conference on Information Systems 2015, p. 11 (2015)"},{"key":"6_CR62","doi-asserted-by":"publisher","first-page":"567","DOI":"10.1016\/j.jsr.2003.05.006","volume":"34","author":"D Zohar","year":"2003","unstructured":"Zohar, D., Luria, G.: The use of supervisory practices as leverage to improve safety behavior: a cross-level intervention model. J. Saf. Res. 34, 567\u2013577 (2003). https:\/\/doi.org\/10.1016\/j.jsr.2003.05.006","journal-title":"J. Saf. Res."},{"key":"6_CR63","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1037\/0021-9010.90.4.616","volume":"90","author":"D Zohar","year":"2005","unstructured":"Zohar, D., Luria, G.: A multilevel model of safety climate: cross-level relationships between organization and group-level climates. J. Appl. Psychol. 90, 616\u2013628 (2005). https:\/\/doi.org\/10.1037\/0021-9010.90.4.616","journal-title":"J. Appl. Psychol."},{"key":"6_CR64","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1016\/j.jsis.2011.06.001","volume":"20","author":"K Hedstr\u00f6m","year":"2011","unstructured":"Hedstr\u00f6m, K., Kolkowska, E., Karlsson, F., Allen, J.P.: Value conflicts for information security management. J. Strateg. Inf. Syst. 20, 373\u2013384 (2011). https:\/\/doi.org\/10.1016\/j.jsis.2011.06.001","journal-title":"J. Strateg. Inf. Syst."},{"key":"6_CR65","unstructured":"Tyson, P.: The hippocratic oath today. https:\/\/www.pbs.org\/wgbh\/nova\/article\/hippocratic-oath-today\/"},{"key":"6_CR66","doi-asserted-by":"publisher","DOI":"10.2196\/17612","volume":"22","author":"J Tully","year":"2020","unstructured":"Tully, J., Coravos, A., Doerr, M., Dameff, C.: Connected medical technology and cybersecurity informed consent: a new paradigm. J. Med. Internet Res. 22, e17612 (2020). https:\/\/doi.org\/10.2196\/17612","journal-title":"J. Med. Internet Res."},{"key":"6_CR67","doi-asserted-by":"publisher","DOI":"10.2196\/12568","volume":"21","author":"B Woods","year":"2019","unstructured":"Woods, B., Coravos, A., Corman, J.D.: The case for a hippocratic oath for connected medical devices: viewpoint. J. Med. Internet Res. 21, e12568 (2019). https:\/\/doi.org\/10.2196\/12568","journal-title":"J. Med. Internet Res."},{"key":"6_CR68","unstructured":"I Am The Cavalry. https:\/\/iamthecavalry.org\/. Accessed 08 Feb 2022"}],"container-title":["Lecture Notes in Computer Science","Socio-Technical Aspects in Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-83072-3_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,12]],"date-time":"2025-03-12T19:00:20Z","timestamp":1741806020000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-83072-3_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031830716","9783031830723"],"references-count":68,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-83072-3_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"13 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"STAST","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Socio-Technical Aspects in Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"stast2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/stast.uni.lu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1 external reviewers involved (outside the PC)","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}