{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,2]],"date-time":"2026-07-02T17:30:40Z","timestamp":1783013440963,"version":"3.54.6"},"reference-count":40,"publisher":"Georg Thieme Verlag KG","issue":"04","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Appl Clin Inform"],"published-print":{"date-parts":[[2021,8]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>\n          Objectives\u2003This study investigated information security behaviors of professionals working in the public health sector to guide policymakers toward focusing their investments in infrastructure and training on the most vulnerable segments. We sought to answer the following questions: (1) Are certain professional demographics more vulnerable to cybersecurity threats? (2) Do professionals in different institution types (i.e., hospitals vs. primary care clinics) exhibit different cybersecurity behaviors? (3) Can Internet usage behaviors by professionals be indicative of their cybersecurity awareness and the risk they introduce?<\/jats:p><jats:p>\n          Methods\u2003A cross-sectional, anonymous, paper-based survey was distributed among professionals working in public health care organizations in Kuwait. Data were collected about each professional's role, experience, work environment, cybersecurity practices, and understanding to calculate a cybersecurity score which indicates their level of compliance to good cybersecurity practices. We also asked about respondents' internet usage and used K-means cluster analysis to segment respondents into three groups based on their internet activities at work. Ordinary least squares regression assessed the association between the collected independent variables in question on the overall cybersecurity behavior.<\/jats:p><jats:p>\n          Results\u2003A total of 453\/700 (64%) were responded to the survey. The results indicated that professionals with more work experience demonstrated higher compliance with good cybersecurity practices. Interestingly, nurses demonstrate higher cybersecurity aptitude relative to physicians. Professionals that were less inclined to use the internet for personal use during their work demonstrated higher cybersecurity aptitude.<\/jats:p><jats:p>\n          Conclusion\u2003Our findings provide some guidance regarding how to target health care professional training to mitigate cybersecurity risks. There is a need for ensuring that physicians receive adequate cybersecurity training, despite the opportunity costs and other issues competing for their attention. Additionally, classifying professionals based on their internet browsing patterns may identify individuals vulnerable to cybersecurity incidents better than more discrete indicators such as age or gender.<\/jats:p>","DOI":"10.1055\/s-0041-1735527","type":"journal-article","created":{"date-parts":[[2021,9,30]],"date-time":"2021-09-30T02:21:54Z","timestamp":1632968514000},"page":"924-932","source":"Crossref","is-referenced-by-count":36,"title":["Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities"],"prefix":"10.1055","volume":"12","author":[{"given":"Dari","family":"Alhuwail","sequence":"additional","affiliation":[{"name":"Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait"},{"name":"Health Informatics Unit, Dasman Diabetes Institute, Kuwait City, Kuwait"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Eiman","family":"Al-Jafar","sequence":"additional","affiliation":[{"name":"Health Informatics and Information Management, Faculty of Allied Health Sciences, Kuwait University, Kuwait City, Kuwait"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yousef","family":"Abdulsalam","sequence":"additional","affiliation":[{"name":"Quantitative Methods and Information Systems, College of Business Administration, Kuwait University, Kuwait City, Kuwait"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Shaikha","family":"AlDuaij","sequence":"additional","affiliation":[{"name":"Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"194","published-online":{"date-parts":[[2021,9,29]]},"reference":[{"issue":"01","key":"ref1","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1002\/jhrm.21230","article-title":"When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: a cybersecurity risk assessment checklist","volume":"36","author":"S J Blanke","year":"2016","journal-title":"J Healthc Risk Manag"},{"key":"ref2","doi-asserted-by":"crossref","DOI":"10.4324\/9781315588537","volume-title":"Information Security and Employee Behaviour: How to Reduce Risk through Employee Education, Training and Awareness","author":"A McIlwraith","year":"2016","edition":"1st ed."},{"issue":"01","key":"ref3","doi-asserted-by":"crossref","first-page":"e16775","DOI":"10.2196\/16775","article-title":"Why employees (still) click on phishing links: investigation in hospitals","volume":"22","author":"M S Jalali","year":"2020","journal-title":"J Med Internet Res"},{"issue":"01","key":"ref4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.3233\/THC-161263","article-title":"Cybersecurity in healthcare: a systematic review of modern threats and trends","volume":"25","author":"C S Kruse","year":"2017","journal-title":"Technol Health Care"},{"issue":"03","key":"ref5","doi-asserted-by":"crossref","first-page":"464","DOI":"10.1377\/hlthaff.2011.0178","article-title":"The benefits of health information technology: a review of the recent literature shows predominantly positive results","volume":"30","author":"M B Buntin","year":"2011","journal-title":"Health Aff (Millwood)"},{"issue":"02","key":"ref6","doi-asserted-by":"crossref","first-page":"e10264","DOI":"10.2196\/10264","article-title":"Health information technology in healthcare quality and patient safety: literature review","volume":"6","author":"S S Feldman","year":"2018","journal-title":"JMIR Med Inform"},{"issue":"05","key":"ref7","doi-asserted-by":"crossref","first-page":"e10059","DOI":"10.2196\/10059","article-title":"Cybersecurity in hospitals: a systematic, organizational perspective","volume":"20","author":"M S Jalali","year":"2018","journal-title":"J Med Internet Res"},{"issue":"01","key":"ref8","first-page":"e14","article-title":"Understanding the relationship between data breaches and hospital advertising expenditures","volume":"25","author":"S J Choi","year":"2019","journal-title":"Am J Manag Care"},{"issue":"06","key":"ref9","doi-asserted-by":"crossref","first-page":"454","DOI":"10.1016\/j.ijmedinf.2015.01.010","article-title":"Analysis of health professional security behaviors in a real clinical setting: an empirical study","volume":"84","author":"J L Fern\u00e1ndez-Alem\u00e1n","year":"2015","journal-title":"Int J Med Inform"},{"issue":"01","key":"ref10","doi-asserted-by":"crossref","first-page":"11","DOI":"10.3390\/computers6010011","article-title":"Exploring a new security framework for remote patient monitoring devices","volume":"6","author":"B Ondiege","year":"2017","journal-title":"Computers"},{"key":"ref11","volume-title":"Content of Premarket Submissions for Management of Cybersecurity in Medical Devices","author":"Food and Drug Administration (FDA)","year":"2018"},{"issue":"01","key":"ref12","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1186\/s12911-020-01161-7","article-title":"Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks","volume":"20","author":"S T Argaw","year":"2020","journal-title":"BMC Med Inform Decis Mak"},{"issue":"01","key":"ref13","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1177\/1460458219832048","article-title":"Information security climate and the assessment of information security risk among healthcare employees","volume":"26","author":"S R Kessler","year":"2020","journal-title":"Health Informatics J"},{"issue":"02","key":"ref14","doi-asserted-by":"crossref","first-page":"e12644","DOI":"10.2196\/12644","article-title":"Health care and cybersecurity: bibliometric analysis of the literature","volume":"21","author":"M S Jalali","year":"2019","journal-title":"J Med Internet Res"},{"key":"ref15","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1016\/j.maturitas.2018.04.008","article-title":"Cybersecurity in healthcare: a narrative review of trends, threats and ways forward","volume":"113","author":"L Coventry","year":"2018","journal-title":"Maturitas"},{"issue":"06","key":"ref16","doi-asserted-by":"crossref","first-page":"547","DOI":"10.1093\/jamia\/ocz005","article-title":"Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system","volume":"26","author":"W J Gordon","year":"2019","journal-title":"J Am Med Inform Assoc"},{"key":"ref17","volume-title":"Guide to Privacy and Security of Electronic Health Information","author":"The Office of the National Coordinator for Health Information Technology","year":"2015"},{"key":"ref18","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1016\/j.chb.2016.12.040","article-title":"Gender difference and employees' cybersecurity behaviors","volume":"69","author":"M Anwar","year":"2017","journal-title":"Comput Human Behav"},{"issue":"01","key":"ref19","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1038\/sj.ebd.6400375","article-title":"Study design III: cross-sectional studies","volume":"7","author":"K A Levin","year":"2006","journal-title":"Evid Based Dent"},{"issue":"03","key":"ref21","first-page":"46","article-title":"Cyber security crime and punishment: comparative study of the laws of Jordan, Kuwait, Qatar, Oman, and Saudi Arabia","volume":"8","author":"E Abu-Taieh","year":"2018","journal-title":"Int J Cyber Warf Terror IJCWT"},{"issue":"06","key":"ref22","doi-asserted-by":"crossref","first-page":"441","DOI":"10.1002\/(SICI)1097-0266(199606)17:6<441::AID-SMJ819>3.0.CO;2-G","article-title":"The application of cluster analysis in strategic management research: an analysis and critique","volume":"17","author":"D J Ketchen","year":"1996","journal-title":"Strateg Manage J"},{"issue":"05","key":"ref23","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1007\/s10916-019-1507-y","article-title":"Transforming healthcare cybersecurity from reactive to proactive: current status and future recommendations","volume":"44","author":"S S Bhuyan","year":"2020","journal-title":"J Med Syst"},{"issue":"02","key":"ref25","first-page":"78","article-title":"Data breach locations, types, and associated characteristics among US hospitals","volume":"24","author":"M H Gabriel","year":"2018","journal-title":"Am J Manag Care"},{"issue":"18","key":"ref26","doi-asserted-by":"crossref","first-page":"E5439","DOI":"10.3390\/s20185439","article-title":"Addressing the security gap in IoT: towards an IoT cyber range","volume":"20","author":"O Nock","year":"2020","journal-title":"Sensors (Basel)"},{"issue":"01","key":"ref27","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1186\/s12911-020-01259-y","article-title":"Analyzing medical device connectivity and its effect on cyber security in german hospitals","volume":"20","author":"M Willing","year":"2020","journal-title":"BMC Med Inform Decis Mak"},{"issue":"02","key":"ref28","doi-asserted-by":"crossref","first-page":"309","DOI":"10.1177\/004839317100100211","article-title":"That's interesting: towards a phenomenology of sociology and a sociology of phenomenology","volume":"1","author":"M S Davis","year":"1971","journal-title":"Philos Soc Sci"},{"issue":"00","key":"ref29","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/0144929X.2021.1905066","article-title":"What we think we know about cybersecurity: an investigation of the relationship between perceived knowledge, internet trust, and protection motivation in a cybercrime context","volume":"0","author":"L D Kimpe","year":"2021","journal-title":"Behav Inf Technol"},{"issue":"23","key":"ref30","doi-asserted-by":"crossref","first-page":"1977","DOI":"10.2146\/ajhp150977","article-title":"Evidence and resources to implement pharmacogenetic knowledge for precision medicine","volume":"73","author":"K E Caudle","year":"2016","journal-title":"Am J Health Syst Pharm"},{"issue":"02","key":"ref31","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1097\/NHH.0000000000000646","article-title":"Online resources to support clinical practice","volume":"36","author":"A Ko","year":"2018","journal-title":"Home Healthc Now"},{"issue":"03","key":"ref32","doi-asserted-by":"crossref","first-page":"471","DOI":"10.1055\/s-0039-1692401","article-title":"Inpatient communication networks: leveraging secure text-messaging platforms to gain insight into inpatient communication systems","volume":"10","author":"P A Hagedorn","year":"2019","journal-title":"Appl Clin Inform"},{"issue":"01","key":"ref33","doi-asserted-by":"crossref","first-page":"140","DOI":"10.1055\/s-0039-1678607","article-title":"Evaluation of secure messaging applications for a health care system: a case study","volume":"10","author":"X Liu","year":"2019","journal-title":"Appl Clin Inform"},{"key":"ref34","doi-asserted-by":"crossref","first-page":"73","DOI":"10.2147\/JMDH.S183275","article-title":"Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization","volume":"12","author":"M A Arain","year":"2019","journal-title":"J Multidiscip Healthc"},{"key":"ref35","doi-asserted-by":"crossref","first-page":"37","DOI":"10.2174\/1874431101711010037","article-title":"Information security risk assessment in hospitals","volume":"11","author":"H Ayatollahi","year":"2017","journal-title":"Open Med Inform J"},{"key":"ref36","doi-asserted-by":"crossref","first-page":"75","DOI":"10.2147\/RMHP.S99908","article-title":"Information security risk management for computerized health information systems in hospitals: a case study of Iran","volume":"9","author":"J Zarei","year":"2016","journal-title":"Risk Manag Healthc Policy"},{"issue":"02","key":"ref37","doi-asserted-by":"crossref","first-page":"326","DOI":"10.1055\/s-0039-1688554","article-title":"A bottom-up approach to encouraging sustained user adoption of a secure text messaging application","volume":"10","author":"S Tsega","year":"2019","journal-title":"Appl Clin Inform"},{"issue":"03","key":"ref38","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1136\/bmjqs-2012-001744","article-title":"Patient-centred healthcare, social media and the internet: the perfect storm?","volume":"22","author":"R Rozenblum","year":"2013","journal-title":"BMJ Qual Saf"},{"issue":"01","key":"ref39","doi-asserted-by":"crossref","first-page":"e9","DOI":"10.2196\/jmir.5729","article-title":"Internet health information seeking and the patient-physician relationship: a systematic review","volume":"19","author":"S S-L Tan","year":"2017","journal-title":"J Med Internet Res"},{"issue":"02","key":"ref40","first-page":"87","article-title":"How can hospitals better protect the privacy of electronic medical records? Perspectives from staff members of health information management departments","volume":"46","author":"M-L Sher","year":"2017","journal-title":"Health Inf Manag"},{"issue":"01","key":"ref41","first-page":"17","article-title":"Indirect effect of management support on users' compliance behaviour towards information security policies","volume":"47","author":"N Humaidi","year":"2018","journal-title":"Health Inf Manag"},{"key":"ref43","first-page":"183","volume-title":"Cybersecurity in Gulf Cooperation Council Economies","author":"N Kshetri","year":"2016","edition":"1st ed."}],"container-title":["Applied Clinical Informatics"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.thieme-connect.de\/products\/ejournals\/pdf\/10.1055\/s-0041-1735527.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,30]],"date-time":"2021-09-30T02:23:01Z","timestamp":1632968581000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.thieme-connect.de\/DOI\/DOI?10.1055\/s-0041-1735527"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8]]},"references-count":40,"journal-issue":{"issue":"04","published-online":{"date-parts":[[2021,8,4]]},"published-print":{"date-parts":[[2021,8]]}},"URL":"https:\/\/doi.org\/10.1055\/s-0041-1735527","archive":["Portico","CLOCKSS"],"relation":{},"ISSN":["1869-0327"],"issn-type":[{"value":"1869-0327","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,8]]}}}